VARIoT IoT vulnerabilities database

D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. Router ac2600 (dir-2640-us), when setting PPPoE, will start quagga process in the way of whole network monitoring, and this function uses the original default password and port. An attacker can easily use telnet to log in, modify routing information, monitor the traffic of all devices under the router, hijack DNS and phishing attacks. In addition, this interface is likely to be questioned by customers as a backdoor, because the interface should not be exposed. D-Link DIR-2640-US Contains an improper authentication vulnerability.Information may be obtained and information may be tampered with. D-Link DIR-2640-US is a network router device. D-Link DIR-2640-US has security vulnerabilities

An issue was discovered on Enphase Envoy R3.x and D4.x devices. There are hardcoded web-panel login passwords for the installer and Enphase accounts. The passwords for these accounts are hardcoded values derived from the MD5 hash of the username and serial number mixed with some static strings. The serial number can be retrieved by an unauthenticated user at /info.xml. These passwords can be easily calculated by an attacker; users are unable to change these passwords. Enphase Envoy Is vulnerable to the use of hard-coded credentials.Information may be obtained. Enphase Energy Envoy is a gateway device used to connect smart home devices from Enphase Energy in the United States. Enphase Energy Envoy has a trust management vulnerability

An issue was discovered on Enphase Envoy R3.x and D4.x devices with v3 software. The default admin password is set to the last 6 digits of the serial number. The serial number can be retrieved by an unauthenticated user at /info.xml. Enphase Envoy An unspecified vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Enphase Energy Envoy is a gateway device used to connect smart home devices from Enphase Energy in the United States. Enphase Energy Envoy has security vulnerabilities. No detailed vulnerability details are currently provided

D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow. There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640). Local ordinary users can overwrite the global variables in the .bss section, causing the process crashes or changes. D-Link DIR-2640-US Is vulnerable to an out-of-bounds write.Information is tampered with and denial of service (DoS) It may be put into a state. D-Link DIR-2640-US is a smart AC2600 high-power Wi-Fi gigabit router

D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Credentials. D-Link AC2600(DIR-2640) stores the device system account password in plain text. It does not use linux user management. In addition, the passwords of all devices are the same, and they cannot be modified by normal users. An attacker can easily log in to the target router through the serial port and obtain root privileges. D-Link DIR-2640-US Exists in an inadequate protection of credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-Link DIR-2640-US is a network router device. D-Link DIR-2640-US has security vulnerabilities

WRT1900ACS is a router product of Belkin Company. Belkin's WRT1900ACS has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.

EA6500 is a router product of Belkin Company. Belkin's EA6500 has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.

EA2700 is a router product of Belkin Company. Belkin's EA2700 has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.

EA6400 is a router product of Belkin Company. Belkin's EA6400 has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.

EA6300 is a router product of Belkin Company. Belkin's EA6300 has a weak password vulnerability. Attackers can use the vulnerability to log in to the system background and perform unauthorized operations.

EA7300 is a router product of Belkin Company. Belkin's EA7300 has a weak password vulnerability. Attackers can use the vulnerability to log in to the system background and perform unauthorized operations.

EA6100 is a router product of Belkin Company. Belkin's EA6100 has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.

EA6350 is a router product of Belkin Company. Belkin's EA6350 has a weak password vulnerability. Attackers can use the vulnerability to log in to the system background and perform unauthorized operations.

Shanghai Jinhongge International Trade Co., Ltd. is a company whose main business is the distribution of embedded controllers. Many products of Shanghai Jinhongge International Trade Co., Ltd. have unauthorized access vulnerabilities. Attackers can use the vulnerabilities to obtain sensitive information.

EA6900 is a router product of Belkin Company. Belkin's EA6900 has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.

EA9200 is a router product of Belkin Company. Belkin's EA9200 has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.

TL-ER8820T is a new generation of high-performance 10-Gigabit enterprise router launched by TP-LINK. TP-LINK TL-ER8820T has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

DI-7300G and DI-7200G are both D-Link router products. D-Link DI-7300G and DI-7200G have a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

MFP S2815dn, etc. are all Dell color laser printers. Many Dell printer products have unauthorized access vulnerabilities, which can be exploited by attackers to obtain sensitive information.

OfficeJet Pro is HP's all-in-one printer series. HP OfficeJet Pro series products have an unauthorized access vulnerability. Attackers can use the vulnerability to access the configuration page without authorization to obtain sensitive information.