VARIoT IoT vulnerabilities database

In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, and SdMmcDeviceDxe drivers are 05.16.25, 05.26.25, 05.35.25, 05.43.25, and 05.51.25 (for Kernel 5.1 through 5.5). The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode (SMM).Vulnerability Category Count SMM Privilege Escalation 10 SMM Memory Corruption 12 DXE Memory Corruption 1CVE-2020-27339 Affected CVE-2020-5953 Affected CVE-2021-33625 Affected CVE-2021-33626 Affected CVE-2021-33627 Affected CVE-2021-41837 Affected CVE-2021-41838 Affected CVE-2021-41839 Affected CVE-2021-41840 Affected CVE-2021-41841 Affected CVE-2021-42059 Affected CVE-2021-42060 Not Affected CVE-2021-42113 Affected CVE-2021-42554 Affected CVE-2021-43323 Affected CVE-2021-43522 Affected CVE-2021-43615 Not Affected CVE-2021-45969 Not Affected CVE-2021-45970 Not Affected CVE-2021-45971 Not Affected CVE-2022-24030 Not Affected CVE-2022-24031 Not Affected CVE-2022-24069 Not Affected CVE-2022-28806 Unknown. Insyde InsydeH2O Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 does not use SSL by default. Attacker on the local network can monitor traffic and capture the cookie and other sensitive information. TP-Link TL-WPA4220 Contains a vulnerability in the plaintext storage of important information.Information may be obtained. Tp-link TP-Link TL-WPA4220 is a domestic wireless WiFi bridge that can extend wireless signal from China's Tp-link company. The device can transmit data at high speed through the line, and expand the network to areas that cannot be covered at present. No detailed vulnerability details are currently provided

TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 username and password are sent via the cookie. TP-Link TL-WPA4220 Exists in an inadequate protection of credentials.Information may be obtained. Tp-link TP-Link TL-WPA4220 is a domestic wireless WiFi bridge that can extend wireless signal from China's Tp-link company. The device can transmit data at high speed through the line, and expand the network to areas that cannot be covered at present. TP-Link TL-WPA4220 has an information disclosure vulnerability, which originates from TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064. No detailed vulnerability details are currently provided

Tianrongxin Technology Group (abbreviated as Tianrongxin) is a provider of network security, big data and cloud services. TopGate 200 (TG-21104-APP) has a command execution vulnerability. An attacker can use this vulnerability to gain server permissions.

Prolink Technology Co., Ltd. is the world's leading supplier of network communication equipment. The TL-R402M router has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.

Zero Vision Technology serves customers with video technology and is committed to simplifying the development of Internet of Things video. Zero Vision Technology (Shanghai) Co., Ltd. H5S video platform has an information disclosure vulnerability. Attackers can use the vulnerability to obtain sensitive information.

SINAMICS medium voltage routable products are affected by a vulnerability in the Sm@rtServer component for remote access that could allow an unauthenticated attacker to cause a denial-of-service condition, and/or execution of limited configuration modifications and/or execution of limited control commands on the SINAMICS Medium Voltage Products, Remote Access (SINAMICS SL150: All versions, SINAMICS SM150: All versions, SINAMICS SM150i: All versions). SINAMICS SL150 , SINAMICS SM150 , SINAMICS SM150i Is vulnerable to input validation.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Axis is an IT company that specializes in providing network video solutions. AXIS 2420 Network Camera has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

Zhejiang Dahua Technology Co., Ltd. is a smart IoT solution provider and operation service provider with video as the core. The intelligent transportation terminal management equipment of Zhejiang Dahua Technology Co., Ltd. has a logic flaw vulnerability, which can be used by attackers to obtain sensitive information.

Zhejiang Dahua Technology Co., Ltd. is a leading monitoring product supplier and solution service provider. The camera of Zhejiang Dahua Technology Co., Ltd. has a logic flaw vulnerability, which can be exploited by attackers to obtain sensitive information.

Axis is an IT company that specializes in providing network video solutions. AXIS 209MFD Network Camera has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

Axis is an IT company that specializes in providing network video solutions. AXIS 225FD Network Camera has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

Axis is an IT company that specializes in providing network video solutions. AXIS M1125 Network Camera has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

Axis is an IT company that specializes in providing network video solutions. AXIS M1124 Network Camera has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

HP Officejet 5740 e-All-in-One Printer series is an all-in-one printer from HP Trading (Shanghai) Co., Ltd. The HP Officejet 5740 e-All-in-One Printer series has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

HP Officejet 4630 e-All-in-One Printer series is an all-in-one printer from HP Trading (Shanghai) Co., Ltd. The HP Officejet 4630 e-All-in-One Printer series has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

H3C SecPath U200-M is a new generation of UTM (United Threat Management) equipment designed by H3C for small and medium-sized enterprises/branches. Xin H3C SecPath U200-M has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information in the database.

Tenda AC11 is a wireless router that uses RTOS operating system. Shenzhen Jixiang Tengda Technology Co., Ltd. AC11 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service attack.

Tenda AC11 is a wireless router that uses RTOS operating system. Shenzhen Jixiang Tengda Technology Co., Ltd. AC11 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service attack.

Tenda AC11 is a wireless router that uses RTOS operating system. Shenzhen Jixiang Tengda Technology Co., Ltd. AC11 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service attack.