VARIoT IoT vulnerabilities database
| VAR-202106-2250 | No CVE | Shenzhen Hongdian Technology Co., Ltd. H8922 industrial router has a command execution vulnerability |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
The H8922 industrial router uses a high-performance 32-bit MIPS processor and an embedded operating system design.
Shenzhen Hongdian Technology Co., Ltd. H8922 industrial router has a command execution vulnerability. Attackers can use the vulnerability to gain server control authority.
| VAR-202106-2251 | No CVE | Dell 3130cn Color Laser has unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Dell 3130cn Color Laser is a printer from Dell.
Dell 3130cn Color Laser has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2252 | No CVE | Unauthorized access vulnerability exists in Shenzhen Leike Industrial Co., Ltd. MW5230 |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
MW5230 is a wireless router.
Shenzhen Leike Industrial Co., Ltd. MW5230 has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2253 | No CVE | Unauthorized access vulnerability exists in Shenzhen Leike Industrial Co., Ltd. WF2710 |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
WF2710 is a wireless router.
Shenzhen Leike Industrial Co., Ltd. WF2710 has an unauthorized access vulnerability. Attackers can use the vulnerability to obtain sensitive information.
| VAR-202106-2254 | No CVE | Lexmark MX310dn has unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The Lexmark MX310dn printer is a product of Lexmark.
Lexmark MX310dn has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2255 | No CVE | Unauthorized access vulnerability exists in Network Camera WV-SPW631L |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
Matsushita Electric (China) Co., Ltd. is a manufacturer mainly responsible for the sales and after-sales service activities of home appliances, systems, environment, components and other commodities.
Network Camera WV-SPW631L has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2256 | No CVE | Shenzhen Jixiang Tengda Technology Co., Ltd. AC11 has a denial of service vulnerability (CNVD-2021-34597) |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
Tenda AC11 is a wireless router that uses RTOS operating system.
Shenzhen Jixiang Tengda Technology Co., Ltd. AC11 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.
| VAR-202106-2257 | No CVE | H3C-ICG1800 has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
H3C-ICG1800 is a router of New H3C Technology Co., Ltd.
H3C-ICG1800 has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2258 | No CVE | Shenzhen Jixiang Tengda Technology Co., Ltd. AC11 has a denial of service vulnerability (CNVD-2021-34598) |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
Tenda AC11 is a wireless router that uses RTOS operating system.
Shenzhen Jixiang Tengda Technology Co., Ltd. AC11 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.
| VAR-202106-2259 | No CVE | ZTE Corporation F600W has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
F600W is a router of ZTE Corporation.
ZTE Corporation F600W has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2263 | No CVE | A weak password vulnerability exists in the picture server of Hangzhou Hikvision System Technology Co., Ltd. |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Hangzhou Hikvision System Technology Co., Ltd. is a smart IoT solution provider and operation service provider with video as the core.
The image server of Hangzhou Hikvision System Technology Co., Ltd. has a weak password vulnerability. Attackers can use the vulnerability to obtain sensitive information.
| VAR-202106-2264 | No CVE | Panasonic-WV-SP302 has an unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Matsushita Electric (China) Co., Ltd. is a manufacturer mainly responsible for the sales and after-sales service activities of home appliances, systems, environment, components and other commodities.
Panasonic-WV-SP302 has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2265 | No CVE | HP Trading (Shanghai) Co., Ltd. HP-ENVY-7640 has an unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The HP-ENVY-7640 series printer is an all-in-one printer from Hewlett-Packard Company.
HP Trading (Shanghai) Co., Ltd. HP-ENVY-7640 has an unauthorized access vulnerability. Attackers can use this vulnerability to directly access the printer control interface without logging in.
| VAR-202106-2266 | No CVE | Unauthorized access vulnerability exists in HP DeskJet 2600 All-in-One Printer series |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
HP DeskJet 2600 All-in-One Printer series is an all-in-one printer from HP Trading (Shanghai) Co., Ltd.
An unauthorized access vulnerability exists in the HP DeskJet 2600 All-in-One Printer series. Attackers can use the vulnerability to obtain sensitive information.
| VAR-202106-2267 | No CVE | Unauthorized access vulnerability exists in HP Officejet 6700 Premium e-All-in-One |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
HP Officejet 6700 Premium e-All-in-One is an all-in-one printer from HP Trading (Shanghai) Co., Ltd.
The HP Officejet 6700 Premium e-All-in-One has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2268 | No CVE | Shenzhen Jixiang Tengda Technology Co., Ltd. AC11 has a denial of service vulnerability |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
Tenda AC11 is a wireless router that uses RTOS operating system.
Shenzhen Jixiang Tengda Technology Co., Ltd. AC11 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.
| VAR-202106-1391 | CVE-2021-34679 | Thycotic Password Reset Server information disclosure vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Thycotic Password Reset Server before 5.3.0 allows credential disclosure. Attackers can use vulnerabilities to disclose credentials
| VAR-202106-0545 | CVE-2021-22767 | PowerLogic EGX100 and PowerLogic EGX300 Input confirmation vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-2276. ** Not supported ** This is a vulnerability in an unsupported product. PowerLogic EGX100 and PowerLogic EGX300 There is an input verification vulnerability in. This vulnerability is CVE-2021-22768 Is a different vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Schneider Electric PowerLogic is an industrial control equipment of French Schneider Electric (Schneider Electric). Provide improved power factor to improve power quality, eliminate power failures, thereby protecting the network, devices and operators
| VAR-202106-0546 | CVE-2021-22768 | PowerLogic EGX100 and PowerLogic EGX300 Input confirmation vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-22767. ** Not supported ** This is a vulnerability in an unsupported product. PowerLogic EGX100 and PowerLogic EGX300 There is an input verification vulnerability in. This vulnerability is CVE-2021-22767 Is a different vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Schneider Electric PowerLogic is an industrial control equipment of French Schneider Electric (Schneider Electric). Provide improved power factor to improve power quality, eliminate power failures, thereby protecting the network, devices and operators
| VAR-202106-0544 | CVE-2021-22766 | PowerLogic EGX100 and PowerLogic EGX300 Input confirmation vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service via a specially crafted HTTP packet. ** Not supported ** This is a vulnerability in an unsupported product. PowerLogic EGX100 and PowerLogic EGX300 Is vulnerable to input validation.Denial of service (DoS) It may be put into a state. Schneider Electric PowerLogic is an industrial control equipment of French Schneider Electric (Schneider Electric). Provide improved power factor to improve power quality, eliminate power failures, thereby protecting the network, devices and operators.
Schneider Electric PowerLogic EGX100 and EGX100 have an input validation error vulnerability