VARIoT IoT vulnerabilities database
| VAR-202106-2316 | No CVE | Unauthorized access vulnerability exists in Axis P1343 Network Camera |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Axis is an IT company that specializes in providing network video solutions.
Axis P1343 Network Camera has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2317 | No CVE | Unauthorized access vulnerability exists in Axis Q1614 Network Camera |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Axis is an IT company that specializes in providing network video solutions.
Axis Q1614 Network Camera has an unauthorized access vulnerability. Attackers can use this vulnerability to obtain sensitive information.
| VAR-202106-2318 | No CVE | Unauthorized access vulnerability exists in Axis P1311 Network Camera |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Axis is an IT company that specializes in providing network video solutions.
Axis P1311 Network Camera has an unauthorized access vulnerability. Attackers can use this vulnerability to obtain sensitive information.
| VAR-202106-2332 | No CVE | SQL injection vulnerability exists in the integrated system of production, supply and marketing management and control of Yisi |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Taiyuan Yisi Software Technology Co., Ltd. is an Internet software development and system integration enterprise that relies on Internet information and Internet of Things technology to provide enterprises with complete smart factory solutions.
A SQL injection vulnerability exists in the integrated system of Yisi's production, supply and marketing management and control. Attackers can use vulnerabilities to obtain sensitive information in the database.
| VAR-202106-1213 | CVE-2021-33529 | plural Weidmueller Industrial WLAN Vulnerability in using hard-coded credentials on devices |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
In Weidmueller Industrial WLAN devices in multiple versions the usage of hard-coded cryptographic keys within the service agent binary allows for the decryption of captured traffic across the network from or to the device. plural Weidmueller Industrial WLAN A device contains a vulnerability in the use of hard-coded credentials.Information may be obtained. Weidmueller Industrial WLAN devices is an industrial control WIAN of Weidmueller company in Germany
| VAR-202106-1215 | CVE-2021-33531 | plural Weidmueller Industrial WLAN Vulnerability in using hard-coded credentials on devices |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
In Weidmueller Industrial WLAN devices in multiple versions an exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. An attacker can send diagnostic scripts while authenticated as a low privilege user to trigger this vulnerability. Weidmueller Industrial WLAN devices is an industrial control WIAN of Weidmueller company in Germany.
Weidmueller Industrial WLAN devices have a trust management vulnerability
| VAR-202106-1214 | CVE-2021-33530 | plural Weidmueller Industrial WLAN In the device OS Command injection vulnerability |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the devices. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An attacker can send diagnostic while authenticated as a low privilege user to trigger this vulnerability. Weidmueller Industrial WLAN devices is an industrial control WIAN of Weidmueller company in Germany
| VAR-202106-1212 | CVE-2021-33528 | plural Weidmueller Industrial WLAN Vulnerability in improper compliance with coding standards on devices |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
In Weidmueller Industrial WLAN devices in multiple versions an exploitable privilege escalation vulnerability exists in the iw_console functionality. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. plural Weidmueller Industrial WLAN Devices contain vulnerabilities to improper compliance with coding standards.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Weidmueller Industrial WLAN devices is an industrial control WIAN of Weidmueller company in Germany
| VAR-202106-1216 | CVE-2021-33532 | plural Weidmueller Industrial WLAN In the device OS Command injection vulnerability |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. Weidmueller Industrial WLAN devices is an industrial control WIAN of Weidmueller company in Germany
| VAR-202106-2134 | No CVE | Shenzhen UTP Technology Co., Ltd. UTP-R3050-5GP has a SQL injection vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Established in 2005, UTEPO is an industrial communication and intelligent Internet of Things solution provider with "Internet and Electricity Speed Connection" technology as the core. Based on technological innovation, it is a smart park, smart security, smart city, Provide smart IoT solutions in fields such as smart agriculture and smart manufacturing.
Shenzhen UTP Technology Co., Ltd. UTP-R3050-5GP has a SQL injection vulnerability. Attackers can use the vulnerability to obtain sensitive information in the database.
| VAR-202106-2135 | No CVE | D-Link DIR-809 has a denial of service vulnerability (CNVD-2021-36511) |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
D-Link DIR-809 is a wireless router using RTOS.
D-Link DIR-809 has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service attack.
| VAR-202106-2136 | No CVE | D-Link DIR-809 has a denial of service vulnerability (CNVD-2021-36512) |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
D-Link DIR-809 is a wireless router using RTOS.
D-Link DIR-809 has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service attack.
| VAR-202106-2137 | No CVE | D-Link DIR-809 has a denial of service vulnerability (CNVD-2021-36513) |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
D-Link DIR-809 is a wireless router using RTOS.
D-Link DIR-809 has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service attack.
| VAR-202106-2138 | No CVE | D-Link DIR-809 has a denial of service vulnerability (CNVD-2021-36510) |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
D-Link DIR-809 is a wireless router using RTOS.
D-Link DIR-809 has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service attack.
| VAR-202106-2139 | No CVE | D-Link DIR-809 has a stack overflow vulnerability |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
D-Link DIR-809 is a wireless router, using RTOS system.
D-Link DIR-809 has a stack overflow vulnerability, which can be exploited by an attacker to cause a denial of service attack.
| VAR-202106-2140 | No CVE | D-Link DIR-809 has a denial of service vulnerability |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
D-Link DIR-809 is a wireless router using RTOS.
D-Link DIR-809 has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service attack.
| VAR-202106-2141 | No CVE | Bihaiwei L7 cloud router wireless operation version has command execution vulnerabilities |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Bihaiwei L7 Cloud Router is a router launched by Beijing Bihaiwei Technology Co., Ltd.
Bihaiwei L7 cloud router wireless operation version has command execution vulnerabilities. An attacker can use this vulnerability to gain control of the server.
| VAR-202106-2142 | No CVE | Schneider Electric (China) Co., Ltd. power monitoring PowerLogic ION7650 has unauthorized vulnerabilities |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
Schneider Electric (China) Co., Ltd. is a company whose main business includes electric power, industrial automation, infrastructure, energy efficiency, energy, building automation and security electronics, data centers and smart living spaces.
Schneider Electric (China) Co., Ltd. power monitoring PowerLogic ION7650 has an unauthorized vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2143 | No CVE | Bihaiwei L7 cloud router wireless operation version has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Bihaiwei L7 Cloud Router is a router launched by Beijing Bihaiwei Technology Co., Ltd.
Bihaiwei L7 cloud router wireless operation version has weak password vulnerability. Attackers can use this vulnerability to log in to the system backend to obtain sensitive information
| VAR-202106-2144 | No CVE | NETGEAR WNR2020 router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
NETGEAR WNR2020 router is a wireless router device.
The NETGEAR WNR2020 router has a weak password vulnerability. Attackers can use this vulnerability to control the device, obtain sensitive information and perform unauthorized operations.