VARIoT IoT vulnerabilities database
| VAR-202106-2221 | No CVE | TP-LINK Archer-C8 router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Prolink Technology Co., Ltd. is the world's leading supplier of network communication equipment.
The Archer-C8 router has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.
| VAR-202106-2222 | No CVE | TP-LINK TL-WR340G router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Prolink Technology Co., Ltd. is the world's leading supplier of network communication equipment.
The TL-WR340G router has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.
| VAR-202106-2223 | No CVE | TP-LINK Archer-C9 router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Prolink Technology Co., Ltd. is the world's leading supplier of network communication equipment.
The Archer-C9 router has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.
| VAR-202106-0821 | CVE-2021-21735 | ZXHN H168N Vulnerability regarding improper retention of permissions in |
CVSS V2: 4.0 CVSS V3: 6.5 Severity: MEDIUM |
A ZTE product has an information leak vulnerability. Due to improper permission settings, an attacker with ordinary user permissions could exploit this vulnerability to obtain some sensitive user information through the wizard page without authentication. This affects ZXHN H168N all versions up to V3.5.0_EG1T4_TE. ZXHN H168N There is a vulnerability in improper retention of permissions.Information may be obtained
| VAR-202106-1001 | CVE-2021-29754 | IBM WebSphere Application Server Vulnerability in privilege management |
CVSS V2: 6.5 CVSS V3: 8.8 Severity: HIGH |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a privilege escalation vulnerability when using the SAML Web Inbound Trust Association Interceptor (TAI). IBM X-Force ID: 202006. Vendor is responsible for this vulnerability IBM X-Force ID: 202006 Is published as.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This product is a platform for JavaEE and Web service applications, as well as the foundation of the IBM WebSphere software platform. No detailed vulnerability details are currently provided
| VAR-202106-0822 | CVE-2021-21736 | ZXHN HS562 Inappropriate Default Permission Vulnerability |
CVSS V2: 8.0 CVSS V3: 7.2 Severity: HIGH |
A smart camera product of ZTE is impacted by a permission and access control vulnerability. Due to the defect of user permission management by the cloud-end app, users whose sharing permissions have been revoked can still control the camera, such as restarting the camera, restoring factory settings, etc.. This affects ZXHN HS562 V1.0.0.0B2.0000, V1.0.0.0B3.0000E. ZXHN H168N Is vulnerable to incorrect default permissions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
| VAR-202106-2224 | No CVE | Command execution vulnerability exists in RG-RAC200b (CNVD-2021-32471) |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
RG-RAC200b is a wireless controller.
RG-RAC200b has a command execution vulnerability, which can be exploited by attackers to gain server control authority.
| VAR-202106-2225 | No CVE | Command execution vulnerability exists in RG-RAC200b (CNVD-2021-32472) |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
RG-RAC200b is a wireless controller.
RG-RAC200b has a command execution vulnerability, which can be exploited by attackers to gain server control authority.
| VAR-202106-2226 | No CVE | Command execution vulnerability exists in RG-RAC200b (CNVD-2021-32473) |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
RG-RAC200b is a wireless controller.
RG-RAC200b has a command execution vulnerability, which can be exploited by attackers to gain server control authority.
| VAR-202106-2227 | No CVE | Command execution vulnerability exists in RG-RAC200b (CNVD-2021-32475) |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
RG-RAC200b is a wireless controller.
RG-RAC200b has a command execution vulnerability, which can be exploited by attackers to gain server control authority.
| VAR-202106-2228 | No CVE | Command execution vulnerability exists in RG-RAC200b (CNVD-2021-32476) |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
RG-RAC200b is a wireless controller.
RG-RAC200b has a command execution vulnerability, which can be exploited by attackers to gain server control authority.
| VAR-202106-2229 | No CVE | Command execution vulnerability exists in RG-RAC200b (CNVD-2021-32477) |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
RG-RAC200b is a wireless controller.
RG-RAC200b has a command execution vulnerability, which can be exploited by attackers to gain server control authority.
| VAR-202106-2230 | No CVE | Command execution vulnerability exists in RG-RAC200b (CNVD-2021-32474) |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
RG-RAC200b is a wireless controller.
RG-RAC200b has a command execution vulnerability, which can be exploited by attackers to gain server control authority.
| VAR-202106-2231 | No CVE | Ruijie Networks Co., Ltd. RSR10-02E has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
RSR10-02E is a multi-service router launched by Ruijie Networks Co., Ltd.
Ruijie Networks Co., Ltd. RSR10-02E has a weak password vulnerability. Attackers can use the vulnerability to obtain sensitive information.
| VAR-202106-2232 | No CVE | 3COM NJ2000 has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
3COM is an American company that produces and sells products related to computer networks.
3COM NJ2000 has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2233 | No CVE | TP-LINK TD-W8951ND has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
TP-Link TD-W8951ND is a wireless router product.
TP-LINK TD-W8951ND has weak password leakage. , Attackers use the vulnerability to obtain sensitive information.
| VAR-202106-2234 | No CVE | Command execution vulnerability exists in RG-RAC200b |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
RG-RAC200b is a wireless controller.
RG-RAC200b has a command execution vulnerability, which can be exploited by attackers to gain server control authority.
| VAR-202106-2235 | No CVE | TP-LINK TD-W8960N has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
TP-LINK Technology Co., Ltd. (hereinafter referred to as "TP-LINK") is the world's leading supplier of network communication equipment.
TP-LINK TD-W8960N has weak password vulnerability. Attackers can use this vulnerability to obtain sensitive information.
| VAR-202106-2236 | No CVE | TP-LINK TD-W8101G has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
TP-LINK Technology Co., Ltd. (hereinafter referred to as "TP-LINK") is the world's leading supplier of network communication equipment.
TP-LINK TD-W8101G has a weak password vulnerability. Attackers can use this vulnerability to obtain sensitive information.
| VAR-202106-2237 | No CVE | TP-LINK TD-8840T has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
TP-LINK Technology Co., Ltd. (hereinafter referred to as "TP-LINK") is the world's leading supplier of network communication equipment.
TP-LINK TD-8840T has a weak password vulnerability. Attackers can use this vulnerability to obtain sensitive information.