VARIoT IoT vulnerabilities database

WRT1900ACS is a router product of Belkin Company. Belkin's WRT1900ACS has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.

EA6500 is a router product of Belkin Company. Belkin's EA6500 has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.

EA2700 is a router product of Belkin Company. Belkin's EA2700 has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.

EA6400 is a router product of Belkin Company. Belkin's EA6400 has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.

EA6300 is a router product of Belkin Company. Belkin's EA6300 has a weak password vulnerability. Attackers can use the vulnerability to log in to the system background and perform unauthorized operations.

EA7300 is a router product of Belkin Company. Belkin's EA7300 has a weak password vulnerability. Attackers can use the vulnerability to log in to the system background and perform unauthorized operations.

EA6100 is a router product of Belkin Company. Belkin's EA6100 has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.

EA6350 is a router product of Belkin Company. Belkin's EA6350 has a weak password vulnerability. Attackers can use the vulnerability to log in to the system background and perform unauthorized operations.

Shanghai Jinhongge International Trade Co., Ltd. is a company whose main business is the distribution of embedded controllers. Many products of Shanghai Jinhongge International Trade Co., Ltd. have unauthorized access vulnerabilities. Attackers can use the vulnerabilities to obtain sensitive information.

EA6900 is a router product of Belkin Company. Belkin's EA6900 has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.

EA9200 is a router product of Belkin Company. Belkin's EA9200 has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.

TL-ER8820T is a new generation of high-performance 10-Gigabit enterprise router launched by TP-LINK. TP-LINK TL-ER8820T has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

DI-7300G and DI-7200G are both D-Link router products. D-Link DI-7300G and DI-7200G have a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

MFP S2815dn, etc. are all Dell color laser printers. Many Dell printer products have unauthorized access vulnerabilities, which can be exploited by attackers to obtain sensitive information.

OfficeJet Pro is HP's all-in-one printer series. HP OfficeJet Pro series products have an unauthorized access vulnerability. Attackers can use the vulnerability to access the configuration page without authorization to obtain sensitive information.

In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, and SdMmcDeviceDxe drivers are 05.16.25, 05.26.25, 05.35.25, 05.43.25, and 05.51.25 (for Kernel 5.1 through 5.5). The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode (SMM).Vulnerability Category Count SMM Privilege Escalation 10 SMM Memory Corruption 12 DXE Memory Corruption 1CVE-2020-27339 Affected CVE-2020-5953 Affected CVE-2021-33625 Affected CVE-2021-33626 Affected CVE-2021-33627 Affected CVE-2021-41837 Affected CVE-2021-41838 Affected CVE-2021-41839 Affected CVE-2021-41840 Affected CVE-2021-41841 Affected CVE-2021-42059 Affected CVE-2021-42060 Not Affected CVE-2021-42113 Affected CVE-2021-42554 Affected CVE-2021-43323 Affected CVE-2021-43522 Affected CVE-2021-43615 Not Affected CVE-2021-45969 Not Affected CVE-2021-45970 Not Affected CVE-2021-45971 Not Affected CVE-2022-24030 Not Affected CVE-2022-24031 Not Affected CVE-2022-24069 Not Affected CVE-2022-28806 Unknown. Insyde InsydeH2O Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 does not use SSL by default. Attacker on the local network can monitor traffic and capture the cookie and other sensitive information. TP-Link TL-WPA4220 Contains a vulnerability in the plaintext storage of important information.Information may be obtained. Tp-link TP-Link TL-WPA4220 is a domestic wireless WiFi bridge that can extend wireless signal from China's Tp-link company. The device can transmit data at high speed through the line, and expand the network to areas that cannot be covered at present. No detailed vulnerability details are currently provided

TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 username and password are sent via the cookie. TP-Link TL-WPA4220 Exists in an inadequate protection of credentials.Information may be obtained. Tp-link TP-Link TL-WPA4220 is a domestic wireless WiFi bridge that can extend wireless signal from China's Tp-link company. The device can transmit data at high speed through the line, and expand the network to areas that cannot be covered at present. TP-Link TL-WPA4220 has an information disclosure vulnerability, which originates from TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064. No detailed vulnerability details are currently provided

Tianrongxin Technology Group (abbreviated as Tianrongxin) is a provider of network security, big data and cloud services. TopGate 200 (TG-21104-APP) has a command execution vulnerability. An attacker can use this vulnerability to gain server permissions.

Prolink Technology Co., Ltd. is the world's leading supplier of network communication equipment. The TL-R402M router has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.