VARIoT IoT vulnerabilities database

Vigor 2912 is a high-performance firewall router product for small and medium-sized enterprises. DrayTek Vigor2912 has a weak password vulnerability. The attacker uses a weak password to log in to the background to obtain sensitive information.

Vigor2922 is a high-performance Internet behavior management VPN router product for small and medium-sized enterprises. DrayTek Vigor2922 has a weak password vulnerability. The attacker uses a weak password to log in to the background to obtain sensitive information.

The business of Anhui Saida Technology Co., Ltd. focuses on the smart cloud video industry, relying on the network of communication operators, adopting a new generation of information technology to create a "cloud video application engine", focusing on the research and development of big data application platforms and smart terminal products, and providing professional Comprehensive information solutions effectively support various livelihood applications in smart cities, and empower smart homes, government affairs, agriculture, ecology, the Internet of Things, information security and other industries. There are arbitrary file reading vulnerabilities in the video conferencing terminal of Sida Technology Cloud Vision. Attackers can use vulnerabilities to read arbitrary files on the server.

Hikvision is a video-centric intelligent IoT solution and big data service provider. A command execution vulnerability exists in the integrated security system of Hangzhou Hikvision Digital Technology Co., Ltd. An attacker can use this vulnerability to gain server permissions.

China Consumer Cloud Technology Co., Ltd. is an enterprise that invests in the construction and operation of smart city safety emergency service projects based on the Internet of Things, cloud computing, and big data. The smart city safety emergency service projects cover emergency response, public security, safety supervision, fire protection, environmental protection, Medical, health and epidemic prevention, natural disasters and other fields are the core components of smart cities/safe cities. China Consumer Cloud Technology Co., Ltd.'s fire-fighting first-level platform has logic flaws and loopholes. Attackers can use this vulnerability to obtain sensitive information.

NBR1300G is an enterprise router launched by Ruijie Networks Co., Ltd. Ruijie Networks Co., Ltd. NBR1300G has a command execution vulnerability. Attackers can use this vulnerability to execute arbitrary commands.

NBR1000G is a router launched by Ruijie Networks Co., Ltd. Ruijie Networks Co., Ltd. NBR1000G has a command execution vulnerability. Attackers can use this vulnerability to execute arbitrary commands.

Matsushita Electric (China) Co., Ltd. is mainly responsible for the sales and after-sales service activities of home appliances, systems, environment, components and other commodities. Matsushita Electric (China) Co., Ltd. Network Camera BB-ST162A and BB-ST162 have unauthorized access vulnerabilities, which can be exploited by attackers to obtain sensitive information.

RG-NBR700G is an Internet behavior management router launched by Ruijie. It is a router designed for all office scenarios. Ruijie Networks Co., Ltd. RG-NBR700G has a weak password vulnerability. Attackers can use the vulnerability to obtain sensitive information.

Sapido specializes in the design and development of smart full wireless security systems and hardware devices. At the same time, it has the R&D capabilities of APP. It covers smart home SMART HOME TOTAL SOLUTION and smart manufacturing & ERP and other comprehensive enterprise integration solutions. It provides wireless sharing devices, Netcom products, and smart sockets. , Monitoring and security products. The Sapido router has a command execution vulnerability, which can be used by attackers to execute arbitrary commands.

DCS-4622 is a three-megapixel 360-degree fisheye network camera. D-Link DCS-4622 has an information disclosure vulnerability, which can be exploited by attackers to obtain account passwords.

Opzoon Technology Co., Ltd. (English: Opzoon) is a world-leading provider of cloud computing data center solutions and the first high-tech enterprise in China to establish an enterprise-level applied mathematics laboratory. Hanbo Technology Co., Ltd. PA-5500-U06 has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

The D-link router DIR-885L-MFC 1.15b02, v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data. D-link Router DIR-885L-MFC Exists in an inadequate protection of credentials.Information may be obtained. D-Link DIR-885L MFC is a wireless router produced by D-Link in Taiwan. D-link DIR-885L-MFC 1.15b02, v1.21b05 has an information disclosure vulnerability. This vulnerability originates from DIR-885L-MFC 1.15b02, v1.21b05

The DLink Router DIR-895L MFC v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data. DLink Router DIR-895L MFC Contains a vulnerability in the plaintext storage of important information.Information may be obtained. D-Link DIR-895L MFC is a wireless router produced by D-Link in Taiwan. DLink DIR-895L MFC v1.21b05 has an information disclosure vulnerability

The D-Link router DIR-880L 1.07 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data. D-Link Router DIR-880L Exists in an inadequate protection of credentials.Information may be obtained. D-Link DIR-880L is a wireless AC1900 dual-band gigabit cloud router. D-Link DIR-880L version 1.07 has a credential disclosure vulnerability

The D-Link router DIR-868L 3.01 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data. D-Link Router DIR-868L Exists in an inadequate protection of credentials.Information may be obtained. D-Link DIR-868L is a wireless AC1750 dual-band gigabit cloud router. D-Link DIR-868L version 3.01 has a credential disclosure vulnerability

NA400PLC is a high-performance programmable controller launched by Autotop Technology Co., Ltd. The NA400PLC of Autotop Technology Co., Ltd. has a vulnerability in industrial control equipment. Attackers can use the vulnerability to modify user passwords.

China Telecom's NB-IOT smart device management platform is an IoT management platform. China Telecom's NB-IOT smart device management platform has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.14 stores sensitive information in GET request parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 193033. Vendor exploits this vulnerability IBM X-Force ID: 193033 Is published as.Information may be obtained. IBM DataPower Gateway is a security and integration platform specially designed for mobile, cloud, application programming interface (API), network, service-oriented architecture (SOA), B2B and cloud workloads. The platform secures, integrates and optimizes access across channels with a dedicated gateway platform

An open redirect vulnerability exists in BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, and SEMAC devices from CHIYU Technology that can be exploited by sending a link that has a specially crafted URL to convince the user to click on it. plural CHIYU Technology The product contains an open redirect vulnerability.Information may be obtained and information may be tampered with