VARIoT IoT vulnerabilities database

Server-Side request forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.15-3563 allows remote authenticated users to read arbitrary files via unspecified vectors. Synology Download Station Contains a server-side request forgery vulnerability.Information may be obtained. Synology Download Station is a browser extension. You can browse the downloading and downloaded tasks of the download center package without visiting the web version of Synology, and you can also add tasks

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability container volume management component in Synology Docker before 18.09.0-0515 allows local users to read or write arbitrary files via unspecified vectors. Synology Docker Contains a path traversal vulnerability.Information may be obtained and information may be tampered with. Docker is an open source application container engine developed by American Docker Company. This product supports the creation of a container (lightweight virtual machine) on a Linux system and the deployment and operation of applications, as well as the automatic installation, deployment and upgrade of applications through configuration files

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in PDF Viewer component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote authenticated users to read limited files via unspecified vectors. Synology DiskStation Manager (DSM) Contains a path traversal vulnerability.Information may be obtained. Synology DiskStation Manager (DSM) is an operating system for network storage servers (NAS) developed by Synology, Taiwan. The operating system can manage data, documents, photos, music and other information

Server-Side Request Forgery (SSRF) vulnerability in webapi component in Synology Video Station before 2.4.10-1632 allows remote authenticated users to send arbitrary request to intranet resources via unspecified vectors. Synology Video Station is a video management center. All movies, TV shows and home videos on your Synology NAS can be managed

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Synology Media Server Has SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Synology Media Server is a media server

D-Link Electronic Equipment (Shanghai) Co., Ltd. was established on August 13, 2002. The company's business scope includes routers, network cards, hubs, switches, converters, etc. in the region. The D-Link router management page has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Leguang is a brand of wireless network products independently developed by Shenzhen Chaohenghui Network Technology Co., Ltd. Leguang equipment management system has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Chengdu Feiyuxing Technology Co., Ltd. was established in 2002 as a high-tech enterprise focusing on product innovation and research and development in the data communication industry and the Internet of Things industry. Feiyuxing home intelligent routing has logic flaws and loopholes. Attackers can use the vulnerability to bypass the login by modifying the return packet and view sensitive information.

Cisco is the world's leading provider of network solutions. Cisco Wireless-G Internet Home Monitoring Camera has an unauthorized access vulnerability. Attackers can use vulnerabilities to obtain sensitive information.

Matsushita Electric (China) Co., Ltd. is an electronics manufacturer engaged in the production and sales of various electrical products. The Panasonic-SF335 camera has an unauthorized access vulnerability. Attackers can use vulnerabilities to obtain sensitive information.

WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver.1.02 and prior allow an attacker to execute arbitrary OS commands with root privileges via unspecified vectors. Provided by Buffalo Inc. WSR-1166DHP3 and WSR-1166DHP4 The following multiple vulnerabilities exist in. * Inadequate access restrictions (CWE-284) - CVE-2021-20730 ‥ * OS Command injection (CWE-78) - CVE-2021-20731 The following is the vulnerability information JPCERT/CC Report to JPCERT/CC Coordinated with the developers. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. * Device configuration information stolen by an attacker on an adjacent network - CVE-2021-20730 ‥ * By an attacker on an adjacent network root Some with authority OS Command is executed - CVE-2021-20731. Buffalo WSR-1166DHP3 and WSR-1166DHP4 have operating system command injection vulnerability

Improper access control vulnerability in WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver.1.02 and prior allows an attacker to obtain configuration information via unspecified vectors. Provided by Buffalo Inc. WSR-1166DHP3 and WSR-1166DHP4 The following multiple vulnerabilities exist in. * Inadequate access restrictions (CWE-284) - CVE-2021-20730 ‥ * OS Command injection (CWE-78) - CVE-2021-20731 The following is the vulnerability information JPCERT/CC Report to JPCERT/CC Coordinated with the developers. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. * Device configuration information stolen by an attacker on an adjacent network - CVE-2021-20730 ‥ * By an attacker on an adjacent network root Some with authority OS Command is executed - CVE-2021-20731. in Japan. Buffalo WSR-1166DHP3 and WSR-1166DHP4 have an access control error vulnerability

Beijing Wangyu Xingyun Information Technology Co., Ltd. was renamed from Lenovo Wangyu Technology (Beijing) Co., Ltd., and its predecessor was Lenovo Group Information Security Division. The main business covers network boundary security protection, application and data security protection, and network-wide security risk management. The Lenovo Netmaster Security Gateway has weak password vulnerabilities. The attacker uses a weak password to log in to the background to obtain sensitive information.

ASME Access Sharing Management Engine is an anti-agent product based on DPI application layer detection. Ruijie Networks’ ASME access shared management engine has logic flaws and vulnerabilities. The attacker can view and modify the returned packet by capturing the packet, fill in the password at will, and successfully log in to the background to obtain sensitive information.

S9306 is a routing switch, POE switch. Huawei S9306 has a weak password vulnerability. The attacker uses a weak password to log in to the background to obtain sensitive information.

Shenzhen Tenghu IOT Technology Co., Ltd. was established in August 2013. It is an Internet technology company integrating R&D, manufacturing, sales and service of commercial wireless network products. Shenzhen Tenghu IOT Technology Co., Ltd. AC9563 has a weak password vulnerability. Attackers can use weak passwords to log in to the background to obtain sensitive information.

S9312 is a switch. Huawei S9312 has a weak password vulnerability. The attacker uses a weak password to log in to the background to obtain sensitive information.

Chengdu Feiyuxing Technology Co., Ltd. was established in 2002 as a high-tech enterprise focusing on product innovation and research and development in the data communication industry and the Internet of Things industry. The Feiyuxing router has an information disclosure vulnerability. Attackers can use vulnerabilities to obtain sensitive information.

Shanghai Juyi Technology Development Co., Ltd., legal representative: Wang Nan, registered capital: 1 million yuan, address: JT1225, Room 2201, No. 888 Moyu South Road, Anting Town, Jiading District, Shanghai, Business Scope: General Projects: Technical Services, Technical Development , Technology consultation, technology exchange, technology transfer, technology promotion; software development; computer software and hardware and auxiliary equipment wholesale, etc. Vigor series products have logic flaws, which can be exploited by attackers to obtain sensitive information.

Network Video Server is a network video server. The Network Video Server network video server has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.