VARIoT IoT vulnerabilities database

Improper log management vulnerability in Galaxy Watch PlugIn prior to version 2.2.05.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log. Samsung Galaxy Apps is a pre-installed app store program for Samsung mobile devices of South Korea's Samsung (Samsung)

Kingdee Cloud·Xingkong is a new generation of strategic enterprise management software developed by Kingdee Software (China) Co., Ltd. based on cutting-edge technologies such as cloud computing, big data, social networking, artificial intelligence, and the Internet of Things. Kingdee Cloud·Xingkong has an arbitrary file reading vulnerability, which can be exploited by attackers to obtain sensitive information.

China Consumer Online Co., Ltd., former name/alias: Shanghai China Consumer Network Technology Co., Ltd., the company is committed to creating industry standards for fire safety, industry standards for fire safety products, standards for smart fire Internet +" One-stop technical operation solutions to promote the innovation of fire safety models and the intelligentization of science and technology. Shanghai China Consumer Network Technology Co., Ltd. fire-fighting first-level platform has a logic flaw vulnerability. Attackers can use this vulnerability to bypass login to obtain sensitive information.

Matsushita Electric (China) Co., Ltd. is mainly responsible for the sales and after-sales service activities of home appliances, systems, environment, components and other commodities. Matsushita Electric (China) Co., Ltd. Network Camera BB-SW172A has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could allow an attacker administrator level access to a device. plural Schneider Electric The product contains a vulnerability related to the password management function.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WADashboard. Advantech WebAccess Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Advantech WebAccess is a set of browser-based HMI/SCADA software developed by China Taiwan Advantech Company. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment

A CWE-287: Improper Authentication vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could cause loss of connectivity to the device via Modbus TCP protocol when an attacker sends a specially crafted HTTP request. plural Schneider Electric The product contains authentication vulnerabilities.Service operation interruption (DoS) It may be in a state

Information Exposure vulnerability in Samsung Notes prior to version 4.2.04.27 allows attacker to access s pen latency information. Samsung Notes There is a vulnerability in the insecure storage of important information.Information may be obtained

** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet. ** Not supported ** This is a vulnerability in an unsupported product. PowerLogic EGX100 and PowerLogic EGX300 Is vulnerable to input validation.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Information Exposure vulnerability in SmartThings prior to version 1.7.64.21 allows attacker to access user information via log. SmartThings There is a vulnerability in the insecure storage of important information.Information may be obtained

Improper authentication vulnerability in Tizen bluetooth-frwk prior to Firmware update JUN-2021 Release allows bluetooth attacker to take over the user's bluetooth device without user awareness. Tizen bluetooth-frwk Contains an authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

An improper input validation vulnerability in sflacfd_get_frm() in libsflacextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. Android Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Samsung libsapeextractor library is a component of Samsung mobile devices. Samsung libsapeextractor library has an input validation error vulnerability

An improper input validation vulnerability in sdfffd_parse_chunk_FVER() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. Android Contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Samsung libsdffextractor library is a component of Samsung mobile devices. Samsung libsdffextractor library has an input validation error vulnerability

An improper input validation vulnerability in sdfffd_parse_chunk_PROP() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. Android Contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Samsung libsdffextractor library is a component of Samsung mobile devices. Samsung libsdffextractor library has an input validation error vulnerability

An improper input validation vulnerability in sdfffd_parse_chunk_PROP() with Sample Rate Chunk in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. Android Is vulnerable to input validation.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Samsung libsdffextractor library is a component of Samsung mobile devices. Samsung libsdffextractor library has an input validation error vulnerability

An improper input validation vulnerability in scmn_mfal_read() in libsapeextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. Android Contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Samsung libsapeextractor library is a component of Samsung mobile devices. Samsung libsapeextractor library has an input validation error vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the HNAP_AUTH HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12065. D-Link DAP-1330 A classic buffer overflow vulnerability exists in the router. Zero Day Initiative To this vulnerability ZDI-CAN-12065 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-Link DAP-1330 is a WIFI device of China Taiwan D-Link (D-Link) company's network equipment

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the Cookie HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12028. D-Link DAP-1330 A stack-based buffer overflow vulnerability exists in the router. Zero Day Initiative To this vulnerability ZDI-CAN-12028 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-Link DAP-1330 is a WIFI device of China Taiwan D-Link (D-Link) company's network equipment

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12029. D-Link DAP-1330 A stack-based buffer overflow vulnerability exists in the router. Zero Day Initiative To this vulnerability ZDI-CAN-12029 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-Link DAP-1330 is a WIFI device of China Taiwan D-Link (D-Link) company's network equipment

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12066. D-Link DAP-1330 A classic buffer overflow vulnerability exists in the router. Zero Day Initiative To this vulnerability ZDI-CAN-12066 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-Link DAP-1330 is a WIFI device of China Taiwan D-Link (D-Link) company's network equipment