VARIoT IoT vulnerabilities database
| VAR-202106-2207 | No CVE | Three Xinhua systems have weak password vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
ER3100, ER5200G2, ER3260G2, ER3200G2, ER8300G2 are router products of New H3C Technology Co., Ltd.
More than three systems in Xinhua have weak password vulnerabilities, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2208 | No CVE | TP-LINK TL-WR1042ND router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Prolink Technology Co., Ltd. is the world's leading supplier of network communication equipment.
The TL-WR1042ND router has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.
| VAR-202106-2209 | No CVE | TP-LINK TL-WR949N router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Prolink Technology Co., Ltd. is the world's leading supplier of network communication equipment.
The TL-WR949N router has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.
| VAR-202106-2210 | No CVE | TP-LINK TL-WR843ND router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Prolink Technology Co., Ltd. is the world's leading supplier of network communication equipment.
The TL-WR843ND router has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.
| VAR-202106-2211 | No CVE | TP-LINK TL-WA801ND router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Prolink Technology Co., Ltd. is the world's leading supplier of network communication equipment.
The TL-WA801ND router has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.
| VAR-202106-2212 | No CVE | TP-LINK TL-WR749N router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Prolink Technology Co., Ltd. is the world's leading supplier of network communication equipment.
The TL-WR749N router has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.
| VAR-202106-2213 | No CVE | Phicomm router K3 has an arbitrary file reading vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Phicomm Data Communication Technology Co., Ltd. was established in 2009 and is a technologically innovative enterprise that provides users with smart products and cloud services in the field of smart homes.
Phicomm router K3 has an arbitrary file reading vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2214 | No CVE | TP-LINK TD-W8901G router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
TP-LINK is the world's leading supplier of network communication equipment.
The TD-W8901G router has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.
| VAR-202106-2215 | No CVE | Shenzhen Zhibotong Electronics Co., Ltd. smart router MT7620N has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Shenzhen Zhibotong Electronics Co., Ltd. (hereinafter referred to as Zhibotong) was founded in 2010 and won the national high-tech enterprise and Shenzhen high-tech enterprise. It is a network communication equipment and overall solution integrating R&D, production, sales and service. Provider.
Shenzhen Zhibotong Electronics Co., Ltd. smart router MT7620N has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2216 | No CVE | Phicomm router K3C has an arbitrary file reading vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Phicomm Data Communication Technology Co., Ltd. was established in 2009 and is a technologically innovative enterprise that provides users with smart products and cloud services in the field of smart homes.
Phicomm router K3C has an arbitrary file reading vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2217 | No CVE | TP-LINK Archer-C7 router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Prolink Technology Co., Ltd. is the world's leading supplier of network communication equipment.
The Archer-C7 router has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.
| VAR-202106-2218 | No CVE | TP-LINK TL-WR720N router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Prolink Technology Co., Ltd. is the world's leading supplier of network communication equipment.
The TL-WR720N router has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.
| VAR-202106-2219 | No CVE | TP-LINK Archer-C1900 router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Prolink Technology Co., Ltd. is the world's leading supplier of network communication equipment.
The Archer-C1900 router has a weak password vulnerability. Attackers can use the vulnerability to log in to the system background and perform unauthorized operations.
| VAR-202106-2220 | No CVE | TP-LINK TL-WR743ND router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Prolink Technology Co., Ltd. is the world's leading supplier of network communication equipment.
The TL-WR743ND router has a weak password vulnerability. Attackers can use the vulnerability to log in to the system background and perform unauthorized operations.
| VAR-202106-2221 | No CVE | TP-LINK Archer-C8 router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Prolink Technology Co., Ltd. is the world's leading supplier of network communication equipment.
The Archer-C8 router has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.
| VAR-202106-2222 | No CVE | TP-LINK TL-WR340G router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Prolink Technology Co., Ltd. is the world's leading supplier of network communication equipment.
The TL-WR340G router has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.
| VAR-202106-2223 | No CVE | TP-LINK Archer-C9 router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Prolink Technology Co., Ltd. is the world's leading supplier of network communication equipment.
The Archer-C9 router has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.
| VAR-202106-0821 | CVE-2021-21735 | ZXHN H168N Vulnerability regarding improper retention of permissions in |
CVSS V2: 4.0 CVSS V3: 6.5 Severity: MEDIUM |
A ZTE product has an information leak vulnerability. Due to improper permission settings, an attacker with ordinary user permissions could exploit this vulnerability to obtain some sensitive user information through the wizard page without authentication. This affects ZXHN H168N all versions up to V3.5.0_EG1T4_TE. ZXHN H168N There is a vulnerability in improper retention of permissions.Information may be obtained
| VAR-202106-1001 | CVE-2021-29754 | IBM WebSphere Application Server Vulnerability in privilege management |
CVSS V2: 6.5 CVSS V3: 8.8 Severity: HIGH |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a privilege escalation vulnerability when using the SAML Web Inbound Trust Association Interceptor (TAI). IBM X-Force ID: 202006. Vendor is responsible for this vulnerability IBM X-Force ID: 202006 Is published as.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This product is a platform for JavaEE and Web service applications, as well as the foundation of the IBM WebSphere software platform. No detailed vulnerability details are currently provided
| VAR-202106-0822 | CVE-2021-21736 | ZXHN HS562 Inappropriate Default Permission Vulnerability |
CVSS V2: 8.0 CVSS V3: 7.2 Severity: HIGH |
A smart camera product of ZTE is impacted by a permission and access control vulnerability. Due to the defect of user permission management by the cloud-end app, users whose sharing permissions have been revoked can still control the camera, such as restarting the camera, restoring factory settings, etc.. This affects ZXHN HS562 V1.0.0.0B2.0000, V1.0.0.0B3.0000E. ZXHN H168N Is vulnerable to incorrect default permissions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state