VARIoT IoT vulnerabilities database
| VAR-202106-2224 | No CVE | Command execution vulnerability exists in RG-RAC200b (CNVD-2021-32471) |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
RG-RAC200b is a wireless controller.
RG-RAC200b has a command execution vulnerability, which can be exploited by attackers to gain server control authority.
| VAR-202106-2225 | No CVE | Command execution vulnerability exists in RG-RAC200b (CNVD-2021-32472) |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
RG-RAC200b is a wireless controller.
RG-RAC200b has a command execution vulnerability, which can be exploited by attackers to gain server control authority.
| VAR-202106-2226 | No CVE | Command execution vulnerability exists in RG-RAC200b (CNVD-2021-32473) |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
RG-RAC200b is a wireless controller.
RG-RAC200b has a command execution vulnerability, which can be exploited by attackers to gain server control authority.
| VAR-202106-2227 | No CVE | Command execution vulnerability exists in RG-RAC200b (CNVD-2021-32475) |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
RG-RAC200b is a wireless controller.
RG-RAC200b has a command execution vulnerability, which can be exploited by attackers to gain server control authority.
| VAR-202106-2228 | No CVE | Command execution vulnerability exists in RG-RAC200b (CNVD-2021-32476) |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
RG-RAC200b is a wireless controller.
RG-RAC200b has a command execution vulnerability, which can be exploited by attackers to gain server control authority.
| VAR-202106-2229 | No CVE | Command execution vulnerability exists in RG-RAC200b (CNVD-2021-32477) |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
RG-RAC200b is a wireless controller.
RG-RAC200b has a command execution vulnerability, which can be exploited by attackers to gain server control authority.
| VAR-202106-2230 | No CVE | Command execution vulnerability exists in RG-RAC200b (CNVD-2021-32474) |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
RG-RAC200b is a wireless controller.
RG-RAC200b has a command execution vulnerability, which can be exploited by attackers to gain server control authority.
| VAR-202106-2231 | No CVE | Ruijie Networks Co., Ltd. RSR10-02E has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
RSR10-02E is a multi-service router launched by Ruijie Networks Co., Ltd.
Ruijie Networks Co., Ltd. RSR10-02E has a weak password vulnerability. Attackers can use the vulnerability to obtain sensitive information.
| VAR-202106-2232 | No CVE | 3COM NJ2000 has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
3COM is an American company that produces and sells products related to computer networks.
3COM NJ2000 has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2233 | No CVE | TP-LINK TD-W8951ND has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
TP-Link TD-W8951ND is a wireless router product.
TP-LINK TD-W8951ND has weak password leakage. , Attackers use the vulnerability to obtain sensitive information.
| VAR-202106-2234 | No CVE | Command execution vulnerability exists in RG-RAC200b |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
RG-RAC200b is a wireless controller.
RG-RAC200b has a command execution vulnerability, which can be exploited by attackers to gain server control authority.
| VAR-202106-2235 | No CVE | TP-LINK TD-W8960N has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
TP-LINK Technology Co., Ltd. (hereinafter referred to as "TP-LINK") is the world's leading supplier of network communication equipment.
TP-LINK TD-W8960N has weak password vulnerability. Attackers can use this vulnerability to obtain sensitive information.
| VAR-202106-2236 | No CVE | TP-LINK TD-W8101G has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
TP-LINK Technology Co., Ltd. (hereinafter referred to as "TP-LINK") is the world's leading supplier of network communication equipment.
TP-LINK TD-W8101G has a weak password vulnerability. Attackers can use this vulnerability to obtain sensitive information.
| VAR-202106-2237 | No CVE | TP-LINK TD-8840T has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
TP-LINK Technology Co., Ltd. (hereinafter referred to as "TP-LINK") is the world's leading supplier of network communication equipment.
TP-LINK TD-8840T has a weak password vulnerability. Attackers can use this vulnerability to obtain sensitive information.
| VAR-202106-2238 | No CVE | TP-LINK TD-W8968 has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
TP-LINK Technology Co., Ltd. (hereinafter referred to as "TP-LINK") is the world's leading supplier of network communication equipment.
TP-LINK TD-W8968 has a weak password vulnerability. Attackers can use this vulnerability to obtain sensitive information.
| VAR-202106-2239 | No CVE | TP-LINK TD-8816 has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
TP-LINK Technology Co., Ltd. (hereinafter referred to as "TP-LINK") is the world's leading supplier of network communication equipment.
TP-LINK TD-8816 has a weak password vulnerability. Attackers can use this vulnerability to obtain sensitive information.
| VAR-202106-2240 | No CVE | TP-LINK TD-8817 has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
TP-LINK Technology Co., Ltd. (hereinafter referred to as "TP-LINK") is the world's leading supplier of network communication equipment.
TP-LINK TD-8817 has a weak password vulnerability. Attackers can use this vulnerability to obtain sensitive information.
| VAR-202106-2300 | No CVE | HP ENVY 5530 has unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
HP ENVY 5530 is an A4 inkjet all-in-one printer from HP.
HP ENVY 5530 has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-1515 | CVE-2021-33842 | Circutor SGE-PLC1000 Firmware authentication vulnerability |
CVSS V2: 7.7 CVSS V3: 8.8 Severity: HIGH |
Improper Authentication vulnerability in the cookie parameter of Circutor SGE-PLC1000 firmware version 0.9.2b allows an attacker to perform operations as an authenticated user. In order to exploit this vulnerability, the attacker must be within the network where the device affected is located. Circutor SGE-PLC1000 There is an authentication vulnerability in the firmware.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Circutor SGE-PLC1000 is a smart metering system equipment. The main function is to manage the mains power through CIRWATT meters or other meters using PRIME technology.
The Circutor SGE-PLC1000 firmware version 0.9.2b has an authorization issue vulnerability
| VAR-202106-1514 | CVE-2021-33841 | Circutor SGE-PLC1000 operating system command injection vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
SGE-PLC1000 device, in its 0.9.2b firmware version, does not handle some requests correctly, allowing a remote attacker to inject code into the operating system with maximum privileges. SGE-PLC1000 The device has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Circutor SGE-PLC1000 is a smart metering system equipment. The main function is to manage the mains power through CIRWATT meters or other meters using PRIME technology.
There is an operating system command injection vulnerability in the Circutor SGE-PLC1000 0.9.2b firmware version