VARIoT IoT vulnerabilities database

Shenzhen Jixiang Tengda Technology Co., Ltd. (hereinafter referred to as "Tengda") was founded in 1999. It is a professional supplier of network communication equipment and solutions, as well as a high-tech enterprise integrating R&D, production, supply, sales and service. Tenda enterprise-level AP management routers have command execution vulnerabilities. An attacker can use this vulnerability to gain server permissions.

Shenzhen Jixiang Tengda Technology Co., Ltd. (hereinafter referred to as "Tengda") was founded in 1999. It is a professional supplier of network communication equipment and solutions, as well as a high-tech enterprise integrating R&D, production, supply, sales and service. Tenda enterprise-level AP management routers have command execution vulnerabilities. An attacker can use this vulnerability to gain server permissions.

Chengdu Feiyuxing Technology Co., Ltd. specializes in serving corporate, commercial and home users, providing intelligent and easy-to-use network communication management equipment and innovative technology value-added services. The company's existing IoT cloud, smart power box, smart power controller, Security monitoring switches, Nebulas platforms, full-scenario wireless solutions, public security audit solutions, smart home solutions and other products and solutions. Chengdu Feiyuxing Technology Co., Ltd. Feiyuxing home intelligent router has logic flaws and loopholes. Attackers can use vulnerabilities to bypass login and obtain sensitive information.

Firely/Incendi Spark before 1.5.5-r4 lacks Content-Disposition headers in certain situations, which may cause crafted files to be delivered to clients such that they are rendered directly in a victim's web browser. Firely/Incendi Spark There is a vulnerability in the use of incorrectly resolved names and references.Information may be obtained and information may be tampered with. Spark is a public domain FHIR server developed using C#. Firely/Incendi Spark versions prior to 1.5.5-r4 have security vulnerabilities. Render directly in the browser. No detailed vulnerability details are currently provided

TP-Link Archer C1200 firmware version 1.13 Build 2018/01/24 rel.52299 EU has a XSS vulnerability allowing a remote attacker to execute arbitrary code. TP-Link Archer C1200 A cross-site scripting vulnerability exists in the firmware.Information may be obtained and information may be tampered with. TP-Link Archer C1200 is a wireless dual-band Gigabit router

Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Login as User or Customer (User Switching) WordPress plugin before 1.8, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE. WordPress for Login as User or Customer (User Switching) The plugin contains an authorization vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. WordPress is a blogging platform developed by the Wordpress Foundation using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. A WordPress plugin is an open source application plugin for WordPress

In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management. plural WAGO The product contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. WAGO is a 750-88x series programmable logic controller from WAGO. The device is a digital operation electronic system designed specifically for applications in an industrial environment. WAGO has a cross-site scripting vulnerability. The vulnerability stems from the lack of correct verification of client data in WEB applications

In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users. plural WAGO The product is vulnerable to a lack of authentication for critical features.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users. plural WAGO The product contains a vulnerability related to insufficient protection of credentials.Information may be obtained

In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties. plural WAGO The product contains a vulnerability in improper permission assignment for critical resources.Information may be obtained

In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials. plural WAGO The product contains a vulnerability in the plaintext storage of important information.Information may be obtained

In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory. plural WAGO The product contains a vulnerability related to information leakage.Information may be obtained

LINKSYS E1000 is a router product. The Linksys E1000 router has a denial of service vulnerability, which can be exploited by attackers to cause the service program to crash.

The SRG3200 router is a high-performance enterprise-class router launched by Huawei Technologies Co., Ltd. Huawei Technologies Co., Ltd. SRG3200 has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

There is a weak secure algorithm vulnerability in Huawei products. A weak secure algorithm is used in a module. Attackers can exploit this vulnerability by capturing and analyzing the messages between devices to obtain information. This can lead to information leak.Affected product versions include: IPS Module V500R005C00SPC100, V500R005C00SPC200; NGFW Module V500R005C00SPC100, V500R005C00SPC200; Secospace USG6300 V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200; Secospace USG6500 V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200; Secospace USG6600 V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200; USG9500 V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200. plural Huawei The product contains vulnerabilities in the use of cryptographic algorithms.Information may be obtained

Dell EMC iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access to the virtual console. DELL Dell EMC iDRAC9 is a set of system management solutions including hardware and software from Dell (DELL). This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems

HCL Domino is affected by an Insufficient Access Control vulnerability. An authenticated attacker with local access to the system could exploit this vulnerability to attain escalation of privileges, denial of service, or information disclosure. HCL Technologies Limited of Domino server Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Knowage Suite 7.3 is vulnerable to Stored Client-Side Template Injection in '/knowage/restful-services/signup/update' via the 'name' parameter. Knowage Suite Is vulnerable to injection.Information may be obtained and information may be tampered with

Knowage Suite 7.3 is vulnerable to unauthenticated reflected cross-site scripting (XSS). An attacker can inject arbitrary web script in '/servlet/AdapterHTTP' via the 'targetService' parameter

Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting (XSS). An attacker can inject arbitrary web script in '/knowage/restful-services/documentnotes/saveNote' via the 'nota' parameter