VARIoT IoT vulnerabilities database

NBR1000G is a router launched by Ruijie Networks Co., Ltd. Ruijie Networks Co., Ltd. NBR1000G has a command execution vulnerability. Attackers can use this vulnerability to execute arbitrary commands.

Matsushita Electric (China) Co., Ltd. is mainly responsible for the sales and after-sales service activities of home appliances, systems, environment, components and other commodities. Matsushita Electric (China) Co., Ltd. Network Camera BB-ST162A and BB-ST162 have unauthorized access vulnerabilities, which can be exploited by attackers to obtain sensitive information.

RG-NBR700G is an Internet behavior management router launched by Ruijie. It is a router designed for all office scenarios. Ruijie Networks Co., Ltd. RG-NBR700G has a weak password vulnerability. Attackers can use the vulnerability to obtain sensitive information.

Sapido specializes in the design and development of smart full wireless security systems and hardware devices. At the same time, it has the R&D capabilities of APP. It covers smart home SMART HOME TOTAL SOLUTION and smart manufacturing & ERP and other comprehensive enterprise integration solutions. It provides wireless sharing devices, Netcom products, and smart sockets. , Monitoring and security products. The Sapido router has a command execution vulnerability, which can be used by attackers to execute arbitrary commands.

DCS-4622 is a three-megapixel 360-degree fisheye network camera. D-Link DCS-4622 has an information disclosure vulnerability, which can be exploited by attackers to obtain account passwords.

Opzoon Technology Co., Ltd. (English: Opzoon) is a world-leading provider of cloud computing data center solutions and the first high-tech enterprise in China to establish an enterprise-level applied mathematics laboratory. Hanbo Technology Co., Ltd. PA-5500-U06 has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

The D-link router DIR-885L-MFC 1.15b02, v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data. D-link Router DIR-885L-MFC Exists in an inadequate protection of credentials.Information may be obtained. D-Link DIR-885L MFC is a wireless router produced by D-Link in Taiwan. D-link DIR-885L-MFC 1.15b02, v1.21b05 has an information disclosure vulnerability. This vulnerability originates from DIR-885L-MFC 1.15b02, v1.21b05

The DLink Router DIR-895L MFC v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data. DLink Router DIR-895L MFC Contains a vulnerability in the plaintext storage of important information.Information may be obtained. D-Link DIR-895L MFC is a wireless router produced by D-Link in Taiwan. DLink DIR-895L MFC v1.21b05 has an information disclosure vulnerability

The D-Link router DIR-880L 1.07 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data. D-Link Router DIR-880L Exists in an inadequate protection of credentials.Information may be obtained. D-Link DIR-880L is a wireless AC1900 dual-band gigabit cloud router. D-Link DIR-880L version 1.07 has a credential disclosure vulnerability

The D-Link router DIR-868L 3.01 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data. D-Link Router DIR-868L Exists in an inadequate protection of credentials.Information may be obtained. D-Link DIR-868L is a wireless AC1750 dual-band gigabit cloud router. D-Link DIR-868L version 3.01 has a credential disclosure vulnerability

NA400PLC is a high-performance programmable controller launched by Autotop Technology Co., Ltd. The NA400PLC of Autotop Technology Co., Ltd. has a vulnerability in industrial control equipment. Attackers can use the vulnerability to modify user passwords.

China Telecom's NB-IOT smart device management platform is an IoT management platform. China Telecom's NB-IOT smart device management platform has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.14 stores sensitive information in GET request parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 193033. Vendor exploits this vulnerability IBM X-Force ID: 193033 Is published as.Information may be obtained. IBM DataPower Gateway is a security and integration platform specially designed for mobile, cloud, application programming interface (API), network, service-oriented architecture (SOA), B2B and cloud workloads. The platform secures, integrates and optimizes access across channels with a dedicated gateway platform

An open redirect vulnerability exists in BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, and SEMAC devices from CHIYU Technology that can be exploited by sending a link that has a specially crafted URL to convince the user to click on it. plural CHIYU Technology The product contains an open redirect vulnerability.Information may be obtained and information may be tampered with

Xiamen Sixin Communication Technology Co., Ltd. focuses on the research and development, production, promotion and service of high-end wireless communication transmission equipment in the industrial field. It is a backbone enterprise in the wireless communication field of the Internet of Things in China. "Enterprises whose values cover products, services and management activities." The RMP router management platform of Xiamen Sixin Communication Technology Co., Ltd. has a weak password vulnerability. Attackers can use the vulnerability to obtain sensitive information and operate the device.

Damai Technology Development Co., Ltd. is a wholly-owned subsidiary of Damai Technology-Dr. Peng Group. Based on the broad coverage of the group's broadband business, Damai Technology Development Co., Ltd. is committed to the development and application of all-round smart terminal products for users' future work and life. Damai box DM4036 has a command execution vulnerability, which can be exploited by an attacker to gain control of the server.

Phicomm Data Communication Technology Co., Ltd. was established in 2009. It is a technologically innovative enterprise that provides users with smart products and cloud services in the field of smart homes. Smart Life is a strategic section of Phicomm’s Internet. It uses smart network equipment, smart hardware, APP and Internet communication. The channel is the carrier of operation. Phicomm router K2P has an arbitrary file reading vulnerability, which can be exploited by attackers to obtain sensitive information.

Phicomm Data Communication Technology Co., Ltd. was established in 2009. It is a technologically innovative enterprise that provides users with smart products and cloud services in the field of smart homes. Smart Life is a strategic section of Phicomm’s Internet. It uses smart network equipment, smart hardware, APP and Internet communication. The channel is the carrier of operation; Phicomm router FR3008 has a weak password vulnerability. Attackers can use the vulnerability to view user information.

Ruijie Networks is a professional network manufacturer with a full range of network equipment product lines and solutions including switches, routers, software, security firewalls, wireless products, storage, etc. Ruijie Networks Co., Ltd. RG-ISG has a weak password vulnerability. Attackers can use the vulnerability to obtain sensitive information.

Kyan is a network monitoring device. Kyan network monitoring equipment has a command execution vulnerability, which can be exploited by an attacker to gain control of the server.