VARIoT IoT vulnerabilities database

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to write arbitrary files via unspecified vectors. Synology Photo Station Contains a path traversal vulnerability.Information may be tampered with. Synology Photo Station is a set of solutions for sharing pictures, videos and blogs on the Internet from Synology, a Taiwan-based company

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in PHP component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary SQL command via unspecified vectors. Synology Photo Station Has SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Synology Photo Station is a set of solutions for sharing pictures, videos and blogs on the Internet from Synology, a Taiwan-based company

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in thumbnail component in Synology Photo Station before 6.8.14-3500 allows remote attackers users to execute arbitrary SQL commands via unspecified vectors. Synology Photo Station Has SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Synology Photo Station is a set of solutions for sharing pictures, videos and blogs on the Internet from Synology, a Taiwan-based company

Improper limitation of a pathname to a restricted directory ('Path Traversal') in cgi component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors. Synology DiskStation Manager (DSM) Contains a path traversal vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Synology DiskStation Manager (DSM) is an operating system for network storage servers (NAS) developed by Synology, Taiwan. The operating system can manage data, documents, photos, music and other information

Intra-cluster communication does not use TLS. The services within the NGINX Controller 3.x before 3.4.0 namespace are using cleartext protocols inside the cluster. NGINX Controller Contains a vulnerability in the transmission of important information in clear text.Information may be obtained and information may be tampered with. Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server of Nginx Company in the United States. There is a security vulnerability in the Nginx controller. An attacker could exploit this vulnerability to read and modify data sent between services managed within an affected controller

Server-Side request forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.15-3563 allows remote authenticated users to read arbitrary files via unspecified vectors. Synology Download Station Contains a server-side request forgery vulnerability.Information may be obtained. Synology Download Station is a browser extension. You can browse the downloading and downloaded tasks of the download center package without visiting the web version of Synology, and you can also add tasks

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability container volume management component in Synology Docker before 18.09.0-0515 allows local users to read or write arbitrary files via unspecified vectors. Synology Docker Contains a path traversal vulnerability.Information may be obtained and information may be tampered with. Docker is an open source application container engine developed by American Docker Company. This product supports the creation of a container (lightweight virtual machine) on a Linux system and the deployment and operation of applications, as well as the automatic installation, deployment and upgrade of applications through configuration files

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in PDF Viewer component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote authenticated users to read limited files via unspecified vectors. Synology DiskStation Manager (DSM) Contains a path traversal vulnerability.Information may be obtained. Synology DiskStation Manager (DSM) is an operating system for network storage servers (NAS) developed by Synology, Taiwan. The operating system can manage data, documents, photos, music and other information

Server-Side Request Forgery (SSRF) vulnerability in webapi component in Synology Video Station before 2.4.10-1632 allows remote authenticated users to send arbitrary request to intranet resources via unspecified vectors. Synology Video Station is a video management center. All movies, TV shows and home videos on your Synology NAS can be managed

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Synology Media Server Has SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Synology Media Server is a media server

D-Link Electronic Equipment (Shanghai) Co., Ltd. was established on August 13, 2002. The company's business scope includes routers, network cards, hubs, switches, converters, etc. in the region. The D-Link router management page has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Leguang is a brand of wireless network products independently developed by Shenzhen Chaohenghui Network Technology Co., Ltd. Leguang equipment management system has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Chengdu Feiyuxing Technology Co., Ltd. was established in 2002 as a high-tech enterprise focusing on product innovation and research and development in the data communication industry and the Internet of Things industry. Feiyuxing home intelligent routing has logic flaws and loopholes. Attackers can use the vulnerability to bypass the login by modifying the return packet and view sensitive information.

Cisco is the world's leading provider of network solutions. Cisco Wireless-G Internet Home Monitoring Camera has an unauthorized access vulnerability. Attackers can use vulnerabilities to obtain sensitive information.

Matsushita Electric (China) Co., Ltd. is an electronics manufacturer engaged in the production and sales of various electrical products. The Panasonic-SF335 camera has an unauthorized access vulnerability. Attackers can use vulnerabilities to obtain sensitive information.

WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver.1.02 and prior allow an attacker to execute arbitrary OS commands with root privileges via unspecified vectors. Provided by Buffalo Inc. WSR-1166DHP3 and WSR-1166DHP4 The following multiple vulnerabilities exist in. * Inadequate access restrictions (CWE-284) - CVE-2021-20730 ‥ * OS Command injection (CWE-78) - CVE-2021-20731 The following is the vulnerability information JPCERT/CC Report to JPCERT/CC Coordinated with the developers. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. * Device configuration information stolen by an attacker on an adjacent network - CVE-2021-20730 ‥ * By an attacker on an adjacent network root Some with authority OS Command is executed - CVE-2021-20731. Buffalo WSR-1166DHP3 and WSR-1166DHP4 have operating system command injection vulnerability

Improper access control vulnerability in WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver.1.02 and prior allows an attacker to obtain configuration information via unspecified vectors. Provided by Buffalo Inc. WSR-1166DHP3 and WSR-1166DHP4 The following multiple vulnerabilities exist in. * Inadequate access restrictions (CWE-284) - CVE-2021-20730 ‥ * OS Command injection (CWE-78) - CVE-2021-20731 The following is the vulnerability information JPCERT/CC Report to JPCERT/CC Coordinated with the developers. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. * Device configuration information stolen by an attacker on an adjacent network - CVE-2021-20730 ‥ * By an attacker on an adjacent network root Some with authority OS Command is executed - CVE-2021-20731. in Japan. Buffalo WSR-1166DHP3 and WSR-1166DHP4 have an access control error vulnerability

Beijing Wangyu Xingyun Information Technology Co., Ltd. was renamed from Lenovo Wangyu Technology (Beijing) Co., Ltd., and its predecessor was Lenovo Group Information Security Division. The main business covers network boundary security protection, application and data security protection, and network-wide security risk management. The Lenovo Netmaster Security Gateway has weak password vulnerabilities. The attacker uses a weak password to log in to the background to obtain sensitive information.

ASME Access Sharing Management Engine is an anti-agent product based on DPI application layer detection. Ruijie Networks’ ASME access shared management engine has logic flaws and vulnerabilities. The attacker can view and modify the returned packet by capturing the packet, fill in the password at will, and successfully log in to the background to obtain sensitive information.

S9306 is a routing switch, POE switch. Huawei S9306 has a weak password vulnerability. The attacker uses a weak password to log in to the background to obtain sensitive information.