VARIoT IoT vulnerabilities database

Leguang is a brand of wireless network products independently developed by Shenzhen Chaohenghui Network Technology Co., Ltd. Leguang equipment management system has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Chengdu Feiyuxing Technology Co., Ltd. was established in 2002 as a high-tech enterprise focusing on product innovation and research and development in the data communication industry and the Internet of Things industry. Feiyuxing home intelligent routing has logic flaws and loopholes. Attackers can use the vulnerability to bypass the login by modifying the return packet and view sensitive information.

Cisco is the world's leading provider of network solutions. Cisco Wireless-G Internet Home Monitoring Camera has an unauthorized access vulnerability. Attackers can use vulnerabilities to obtain sensitive information.

Matsushita Electric (China) Co., Ltd. is an electronics manufacturer engaged in the production and sales of various electrical products. The Panasonic-SF335 camera has an unauthorized access vulnerability. Attackers can use vulnerabilities to obtain sensitive information.

WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver.1.02 and prior allow an attacker to execute arbitrary OS commands with root privileges via unspecified vectors. Provided by Buffalo Inc. WSR-1166DHP3 and WSR-1166DHP4 The following multiple vulnerabilities exist in. * Inadequate access restrictions (CWE-284) - CVE-2021-20730 ‥ * OS Command injection (CWE-78) - CVE-2021-20731 The following is the vulnerability information JPCERT/CC Report to JPCERT/CC Coordinated with the developers. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. * Device configuration information stolen by an attacker on an adjacent network - CVE-2021-20730 ‥ * By an attacker on an adjacent network root Some with authority OS Command is executed - CVE-2021-20731. Buffalo WSR-1166DHP3 and WSR-1166DHP4 have operating system command injection vulnerability

Improper access control vulnerability in WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver.1.02 and prior allows an attacker to obtain configuration information via unspecified vectors. Provided by Buffalo Inc. WSR-1166DHP3 and WSR-1166DHP4 The following multiple vulnerabilities exist in. * Inadequate access restrictions (CWE-284) - CVE-2021-20730 ‥ * OS Command injection (CWE-78) - CVE-2021-20731 The following is the vulnerability information JPCERT/CC Report to JPCERT/CC Coordinated with the developers. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. * Device configuration information stolen by an attacker on an adjacent network - CVE-2021-20730 ‥ * By an attacker on an adjacent network root Some with authority OS Command is executed - CVE-2021-20731. in Japan. Buffalo WSR-1166DHP3 and WSR-1166DHP4 have an access control error vulnerability

Beijing Wangyu Xingyun Information Technology Co., Ltd. was renamed from Lenovo Wangyu Technology (Beijing) Co., Ltd., and its predecessor was Lenovo Group Information Security Division. The main business covers network boundary security protection, application and data security protection, and network-wide security risk management. The Lenovo Netmaster Security Gateway has weak password vulnerabilities. The attacker uses a weak password to log in to the background to obtain sensitive information.

ASME Access Sharing Management Engine is an anti-agent product based on DPI application layer detection. Ruijie Networks’ ASME access shared management engine has logic flaws and vulnerabilities. The attacker can view and modify the returned packet by capturing the packet, fill in the password at will, and successfully log in to the background to obtain sensitive information.

S9306 is a routing switch, POE switch. Huawei S9306 has a weak password vulnerability. The attacker uses a weak password to log in to the background to obtain sensitive information.

Shenzhen Tenghu IOT Technology Co., Ltd. was established in August 2013. It is an Internet technology company integrating R&D, manufacturing, sales and service of commercial wireless network products. Shenzhen Tenghu IOT Technology Co., Ltd. AC9563 has a weak password vulnerability. Attackers can use weak passwords to log in to the background to obtain sensitive information.

S9312 is a switch. Huawei S9312 has a weak password vulnerability. The attacker uses a weak password to log in to the background to obtain sensitive information.

Chengdu Feiyuxing Technology Co., Ltd. was established in 2002 as a high-tech enterprise focusing on product innovation and research and development in the data communication industry and the Internet of Things industry. The Feiyuxing router has an information disclosure vulnerability. Attackers can use vulnerabilities to obtain sensitive information.

Shanghai Juyi Technology Development Co., Ltd., legal representative: Wang Nan, registered capital: 1 million yuan, address: JT1225, Room 2201, No. 888 Moyu South Road, Anting Town, Jiading District, Shanghai, Business Scope: General Projects: Technical Services, Technical Development , Technology consultation, technology exchange, technology transfer, technology promotion; software development; computer software and hardware and auxiliary equipment wholesale, etc. Vigor series products have logic flaws, which can be exploited by attackers to obtain sensitive information.

Network Video Server is a network video server. The Network Video Server network video server has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

D-Link DIR-816 is a wireless router under D-Link's D-Link brand, manufactured in mainland China. The DIR-816 750M11AC wireless router has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

Vigor2960 is a product of DrayTek in Taiwan, China. It is a load balancing router and VPN gateway device. DrayTek Vigor2960 has a command execution vulnerability, which can be exploited by attackers to obtain ROOT privileges.

Vigor2960 is a product of DrayTek in Taiwan, China. It is a load balancing router and VPN gateway device. DrayTek Vigor2960 has a command execution vulnerability, which can be exploited by attackers to obtain ROOT privileges.

IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another user on the system. X-Force ID: 199278. Vendor exploits this vulnerability IBM X-Force ID: 199278 Is published as.Information may be obtained. IBM Application Gateway is an application gateway of IBM Corporation in the United States. Provides a containerized secure Web reverse proxy, which is designed to be in front of your application and seamlessly add authentication and authorization protection to your application. Attackers may use this vulnerability to obtain sensitive information

TP-LINK Technology Co., Ltd. ("TP-LINK" for short) is the world's leading supplier of network communication equipment. The WR1045ND of Universal Technology Co., Ltd. has a weak password vulnerability. Attackers use the vulnerability to log in to the system background to obtain sensitive information.

TP-LINK Technology Co., Ltd. ("TP-LINK" for short) is the world's leading supplier of network communication equipment. Universal Technology Co., Ltd. WDR4300 has a weak password vulnerability. Attackers use the vulnerability to log in to the system backend to obtain sensitive information.