VARIoT IoT vulnerabilities database
| VAR-202106-0505 | CVE-2021-20575 | IBM Security Verify Access Vulnerability in insecure storage of important information in |
CVSS V2: 2.1 CVSS V3: 3.3 Severity: LOW |
IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another user on the system. X-Force ID: 199278. Vendor exploits this vulnerability IBM X-Force ID: 199278 Is published as.Information may be obtained. IBM Application Gateway is an application gateway of IBM Corporation in the United States. Provides a containerized secure Web reverse proxy, which is designed to be in front of your application and seamlessly add authentication and authorization protection to your application. Attackers may use this vulnerability to obtain sensitive information
| VAR-202105-1587 | No CVE | Prolink Technology Co., Ltd. WR1045ND has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
TP-LINK Technology Co., Ltd. ("TP-LINK" for short) is the world's leading supplier of network communication equipment.
The WR1045ND of Universal Technology Co., Ltd. has a weak password vulnerability. Attackers use the vulnerability to log in to the system background to obtain sensitive information.
| VAR-202105-1588 | No CVE | Universal Technology Co., Ltd. WDR4300 has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
TP-LINK Technology Co., Ltd. ("TP-LINK" for short) is the world's leading supplier of network communication equipment.
Universal Technology Co., Ltd. WDR4300 has a weak password vulnerability. Attackers use the vulnerability to log in to the system backend to obtain sensitive information.
| VAR-202105-1589 | No CVE | A weak password vulnerability exists in the AR web management platform |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The business of Huawei Technologies Co., Ltd. includes switches, transmission equipment, data communication equipment, broadband multimedia equipment, power supplies, wireless communication equipment, microelectronics products, software, etc.
The AR Web management platform has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202105-1590 | No CVE | DIR-816 has a command execution vulnerability |
CVSS V2: 8.3 CVSS V3: - Severity: HIGH |
DIR-816 is a wireless router under the D-Link brand.
DIR-816 has a command execution vulnerability, which can be exploited by an attacker to gain control of the server.
| VAR-202105-1591 | No CVE | DHP-W310AV has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
D-Link Electronic Equipment (Shanghai) Co., Ltd. is a company mainly engaged in network equipment, wireless equipment, switches and other projects.
DHP-W310AV has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202105-1592 | No CVE | N-speed Gigabit multi-network wireless broadband sharing device has a command execution vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Sapido was established in Tainan in 2006. It is a brand of network communication products and Internet of Things that has obtained the Taiwanese Smile Mark.
The N-speed Gigabit multi-network wireless broadband sharing device has a command execution vulnerability, which can be used by an attacker to gain control of the server.
| VAR-202105-1593 | No CVE | AC11 router has a binary vulnerability |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
AC11 router is a dual-band wireless router developed by Shenzhen Jixiang Tengda Technology Co., Ltd., which is specially designed for large-scale households and is suitable for use in 200M and above fiber optic homes.
The AC11 router has a binary vulnerability, which can be exploited by an attacker to gain control of the server.
| VAR-202105-1594 | No CVE | Prolink Technology Co., Ltd. WDR3600 has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
TP-LINK Technology Co., Ltd. ("TP-LINK" for short) is the world's leading supplier of network communication equipment.
Universal Technology Co., Ltd. WDR3600 has a weak password vulnerability. Attackers can use this vulnerability to log in to the system backend to obtain sensitive information.
| VAR-202105-1621 | No CVE | IDS-WEBCAM has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
IDS-WEBCAM is an industrial camera.
IDS-WEBCAM has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-0506 | CVE-2021-20576 | IBM Security Verify Access Vulnerability in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
IBM Security Verify Access 20.07 could allow a remote attacker to send a specially crafted HTTP GET request that could cause the application to crash. IBM Security Verify Access Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state. IBM Application Gateway is an application gateway of IBM Corporation in the United States. Provides a containerized secure Web reverse proxy, which is designed to be in front of your application and seamlessly add authentication and authorization protection to your application.
An information disclosure vulnerability exists in IBM Application Gateway. The vulnerability stems from the fact that the program allows web pages to be stored locally for other users on the system to read. Attackers may use this vulnerability to obtain sensitive information
| VAR-202106-1008 | CVE-2021-29665 | IBM Security Verify Access Out-of-bounds Vulnerability in Microsoft |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
IBM Security Verify Access 20.07 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with elevated privileges. IBM Security Verify Access Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. The service uses risk-based access, single sign-on, integrated access management control, identity federation, and mobile multi-factor authentication to achieve safe and simple access to platforms such as web, mobile, IoT, and cloud technologies
| VAR-202105-1622 | No CVE | TP-LINK TL-WR1043ND has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
TL-WR1043ND is an 11n wireless router designed for small and medium enterprises, SOHO and home users.
TP-LINK TL-WR1043ND has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202105-1623 | No CVE | TP-LINK TL-WR840N has a weak password vulnerability (CNVD-2021-30196) |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
TL-WR840N is a wireless router.
TP-LINK TL-WR840N has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202105-1624 | No CVE | MikroTik CHR router has a denial of service vulnerability |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
MikroTik was founded in 1995 and is headquartered in Riga, Latvia. It is mainly engaged in the development of routers and wireless ISP systems.
MikroTik CHR router has a denial of service vulnerability, which can be exploited by attackers to cause the program to crash.
| VAR-202105-1703 | No CVE | Hangzhou Hikvision Digital Technology Co., Ltd. Network Video Recorder has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Hangzhou Hikvision Digital Technology Co., Ltd. is a video-centric IoT solution provider, providing comprehensive security, smart business and big data services.
Hangzhou Hikvision Digital Technology Co., Ltd. Network Video Recorder has a weak password vulnerability. Attackers can use the vulnerability to obtain sensitive information.
| VAR-202105-0414 | CVE-2021-22736 | homeLYnk and spaceLYnk Traversal Vulnerability in Japan |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause a denial of service when an unauthorized file is uploaded. homeLYnk (Wiser For KNX) and spaceLYnk Contains a path traversal vulnerability.Denial of service (DoS) It may be put into a state
| VAR-202105-0413 | CVE-2021-22735 | homeLYnk and spaceLYnk Digital Signature Verification Vulnerability in |
CVSS V2: 6.5 CVSS V3: 7.2 Severity: HIGH |
Improper Verification of Cryptographic Signature vulnerability exists inhomeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could allow remote code execution when unauthorized code is copied to the device. homeLYnk (Wiser For KNX) and spaceLYnk Exists in a digital signature validation vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
| VAR-202105-0412 | CVE-2021-22734 | homeLYnk and spaceLYnk Digital Signature Verification Vulnerability in |
CVSS V2: 6.5 CVSS V3: 7.2 Severity: High |
Improper Verification of Cryptographic Signature vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause remote code execution when an attacker loads unauthorized code. homeLYnk (Wiser For KNX) and spaceLYnk Exists in a digital signature validation vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
| VAR-202105-0411 | CVE-2021-22733 | homeLYnk and spaceLYnk Vulnerability in privilege management |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
Improper Privilege Management vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause shell access when unauthorized code is loaded into the system folder. homeLYnk (Wiser For KNX) and spaceLYnk Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state