VARIoT IoT vulnerabilities database

VT Designer is a screen editing software developed by Shenzhen INVT Electric Co., Ltd. for VK/VT series touch screens. INVT VT Designer has a memory corruption vulnerability. Attackers can use this vulnerability to cause the program to crash.

VT Designer is a screen editing software developed by Shenzhen INVT Electric Co., Ltd. for VK/VT series touch screens. INVT VT Designer has a null pointer dereference vulnerability. Attackers can use this vulnerability to cause the program to crash.

VT Designer is a screen editing software developed by Shenzhen INVT Electric Co., Ltd. for VK/VT series touch screens. INVT VT Designer has a memory corruption vulnerability. Attackers can use this vulnerability to cause the program to crash.

Nanda Autotech Jiangsu Co., Ltd. is committed to independent research and development and production of cutting-edge industrial control products with reliable performance, excellent quality and advanced technology. There is an integer overflow vulnerability in the NATouch touch screen of Autotop Technology Co., Ltd. Attackers can use this vulnerability to cause the program to crash.

AutoThink is a professional PLC programming software for Hollysys le series. Hollysys Group AutoThink has a denial of service vulnerability. Attackers can use the vulnerability to construct malicious library files to cause a denial of service.

AutoThink is a professional PLC programming software for Hollysys le series. Hollysys Group AutoThink has a certification bypass vulnerability. Attackers can use the vulnerability to directly bypass the file opening password verification process by modifying the content of the library file.

Enterprising 750W is an enterprise-class wireless router. Shanghai Aitai Technology Co., Ltd. enterprising 750W has a command execution vulnerability. An attacker can use this vulnerability to gain server permissions.

Shenzhen Jixiang Tengda Technology Co., Ltd. is a high-tech enterprise integrating independent research and development, production and sales of network equipment. Tenda wireless router has an unauthorized access vulnerability. Attackers can use vulnerabilities to access the background and obtain sensitive information.

MAC1200R is a wireless router. The MAC1200R of Shenzhen Meikexing Communication Technology Co., Ltd. has a directory traversal vulnerability. Attackers can use vulnerabilities to obtain sensitive information.

Shenzhen Jixiang Tengda Technology Co., Ltd. is a high-tech enterprise integrating independent research and development, production and sales of network equipment. Shenzhen Jixiang Tengda Technology Co., Ltd. 11AC 1200MBPS wireless panel AP has a command execution vulnerability. Attackers can use this vulnerability to execute system commands.

Shenzhen Jixiang Tengda Technology Co., Ltd. is a high-tech enterprise integrating independent research and development, production and sales of network equipment. Shenzhen Jixiang Tengda Technology Co., Ltd. 11AC 1200MBPS wireless panel AP has a command execution vulnerability. Attackers can use this vulnerability to execute system commands.

Tiandi Weiye is an intelligent security solution provider. Based on artificial intelligence, big data, cloud computing, Internet of Things and other technologies, it provides intelligent video products, system solutions and High-quality technical services. Tiandi Weiye Technology Co., Ltd. network video browser has a weak password vulnerability. An attacker can use the vulnerability to log in with a weak password to view the monitoring system.

Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX Switch Module firmware versions prior to 2.0.0.82 contain a Weak Password Encryption Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account. DELL Dell EMC Networking X-Series is an X-series Ethernet switch from Dell (DELL)

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authentication vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to manipulate the username field under the comment section and set the value to any user. DELL Dell EMC iDRAC9 is a set of system management solutions including hardware and software from Dell (DELL). This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected parameters. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. DELL Dell EMC iDRAC9 is a set of system management solutions including hardware and software from Dell (DELL). This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems

Dell EMC iDRAC9 versions prior to 4.40.10.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected while generating a certificate. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. DELL Dell EMC iDRAC9 is a set of system management solutions including hardware and software from Dell (DELL). This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a DOM-based cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to DOM environment in the browser. The malicious code is then executed by the web browser in the context of the vulnerable web application. DELL Dell EMC iDRAC9 is a set of system management solutions including hardware and software from Dell (DELL). This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a stack-based overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability to overwrite configuration information by injecting arbitrarily large payload. DELL Dell EMC iDRAC9 is a set of system management solutions including hardware and software from Dell (DELL). This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a Time-of-check Time-of-use (TOCTOU) race condition vulnerability. A remote authenticated attacker could potentially exploit this vulnerability to gain elevated privileges when a user with higher privileges is simultaneously accessing iDRAC through the web interface. DELL Dell EMC iDRAC9 is a set of system management solutions including hardware and software from Dell (DELL). This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems

Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 contain a plain-text password storage vulnerability when the Dell Upgrade Readiness Utility is run on the system. The credentials of the Unisphere Administrator are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. DELL Dell EMC Unity and UnityVSA are both products of Dell (DELL). UnityVSA is a virtual Unity storage environment