VARIoT IoT vulnerabilities database

Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to view and exfiltrate sensitive information on the system. DELL Dell Hybrid Client is an application software of Dell (DELL). Provides a client computing software with hybrid cloud management capabilities

Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to register the client to a server in order to view sensitive information. DELL Dell Hybrid Client is an application software of Dell (DELL). Provides a client computing software with hybrid cloud management capabilities

Dell Hybrid Client versions prior to 1.5 contain a missing authentication for a critical function vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to gain root level access to the system. DELL Dell Hybrid Client is an application software of Dell (DELL). Provides a client computing software with hybrid cloud management capabilities

Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to gain access to sensitive information via the local API. DELL Dell Hybrid Client is an application software of Dell (DELL). Provides a client computing software with hybrid cloud management capabilities

A buffer overflow in the RTSP service of the Ambarella Oryx RTSP Server 2020-01-07 allows an unauthenticated attacker to send a crafted RTSP request, with a long digest authentication header, to execute arbitrary code in parse_authentication_header() in libamprotocol-rtsp.so.1 in rtsp_svc (or cause a crash). This allows remote takeover of a Furbo Dog Camera, for example. NOTE: The vendor states that the RTSP library is used for DEMO only, using it in product is a customer's behavior. Ambarella has emphasized that RTSP is DEMO only library, should NOT be used in product in our document. Because Ambarella's SDK is proprietary, we didn't publish our SDK source code in public network. Ambarella Oryx RTSP Server Contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Brickcom Corporation (Brickcom Corporation) is composed of a research and development team with rich experience in the surveillance industry, and develops digital surveillance products with advanced technology. Including millions of video network cameras, wireless network cameras, video servers, 3G video transmission (NVR) embedded network hard disk video recorders, CMS client platform systems, etc. The brickcom camera of BRICS Communication Technology Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Enterprising 750W is an enterprise-class wireless router. Shanghai Aitai Technology Co., Ltd. enterprising 750W has a command execution vulnerability, which can be exploited by attackers to gain control of the server.

DIR-816 750M11AC wireless router is a wireless router of DEXUN Electronic Equipment (Shanghai) Co., Ltd. The DIR-816 750M11AC wireless router has a command execution vulnerability. Attackers can use this vulnerability to execute commands remotely.

ZTE Corporation is the world's leading provider of integrated communications solutions. ZTE Corporation ZXHN F427 has an unauthorized access vulnerability. Attackers can use the vulnerability to obtain sensitive information.

Mi Router 4A Gigabit Edition is a gigabit router of Xiaomi Technology Co., Ltd. Mi Router 4A Gigabit Edition has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

Shenzhen Jixiang Tengda Technology Co., Ltd. is a high-tech enterprise integrating independent research and development, production and sales of network equipment. Shenzhen Jixiang Tengda Technology Co., Ltd. 11AC 1200MBPS wireless panel AP has a command execution vulnerability. Attackers can use this vulnerability to execute system commands.

Chengdu Zhifeng Technology Co., Ltd. was established in October 2016. It is an emerging high-tech company integrating R&D, production and sales. An unauthorized access vulnerability exists in the enterprise router of Chengdu Zhifeng Technology Co., Ltd., which can be exploited by attackers to obtain sensitive information.

Established in September 2000, China Telecom is a large-scale state-owned communications company in China and a global partner of the Shanghai World Expo. It has been selected as one of the "Fortune 500 Companies" for many consecutive years. China Telecom Tianyi Kandian camera has an information disclosure vulnerability, which can be exploited by attackers to obtain sensitive information.

TL-WR845N is a router from Prolink Technology Co., Ltd. TL-WR845N has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Hikvision is a video-centric IoT solution provider, providing comprehensive security, smart business and big data services. Hikvision's video and environmental integrated monitoring and management system has an arbitrary file download vulnerability, which can be exploited by attackers to obtain sensitive information.

Hikvision is a video-centric IoT solution provider, providing comprehensive security, smart business and big data services. Hikvision's video and environmental integrated monitoring and management system has an arbitrary password reset vulnerability, which can be exploited by attackers to affect the integrity of the system.

Seiko Cloud MES is mainly aimed at on-site management of small and medium-sized manufacturing workshops. Based on the industrial Internet, microservices, cloud computing, Internet of Things, and big data technology architecture, it provides low-cost, fast deployment, and easy-to-operate SAAS applications. Guangdong Jinggong Intelligent System Co., Ltd. Jinggong Cloud MES has a SQL injection vulnerability. Attackers can use the vulnerability to obtain sensitive information in the database.

Chengdu Feiyuxing Technology Co., Ltd. was established in 2002 and was listed in 2014 (stock code: 831002). It is headquartered in Chengdu Tianfu Software Park. It is one of the few local companies in the industry with independent intellectual property rights and independent research and development capabilities. A high-tech enterprise focusing on product innovation and research and development in the data communication industry and the Internet of Things industry. Feiyuxing router WEB configuration system has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

An issue was dicovered in vtiger crm 7.2. Union sql injection in the calendar exportdata feature. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information

MERCUSYS Mercury X18G 1.0.5 devices allow Denial of service via a crafted value to the POST listen_http_lan parameter. Upon subsequent device restarts after this vulnerability is exploted the device will not be able to access the webserver unless the listen_http_lan parameter to uhttpd.json is manually fixed