VARIoT IoT vulnerabilities database

An authentication brute-force protection mechanism bypass in telnetd in D-Link Router model DIR-842 firmware version 3.0.2 allows a remote attacker to circumvent the anti-brute-force cool-down delay period via a timing-based side-channel attack. D-Link Router model DIR-842 There is an observable mismatch vulnerability in the firmware.Information may be tampered with. D-Link DIR-842 is a home router produced by Taiwan D-Link Technology Co., Ltd

It was possible to exploit an Unauthenticated Time-Based Blind SQL Injection vulnerability in the Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin before 5.153.4. The update_log function in lib/Cleantalk/ApbctWP/Firewall/SFW.php included a vulnerable query that could be injected via the User-Agent Header by manipulating the cookies set by the Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.153.4, sending an initial request to obtain a ct_sfw_pass_key cookie and then manually setting a separate ct_sfw_passed cookie and disallowing it from being reset. WordPress is a blogging platform developed by the Wordpress Foundation using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. A WordPress plugin is an open source application plugin for WordPress

Dell EMC NetWorker, versions 18.x, 19.1.x, 19.2.x 19.3.x, 19.4, and 19.4.0.1 contain an Improper Certificate Validation vulnerability in the client (NetWorker Management Console) components which uses SSL encrypted connection in order to communicate with the application server. An unauthenticated attacker in the same network collision domain as the NetWorker Management Console client could potentially exploit this vulnerability to perform man-in-the-middle attacks to intercept and tamper the traffic between the client and the application server. Dell EMC NetWorker Contains a certificate validation vulnerability.Information may be tampered with. The software provides backup and recovery, deduplication, backup reporting, and more

Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 19.4.0.1, contains an Information Disclosure vulnerability. A local administrator of the gstd system may potentially exploit this vulnerability to read LDAP credentials from local logs and use the stolen credentials to make changes to the network domain. The software provides backup and recovery, deduplication, backup reporting, and more

Fiberhome FR2600-420 is a router from Fiberhome Communication Technology Co., Ltd. Fiberhome FR2600-420 router has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

Taiyuan Yisi Software Technology Co., Ltd. is an Internet software development and system integration enterprise that relies on Internet information and Internet of Things technology to provide enterprises with complete smart factory solutions. An SQL injection vulnerability exists in the business management and control system of Taiyuan Yisi Software Technology Co., Ltd., which can be exploited by attackers to obtain sensitive information in the database.

Shenzhen Jixiang Tengda Technology Co., Ltd. (hereinafter referred to as "Tengda") was founded in 1999. It is a professional supplier of network communication equipment and solutions, as well as a high-tech enterprise integrating R&D, production, supply, sales and service. Tenda enterprise-level AP management routers have command execution vulnerabilities. An attacker can use this vulnerability to gain server permissions.

Shenzhen Jixiang Tengda Technology Co., Ltd. (hereinafter referred to as "Tengda") was founded in 1999. It is a professional supplier of network communication equipment and solutions, as well as a high-tech enterprise integrating R&D, production, supply, sales and service. Tenda enterprise-level AP management routers have command execution vulnerabilities. An attacker can use this vulnerability to gain server permissions.

Shenzhen Jixiang Tengda Technology Co., Ltd. (hereinafter referred to as "Tengda") was founded in 1999. It is a professional supplier of network communication equipment and solutions, as well as a high-tech enterprise integrating R&D, production, supply, sales and service. Tenda enterprise-level AP management routers have command execution vulnerabilities. An attacker can use this vulnerability to gain server permissions.

Chengdu Feiyuxing Technology Co., Ltd. specializes in serving corporate, commercial and home users, providing intelligent and easy-to-use network communication management equipment and innovative technology value-added services. The company's existing IoT cloud, smart power box, smart power controller, Security monitoring switches, Nebulas platforms, full-scenario wireless solutions, public security audit solutions, smart home solutions and other products and solutions. Chengdu Feiyuxing Technology Co., Ltd. Feiyuxing home intelligent router has logic flaws and loopholes. Attackers can use vulnerabilities to bypass login and obtain sensitive information.

Firely/Incendi Spark before 1.5.5-r4 lacks Content-Disposition headers in certain situations, which may cause crafted files to be delivered to clients such that they are rendered directly in a victim's web browser. Firely/Incendi Spark There is a vulnerability in the use of incorrectly resolved names and references.Information may be obtained and information may be tampered with. Spark is a public domain FHIR server developed using C#. Firely/Incendi Spark versions prior to 1.5.5-r4 have security vulnerabilities. Render directly in the browser. No detailed vulnerability details are currently provided

TP-Link Archer C1200 firmware version 1.13 Build 2018/01/24 rel.52299 EU has a XSS vulnerability allowing a remote attacker to execute arbitrary code. TP-Link Archer C1200 A cross-site scripting vulnerability exists in the firmware.Information may be obtained and information may be tampered with. TP-Link Archer C1200 is a wireless dual-band Gigabit router

Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Login as User or Customer (User Switching) WordPress plugin before 1.8, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE. WordPress for Login as User or Customer (User Switching) The plugin contains an authorization vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. WordPress is a blogging platform developed by the Wordpress Foundation using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. A WordPress plugin is an open source application plugin for WordPress

In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management. plural WAGO The product contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. WAGO is a 750-88x series programmable logic controller from WAGO. The device is a digital operation electronic system designed specifically for applications in an industrial environment. WAGO has a cross-site scripting vulnerability. The vulnerability stems from the lack of correct verification of client data in WEB applications

In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users. plural WAGO The product is vulnerable to a lack of authentication for critical features.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users. plural WAGO The product contains a vulnerability related to insufficient protection of credentials.Information may be obtained

In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties. plural WAGO The product contains a vulnerability in improper permission assignment for critical resources.Information may be obtained

In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials. plural WAGO The product contains a vulnerability in the plaintext storage of important information.Information may be obtained

In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory. plural WAGO The product contains a vulnerability related to information leakage.Information may be obtained

LINKSYS E1000 is a router product. The Linksys E1000 router has a denial of service vulnerability, which can be exploited by attackers to cause the service program to crash.