VARIoT IoT vulnerabilities database

In TP-Link TL-XDR3230 < 1.0.12, TL-XDR1850 < 1.0.9, TL-XDR1860 < 1.0.14, TL-XDR3250 < 1.0.2, TL-XDR6060 Turbo < 1.1.8, TL-XDR5430 < 1.0.11, and possibly others, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for which the on-link flag is set. TP-Link TL-XDR is a router series of China's TP-Link company. No detailed vulnerability details are currently provided

TP-Link TL-WR802N(US), Archer_C50v5_US v4_200 <= 2020.06 contains a buffer overflow vulnerability in the httpd process in the body message. The attack vector is: The attacker can get shell of the router by sending a message through the network, which may lead to remote code execution. TP-Link TL-WR802N is a wireless router of China's TP-Link company. Attackers can use this vulnerability to execute code remotely

Dell Peripheral Manager 1.3.1 or greater contains remediation for a local privilege escalation vulnerability that could be potentially exploited to gain arbitrary code execution on the system with privileges of the system user. Dell Peripheral Manager is an application software of Dell (Dell). Provides on-screen instructions on how to pair other devices with your computer via Bluetooth

Dell SRM versions prior to 4.5.0.1 and Dell SMR versions prior to 4.5.0.1 contain an Untrusted Deserialization Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to arbitrary privileged code execution on the vulnerable application. The severity is Critical as this may lead to system compromise by unauthenticated attackers. Dell EMC Storage Resource Manager is an application software of Dell (Dell). A comprehensive monitoring and reporting solution that helps IT visualize, analyze and optimize today's storage infrastructure while providing a management framework to support investments in software-defined storage

KUKA.OfficeLite is KUKA's virtual robot controller. KUKA.OfficeLite has a command execution vulnerability. Attackers can use this vulnerability to execute arbitrary code remotely through constructed data.

Zhejiang Dahua Technology Co., Ltd. is a smart IoT solution provider and operation service provider with video as the core. Zhejiang Dahua Technology Co., Ltd. A3A04MG7 has a denial of service vulnerability. An attacker can use this vulnerability to cause a denial of service.

KUKA.OfficeLite is KUKA's virtual robot controller. KUKA.OfficeLite has a file upload vulnerability. An attacker can use the vulnerability to upload a webshell to gain server permissions.

GX Works2 is a PLC programming software. GX Works2 has an out-of-bounds memory access vulnerability. Attackers can use this vulnerability to cause the program to crash.

GX Works2 is a PLC programming software. GX Works2 has an out-of-bounds memory access vulnerability. Attackers can use this vulnerability to cause the program to crash.

EasyBuilder Pro is a configuration software developed by Weilun. EasyBuilder Pro has a denial of service vulnerability. An attacker can use this vulnerability to cause the process to fall into an endless loop, resulting in a denial of service.

EasyBuilder Pro is a configuration software developed by Weilun. EasyBuilder Pro has a stack overflow vulnerability. Attackers can use this vulnerability to cause the program to crash.

EasyBuilder Pro is a configuration software developed by Weilun. EasyBuilder Pro has a buffer overflow vulnerability. Attackers can use this vulnerability to cause the program to crash.

GX Works2 is a PLC programming software. GX Works2 has a code injection vulnerability. An attacker can use this vulnerability to gain server permissions.

ZTE Corporation is the world's leading provider of integrated communications solutions. ZTE Corporation IAD 16FXS has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

MAS mobile proxy server is an access tool that assists enterprises in realizing wireless applications in their original business systems. The MAS mobile proxy server of China Mobile Communications Co., Ltd. has an unauthorized access vulnerability. Attackers can use this vulnerability to access the background control interface and restart the device.

A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root. SonicWall GMS Contains an authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Sonicwall SonicWall Global Management System (GMS) is a set of global management system of American SonicWall (Sonicwall) company. The system enables rapid deployment and centralized management of Dell SonicWALL firewall, anti-spam, backup and recovery, and secure remote access solutions

There is an out-of-bound read and write vulnerability in Huawei smartphone. A module dose not verify the input sufficiently. Attackers can exploit this vulnerability by modifying some configuration to cause out-of-bound read and write, causing denial of service. (Vulnerability ID: HWPSIRT-2020-05103) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9211. Huawei of Mate 30 The firmware contains out-of-bounds read and out-of-bounds write vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Huawei Mate 30 is a smart phone of China's Huawei (Huawei) company

HUAWEI IP PHONE 7960 and HUAWEI IP ESPACE 7910 are feature-rich and easy-to-use IP phones. HUAWEI IP PHONE 7960 and HUAWEI IP ESPACE 7910 have a weak password vulnerability. Attackers can use this vulnerability to obtain sensitive information.

Hangzhou Hikvision System Technology Co., Ltd. is a provider of security products and industry solutions. Hangzhou Hikvision System Technology Co., Ltd. video encoding device access gateway has a directory traversal vulnerability. Attackers can use this vulnerability to traverse all directories and files of the device to obtain sensitive information.

Hangzhou Hikvision System Technology Co., Ltd. is a provider of security products and industry solutions. The video encoding equipment access network of Hangzhou Hikvision System Technology Co., Ltd. has an arbitrary file reading vulnerability. Attackers can use this vulnerability to read all files to obtain sensitive information.