VARIoT IoT vulnerabilities database

NA400PLC is a high-performance programmable controller launched by Autotop Technology Co., Ltd. Autotop Technology Co., Ltd. NA400PLC has a buffer overflow vulnerability, which can be exploited by attackers to cause the system to crash.

SecPath U200-A is a new generation of UTM (United Threat Management) equipment designed by H3C for small and medium-sized enterprises/branches. New H3C Technology Co., Ltd. SecPath U200-C has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

SecPath U200-A is a new generation of UTM (United Threat Management) equipment designed by H3C for small and medium-sized enterprises/branches. New H3C Technology Co., Ltd. SecPath U200-A has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Beijing Greenved Technology Co., Ltd. is a high-tech enterprise specializing in the design, development, manufacturing and marketing services of edge network optical transmission and integrated access equipment. CPE-WiFi of Beijing Greenved Technology Co., Ltd. has a command execution vulnerability. Attackers can use this vulnerability to execute system commands and gain system permissions.

Guangzhou Jiu'an Intelligent Technology Co., Ltd. is the world's leading provider of mobile image transmission infrastructure and IoT platforms. The network video surveillance client of Guangzhou Jiu'an Intelligent Technology Co., Ltd. has a weak password vulnerability. Attackers can use the vulnerability to obtain sensitive information.

Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality

Mikrotik RouterOs before 6.46.5 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality

CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages. (DoS) It may be in a state. 3s-smart Software Solutions CODESYS Control is a set of industrial control program programming software from 3S-Smart Software Solutions (3s-smart Software Solutions) company in Germany

CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS). 3s-smart Software Solutions 3S-Smart Software Solutions CODESYS GatewayService is a gateway service used in CODESYS products by German 3S-Smart Software Solutions (3s-smart Software Solutions)

An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luci_service Read_ NVRAM Direct Access Information Leak. The luci_service deamon running on port 7777 provides a sub-category of commands for which Read_ is prepended. Commands in this category are able to directly read the contents of the device configuration NVRAM. The NVRAM contains sensitive information, such as the Wi-Fi password (in cleartext), as well as connected account tokens for services such as Spotify. Libre Wireless LS9 A command injection vulnerability exists in the device.Information may be obtained

TL-WDR8500 is a router product of TP-LINK. The TP-Link router has a buffer overflow vulnerability, which can be exploited by an attacker to gain control of the server.

VT Designer is a screen editing software developed by Shenzhen INVT Electric Co., Ltd. for VK/VT series touch screens. INVT VT Designer has a null pointer dereference vulnerability. Attackers can use this vulnerability to cause the program to crash.

VT Designer is a screen editing software developed by Shenzhen INVT Electric Co., Ltd. for VK/VT series touch screens. INVT VT Designer has a null pointer dereference vulnerability. Attackers can use this vulnerability to cause the program to crash.

VT Designer is a screen editing software developed by Shenzhen INVT Electric Co., Ltd. for VK/VT series touch screens. INVT VT Designer has a memory corruption vulnerability. Attackers can use this vulnerability to cause the program to crash.

VT Designer is a screen editing software developed by Shenzhen INVT Electric Co., Ltd. for VK/VT series touch screens. INVT VT Designer has a null pointer dereference vulnerability. Attackers can use this vulnerability to cause the program to crash.

VT Designer is a screen editing software developed by Shenzhen INVT Electric Co., Ltd. for VK/VT series touch screens. INVT VT Designer has a memory corruption vulnerability. Attackers can use this vulnerability to cause the program to crash.

Nanda Autotech Jiangsu Co., Ltd. is committed to independent research and development and production of cutting-edge industrial control products with reliable performance, excellent quality and advanced technology. There is an integer overflow vulnerability in the NATouch touch screen of Autotop Technology Co., Ltd. Attackers can use this vulnerability to cause the program to crash.

AutoThink is a professional PLC programming software for Hollysys le series. Hollysys Group AutoThink has a denial of service vulnerability. Attackers can use the vulnerability to construct malicious library files to cause a denial of service.

AutoThink is a professional PLC programming software for Hollysys le series. Hollysys Group AutoThink has a certification bypass vulnerability. Attackers can use the vulnerability to directly bypass the file opening password verification process by modifying the content of the library file.

Enterprising 750W is an enterprise-class wireless router. Shanghai Aitai Technology Co., Ltd. enterprising 750W has a command execution vulnerability. An attacker can use this vulnerability to gain server permissions.