VARIoT IoT vulnerabilities database

Shenzhen Jixiang Tengda Technology Co., Ltd. is a high-tech enterprise integrating independent research and development, production and sales of network equipment. Tenda wireless router has an unauthorized access vulnerability. Attackers can use vulnerabilities to access the background and obtain sensitive information.

MAC1200R is a wireless router. The MAC1200R of Shenzhen Meikexing Communication Technology Co., Ltd. has a directory traversal vulnerability. Attackers can use vulnerabilities to obtain sensitive information.

Shenzhen Jixiang Tengda Technology Co., Ltd. is a high-tech enterprise integrating independent research and development, production and sales of network equipment. Shenzhen Jixiang Tengda Technology Co., Ltd. 11AC 1200MBPS wireless panel AP has a command execution vulnerability. Attackers can use this vulnerability to execute system commands.

Shenzhen Jixiang Tengda Technology Co., Ltd. is a high-tech enterprise integrating independent research and development, production and sales of network equipment. Shenzhen Jixiang Tengda Technology Co., Ltd. 11AC 1200MBPS wireless panel AP has a command execution vulnerability. Attackers can use this vulnerability to execute system commands.

Tiandi Weiye is an intelligent security solution provider. Based on artificial intelligence, big data, cloud computing, Internet of Things and other technologies, it provides intelligent video products, system solutions and High-quality technical services. Tiandi Weiye Technology Co., Ltd. network video browser has a weak password vulnerability. An attacker can use the vulnerability to log in with a weak password to view the monitoring system.

Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX Switch Module firmware versions prior to 2.0.0.82 contain a Weak Password Encryption Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account. DELL Dell EMC Networking X-Series is an X-series Ethernet switch from Dell (DELL)

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authentication vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to manipulate the username field under the comment section and set the value to any user. DELL Dell EMC iDRAC9 is a set of system management solutions including hardware and software from Dell (DELL). This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected parameters. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. DELL Dell EMC iDRAC9 is a set of system management solutions including hardware and software from Dell (DELL). This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems

Dell EMC iDRAC9 versions prior to 4.40.10.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected while generating a certificate. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. DELL Dell EMC iDRAC9 is a set of system management solutions including hardware and software from Dell (DELL). This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a DOM-based cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to DOM environment in the browser. The malicious code is then executed by the web browser in the context of the vulnerable web application. DELL Dell EMC iDRAC9 is a set of system management solutions including hardware and software from Dell (DELL). This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a stack-based overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability to overwrite configuration information by injecting arbitrarily large payload. DELL Dell EMC iDRAC9 is a set of system management solutions including hardware and software from Dell (DELL). This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a Time-of-check Time-of-use (TOCTOU) race condition vulnerability. A remote authenticated attacker could potentially exploit this vulnerability to gain elevated privileges when a user with higher privileges is simultaneously accessing iDRAC through the web interface. DELL Dell EMC iDRAC9 is a set of system management solutions including hardware and software from Dell (DELL). This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems

Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 contain a plain-text password storage vulnerability when the Dell Upgrade Readiness Utility is run on the system. The credentials of the Unisphere Administrator are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. DELL Dell EMC Unity and UnityVSA are both products of Dell (DELL). UnityVSA is a virtual Unity storage environment

Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to view and exfiltrate sensitive information on the system. DELL Dell Hybrid Client is an application software of Dell (DELL). Provides a client computing software with hybrid cloud management capabilities

Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to register the client to a server in order to view sensitive information. DELL Dell Hybrid Client is an application software of Dell (DELL). Provides a client computing software with hybrid cloud management capabilities

Dell Hybrid Client versions prior to 1.5 contain a missing authentication for a critical function vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to gain root level access to the system. DELL Dell Hybrid Client is an application software of Dell (DELL). Provides a client computing software with hybrid cloud management capabilities

Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to gain access to sensitive information via the local API. DELL Dell Hybrid Client is an application software of Dell (DELL). Provides a client computing software with hybrid cloud management capabilities

A buffer overflow in the RTSP service of the Ambarella Oryx RTSP Server 2020-01-07 allows an unauthenticated attacker to send a crafted RTSP request, with a long digest authentication header, to execute arbitrary code in parse_authentication_header() in libamprotocol-rtsp.so.1 in rtsp_svc (or cause a crash). This allows remote takeover of a Furbo Dog Camera, for example. NOTE: The vendor states that the RTSP library is used for DEMO only, using it in product is a customer's behavior. Ambarella has emphasized that RTSP is DEMO only library, should NOT be used in product in our document. Because Ambarella's SDK is proprietary, we didn't publish our SDK source code in public network. Ambarella Oryx RTSP Server Contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Brickcom Corporation (Brickcom Corporation) is composed of a research and development team with rich experience in the surveillance industry, and develops digital surveillance products with advanced technology. Including millions of video network cameras, wireless network cameras, video servers, 3G video transmission (NVR) embedded network hard disk video recorders, CMS client platform systems, etc. The brickcom camera of BRICS Communication Technology Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Enterprising 750W is an enterprise-class wireless router. Shanghai Aitai Technology Co., Ltd. enterprising 750W has a command execution vulnerability, which can be exploited by attackers to gain control of the server.