VARIoT IoT vulnerabilities database

Shanghai Buke Automation Co., Ltd. has been focusing on the R&D, production, sales and related technical services of the core components of industrial automation equipment control and industrial Internet of Things/Internet software and hardware, and provides customers with equipment automation control, digital factory and industrial Internet solutions , Is a leading supplier of machine automation and factory intelligent solutions in China. There is a binary vulnerability in the KINCO touch screen configuration editing software of Shanghai Baike. Attackers can use the vulnerability to cause the program to crash.

Arrow Optoelectronics focuses on the R&D and manufacturing of infrared imaging technology and products, with completely independent intellectual property rights, and is committed to providing professional and competitive infrared thermal imaging products and industry solutions to global customers. The iray infrared camera AM310420 has a command execution vulnerability. Attackers can use this vulnerability to execute system commands and gain control of the server.

Arrow Optoelectronics focuses on the R&D and manufacturing of infrared imaging technology and products, with completely independent intellectual property rights, and is committed to providing professional and competitive infrared thermal imaging products and industry solutions to global customers. The iray infrared camera has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

New Cape Electronics Co., Ltd. is a professional enterprise dedicated to the development, production, sales and system integration of all-in-one card software and products. New Cape Electronics Co., Ltd. Internet of Things platform has an arbitrary file download vulnerability. Attackers can use the vulnerability to arbitrary files next week.

Shenzhen Jixiang Tengda Technology Co., Ltd. (hereinafter referred to as "Tengda") is a professional supplier of network communication equipment and solutions, as well as a high-tech enterprise integrating R&D, production, supply, sales and service. Tenda AC9V3.0 router web management page has a command execution vulnerability. Attackers can use vulnerabilities to execute arbitrary commands.

Hangzhou DPtech Technology Co., Ltd. is an information security industry manufacturer integrating R&D, production and sales. DP SSL VPN Service has an arbitrary file download vulnerability. Attackers can use vulnerabilities to view or download arbitrary sensitive files.

Shenzhen Kemai Communication Technology Co., Ltd. is a high-tech enterprise in the field of intelligent Internet of Things. Kemai Communications integrates research on Internet of Things technology, intelligent product development and Internet of Things platform services, and is an enterprise with great potential for innovation. Shenzhen Kemai Communication Technology Co., Ltd. RAS remote rapid application access solution standard version has SQL injection vulnerabilities. Attackers can use vulnerabilities to obtain sensitive information in the database.

DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi. DrayTek Vigor2960 Has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, a large HTTP POST request sent to the change password API will trigger the router to crash and enter an infinite boot loop. Tenda AC1200 (Model AC6) Exists in an infinite loop vulnerability.Denial of service (DoS) It may be put into a state. Tenda AC6 is an AC1200 smart dual-band WiFi router. Tenda AC6 15.03.06.51_multi has a denial of service vulnerability

Command Injection in EntoneWebEngine in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows authenticated remote attackers to execute arbitrary commands with root user privileges. plural Amino Communications The product has OS There are command injection vulnerabilities and injection vulnerabilities.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Amino Communications AK45x series is a series of TV set-top box equipment of British Amino company

Use of a Hard-coded Password in VNCserver in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows local attackers to view and interact with the video output of the device. plural Amino Communications The product contains a vulnerability in the use of hard-coded credentials.Information may be obtained and information may be tampered with. are all a TV set-top box equipment series of British Amino Company. Amino Communications has a trust management vulnerability. The vulnerability stems from the use of hard-coded passwords

There is a resource management errors vulnerability in Huawei P30. Local attackers construct broadcast message for some application, causing this application to send this broadcast message and impact the customer's use experience. Huawei P30 is a smart phone of China's Huawei (Huawei) company. The local application can pass specially crafted data to the application and perform a denial of service (DoS) attack

Command Injection in the CPE WAN Management Protocol (CWMP) registration in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows man-in-the-middle attackers to execute arbitrary commands with root level privileges. plural Amino Communications The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Amino Communications AK45x series is a series of TV set-top box equipment of British Amino company. Amino Communications has a command injection vulnerability. Attackers can use this vulnerability to execute arbitrary commands with root-level permissions

There is a privilege escalation vulnerability in SMC2.0 product. Some files in a directory of a module are located improperly. It does not apply the directory limitation. Attackers can exploit this vulnerability by crafting malicious file to launch privilege escalation. This can compromise normal service of affected products. SMC2.0 Is vulnerable to a lack of authentication.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Huawei Mate 30 is a smart phone of China's Huawei (Huawei) company. Huawei Mate 30 has a buffer overflow vulnerability, which can be exploited by attackers by sending carefully crafted packets with specific parameters to the target device. Due to insufficient verification of the parameters, a successful attack may cause abnormal device behavior

An issue was discovered on D-Link DAP-1650 devices through v1.03b07 before 1.04B02_J65H Hot Fix. Attackers can bypass authentication via forceful browsing. D-Link DAP-1650 The device contains a vulnerability related to sending requests directly.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-Link DAP-1650 is a WiFi range extender. The D-Link DAP-1650 authentication mechanism has security loopholes. Remote attackers can use this loophole to submit special requests and gain unauthorized access to the device

ER3260 is a router of New H3C Technology Co., Ltd. New H3C Technology Co., Ltd. H3C-ER3260 has a weak password vulnerability. Attackers can use this vulnerability to obtain sensitive information.

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and information may be tampered with

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and information may be tampered with

An attacker-controlled memory allocation size can be passed to the C++ new operator in RnaDaSvr.dll by sending a specially crafted ConfigureItems message to TCP port 4241. This will cause an unhandled exception, resulting in termination of RSLinxNG.exe. Observed in FactoryTalk 6.11. All versions of FactoryTalk Linx are affected. FactoryTalk Linx Is vulnerable to handling exceptional conditions.Denial of service (DoS) It may be put into a state. Rockwell Automation FactoryTalk Linx is a set of industrial communication solutions from Rockwell Automation, USA. This product is mainly used for communication between small applications and large automation systems

An attacker can craft and send an OpenNamespace message to port 4241 with valid session-id that triggers an unhandled exception in CFTLDManager::HandleRequest function in RnaDaSvr.dll, resulting in process termination. Observed in FactoryTalk Linx 6.11. All versions of FactoryTalk Linx are affected. FactoryTalk Linx Is vulnerable to handling exceptional conditions.Denial of service (DoS) It may be put into a state. Rockwell Automation FactoryTalk Linx is a set of industrial communication solutions from Rockwell Automation, USA. This product is mainly used for communication between small applications and large automation systems