VARIoT IoT vulnerabilities database

Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page. Belkin International, Inc. of re6500 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Linksys RE6500 is an AC1200 dual-band WiFi extender launched by Belkin. Belkin LINKSYS RE6500 versions before 1.0.012.001 have remote code execution vulnerabilities

There is an out-of-bounds read vulnerability in some versions of NIP6800, Secospace USG6600 and USG9500. The software reads data past the end of the intended buffer when parsing DHCP messages including crafted parameter. Successful exploit could cause certain service abnormal. Huawei of NIP6800 firmware, Secospace USG6600 firmware, USG9500 An out-of-bounds read vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state

There is a privilege escalation vulnerability on some Huawei smart phones due to design defects. The attacker needs to physically contact the mobile phone and obtain higher privileges, and execute relevant commands, resulting in the user's privilege promotion. Mate 10 firmware, Mate 30 firmware, Mate 30 Pro firmware etc. Huawei There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

CloudEngine 1800V versions V100R019C10SPC500 has a resource management error vulnerability. Remote unauthorized attackers could send specific types of messages to the device, resulting in the message received by the system can't be forwarded normally. Huawei of cloudengine 1800v Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Huawei CloudEngine 1800V is a 1800V series data center switch from China Huawei

In version 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2 of BIG-IP DNS, GTM, and Link Controller, zxfrd leaks memory when listing DNS zones. Zones can be listed via TMSH, iControl or SNMP; only users with access to those services can trigger this vulnerability. F5 Networks of BIG-IP Domain Name System (DNS) , BIG-IP Global Traffic Manager (GTM) , BIG-IP Link Controller Contains a vulnerability regarding the lack of free memory after expiration.Service operation interruption (DoS) It may be in a state

In BIG-IP APM versions 15.0.0-15.0.1.3, 14.1.0-14.1.3, and 13.1.0-13.1.3.4, under certain conditions, the VDI plugin does not observe plugin flow-control protocol causing excessive resource consumption. F5 Networks of BIG-IP Access Policy Manager (APM) Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state

In versions 16.0.0-16.0.0.1, 15.1.0-15.1.1, 14.1.0-14.1.3, 13.1.0-13.1.3.5, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, in a BIG-IP DNS / BIG-IP LTM GSLB deployment, under certain circumstances, the BIG-IP DNS system may stop using a BIG-IP LTM virtual server for DNS response. F5 Networks of BIG-IP Domain Name System (DNS) and BIG-IP Global Traffic Manager (GTM) Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state

CC-PCNT02 is the controller of Honeywell DCS C300 system and supports Ethernet communication. The Honeywell DCS C300 controller has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

CC-PCNT02 is the controller of Honeywell DCS C300 system and supports Ethernet communication. The Honeywell DCS C300 controller has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

CC-PCNT02 is the controller of Honeywell DCS C300 system and supports Ethernet communication. The Honeywell DCS C300 controller has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

CC-PCNT02 is the controller of Honeywell DCS C300 system and supports Ethernet communication. Honeywell DCS C300 controller denial of service vulnerability, attackers can use the vulnerability to cause a denial of service.

An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. Lack of authentication functionality allows an attacker to assign a static IP address that was once used by a valid user. D-Link DSL-2888A The device is vulnerable to a lack of authentication for critical features.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-link DSL-2888A is a unified service router of China D-link company

An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It has a misconfigured FTP service that allows a malicious network user to access system folders and download sensitive files (such as the password hash file). D-Link DSL-2888A Devices are vulnerable to uncontrolled search path elements and improper permission assignment to critical resources.Information may be obtained. D-link DSL-2888A is a unified service router of China D-link company. D-Link DSL-2888A devices have a vulnerability in the default configuration

An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It contains an execute_cmd.cgi feature (that is not reachable via the web user interface) that lets an authenticated user execute Operating System commands. D-Link DSL-2888A The device has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-link DSL-2888A is a unified service router of China D-link company. D-Link DSL-2888A has operating system command execution vulnerability

Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges. Zyxel USG A device contains a vulnerability in the plaintext storage of important information.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. An unauthenticated attacker could bypass authentication to access authenticated pages and functionality. D-Link DSL-2888A There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-link DSL-2888A is a unified service router of China D-link company. D-Link DSL-2888A devices have an access control error vulnerability

The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication). This is not as secure as having the server validate a client application before allowing a connection. Therefore, if the network communication or endpoints for these applications are not protected, unauthorized actors can bypass authentication and make unauthorized connections to the server application. S+ Operations Exists in a vulnerability related to incorrect resource movement between regions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. ABB Symphony Plus Operations is a management device used in industrial environments to improve operational efficiency of ABB in Switzerland. The device provides an easy-to-use human-machine interface, seamlessly integrates all plant equipment and subsystems using industry-standard protocols and technologies, and provides functions such as alarm management, process optimization, and more

In S+ Operations and S+ Historian, the passwords of internal users (not Windows Users) are encrypted but improperly stored in a database. S+ Operations and S+ Historian Exists in an inadequate protection of credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Both ABB Symphony Plus Operations and ABB Symphony Plus Historian are products of ABB, Switzerland. ABB Symphony Plus Operations is a management device used in industrial environments to improve operational efficiency. The device provides an easy-to-use human-machine interface, seamlessly integrates all plant equipment and subsystems using industry-standard protocols and technologies, and provides functions such as alarm management, process optimization, and more. ABB Symphony Plus Historian is a device for visually viewing and managing historical information of industrial equipment

A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages. An attacker might use this flaw to make it crash or even execute arbitrary code on the machine where the service is hosted. Both ABB Symphony Plus Operations and ABB Symphony Plus Historian are products of ABB, Switzerland. ABB Symphony Plus Operations is a management device used in industrial environments to improve operational efficiency. The device provides an easy-to-use human-machine interface, seamlessly integrates all plant equipment and subsystems using industry-standard protocols and technologies, and provides functions such as alarm management, process optimization, and more. ABB Symphony Plus Historian is a device for visually viewing and managing historical information of industrial equipment

An authenticated user might execute malicious code under the user context and take control of the system. S+ Operations or S+ Historian database is affected by multiple vulnerabilities such as the possibility to allow remote authenticated users to gain high privileges. Both ABB Symphony Plus Operations and ABB Symphony Plus Historian are products of ABB, Switzerland. ABB Symphony Plus Operations is a management device used in industrial environments to improve operational efficiency. The device provides an easy-to-use human-machine interface, seamlessly integrates all plant equipment and subsystems using industry-standard protocols and technologies, and provides functions such as alarm management, process optimization, and more. ABB Symphony Plus Historian is a device for visually viewing and managing historical information of industrial equipment