VARIoT IoT vulnerabilities database

On all 7.x versions (fixed in 8.0.0), when set up for auto failover, a BIG-IQ Data Collection Device (DCD) cluster member that receives an undisclosed message may cause the corosync process to abort. This behavior may lead to a denial-of-service (DoS) and impact the stability of a BIG-IQ high availability (HA) cluster. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. BIG-IQ Centralized Management Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5

On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ high availability (HA) when using a Quorum device for automatic failover does not implement any form of authentication with the Corosync daemon. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. BIG-IQ high availability There is a vulnerability in the lack of authentication for critical features.Information may be tampered with. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. F5 BIG-IP has a security vulnerability that does not implement any form of authentication using the Corosync daemon

The SIEMENS RWG1.M12D S55370-C170 programmable general-purpose controller combines Siemens' years of experience in the building, HVAC and other industries, based on general hardware design, programmable software platform, and powerful communication processing capabilities. SIEMENS RWG1.M12D S55370-C170 has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service.

SIEMENS-SCALANCE-W788-1 is a controller product of the SCALANCE series of German Siemens (SIEMENS). SIEMENS-SCALANCE-W788-1 has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service.

NARI Automation is a high-tech entity integrating software development, hardware development, technical services, equipment production, and system integration. MB80-CPU721E has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service.

NARI Automation is a high-tech entity integrating software development, hardware development, technical services, equipment production, and system integration. MB80-CPU722E has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service.

Dongfang Electronics has developed into a large-scale high-tech enterprise integrating scientific research and development, production and operation, technical services, and system integration. It is one of the main suppliers of energy management system solutions in China. DF9312-DTU has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

The application range of German Hirschmann switch products includes office communication, production automation, process control, traffic control, and independent machine equipment control systems. MM2-4TX2 has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service.

Penguin Aurora Box is a high-end network HD set-top box produced by Tencent Video and Skyworth Digital. Skyworth Digital Technology Co., Ltd. Penguin Aurora Box has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

Delta Group's areas of involvement include the provision of overall solutions for power management, video displays, industrial automation, network communication products, and renewable energy-related products. DELTA DOP 107EG has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service.

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-35801. Reason: This candidate is a reservation duplicate of CVE-2020-35801. Notes: All CVE users should reference CVE-2020-35801 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. NETGEAR JGS516PE/GS116Ev2 is a 16-port gigabit intelligent network management Plus switch. NETGEAR JGS516PE/GS116Ev2 2.6.0.43 version has firmware update vulnerability. The vulnerability stems from the fact that the TFTP server is active by default. An attacker can use this vulnerability to update the switch firmware

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-35783. Reason: This candidate is a reservation duplicate of CVE-2020-35783. Notes: All CVE users should reference CVE-2020-35783 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. NETGEAR JGS516PE/GS116Ev2 is a 16-port gigabit intelligent network management Plus switch. NETGEAR JGS516PE/GS116Ev2 2.6.0.43 version of the NSDP protocol implementation has an information disclosure vulnerability. A remote unauthenticated attacker can use this vulnerability to obtain all configuration parameters of the switch by sending a corresponding read request

The hashing algorithm implemented for NSDP password authentication on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was found to be insecure, allowing attackers (with access to a network capture) to quickly generate multiple collisions to generate valid passwords, or infer some parts of the original. NETGEAR JGS516PE and GS116E There are cryptographic strength vulnerabilities in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. NETGEAR JGS516PE/GS116Ev2 is a 16-port gigabit intelligent network management Plus switch. NETGEAR JGS516PE/GS116Ev2 2.6.0.43 version has security vulnerabilities. Allow external attackers to gain administrative access to the switch

NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allow unauthenticated users to modify the switch DHCP configuration by sending the corresponding write request command. NETGEAR JGS516PE and GS116E The device is vulnerable to a lack of authentication for critical features.Information is tampered with and denial of service (DoS) It may be put into a state. NETGEAR JGS516PE/GS116Ev2 is a 16-port gigabit intelligent network management Plus switch. NETGEAR JGS516PE/GS116Ev2 2.6.0.43 version has security vulnerabilities. Attackers can use the vulnerability to force multiple DHCP requests or disable them, which may lead to a denial of service attack

Multiple integer overflow parameters were found in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices. Most of the integer parameters sent through the web server can be abused to cause a denial of service attack. NETGEAR JGS516PE and GS116E An integer overflow vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. NETGEAR JGS516PE/GS116Ev2 is a 16-port gigabit intelligent network management Plus switch

The CSRF protection mechanism implemented in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices could be bypassed by omitting the CSRF token parameter in HTTP requests. NETGEAR JGS516PE and GS116Ev2 A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was not properly validating the length of string parameters sent in write requests, potentially allowing denial of service attacks. NETGEAR JGS516PE and GS116Ev2 A classic buffer overflow vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. NETGEAR JGS516PE/GS116Ev2 is a 16-port gigabit intelligent network management Plus switch. NETGEAR JGS516PE/GS116Ev2 2.6.0.43 version has security vulnerabilities. An attacker can use this vulnerability to cause a denial of service

The authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices is not properly invalidated and can be reused until a new token is generated, which allows attackers (with access to network traffic) to effectively gain administrative privileges. NETGEAR JGS516PE and GS116E A session immobilization vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. NETGEAR JGS516PE/GS116Ev2 is a 16-port gigabit intelligent network management Plus switch. NETGEAR JGS516PE/GS116Ev2 2.6.0.43 has an authentication token reuse vulnerability. An attacker can use this vulnerability to gain administrator privileges

The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was affected by an authentication issue that allows an attacker to bypass access controls and obtain full control of the device. NETGEAR JGS516PE and GS116E There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. NETGEAR JGS516PE/GS116Ev2 is a 16-port gigabit intelligent network management Plus switch

A cross-site scripting (XSS) vulnerability in the administration web panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote attackers to inject arbitrary web script or HTML via the language parameter. NETGEAR JGS516PE and GS116E A cross-site scripting vulnerability exists in the device.Information may be obtained and information may be tampered with. NETGEAR JGS516PE/GS116Ev2 is a 16-port gigabit intelligent network management Plus switch