VARIoT IoT vulnerabilities database

Tangshan Liulin Automation Equipment Co., Ltd. is a high-tech enterprise engaged in the research and development, production, sales and system engineering technical services of the security communication terminal and smart application platform software of the Internet of Things. The WDECP-IC card measurement management platform of Tangshan Liulin Automation Equipment Co., Ltd. has a SQL injection vulnerability. Attackers can use the vulnerability to obtain sensitive information in the database.

Tangshan Liulin Automation Equipment Co., Ltd. is a high-tech enterprise specializing in the research and development, production, sales and system engineering technical services of the security communication terminal and smart application platform software of the Internet of Things. There is a SQL injection vulnerability in the water rights trading system. Attackers can use the vulnerability to obtain sensitive information in the database.

Tangshan Liulin Automation Equipment Co., Ltd. is a high-tech enterprise specializing in the research and development, production, sales and system engineering technical services of the security communication terminal and smart application platform software of the Internet of Things. There is a SQL injection vulnerability in the water rights trading system. Attackers can use the vulnerability to obtain sensitive information in the database.

Tangshan Liulin Automation Equipment Co., Ltd. is a high-tech enterprise specializing in the research and development, production, sales and system engineering technical services of the security communication terminal and smart application platform software of the Internet of Things. There is a SQL injection vulnerability in the water rights trading system. Attackers can use the vulnerability to obtain sensitive information in the database.

Tangshan Liulin Automation Equipment Co., Ltd. is a high-tech enterprise specializing in the research and development, production, sales and system engineering technical services of the security communication terminal and smart application platform software of the Internet of Things. There is a SQL injection vulnerability in the water rights trading system. Attackers can use the vulnerability to obtain sensitive information in the database.

Tangshan Liulin Automation Equipment Co., Ltd. is a high-tech enterprise specializing in the research and development, production, sales and system engineering technical services of the security communication terminal and smart application platform software of the Internet of Things. There is a SQL injection vulnerability in the water rights trading system. Attackers can use the vulnerability to obtain sensitive information in the database.

ZTE Corporation is the world's leading provider of integrated communications solutions. The ZXV10 W815N router of ZTE Corporation has an unauthorized access vulnerability. Attackers can use the vulnerability to obtain sensitive information.

Xiamen Sixin Communication Technology Co., Ltd. is a national high-tech enterprise, a leading enterprise of small giants of scientific and technological innovation in Fujian Province, an IoT platform enterprise, an IoT technology expert, and a provider of IoT communication equipment and solutions. The Four-Faith router of Xiamen Four-Faith Communication Technology Co., Ltd. has a weak password vulnerability. Attackers can use the vulnerability to obtain sensitive information.

ZXHN F460 is the optical modem of ZTE's EPON mode. There is an unauthorized access vulnerability in ZXHN F460 of ZTE Corporation. Attackers can use the vulnerability to obtain sensitive information.

ZTE Corporation is the world's leading provider of integrated communications solutions. ZTE Corporation ZXHN H168N has a command execution vulnerability. Attackers can use this vulnerability to execute arbitrary commands.

ZTE Corporation is the world's leading provider of integrated communications solutions. ZTE Corporation ZXHN H168N has an unauthorized access vulnerability. Attackers can use the vulnerability to obtain sensitive information.

Ruijie Networks Co., Ltd. is a professional network manufacturer with a full range of network equipment product lines and solutions including switches, routers, software, security firewalls, wireless products, and storage. The RG-RSR series routers have a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

ZXHN F460 is the optical modem of ZTE's EPON mode. A command execution vulnerability exists in ZXHN F460 of ZTE Corporation. Attackers can use this vulnerability to execute arbitrary commands.

An issue was discovered on D-Link DIR-802 A1 devices through 1.00b05. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. D-Link DIR-802 A1 Has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-Link DIR-802 is a wireless router of D-Link company in Taiwan. D-Link DIR-802 A1 1.00b05 and earlier versions have a command injection vulnerability

FATEK Automation WinProladder Versions 3.30 and prior is vulnerable to an integer underflow, which may cause an out-of-bounds write and allow an attacker to execute arbitrary code. FATEK Automation Provided by the company WinProladder Is Windows Ladder programming software for. The official version of WinProLadder is a very good practical PLC programming tool

In ASUS RT-AX3000, ZenWiFi AX (XT8), RT-AX88U, and other ASUS routers with firmware < 3.0.0.4.386.42095 or < 9.0.0.4.386.41994, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for which the on-link flag is set

In TP-Link TL-XDR3230 < 1.0.12, TL-XDR1850 < 1.0.9, TL-XDR1860 < 1.0.14, TL-XDR3250 < 1.0.2, TL-XDR6060 Turbo < 1.1.8, TL-XDR5430 < 1.0.11, and possibly others, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for which the on-link flag is set. TP-Link TL-XDR is a router series of China's TP-Link company. No detailed vulnerability details are currently provided

TP-Link TL-WR802N(US), Archer_C50v5_US v4_200 <= 2020.06 contains a buffer overflow vulnerability in the httpd process in the body message. The attack vector is: The attacker can get shell of the router by sending a message through the network, which may lead to remote code execution. TP-Link TL-WR802N is a wireless router of China's TP-Link company. Attackers can use this vulnerability to execute code remotely

Dell Peripheral Manager 1.3.1 or greater contains remediation for a local privilege escalation vulnerability that could be potentially exploited to gain arbitrary code execution on the system with privileges of the system user. Dell Peripheral Manager is an application software of Dell (Dell). Provides on-screen instructions on how to pair other devices with your computer via Bluetooth

Dell SRM versions prior to 4.5.0.1 and Dell SMR versions prior to 4.5.0.1 contain an Untrusted Deserialization Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to arbitrary privileged code execution on the vulnerable application. The severity is Critical as this may lead to system compromise by unauthenticated attackers. Dell EMC Storage Resource Manager is an application software of Dell (Dell). A comprehensive monitoring and reporting solution that helps IT visualize, analyze and optimize today's storage infrastructure while providing a management framework to support investments in software-defined storage