VARIoT IoT vulnerabilities database

Cesanta Mongoose is a set of embedded servers of Cesanta, Ireland. A directory traversal vulnerability exists in the Cesanta Mongoose server. Attackers can use this vulnerability to obtain directory information.

OPTO22 SNAP-PAC-R2 is a new type of programmable automation controller from OPTO22, USA. OPTO22 SNAP-PAC-R2 has a denial of service vulnerability, which can be exploited by a remote attacker to cause the device to restart.

Tiandi Weiye is the world's leading provider of smart security solutions. Based on artificial intelligence, big data, cloud computing, Internet of Things and other technologies, it provides smart video products and systems for public security, politics and law, transportation, finance, education, water conservancy, environmental protection and other industries. Solutions and high-quality technical services. An unauthorized access vulnerability exists in the Eas7 integrated management platform of Tiandi Weiye Technology Co., Ltd., which can be exploited by attackers to access the web.xml file.

Buffer Overflow in TP-Link WR2041 v1 firmware for the TL-WR2041+ router allows remote attackers to cause a Denial-of-Service (DoS) by sending an HTTP request with a very long "ssid" parameter to the "/userRpm/popupSiteSurveyRpm.html" webpage, which crashes the router. TP-Link WR2041 is a wireless WIFI of China TP-Link company

Shandong Youren Networking Co., Ltd. is a leading industrial IoT software and hardware solution service provider in the industry. There is a command execution vulnerability in USR-G781, which can be used by attackers to execute malicious code.

EDR-810-2GSFP is a router product of MOXA company. Moxa EDR-810-2GSFP router has an information disclosure vulnerability, which can be exploited by attackers to obtain sensitive information.

Shanghai Phicomm Data Communication Technology Co., Ltd. is a technologically innovative enterprise that provides users with smart products and cloud services in the field of smart homes. Shanghai Phicomm Data Communication Technology Co., Ltd. Phicomm router has a weak password vulnerability. Attackers can use this vulnerability to log in to the background to obtain sensitive information.

Cisco is the world's leading provider of network solutions. There is a binary vulnerability in Cisco rv130w. In the case of authentication, an attacker can obtain system root privileges by constructing rop.

Omron CP1L-EM40DR-D is a programmable logic controller made by Japan’s Omron company. Omron CP1L-EM40DR-D has a denial of service vulnerability, which can be exploited by attackers to cause device denial of service.

Allen-Bradley ControlLogix 5571 is a programmable automation controller of the ControlLogix 5570 series from Rockwell Automation. Rockwell ControlLogix5571 has a vulnerability in industrial control equipment. Attackers can use this vulnerability to cause a denial of service of the device.

Moxa AWK-1131A industrial-grade wireless AP/Client supports IEEE 802.11n technology with a data transmission rate of up to 300Mbps. MOXA AWK-1131A has a command execution vulnerability, which can be exploited by attackers to cause malicious code to be executed.

Delta DVP20ES200TE is a programmable logic controller of Taiwan Delta Company. Delta DVP20ES200TE has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service attack.

Changshu Changxiang Computer Information Technology Co., Ltd. was established in July 2010 to provide enterprises with services such as website construction, WeChat applet, official account, management software, Internet of Things, management software customized development, and has a number of software copyrights. Cxcms has a logic flaw vulnerability, which can be exploited by attackers to obtain sensitive information.

Pingtong Technology Co., Ltd. is a professional human-machine interface manufacturer based in Taiwan that integrates R&D, production, manufacturing and sales. Pingtong Technology Co., Ltd. PM Designer V1.2.98.35 has a memory corruption vulnerability. Attackers can use this vulnerability to cause the program to crash.

Infinova, founded in 1993, is a smart city and smart home solution provider and operation service provider with smart security as its core, providing smart security, smart city, smart home, big data and Internet operation services to the world. Infinova HD Network PTZ Dome Camera has a weak password vulnerability. The attacker can log in to the system background with the default password to obtain sensitive information.

M18G is a wireless router. Shenzhen Meikexing Communication Technology Co., Ltd. M18G has a directory traversal vulnerability. Attackers can use vulnerabilities to access any directory on the file system and read sensitive files.

MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. In MinIO before version RELEASE.2021-03-17T02-33-02Z, there is a vulnerability which enables MITM modification of request bodies that are meant to have integrity guaranteed by chunk signatures. In a PUT request using aws-chunked encoding, MinIO ordinarily verifies signatures at the end of a chunk. This check can be skipped if the client sends a false chunk size that is much greater than the actual data sent: the server accepts and completes the request without ever reaching the end of the chunk + thereby without ever checking the chunk signature. This is fixed in version RELEASE.2021-03-17T02-33-02Z. As a workaround one can avoid using "aws-chunked" encoding-based chunk signature upload requests instead use TLS. MinIO SDKs automatically disable chunked encoding signature when the server endpoint is configured with TLS. MinIO Contains a vulnerability related to improper enforcement of the integrity of messages being sent on a communication channel.Information may be tampered with

index.jsp in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a Stored cross-site scripting (XSS) vulnerability. Compass Plus e-Commerce Payment Gateway is an application interface of the Russian (Compass Plus) company. Provide an API interface for payment function

/exec in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a vulnerability in its XML parser. Compass Plus e-Commerce Payment Gateway is an application interface of the Russian (Compass Plus) company. Provide an API interface for payment function

On BIG-IP versions 14.1.4 and 16.0.1.1, when the Traffic Management Microkernel (TMM) process handles certain undisclosed traffic, it may start dropping all fragmented IP traffic. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. BIG-IP Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. There is a security vulnerability in F5 BIG-IP TMM Fragmented IP Traffic Drop. Attackers can exploit this vulnerability to trigger a fatal error through F5 BIG-IP TMM Fragmented IP Traffic Drop, thereby triggering a denial of service