VARIoT IoT vulnerabilities database

VAR-202011-1531 | No CVE | A SQL injection vulnerability exists in the management platform of the public security bureau’s Internet service business premises (CNVD-2020-60077) |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Harbin Zhonglong Baiying Technology Development Co., Ltd. was established on May 29, 2013, mainly engaged in computer software and hardware, office automation equipment, security equipment, etc.
The public security bureau's online service business site management platform has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information.
VAR-202012-1273 | CVE-2020-4129 | HCL Domino Vulnerability in |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
HCL Domino is susceptible to a lockout policy bypass vulnerability in the LDAP service. An unauthenticated attacker could use this vulnerability to mount a brute force attack against the LDAP service. Fixes are available in HCL Domino versions 9.0.1 FP10 IF6, 10.0.1 FP6 and 11.0.1 FP1 and later
VAR-202011-1215 | CVE-2020-4127 | HCL Domino Cross Site Request Forgery Vulnerability |
CVSS V2: 4.3 CVSS V3: 6.5 Severity: MEDIUM |
HCL Domino is susceptible to a Login CSRF vulnerability. With a valid credential, an attacker could trick a user into accessing a system under another ID or use an intranet user's system to access internal systems from the internet. Fixes are available in HCL Domino versions 9.0.1 FP10 IF6, 10.0.1 FP6 and 11.0.1 FP1 and later. HCL Domino Contains a cross-site request forgery vulnerability.Information may be obtained
VAR-202012-1272 | CVE-2020-4128 | HCL Domino Authentication vulnerabilities in |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
HCL Domino is susceptible to a lockout policy bypass vulnerability in the ID Vault service. An unauthenticated attacker could use this vulnerability to mount a brute force attack against the ID Vault service. HCL Domino Contains an authentication vulnerability.Information may be obtained
VAR-202011-0485 | CVE-2020-16849 | Canon MF237w Vulnerability in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
An issue was discovered on Canon MF237w 06.07 devices. An "Improper Handling of Length Parameter Inconsistency" issue in the IPv4/ICMPv4 component, when handling a packet sent by an unauthenticated network attacker, may expose Sensitive Information. Canon MF237w Contains an unspecified vulnerability.Information may be obtained. i-SENSYS MF237w is a four-in-one multifunction laser printer suitable for small offices launched by Canon.
There is an information disclosure vulnerability in i-SENSYS MF237w 06.07. An attacker could exploit this vulnerability to obtain sensitive information by sending a specially crafted packet
VAR-202012-1399 | CVE-2020-9116 | Huawei FusionCompute Command injection vulnerability |
CVSS V2: 6.5 CVSS V3: 7.2 Severity: HIGH |
Huawei FusionCompute versions 6.5.1 and 8.0.0 have a command injection vulnerability. An authenticated, remote attacker can craft specific request to exploit this vulnerability. Due to insufficient verification, this could be exploited to cause the attackers to obtain higher privilege. Huawei FusionCompute Contains a command injection vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Both Huawei FusionCompute and Huawei FusionCompute are products of the Chinese company Huawei. FusionCompute is a computer virtualization engine. The product provides Virtual Resource Manager (VRM) and Compute Node Agent (CNA), etc. Huawei FusionCompute is a software for virtualization support. The software is a virtualization engine that provides virtualization support for cloud hosts
VAR-202012-1397 | CVE-2020-9114 | FusionCompute Vulnerability in privilege management |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
FusionCompute versions 6.3.0, 6.3.1, 6.5.0, 6.5.1 and 8.0.0 have a privilege escalation vulnerability. Due to improper privilege management, an attacker with common privilege may access some specific files and get the administrator privilege in the affected products. Successful exploit will cause privilege escalation. FusionCompute Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Huawei FusionCompute is a computer virtualization engine developed by Huawei in China. The product provides Virtual Resource Manager (VRM) and Compute Node Agent (CNA), etc. FusionCompute has a permission permission and access control issue vulnerability. The vulnerability stems from improper permission management. The following products and versions are affected: Version 6.3.0, Version 6.3.1, Version 6.5.0, Version 6.5.1, Version 8.0.0
VAR-202011-1470 | CVE-2020-8351 | Lenovo PCManager Vulnerability in privilege management |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
A privilege escalation vulnerability was reported in Lenovo PCManager prior to version 3.0.50.9162 that could allow an authenticated user to execute code with elevated privileges. Lenovo PCManager Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Lenovo Lenovo Pcmanager (Lenovo Computer Manager) is a software from China Lenovo Company that can comprehensively manage PC devices
VAR-202011-0782 | CVE-2020-27660 | Synology SafeAccess In SQL Injection vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter. Synology SafeAccess Has SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Synology SafeAccess is a device from China Synology Technology Co., Ltd. that can configure the security of the network environment. The device can monitor users' Internet behavior, set Internet schedules and time quotas, apply web filters to protect specific users, and protect all devices on the local network by blocking dangerous websites
VAR-202011-0781 | CVE-2020-27659 | Synology SafeAccess Cross-site Scripting Vulnerability |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter. Synology SafeAccess Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Synology SafeAccess is a device from China Synology Technology Co., Ltd. that can configure the security of the network environment. The device can monitor users' Internet behavior, set Internet schedules and time quotas, apply web filters to protect specific users, and protect all devices on the local network by blocking dangerous websites
VAR-202011-1514 | No CVE | ASUS RT-AC5300 and RT-AC1200 have binary vulnerabilities |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
ASUS was established in June 2000, and its business scope: R&D and manufacturing of notebook computers, computer motherboards, medium-sized mainframes, high-end personal computers, servers, etc.
ASUS RT-AC5300 and RT-AC1200 have a binary vulnerability that can be exploited by attackers to cause a denial of service.
VAR-202011-1518 | No CVE | Lilin NVR104 has an information disclosure vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
NVR104 is a standalone NVR video recorder launched by Liling, which supports up to 4 channels of IP network cameras.
Lilin NVR104 has an information disclosure vulnerability. Attackers can use vulnerabilities to obtain sensitive information.
VAR-202011-1520 | No CVE | Lilin NVR104 NTP component has remote code execution vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
NVR104 is a standalone NVR video recorder launched by Liling, which supports up to 4 channels of IP network cameras.
Lilin NVR104 has a remote code execution vulnerability. Attackers can use vulnerabilities to gain control of NVR equipment.
VAR-202011-1526 | No CVE | Rockchip kernel has a denial of service vulnerability |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
Rockchip Microelectronics Co., Ltd. has a R&D team specializing in system-level chip design and algorithm research, providing professional chip solutions for high-end smart hardware, mobile phone peripherals, tablet computers, TV set-top boxes, industrial control and other fields.
Rockchip Kernel has a denial of service vulnerability. An attacker can use this vulnerability to cause a denial of service.
VAR-202011-1515 | No CVE | Tianqing security isolation and information exchange system background sh***.php interface has arbitrary file reading vulnerabilities |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
Tianqing Security Isolation and Information Exchange System is an access control switch device with network isolation technology independently developed by Venustech Information Technology Co., Ltd., which provides high-security isolation protection for key data.
The backend sh***.php interface of Tianqing Security Isolation and Information Exchange System has arbitrary file reading vulnerabilities. Attackers can use this vulnerability to read arbitrary files in the system.
VAR-202011-1516 | No CVE | Any file reading vulnerability exists in the pr***.php interface of the Tianqing security isolation and information exchange system background |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
Tianqing Security Isolation and Information Exchange System is an access control switch device with network isolation technology independently developed by Venustech Information Technology Co., Ltd., which provides high-security isolation protection for key data.
The pr***.php interface of the Tianqing security isolation and information exchange system has arbitrary file reading vulnerabilities. Attackers can use this vulnerability to read arbitrary files in the system.
VAR-202011-1530 | No CVE | Rockchip has an out-of-bounds read vulnerability |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
Rockchip Microelectronics Co., Ltd. has a R&D team specializing in system-level chip design and algorithm research, providing professional chip solutions for high-end smart hardware, mobile phone peripherals, tablet computers, TV set-top boxes, industrial control and other fields.
Rockchip has an out-of-bounds read vulnerability. Attackers can use this vulnerability to execute arbitrary code.
VAR-202011-1535 | No CVE | Advantech WebAccess/SCADA has an arbitrary file deletion vulnerability (CNVD-2020-58465) |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture.
Advantech WebAccess/SCADA has an arbitrary file deletion vulnerability. Attackers can use vulnerabilities to delete arbitrary files.
VAR-202011-1537 | No CVE | Advantech WebAccess/SCADA has an arbitrary file deletion vulnerability (CNVD-2020-58469) |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture.
Advantech WebAccess/SCADA has an arbitrary file deletion vulnerability. Attackers can use vulnerabilities to delete arbitrary files.
VAR-202011-1538 | No CVE | Advantech WebAccess/SCADA has an arbitrary file deletion vulnerability (CNVD-2020-58462) |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture.
Advantech WebAccess/SCADA has an arbitrary file deletion vulnerability. Attackers can use vulnerabilities to delete arbitrary files.