VARIoT IoT vulnerabilities database

ACS Motion Control is an OEM-oriented motion controller and drive solutions provider headquartered in Israel. Its products are widely used in semiconductor manufacturing, laser processing, additive manufacturing, flat panel display manufacturing, electronic assembly, life sciences and other fields. Technology system. ACS SpiiPlusEC-08 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

YKBuilder is a software suitable for constructing embedded integrated development. There are binary vulnerabilities in YKBuilder V5.1. Attackers can use this vulnerability to construct malformed files and cause the program to crash.

China United Network Communications Group Co., Ltd. (English name China Unicom, abbreviated as "China Unicom", "Unicom") was formed on the basis of the merger of the original China Netcom and the original China Unicom on January 6, 2009. It is established in 31 provinces in China. (Autonomous regions, municipalities directly under the Central Government) and many overseas countries and regions have branches. It is China's only telecommunications operating company listed in New York, Hong Kong, and Shanghai at the same time. The LTE core network has a denial of service vulnerability. Attackers can use this vulnerability to cause a denial of service attack.

There is a vulnerability caused by insufficient input validation that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system. AirWave Glass Contains an unspecified vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. HPE Aruba Airwave Glass is a smart glasses device from HPE. HPE Aruba Airwave Glass 1.3.3 has an input verification error vulnerability before 1.3.3. The vulnerability is due to insufficient input verification

An Information Exposure vulnerability in Juniper Networks Contrail Networking allows a locally authenticated attacker able to read files to retrieve administrator credentials stored in plaintext thereby elevating their privileges over the system. This issue affects: Juniper Networks Contrail Networking versions prior to 1911.31

Wanglun Tianxia (Beijing) Intelligent Technology Co., Ltd. is a technology-based enterprise focusing on the Internet of Things for commercial vehicle tires. It is the first cooperative development unit of smart tires in China. It has a number of invention patents and software copyrights, and has obtained the European Union CE and North America FCC certification. Netlun Tianxia (Beijing) Intelligent Technology Co., Ltd. has a file upload vulnerability in its intelligent tire monitoring management system. An attacker can use the vulnerability to upload a webshell to gain server permissions.

A ZTE Smart STB is impacted by an information leak vulnerability. The device did not fully verify the log, so attackers could use this vulnerability to obtain sensitive user information for further information detection and attacks. This affects: ZXV10 B860A V2.1-T_V0032.1.1.04_jiangsuTelecom. ZTE ZXV10 B860A is a network set-top box of China ZTE Corporation (ZTE). ZTE ZXV10 B860A has an information disclosure vulnerability

The Eclipse Hono AMQP and MQTT protocol adapters do not check whether an authenticated gateway device is authorized to receive command & control messages when it has subscribed only to commands for a specific device. The missing check involves verifying that the command target device is configured giving permission for the gateway device to act on its behalf. This means an authenticated device of a certain tenant, notably also a non-gateway device acting like a gateway, may receive command & control messages targeted at a different device of the same tenant without corresponding permissions getting checked. Eclipse Hono Is vulnerable to a lack of authentication.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Eclipse Hono is a software of the Eclipse Foundation for providing a control interface for connected IOT devices. The software connects a large number of IOT devices and provides a unified access interface for external control

Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /icons/ directories via GET Parameter. TOTOLINK-A702R Contains vulnerabilities in externally accessible files or directories.Information may be obtained. Totolink A702r is a router device of China Totolink Company. No detailed vulnerability details are currently provided

SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. Skyworth GN542VF Boa There is a vulnerability in the lack of encryption of critical data.Information may be obtained. Skyworth Gn542vf is a network TV equipment of China Skyworth Company. Attackers can use the vulnerability to capture session cookies

DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS with high privileges. This vulnerability is considered critical as it can be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity. DELL Dell EMC Avamar Server is a set of fully virtualized backup and recovery software for servers from Dell (DELL)

Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the arbitrary files stored on the server filesystem, causing deletion of arbitrary files. DELL Dell EMC Avamar Server is a set of fully virtualized backup and recovery software for servers from Dell (DELL)

DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database, causing unauthorized read and write access to application data. Exploitation may lead to leakage or deletion of sensitive backup data; hence the severity is Critical. Dell EMC recommends customers to upgrade at the earliest opportunity. DELL Dell EMC Avamar Server is a set of fully virtualized backup and recovery software for servers from Dell (DELL)

A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow a remote, unauthenticated attacker to crash the httpd daemon thread by sending a request with a crafted cookie header. FortiWeb Is vulnerable to an out-of-bounds write.Denial of service (DoS) It may be put into a state. Fortinet FortiWeb is a web application layer firewall developed by Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, etc., to ensure the security of web applications and protect sensitive database content. Fortinet FortiWeb has a security vulnerability that could allow a remote attacker to perform a denial of service (DoS) attack. The following products and versions are affected: Fortinet FortiWeb: 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7

A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter. FortiWeb Exists in a format string vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Fortinet FortiWeb is a web application layer firewall developed by Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, etc., to ensure the security of web applications and protect sensitive database content. Fortinet FortiWeb 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5 contain a security vulnerability that could allow remote users to access sensitive information

A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.5 and version before 6.2.4 may allow an unauthenticated, remote attacker to overwrite the content of the stack and potentially execute arbitrary code by sending a crafted request with a large certname. FortiWeb Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

An OS command injection vulnerability in FortiDeceptor 3.1.0, 3.0.1, 3.0.0 may allow a remote authenticated attacker to execute arbitrary commands on the system by exploiting a command injection vulnerability on the Customization page. Fortinet FortiDeceptor is a network threat detection platform developed by Fortinet. The platform mainly exposes cyber threats, etc. through deception techniques

A blind SQL injection in the user interface of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by sending a request with a crafted Authorization header containing a malicious SQL statement. FortiWeb Has SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Fortinet FortiWeb is a web application layer firewall developed by Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, etc., to ensure the security of web applications and protect sensitive database content

There is an out-of-bounds read vulnerability in several products. The software reads data past the end of the intended buffer when parsing certain crafted DHCP messages. Successful exploit could cause certain service abnormal. Affected product versions include:NIP6800 versions V500R001C30,V500R001C60SPC500,V500R005C00;S12700 versions V200R008C00;S2700 versions V200R008C00;S5700 versions V200R008C00;S6700 versions V200R008C00;S7700 versions V200R008C00;S9700 versions V200R008C00;Secospace USG6600 versions V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00;USG9500 versions V500R001C30SPC300,V500R001C30SPC600,V500R001C60SPC500,V500R005C00. plural Huawei The product contains an out-of-bounds read vulnerability.Denial of service (DoS) It may be put into a state

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. plural Cisco Small Business RV A series router contains an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco RV110W is a Wireless-N VPN firewall, Cisco RV130 is a multifunctional VPN router, Cisco RV130W is a Wireless-N multifunctional VPN router, and Cisco RV215W is a Wireless-N VPN router. Or cause the device to reload