VARIoT IoT vulnerabilities database

Cisco is the world's leading provider of network solutions. There is a binary vulnerability in Cisco rv130w. In the case of authentication, an attacker can obtain system root privileges by constructing rop.

Omron CP1L-EM40DR-D is a programmable logic controller made by Japan’s Omron company. Omron CP1L-EM40DR-D has a denial of service vulnerability, which can be exploited by attackers to cause device denial of service.

Allen-Bradley ControlLogix 5571 is a programmable automation controller of the ControlLogix 5570 series from Rockwell Automation. Rockwell ControlLogix5571 has a vulnerability in industrial control equipment. Attackers can use this vulnerability to cause a denial of service of the device.

Moxa AWK-1131A industrial-grade wireless AP/Client supports IEEE 802.11n technology with a data transmission rate of up to 300Mbps. MOXA AWK-1131A has a command execution vulnerability, which can be exploited by attackers to cause malicious code to be executed.

Delta DVP20ES200TE is a programmable logic controller of Taiwan Delta Company. Delta DVP20ES200TE has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service attack.

Changshu Changxiang Computer Information Technology Co., Ltd. was established in July 2010 to provide enterprises with services such as website construction, WeChat applet, official account, management software, Internet of Things, management software customized development, and has a number of software copyrights. Cxcms has a logic flaw vulnerability, which can be exploited by attackers to obtain sensitive information.

Pingtong Technology Co., Ltd. is a professional human-machine interface manufacturer based in Taiwan that integrates R&D, production, manufacturing and sales. Pingtong Technology Co., Ltd. PM Designer V1.2.98.35 has a memory corruption vulnerability. Attackers can use this vulnerability to cause the program to crash.

Infinova, founded in 1993, is a smart city and smart home solution provider and operation service provider with smart security as its core, providing smart security, smart city, smart home, big data and Internet operation services to the world. Infinova HD Network PTZ Dome Camera has a weak password vulnerability. The attacker can log in to the system background with the default password to obtain sensitive information.

M18G is a wireless router. Shenzhen Meikexing Communication Technology Co., Ltd. M18G has a directory traversal vulnerability. Attackers can use vulnerabilities to access any directory on the file system and read sensitive files.

MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. In MinIO before version RELEASE.2021-03-17T02-33-02Z, there is a vulnerability which enables MITM modification of request bodies that are meant to have integrity guaranteed by chunk signatures. In a PUT request using aws-chunked encoding, MinIO ordinarily verifies signatures at the end of a chunk. This check can be skipped if the client sends a false chunk size that is much greater than the actual data sent: the server accepts and completes the request without ever reaching the end of the chunk + thereby without ever checking the chunk signature. This is fixed in version RELEASE.2021-03-17T02-33-02Z. As a workaround one can avoid using "aws-chunked" encoding-based chunk signature upload requests instead use TLS. MinIO SDKs automatically disable chunked encoding signature when the server endpoint is configured with TLS. MinIO Contains a vulnerability related to improper enforcement of the integrity of messages being sent on a communication channel.Information may be tampered with

index.jsp in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a Stored cross-site scripting (XSS) vulnerability. Compass Plus e-Commerce Payment Gateway is an application interface of the Russian (Compass Plus) company. Provide an API interface for payment function

/exec in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a vulnerability in its XML parser. Compass Plus e-Commerce Payment Gateway is an application interface of the Russian (Compass Plus) company. Provide an API interface for payment function

On BIG-IP versions 14.1.4 and 16.0.1.1, when the Traffic Management Microkernel (TMM) process handles certain undisclosed traffic, it may start dropping all fragmented IP traffic. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. BIG-IP Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. There is a security vulnerability in F5 BIG-IP TMM Fragmented IP Traffic Drop. Attackers can exploit this vulnerability to trigger a fatal error through F5 BIG-IP TMM Fragmented IP Traffic Drop, thereby triggering a denial of service

Changzhou Zhenming Electronic Technology Co., Ltd. was established on January 13, 2015. Legal representative Yuan Chunjuan, the company's business scope includes: electronic product research and development; new energy product technology development; electronic products and components, metal materials, mechanical equipment and accessories, hardware, etc. Changzhou Zhenming Electronic Technology Internet of Things smart street lamp integrated management platform has a logic flaw vulnerability, which can be used by attackers to obtain sensitive information.

The H3C GR2200 router is an enterprise-class router. The H3C GR2200 router has a weak password vulnerability. Attackers use this vulnerability to log in to the background of the system to obtain sensitive information.

Xiamen Baima Technology Co., Ltd. focuses on the Industrial Internet of Things (IIoT: Industrial Internet of Things), providing users with industrial-grade data collection, communication networking, cloud platforms and other intelligent products and solutions. The edge computing gateway BMG700 of Baima Technology has an information disclosure vulnerability. Attackers can use vulnerabilities to obtain sensitive information.

The H3C GR3200 router is a new generation of high-performance enterprise-class routers launched by H3C. The H3C GR3200 router has a weak password vulnerability. Attackers use this vulnerability to log in to the background of the system to obtain sensitive information.

Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used to access the report is discovered. This issue affects: Hitachi ABB Power Grids eSOMS 6.0 versions prior to 6.0.4.2.2; 6.1 versions prior to 6.1.4; 6.3 versions prior to 6.3. ABB eSOMS (Electronic Shift Operations Management System) is a set of factory operation management system of Swiss ABB company

An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT. Kong Gateway is an API gateway of the Italian (Kong) company. A gateway is provided

MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor's position is that this is intended behavior because of how user policies work. ** Unsettled ** This case has not been confirmed as a vulnerability. MikroTik RouterOS Contains a command injection vulnerability. Vendors have challenged this vulnerability. For more information, please see below NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2021-27221Information is tampered with and denial of service (DoS) It may be put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality