VARIoT IoT vulnerabilities database

In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an issue with the implementation of the SHA-256 hashing algorithm with FactoryTalk Services Platform that prevents the user password from being hashed properly. It provides routine services for applications, such as diagnostic information, health monitoring and real-time data access

In Advantech Spectre RT Industrial Routers ERT351 5.1.3 and prior, the affected product does not neutralize special characters in the error response, allowing attackers to use a reflected XSS attack. Advantech Spectre RT Industrial router ERT351 Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. When malicious data is viewed, sensitive information can be obtained or user sessions can be hijacked

Advantech Spectre RT ERT351 Versions 5.1.3 and prior has insufficient login authentication parameters required for the web application may allow an attacker to gain full access using a brute-force password attack. Advantech Spectre RT ERT351 Is vulnerable to improper restriction of excessive authentication attempts.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Advantech Spectre RT ERT351 is a router of American Advantech company that provides network routing function. Advantech Spectre RT ERT351 has security vulnerabilities that allow remote attackers to use the vulnerabilities to submit special requests and brute force to access the system

Advantech Spectre RT ERT351 Versions 5.1.3 and prior logins and passwords are transmitted in clear text form, which may allow an attacker to intercept the request. Advantech Spectre RT ERT351 Contains a vulnerability in the transmission of important information in clear text.Information may be obtained. Advantech Spectre RT ERT351 is a router of American Advantech company that provides network routing function

The business scope of Quanxun Convergence Network Technology (Beijing) Co., Ltd. includes: operating telecommunications business; Internet information services; technology development, technology services, technology consulting, technology transfer, etc. Aikuai router iK-Q80 has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service.

The business scope of Quanxun Convergence Network Technology (Beijing) Co., Ltd. includes: operating telecommunications business; Internet information services; technology development, technology services, technology consulting, technology transfer, etc. The Aikuai router has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service.

The business scope of Quanxun Convergence Network Technology (Beijing) Co., Ltd. includes: operating telecommunications business; Internet information services; technology development, technology services, technology consulting, technology transfer, etc. The Aikuai router has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service.

Gargoyle OS is a web management interface for small router devices. Gargoyle OS has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

Tangshan Liulin Automation Equipment Co., Ltd. is a high-tech enterprise engaged in the research and development, production, sales and system engineering technical services of the security communication terminal and smart application platform software of the Internet of Things. The WDECP-IC card measurement management platform has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information in the database.

Cisco is the world's leading provider of network solutions. Cisco RV345/RV340 has a command execution vulnerability, which can be exploited by an attacker to gain control of the server.

The business scope of New H3C Technology Co., Ltd. includes: technology development, technical services, technical consultation, achievement transfer, production, sales: electronic products, etc. H3C NX18 Plus has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

The business scope of Zeon Electronics (Shenzhen) Co., Ltd. includes R&D, production and operation of power supplies, switches, integrated circuits, routers, and computer network cards. Totolink A3002R has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

The general business projects of Shenzhen Meikexing Communication Technology Co., Ltd. include: technical development of computer wireless LAN products, computer software and hardware, communication equipment, electronic products, and network security equipment. The Mercury X18G router has an XSS vulnerability. Attackers can use the vulnerability to obtain user cookie information.

iKuaiOS 3.4.8 Build 202012291059 has an arbitrary file download vulnerability, which can be exploited by attackers to obtain sensitive information. iKuaiOS Contains an unspecified vulnerability.Information may be obtained. The business scope of Quanxun Convergence Network Technology (Beijing) Co., Ltd. includes: Internet information services; technology development, technology services, technology consulting, technology transfer, technology promotion, etc

A Remote Code Execution vulnerability has been found in Inspur ClusterEngine V4.0. A remote attacker can send a malicious login packet to the control server. Inspur ClusterEngine Is vulnerable to the insertion or modification of arguments.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Inspur Inspur ClusterEngine is an application software of China Inspur Company. Provides jobs submitted by the software and hardware in the management cluster system

The business scope of Fiberhome Communication Technology Co., Ltd. includes: optical fiber communication and related communication technology, information technology, industrial Internet, and technology development in the field of Internet of Things, etc. HG220GS-U has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

The business scope of Fiberhome Communication Technology Co., Ltd. includes: optical fiber communication and related communication technology, information technology, industrial Internet, and technology development in the field of Internet of Things, etc. MIFON Smart Router R1 has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service.

Feiyuxing Internet Behavior Management Router is designed for small and medium-sized enterprises, government agencies, education and scientific research institutions and other users. It is a new type of network access device with dual functions of Internet behavior management and multi-WAN routers. The Internet behavior management router of Chengdu Feiyuxing Technology Co., Ltd. has a weak password vulnerability. Attackers can use the vulnerability to obtain sensitive information.

Shenzhen Skyworth Digital Technology Co., Ltd. is a high-tech enterprise focusing on providing a full range of digital TV network audiovisual products, operations and services for global users. DT741 integrated smart terminal has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service.

The business scope of Shenzhen Skyworth Digital Technology Co., Ltd. includes: development, research, and operation of a series of digital video broadcasting system products, research and development, and sales of multimedia information systems. The home gateway DT741-csf has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.