VARIoT IoT vulnerabilities database

EasyAccess2.0 is a remote access tool for man-machine interface produced by Weintek. It allows you to remotely access on-site machinery and equipment thousands of miles away from anywhere, and realize remote monitoring of HMI man-machine interface and remote penetration of PLC controllers. , Complete status monitoring and program update are as simple as QQ. Not only do you no longer need to care about IP, set routing, and open ports as traditionally, but also do not need to spend time and effort to set up a VPN network. Taiwan Weilun Technology Co., Ltd. EasyAccess2.0 (Windows client) has a dll hijacking vulnerability. Attackers can use this vulnerability to execute malicious code.

Aqara smart camera G2H is a smart camera with 1080P image quality and 140° wide angle. Aqara smart camera G2H (gateway version) has an unauthorized access vulnerability. Attackers can use the vulnerability to gain remote access control of the device through WiFi without the permission of the device owner.

ZXR10 6800 multi-service router is a new generation of high-performance multi-service router product launched by ZTE. The ZXR10 6800 multi-service router web management system has an arbitrary file reading vulnerability. Attackers can take advantage of the vulnerability by using ../../ to read the contents of important system files.

Tricon safety instrumented system is the safety instrumented system of Schneider Electric Co., Ltd., MP3009 module is the processor module of Schneider Tricon safety instrumented system. Schneider Tricon safety instrumented system MP3009 processor has a denial of service vulnerability. An attacker can use this vulnerability to launch a denial of service attack.

FiberHome, abbreviated as FiberHome, is a company headquartered in Wuhan, China Listed companies in the communications equipment manufacturing industry. FiberHome routers has an RCE vulnerability. Attackers can use this vulnerability to execute arbitrary commands on the target device with root privileges.

Tricon safety instrumented system is the safety instrumented system of Schneider Electric Co., Ltd., MP3009 module is the processor module of Schneider Tricon safety instrumented system. Schneider Tricon safety instrumented system MP3009 processor has a denial of service vulnerability. An attacker can use this vulnerability to launch a denial of service attack.

The Tricon safety instrumented system is a safety instrumented system of Schneider Electric Co., Ltd. The TCM 4351B communication card is the communication card of Schneider's Tricon safety instrumented system, which supports Ethernet and serial communication. Schneider Tricon safety instrumented system TCM 4351B communication card has a denial of service vulnerability. An attacker can use this vulnerability to launch a denial of service attack.

An issue was discovered on ASUS DSL-N14U-B1 1.1.2.3_805 devices. An attacker can upload arbitrary file content as a firmware update when the filename Settings_DSL-N14U-B1.trx is used. Once this file is loaded, shutdown measures on a wide range of services are triggered as if it were a real update, resulting in a persistent outage of those services. ASUS DSL-N14U-B1 Is vulnerable to an unlimited upload of dangerous types of files.Denial of service (DoS) It may be put into a state. ASUS DSL-N14U-B1 is a router device from China ASUS (ASUS)

JumpServer is the world's first fully open source bastion machine. It uses the GNU GPL v2.0 open source protocol and is a 4A-compliant professional operation and maintenance audit system. JumpServer unauthorized file reading vulnerability, attackers obtain sensitive information such as log files through carefully constructed requests, and can execute arbitrary commands through related operation APIs.

Shenzhen Zhongda Youkong Technology Co., Ltd. is a company that concentrates on industrial visual touch control products---Human-machine interface, text display, programmable logic controller (PLC) core technology research and development, professional development and sales. High-Tech Companies. There is a binary vulnerability in the TP220 PC screen setting tool of Zhongda Youkong. Attackers can use the vulnerability to cause a denial of service.

Sixnet has more than 30 years of industrial automation product design and manufacturing experience, fully understands the application requirements of various industrial occasions, and injects its mature industrial automation product design concepts into industrial Ethernet switch products. Sixnet switch SLX-18MG has a denial of service vulnerability. Attackers can use this vulnerability to cause a denial of service.

Beijing Century Changqiu Technology Co., Ltd. is a high-tech enterprise engaged in the research and development of industrial automation software, providing a complete set of services such as software development, sales, service and industrial automation system integration. Century Star configuration software has a binary vulnerability, which can be exploited by an attacker to cause a denial of service.

Shenzhen Zhongda Youkong Technology Co., Ltd. is a company that concentrates on industrial visual touch control products---Human-machine interface, text display, programmable logic controller (PLC) core technology research and development, professional development and sales. High-Tech Companies. There is a binary vulnerability in the TP220 PC screen setting tool of Zhongda Youkong. Attackers can use the vulnerability to cause a denial of service.

FX3U-ENET-L has 4 communication channels. Mitsubishi PLC Ethernet module FX3U-ENET-L supports fixed buffer storage area communication, connection to MELSOFT, communication via MC series, e-mail sending and other functions. When MELSOFT is connected, remote maintenance of PLC programs can be realized through GX Work2. MITSUBISHI FX3U-ENET-L has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service.

FX3U-ENET-L has 4 communication channels, Mitsubishi PLC Ethernet module FX3U-ENET-L supports fixed buffer storage area communication, connection to MELSOFT, communication through MC series, email sending and other functions. When MELSOFT is connected, remote maintenance of PLC programs can be realized through GX Work2. MITSUBISHI FX3U-ENET-L has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service.

C2000-B2-SFE0101-BB1 serial port server provides serial port to network function, which can convert RS-232 serial port into TCP/IP protocol network interface. Cognex serial server C2000-B2-SFE0101-BB1 has a stored XSS vulnerability, which can be exploited by attackers to obtain sensitive information.

ACS Motion Control is an OEM-oriented motion controller and drive solutions provider headquartered in Israel. Its products are widely used in semiconductor manufacturing, laser processing, additive manufacturing, flat panel display manufacturing, electronic assembly, life sciences and other fields. Technology system. ACS SpiiPlusEC-08 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

ACS Motion Control is an OEM-oriented motion controller and drive solutions provider headquartered in Israel. Its products are widely used in semiconductor manufacturing, laser processing, additive manufacturing, flat panel display manufacturing, electronic assembly, life sciences and other fields. Technology system. ACS SpiiPlusEC-08 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

YKBuilder is a software suitable for constructing embedded integrated development. There are binary vulnerabilities in YKBuilder V5.1. Attackers can use this vulnerability to construct malformed files and cause the program to crash.

China United Network Communications Group Co., Ltd. (English name China Unicom, abbreviated as "China Unicom", "Unicom") was formed on the basis of the merger of the original China Netcom and the original China Unicom on January 6, 2009. It is established in 31 provinces in China. (Autonomous regions, municipalities directly under the Central Government) and many overseas countries and regions have branches. It is China's only telecommunications operating company listed in New York, Hong Kong, and Shanghai at the same time. The LTE core network has a denial of service vulnerability. Attackers can use this vulnerability to cause a denial of service attack.