VARIoT IoT vulnerabilities database

Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote authenticated users to execute arbitrary commands via shell metacharacters in a filename to the upload_settings.cgi page. Belkin International, Inc. of re6500 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Linksys RE6500 is an AC1200 dual-band WiFi extender launched by Belkin. Belkin LINKSYS RE6500 has a code injection vulnerability before 1.0.012.001

Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to cause a persistent denial of service (segmentation fault) via a long /goform/langSwitch langSelectionOnly parameter. Belkin International, Inc. of re6500 There are unspecified vulnerabilities in the firmware.Service operation interruption (DoS) It may be in a state. Linksys RE6500 is an AC1200 dual-band WiFi extender launched by Belkin. Belkin LINKSYS RE6500 versions before 1.0.012.001 have a denial of service vulnerability

Shenzhen Baiwei Tongda Technology Co., Ltd. is a supplier dedicated to providing leading network solutions for Internet cafes, communities, hotels, enterprises, and public Internet places. There are binary vulnerabilities in the soft routing of the community ISP version of Shenzhen Baiwei Tongda Technology Co., Ltd. Attackers can use vulnerabilities to submit special requests and gain router control rights.

Parallels Remote Application Server (RAS) 18 allows remote attackers to discover an intranet IP address because submission of the login form (even with blank credentials) provides this address to the attacker's client for use as a "host" value. In other words, after an attacker's web browser sent a request to the login form, it would automatically send a second request to a RASHTML5Gateway/socket.io URI with something like "host":"192.168.###.###" in the POST data. Parallels of Remote Application Server There is a vulnerability related to information leakage.Information may be obtained

A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N, WR1043ND, WR1045ND, WR740N, WR741ND, WR749N, WR802N, WR840N, WR841HP, WR841N, WR842N, WR842ND, WR845N, WR940N, WR941HP, WR945N, WR949N, and WRD4300 devices. TP-LINK Technologies There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page. Belkin International, Inc. of re6500 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Linksys RE6500 is an AC1200 dual-band WiFi extender launched by Belkin. Belkin LINKSYS RE6500 versions before 1.0.012.001 have remote code execution vulnerabilities

There is an out-of-bounds read vulnerability in some versions of NIP6800, Secospace USG6600 and USG9500. The software reads data past the end of the intended buffer when parsing DHCP messages including crafted parameter. Successful exploit could cause certain service abnormal. Huawei of NIP6800 firmware, Secospace USG6600 firmware, USG9500 An out-of-bounds read vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state

There is a privilege escalation vulnerability on some Huawei smart phones due to design defects. The attacker needs to physically contact the mobile phone and obtain higher privileges, and execute relevant commands, resulting in the user's privilege promotion. Mate 10 firmware, Mate 30 firmware, Mate 30 Pro firmware etc. Huawei There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

CloudEngine 1800V versions V100R019C10SPC500 has a resource management error vulnerability. Remote unauthorized attackers could send specific types of messages to the device, resulting in the message received by the system can't be forwarded normally. Huawei of cloudengine 1800v Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Huawei CloudEngine 1800V is a 1800V series data center switch from China Huawei

In version 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2 of BIG-IP DNS, GTM, and Link Controller, zxfrd leaks memory when listing DNS zones. Zones can be listed via TMSH, iControl or SNMP; only users with access to those services can trigger this vulnerability. F5 Networks of BIG-IP Domain Name System (DNS) , BIG-IP Global Traffic Manager (GTM) , BIG-IP Link Controller Contains a vulnerability regarding the lack of free memory after expiration.Service operation interruption (DoS) It may be in a state

In BIG-IP APM versions 15.0.0-15.0.1.3, 14.1.0-14.1.3, and 13.1.0-13.1.3.4, under certain conditions, the VDI plugin does not observe plugin flow-control protocol causing excessive resource consumption. F5 Networks of BIG-IP Access Policy Manager (APM) Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state

In versions 16.0.0-16.0.0.1, 15.1.0-15.1.1, 14.1.0-14.1.3, 13.1.0-13.1.3.5, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, in a BIG-IP DNS / BIG-IP LTM GSLB deployment, under certain circumstances, the BIG-IP DNS system may stop using a BIG-IP LTM virtual server for DNS response. F5 Networks of BIG-IP Domain Name System (DNS) and BIG-IP Global Traffic Manager (GTM) Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state

CC-PCNT02 is the controller of Honeywell DCS C300 system and supports Ethernet communication. The Honeywell DCS C300 controller has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

CC-PCNT02 is the controller of Honeywell DCS C300 system and supports Ethernet communication. The Honeywell DCS C300 controller has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

CC-PCNT02 is the controller of Honeywell DCS C300 system and supports Ethernet communication. The Honeywell DCS C300 controller has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

CC-PCNT02 is the controller of Honeywell DCS C300 system and supports Ethernet communication. Honeywell DCS C300 controller denial of service vulnerability, attackers can use the vulnerability to cause a denial of service.

An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. Lack of authentication functionality allows an attacker to assign a static IP address that was once used by a valid user. D-Link DSL-2888A The device is vulnerable to a lack of authentication for critical features.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-link DSL-2888A is a unified service router of China D-link company

An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It has a misconfigured FTP service that allows a malicious network user to access system folders and download sensitive files (such as the password hash file). D-Link DSL-2888A Devices are vulnerable to uncontrolled search path elements and improper permission assignment to critical resources.Information may be obtained. D-link DSL-2888A is a unified service router of China D-link company. D-Link DSL-2888A devices have a vulnerability in the default configuration

An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It contains an execute_cmd.cgi feature (that is not reachable via the web user interface) that lets an authenticated user execute Operating System commands. D-Link DSL-2888A The device has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-link DSL-2888A is a unified service router of China D-link company. D-Link DSL-2888A has operating system command execution vulnerability

Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges. Zyxel USG A device contains a vulnerability in the plaintext storage of important information.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state