VARIoT IoT vulnerabilities database
| VAR-202006-0021 | CVE-2020-10561 | Xiaomi Mi Jia ink-jet printer injection vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
An issue was discovered on Xiaomi Mi Jia ink-jet printer < 3.4.6_0138. Injecting parameters to ippserver through the web management background, resulting in command execution vulnerabilities. Xiaomi Mi Jia ink-jet printer There is an injection vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
| VAR-202006-0925 | CVE-2020-14473 | plural Vigor Out-of-bounds write vulnerabilities in firmware |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Stack-based buffer overflow vulnerability in Vigor3900, Vigor2960, and Vigor300B with firmware before 1.5.1.1. Vigor3900 , Vigor2960 and Vigor300B There is an out-of-bounds write vulnerability in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. DrayTek Vigor3900, etc. are all products of DrayTek, Taiwan, China. DrayTek Vigor3900 is a broadband router/VPN gateway device. Vigor2960 is a load balancing router and VPN gateway device. Vigor300B is a load balancing router. Attackers can use this vulnerability to execute arbitrary code or cause denial of service by sending long parameters
| VAR-202006-0238 | CVE-2020-14095 | Xiaomi R3600 Injection vulnerabilities in routers |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
In Xiaomi router R3600, ROM version<1.0.20, a connect service suffers from an injection vulnerability through the web interface, leading to a stack overflow or remote code execution. Xiaomi R3600 A router contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Xiaomi R3600 is a wireless router of China's Xiaomi Technology (Xiaomi) company.
There are security vulnerabilities in Xiaomi R3600 ROM versions before 1.0.20. A remote attacker can use this vulnerability to execute code
| VAR-202006-0237 | CVE-2020-14094 | Xiaomi R3600 Injection vulnerabilities in routers |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
In Xiaomi router R3600, ROM version<1.0.20, the connection service can be injected through the web interface, resulting in stack overflow or remote code execution. Xiaomi R3600 A router contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Xiaomi R3600 is a wireless router of China's Xiaomi Technology (Xiaomi) company.
There are security vulnerabilities in Xiaomi R3600 ROM versions before 1.0.20. A remote attacker can use this vulnerability to execute code
| VAR-202006-1682 | CVE-2020-6870 | ZTE U31R20 Product vulnerabilities |
CVSS V2: 5.2 CVSS V3: 8.0 Severity: HIGH |
The version V12.17.20T115 of ZTE U31R20 product is impacted by a design error vulnerability. An attacker could exploit the vulnerability to log in to the FTP server to tamper with the password, and illegally download, modify, upload, or delete files, causing improper operation of the network management system and equipment. This affects: NetNumenU31R20 V12.17.20T115. ZTE U31R20 The product contains unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ZTE U31R20 is a network management product of China ZTE Corporation.
There are security vulnerabilities in the ZTE U31R20 V12.17.20T115 version
| VAR-202006-0272 | CVE-2020-10276 | Vulnerability in using hard-coded credentials in multiple products |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
The password for the safety PLC is the default and thus easy to find (in manuals, etc.). This allows a manipulated program to be uploaded to the safety PLC, effectively disabling the emergency stop in case an object is too close to the robot. Navigation and any other components dependent on the laser scanner are not affected (thus it is hard to detect before something happens) though the laser scanner configuration can also be affected altering further the safety of the device. Several products contain vulnerabilities in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
| VAR-202006-0270 | CVE-2020-10274 | Information leak vulnerabilities in multiple products |
CVSS V2: 5.5 CVSS V3: 7.1 Severity: HIGH |
The access tokens for the REST API are directly derived (sha256 and base64 encoding) from the publicly available default credentials from the Control Dashboard (refer to CVE-2020-10270 for related flaws). This flaw in combination with CVE-2020-10273 allows any attacker connected to the robot networks (wired or wireless) to exfiltrate all stored data (e.g. indoor mapping images) and associated metadata from the robot's database. Information leakage vulnerabilities exist in multiple products.Information may be obtained and tampered with
| VAR-202006-0268 | CVE-2020-10272 | plural MiR Vulnerability regarding lack of authentication for critical features in the product |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph without any sort of authentication. This allows attackers with access to the internal wireless and wired networks to take control of the robot seamlessly. In combination with CVE-2020-10269 and CVE-2020-10271, this flaw allows malicious actors to command the robot at desire. plural MiR The product contains vulnerabilities related to lack of authentication for critical features.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
| VAR-202006-0266 | CVE-2020-10270 | plural MiR Vulnerabilities in the use of hard-coded credentials in products |
CVSS V2: 5.0 CVSS V3: 9.8 Severity: CRITICAL |
Out of the wired and wireless interfaces within MiR100, MiR200 and other vehicles from the MiR fleet, it's possible to access the Control Dashboard on a hardcoded IP address. Credentials to such wireless interface default to well known and widely spread users (omitted) and passwords (omitted). This information is also available in past User Guides and manuals which the vendor distributed. This flaw allows cyber attackers to take control of the robot remotely and make use of the default user interfaces MiR has created, lowering the complexity of attacks and making them available to entry-level attackers. More elaborated attacks can also be established by clearing authentication and sending network requests directly. We have confirmed this flaw in MiR100 and MiR200 but according to the vendor, it might also apply to MiR250, MiR500 and MiR1000. plural MiR The product contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
| VAR-202006-0259 | CVE-2020-10279 | MiR robot Vulnerability in improper default permissions on controller |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
MiR robot controllers (central computation unit) makes use of Ubuntu 16.04.2 an operating system, Thought for desktop uses, this operating system presents insecure defaults for robots. These insecurities include a way for users to escalate their access beyond what they were granted via file creation, access race conditions, insecure home directory configurations and defaults that facilitate Denial of Service (DoS) attacks. MiR robot The controller contains a vulnerability regarding improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
| VAR-202006-1859 | No CVE | The KingView web data transmission service has a denial of service vulnerability (CNVD-2020-31725) |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
KingView is an industrial automation configuration software produced by Beijing Yakong Technology Development Co., Ltd.
There is a denial of service vulnerability in KingView's web data transmission service. Attackers can use this vulnerability to launch remote denial of service attacks.
| VAR-202006-1868 | No CVE | The KingView web data transmission service has a denial of service vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
KingView is an industrial automation configuration software produced by Beijing Yakong Technology Development Co., Ltd.
There is a denial of service vulnerability in KingView's web data transmission service. Attackers can use this vulnerability to launch remote denial of service attacks.
| VAR-202006-1858 | No CVE | Denial of service vulnerability exists in KingView web data transmission service (CNVD-2020-31722) |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
KingView is an industrial automation configuration software produced by Beijing Yakong Technology Development Co., Ltd.
There is a denial of service vulnerability in KingView's web data transmission service. Attackers can use this vulnerability to launch remote denial of service attacks.
| VAR-202006-1869 | No CVE | The KingView web data transmission service has a denial of service vulnerability (CNVD-2020-31723) |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
KingView is an industrial automation configuration software produced by Beijing Yakong Technology Development Co., Ltd.
There is a denial of service vulnerability in KingView's web data transmission service. Attackers can use this vulnerability to launch remote denial of service attacks.
| VAR-202006-1866 | No CVE | The KingView web data transmission service has a denial of service vulnerability (CNVD-2020-31724) |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
KingView is an industrial automation configuration software produced by Beijing Yakong Technology Development Co., Ltd.
There is a denial of service vulnerability in KingView's web data transmission service. Attackers can use this vulnerability to launch remote denial of service attacks.
| VAR-202006-1862 | No CVE | The KingView web data transmission service has a denial of service vulnerability (CNVD-2020-31721) |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
KingView is an industrial automation configuration software produced by Beijing Yakong Technology Development Co., Ltd.
There is a denial of service vulnerability in KingView's web data transmission service. Attackers can use this vulnerability to launch remote denial of service attacks.
| VAR-202006-0022 | CVE-2020-10624 | ControlEdge PLC and RTU Vulnerability in plaintext transmission of important information in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes a session token on the network. ControlEdge PLC and RTU Includes a vulnerability in the transmission of important information in clear text.Information may be obtained. Honeywell ControlEdge PLC and ControlEdge RTU are products of American Honeywell (Honeywell) company. ControlEdge PLC is a programmable logic controller (PLC). ControlEdge RTU is a remote terminal unit (RTU)
| VAR-202006-0005 | CVE-2020-10628 | ControlEdge PLC and RTU Vulnerability in plaintext transmission of important information in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes unencrypted passwords on the network. ControlEdge PLC and RTU Includes a vulnerability in the transmission of important information in clear text.Information may be obtained. Honeywell ControlEdge PLC and ControlEdge RTU are products of American Honeywell (Honeywell) company. ControlEdge PLC is a programmable logic controller (PLC). ControlEdge RTU is a remote terminal unit (RTU)
| VAR-202006-1005 | CVE-2020-14993 | plural DrayTek Out-of-bounds write vulnerabilities in product devices |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vigor300B devices before 1.5.1.1 allows remote attackers to execute arbitrary code via the formuserphonenumber parameter in an authusersms action to mainfunction.cgi. Draytek Vigor2960 , Vigor3900 , Vigor300B The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. DrayTek Vigor3900, etc. are all products of DrayTek, Taiwan, China. DrayTek Vigor3900 is a broadband router/VPN gateway device. Vigor2960 is a load balancing router and VPN gateway device. Vigor300B is a load balancing router.
There is a buffer overflow vulnerability in DrayTek Vigor2960, Vigor3900 and Vigor300B versions before 1.5.1.1
| VAR-202006-1511 | CVE-2020-5594 | Made by Mitsubishi Electric MELSEC iQ-R , iQ-F , Q , L , FX Of the series CPU With the unit GX Works3 and GX Works2 Vulnerability in plaintext communication between |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors. Mitsubishi Electric MELSEC iQ-R series, etc. are all a programmable logic controller of Japan's Mitsubishi Electric (Mitsubishi Electric) company.
There are security vulnerabilities in many Mitsubishi Electric products. The vulnerabilities stem from the use of clear text communication between the CPU module and GX Works3 or GX Works2. Attackers can use the vulnerabilities to eavesdrop or tamper with communication data, perform unauthorized operations, and cause denial of service