VARIoT IoT vulnerabilities database
| VAR-202010-1221 | CVE-2020-7811 | Samsung Update Untrusted Data Deserialization Vulnerability in |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
Samsung Update 3.0.2.0 ~ 3.0.32.0 has a vulnerability that allows privilege escalation as commands crafted by attacker are executed while the engine deserializes the data received during inter-process communication. Samsung Update There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
| VAR-202012-0307 | CVE-2020-25010 | Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers Vulnerability in software regarding unlimited upload of dangerous types of files |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
An arbitrary code execution vulnerability in Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers Software Version:R0002.P05 allows remote attackers to upload a malicious script file by constructing a POST type request and writing a payload in the request parameters as an instruction to write a file. KPS2204 is a programmable protocol converter specially developed for serial device networking applications.
Beijing Dongtu Technology Co., Ltd. KPS2204 has a command execution vulnerability. Attackers can use this vulnerability to execute arbitrary commands
| VAR-202012-0308 | CVE-2020-25011 | Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers Vulnerability in improper permission assignment for critical resources in software |
CVSS V2: 5.0 CVSS V3: 9.8 Severity: CRITICAL |
A sensitive information disclosure vulnerability in Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers Software Version:R0002.P05 allows remote attackers to get username and password by request /cgi-bin/webadminget.cgi script via the browser. KPS2204 is a programmable protocol converter specially developed for serial device networking applications.
Beijing Dongtu Technology Co., Ltd. KPS2204 has an information disclosure vulnerability, which can be exploited by attackers to obtain sensitive information
| VAR-202010-1655 | No CVE | Unauthorized access vulnerabilities in multiple systems of Anhui Huanmei Intelligent Technology Co., Ltd. |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Anhui Huanmei Intelligent Technology Co., Ltd. (hereinafter referred to as "Huanyi Intelligent") was established on May 11, 2007. It is specialized in technical consultation, technology research and development and technology of environmental protection industries such as environmental Internet of Things, environmental protection informatization, and intelligent data collection. Serving national high-tech enterprises, providing integrated environmental protection solutions of "perception monitoring, data collection and transmission, software development, application integration, and operation and maintenance".
Multiple systems of Anhui Huanmei Intelligent Technology Co., Ltd. have unauthorized access vulnerabilities. Attackers can use the vulnerabilities to obtain sensitive information.
| VAR-202010-1629 | No CVE | Vertiv UPS management module FTP service arbitrary file modification vulnerability |
CVSS V2: 5.5 CVSS V3: - Severity: MEDIUM |
Vertiv Technology Co., Ltd. (Vertiv) was established in 2000. Weidi Technology Co., Ltd. designs, manufactures key infrastructure equipment and provides related services to ensure the sound operation of data centers, communication networks, commercial and industrial facilities, and provides power supply and distribution, thermal management and infrastructure management solutions for the mobile and cloud computing markets.
An arbitrary file modification vulnerability in the FTP service of the Vertiv UPS management module allows an attacker to modify the root password in the /etc/passwd file through this vulnerability.
| VAR-202010-1628 | No CVE | Unauthorized access vulnerability exists in Shenzhen Wangxin Technology Co., Ltd. Wangxin Cloud device (CNVD-2020-56388) |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Shenzhen Wangxin Technology Co., Ltd. is a sharing economy cloud computing company focusing on technological innovation.
Shenzhen Wangxin Technology Co., Ltd. Wangxin Cloud device has an unauthorized access vulnerability, attackers can use this vulnerability to set up the network.
| VAR-202010-1636 | No CVE | Multiple systems of Xi'an Debo Intelligent Technology Co., Ltd. have universal password login vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Xi'an Debo Intelligent Technology Co., Ltd. is a company that focuses on providing customized development of industrial intelligent control, and provides detailed and complete overall solutions for industrial control companies.
There is a universal password login vulnerability in multiple systems of Xi'an Debo Intelligent Technology Co., Ltd., and attackers can use the vulnerability to obtain sensitive database information.
| VAR-202010-1651 | No CVE | Shenzhen Sanwang Communication Co., Ltd. NP301 has a denial of service vulnerability |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
NP301 is a serial port networking server that enables serial devices to have networking capabilities immediately.
Shenzhen Sanwang Communication Co., Ltd. NP301 has a denial of service vulnerability. Attackers can use the vulnerability to cause the device to restart.
| VAR-202010-0579 | CVE-2020-26913 | plural NETGEAR Out-of-bounds write vulnerability in device |
CVSS V2: 5.2 CVSS V3: 6.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.63, R7800 before 1.0.2.60, R8900 before 1.0.4.26, R9000 before 1.0.4.26, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBK40 before 2.3.0.28, RBR40 before 2.3.0.28, RBS40 before 2.3.0.28, SRK60 before 2.2.2.20, SRR60 before 2.2.2.20, SRS60 before 2.2.2.20, WN3000RPv2 before 1.0.0.78, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.70, XR450 before 2.3.2.40, and XR500 before 2.3.2.40. plural NETGEAR The device contains an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
| VAR-202010-0580 | CVE-2020-26914 | plural NETGEAR Command injection vulnerabilities in devices |
CVSS V2: 5.2 CVSS V3: 7.1 Severity: HIGH |
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, and WNR2020 before 1.1.0.62. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
| VAR-202010-0577 | CVE-2020-26911 | plural NETGEAR Vulnerabilities in devices |
CVSS V2: 5.8 CVSS V3: 8.8 Severity: HIGH |
Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, and WNR2020 before 1.1.0.62. plural NETGEAR An unspecified vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
| VAR-202010-0578 | CVE-2020-26912 | plural NETGEAR Cross-site request forgery vulnerability in device |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
Certain NETGEAR devices are affected by CSRF. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, and WNR2020 before 1.1.0.62. plural NETGEAR A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
| VAR-202010-0576 | CVE-2020-26910 | plural NETGEAR Command injection vulnerabilities in devices |
CVSS V2: 5.2 CVSS V3: 6.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
| VAR-202010-0565 | CVE-2020-26899 | plural NETGEAR Information leakage vulnerabilities in devices |
CVSS V2: 3.3 CVSS V3: 6.5 Severity: MEDIUM |
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11
| VAR-202010-0573 | CVE-2020-26907 | plural NETGEAR Command injection vulnerabilities in devices |
CVSS V2: 7.7 CVSS V3: 8.8 Severity: High |
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. NETGEAR RBK852 , RBR850 , RBS850 A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
| VAR-202010-0568 | CVE-2020-26902 | plural NETGEAR Command injection vulnerabilities in devices |
CVSS V2: 8.3 CVSS V3: 8.8 Severity: HIGH |
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
| VAR-202010-0917 | CVE-2020-26927 | plural NETGEAR Authentication vulnerability in device |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6050 before 1.0.1.26, JR6150 before 1.0.1.26, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.66, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, AC2100 before 1.2.0.62, AC2400 before 1.2.0.62, AC2600 before 1.2.0.62, R7450 before 1.2.0.62, and WNR2020 before 1.1.0.62. plural NETGEAR There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
| VAR-202010-0587 | CVE-2020-26921 | plural NETGEAR Product vulnerabilities |
CVSS V2: 5.8 CVSS V3: 8.8 Severity: HIGH |
Certain NETGEAR devices are affected by authentication bypass. This affects GS110EMX before 1.0.1.7, GS810EMX before 1.7.1.3, XS512EM before 1.0.1.3, and XS724EM before 1.0.1.3. plural NETGEAR The product contains unspecified vulnerabilities.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. NETGEAR XS512EM, etc. are all products of NETGEAR. NETGEAR XS512EM is a switch. NETGEAR XS724EM is a switch. NETGEAR GS810EMX is an Ethernet switch.
Certain NETGEAR devices GS110EMX version before 1.0.1.7, GS810EMX version before 1.7.1.3, XS512EM version before 1.0.1.3, and XS724EM version before 1.0.1.3 have security vulnerabilities, which are caused by the lack of identity verification measures or identity verification in network systems or products Insufficient strength
| VAR-202010-0589 | CVE-2020-26923 | plural NETGEAR Cross-site scripting vulnerabilities in products |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by stored XSS. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24. plural NETGEAR The product contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with
| VAR-202010-0918 | CVE-2020-26928 | plural NETGEAR Authentication vulnerability in device |
CVSS V2: 5.8 CVSS V3: 9.6 Severity: CRITICAL |
Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. plural NETGEAR There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state