VARIoT IoT vulnerabilities database
| VAR-202106-0149 | CVE-2020-11233 | plural Qualcomm In the product Time-of-check Time-of-use (TOCTOU) Race condition vulnerabilities |
CVSS V2: 6.9 CVSS V3: 7.0 Severity: HIGH |
Time-of-check time-of-use race condition While processing partition entries due to newly created buffer was read again from mmc without validation in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables. plural Qualcomm The product has Time-of-check Time-of-use (TOCTOU) There is a race condition vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
| VAR-202106-0160 | CVE-2020-11260 | plural Qualcomm Vulnerability in product usage of uninitialized resources |
CVSS V2: 7.2 CVSS V3: 8.4 Severity: HIGH |
An improper free of uninitialized memory can occur in DIAG services in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile. plural Qualcomm The product contains a vulnerability in the use of uninitialized resources.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
| VAR-202101-0490 | CVE-2020-28841 | DriverGenius Vulnerability in |
CVSS V2: 7.1 CVSS V3: 5.5 Severity: MEDIUM |
MyDrivers64.sys in DriverGenius 9.61.3708.3054 allows attackers to cause a system crash via the ioctl command 0x9c402000 to \\.\MyDrivers0_0_1. DriverGenius Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state. Cmcm Drivergenius (Drive Wizard) is a software for Windows system to solve driver adaptation update and download from Beijing Cheetah Mobile Technology Co., Ltd. (Cmcm) in China
| VAR-202101-2016 | No CVE | A SQL injection vulnerability exists in the intelligent IoT system of Nanjing Jiuze Software Technology Co., Ltd. |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
The business scope of Nanjing Jiuze Software Technology Co., Ltd. includes: software development, technical services, technical consulting services, technology transfer, etc.
The intelligent IoT system of Nanjing Jiuze Software Technology Co., Ltd. has a SQL injection vulnerability. Attackers can use the vulnerability to obtain sensitive information in the database.
| VAR-202101-2020 | No CVE | Binary vulnerability exists in KINCO DTools (CNVD-2020-68574) |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
Shanghai Buke Automation Co., Ltd. has been focusing on the R&D, production, sales and related technical services of the core components of industrial automation equipment control and industrial Internet of Things/Internet software and hardware, and provides customers with equipment automation control, digital factory and industrial Internet solutions .
There is a binary vulnerability in KINCO DTools. Attackers can use this vulnerability to construct malformed bmp images and cause the program to crash.
| VAR-202101-2021 | No CVE | Binary vulnerability exists in KINCO DTools |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
Shanghai Buke Automation Co., Ltd. has been focusing on the research and development, production, sales and related technical services of the core components of industrial automation equipment control and industrial Internet of Things/Internet software and hardware, and provides customers with equipment automation control, digital factory and industrial Internet solutions Wait.
There is a binary vulnerability in KINCO DTools. Attackers can use the vulnerability to construct malformed wav audio and cause the program to crash.
| VAR-202101-2001 | No CVE | TP-LINK TL-WR740N has a denial of service vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
TP-LINK TL-WR740N adopts advanced 11N wireless technology, with a wireless transmission rate of up to 150Mbps, which can meet more wireless client access, while avoiding data congestion, reducing network delay, and making voice and video, online on-demand, and online games smoother.
TP-LINK TL-WR740N has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service attack.
| VAR-202101-2004 | No CVE | Beijing Zhongchuang Video Technology Co., Ltd. UCM collaborative communication platform has a command execution vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
The UCM cooperative communication platform is a SIP communication control hardware device, which can realize terminal registration, multi-party conference (MCU), device management, firewall traversal, etc. in the traditional video conference system.
Beijing Zhongchuang Video Technology Co., Ltd. UCM collaborative communication platform has a command execution vulnerability. Attackers can use this vulnerability to execute commands remotely.
| VAR-202101-2005 | No CVE | An arbitrary file download vulnerability exists in the UCM collaborative communication platform of Beijing Zhongchuang Video Technology Co., Ltd. |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
The UCM cooperative communication platform is a SIP communication control hardware device, which can realize terminal registration, multi-party conference (MCU), device management, firewall traversal, etc. in the traditional video conference system.
The UCM collaborative communication platform of Beijing Zhongchuang Video Technology Co., Ltd. has an arbitrary file download vulnerability. Attackers can use this vulnerability to download arbitrary files.
| VAR-202101-2006 | No CVE | A weak password vulnerability exists in the UCM collaborative communication platform of Beijing Zhongchuang Video Technology Co., Ltd. |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The UCM cooperative communication platform is a SIP communication control hardware device, which can realize terminal registration, multi-party conference (MCU), device management, firewall traversal, etc. in the traditional video conference system.
The UCM collaborative communication platform of Beijing Zhongchuang Video Technology Co., Ltd. has a weak password vulnerability. Attackers can use the vulnerability to log in to the background to obtain sensitive information and perform unauthorized operations.
| VAR-202101-2022 | No CVE | Binary vulnerability exists in Shanghai KINCO touch screen configuration editing software (CNVD-2020-69458) |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
Shanghai Buke Automation Co., Ltd. has been focusing on the R&D, production, sales and related technical services of the core components of industrial automation equipment control and industrial Internet of Things/Internet software and hardware, and provides customers with equipment automation control, digital factory and industrial Internet solutions , Is a leading supplier of machine automation and factory intelligent solutions in China.
There is a binary vulnerability in the KINCO touch screen configuration editing software of Shanghai Baike. Attackers can use the vulnerability to cause the program to crash.
| VAR-202101-2023 | No CVE | Binary vulnerability exists in Shanghai KINCO touch screen configuration editing software |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
Shanghai Buke Automation Co., Ltd. has been focusing on the R&D, production, sales and related technical services of the core components of industrial automation equipment control and industrial Internet of Things/Internet software and hardware, and provides customers with equipment automation control, digital factory and industrial Internet solutions , Is a leading supplier of machine automation and factory intelligent solutions in China.
There is a binary vulnerability in the KINCO touch screen configuration editing software of Shanghai Baike. Attackers can use the vulnerability to cause the program to crash.
| VAR-202101-1995 | No CVE | Command execution vulnerability exists in iray infrared camera AM310420 |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Arrow Optoelectronics focuses on the R&D and manufacturing of infrared imaging technology and products, with completely independent intellectual property rights, and is committed to providing professional and competitive infrared thermal imaging products and industry solutions to global customers.
The iray infrared camera AM310420 has a command execution vulnerability. Attackers can use this vulnerability to execute system commands and gain control of the server.
| VAR-202101-1997 | No CVE | Unauthorized access vulnerability exists in iray infrared camera |
CVSS V2: 5.5 CVSS V3: - Severity: MEDIUM |
Arrow Optoelectronics focuses on the R&D and manufacturing of infrared imaging technology and products, with completely independent intellectual property rights, and is committed to providing professional and competitive infrared thermal imaging products and industry solutions to global customers.
The iray infrared camera has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202101-2014 | No CVE | New Cape Electronics Co., Ltd. Internet of Things platform has an arbitrary file download vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
New Cape Electronics Co., Ltd. is a professional enterprise dedicated to the development, production, sales and system integration of all-in-one card software and products.
New Cape Electronics Co., Ltd. Internet of Things platform has an arbitrary file download vulnerability. Attackers can use the vulnerability to arbitrary files next week.
| VAR-202101-1996 | No CVE | Command execution vulnerability exists in Tenda AC9V3.0 router web management page |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Shenzhen Jixiang Tengda Technology Co., Ltd. (hereinafter referred to as "Tengda") is a professional supplier of network communication equipment and solutions, as well as a high-tech enterprise integrating R&D, production, supply, sales and service.
Tenda AC9V3.0 router web management page has a command execution vulnerability. Attackers can use vulnerabilities to execute arbitrary commands.
| VAR-202101-1999 | No CVE | Any file download vulnerability exists in DPtech SSL VPN Service |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Hangzhou DPtech Technology Co., Ltd. is an information security industry manufacturer integrating R&D, production and sales.
DP SSL VPN Service has an arbitrary file download vulnerability. Attackers can use vulnerabilities to view or download arbitrary sensitive files.
| VAR-202012-1627 | No CVE | Shenzhen Kemai Communication Technology Co., Ltd. RAS remote rapid application access solution standard version has SQL injection vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Shenzhen Kemai Communication Technology Co., Ltd. is a high-tech enterprise in the field of intelligent Internet of Things. Kemai Communications integrates research on Internet of Things technology, intelligent product development and Internet of Things platform services, and is an enterprise with great potential for innovation.
Shenzhen Kemai Communication Technology Co., Ltd. RAS remote rapid application access solution standard version has SQL injection vulnerabilities. Attackers can use vulnerabilities to obtain sensitive information in the database.
| VAR-202012-0268 | CVE-2020-19664 | DrayTek Vigor2960 In OS Command injection vulnerability |
CVSS V2: 6.5 CVSS V3: 8.8 Severity: HIGH |
DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi. DrayTek Vigor2960 Has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
| VAR-202012-0812 | CVE-2020-28095 | Tenda AC1200 Infinite loop vulnerability in |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, a large HTTP POST request sent to the change password API will trigger the router to crash and enter an infinite boot loop. Tenda AC1200 (Model AC6) Exists in an infinite loop vulnerability.Denial of service (DoS) It may be put into a state. Tenda AC6 is an AC1200 smart dual-band WiFi router.
Tenda AC6 15.03.06.51_multi has a denial of service vulnerability