VARIoT IoT vulnerabilities database
| VAR-202012-0085 | CVE-2020-10208 | Amino Communications command injection vulnerability |
CVSS V2: 9.0 CVSS V3: 9.9 Severity: CRITICAL |
Command Injection in EntoneWebEngine in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows authenticated remote attackers to execute arbitrary commands with root user privileges. plural Amino Communications The product has OS There are command injection vulnerabilities and injection vulnerabilities.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Amino Communications AK45x series is a series of TV set-top box equipment of British Amino company
| VAR-202012-0083 | CVE-2020-10206 | plural Amino Communications Product vulnerabilities to the use of hard-coded credentials |
CVSS V2: 3.6 CVSS V3: 4.4 Severity: MEDIUM |
Use of a Hard-coded Password in VNCserver in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows local attackers to view and interact with the video output of the device. plural Amino Communications The product contains a vulnerability in the use of hard-coded credentials.Information may be obtained and information may be tampered with. are all a TV set-top box equipment series of British Amino Company.
Amino Communications has a trust management vulnerability. The vulnerability stems from the use of hard-coded passwords
| VAR-202101-1005 | CVE-2020-9203 | Huawei P30 resource management error vulnerability |
CVSS V2: 2.1 CVSS V3: 3.3 Severity: LOW |
There is a resource management errors vulnerability in Huawei P30. Local attackers construct broadcast message for some application, causing this application to send this broadcast message and impact the customer's use experience. Huawei P30 is a smart phone of China's Huawei (Huawei) company. The local application can pass specially crafted data to the application and perform a denial of service (DoS) attack
| VAR-202012-0081 | CVE-2020-10209 | plural Amino Communications In the product OS Command injection vulnerability |
CVSS V2: 9.3 CVSS V3: 8.1 Severity: HIGH |
Command Injection in the CPE WAN Management Protocol (CWMP) registration in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows man-in-the-middle attackers to execute arbitrary commands with root level privileges. plural Amino Communications The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Amino Communications AK45x series is a series of TV set-top box equipment of British Amino company.
Amino Communications has a command injection vulnerability. Attackers can use this vulnerability to execute arbitrary commands with root-level permissions
| VAR-202101-0997 | CVE-2020-9209 | SMC2.0 Vulnerability in Microsoft |
CVSS V2: 4.6 CVSS V3: 6.7 Severity: MEDIUM |
There is a privilege escalation vulnerability in SMC2.0 product. Some files in a directory of a module are located improperly. It does not apply the directory limitation. Attackers can exploit this vulnerability by crafting malicious file to launch privilege escalation. This can compromise normal service of affected products. SMC2.0 Is vulnerable to a lack of authentication.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Huawei Mate 30 is a smart phone of China's Huawei (Huawei) company.
Huawei Mate 30 has a buffer overflow vulnerability, which can be exploited by attackers by sending carefully crafted packets with specific parameters to the target device. Due to insufficient verification of the parameters, a successful attack may cause abnormal device behavior
| VAR-202012-0136 | CVE-2019-12768 | D-Link DAP-1650 Vulnerability in sending requests directly on the device |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
An issue was discovered on D-Link DAP-1650 devices through v1.03b07 before 1.04B02_J65H Hot Fix. Attackers can bypass authentication via forceful browsing. D-Link DAP-1650 The device contains a vulnerability related to sending requests directly.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-Link DAP-1650 is a WiFi range extender.
The D-Link DAP-1650 authentication mechanism has security loopholes. Remote attackers can use this loophole to submit special requests and gain unauthorized access to the device
| VAR-202012-1583 | No CVE | New H3C Technology Co., Ltd. H3C-ER3260 has a weak password vulnerability |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
ER3260 is a router of New H3C Technology Co., Ltd.
New H3C Technology Co., Ltd. H3C-ER3260 has a weak password vulnerability. Attackers can use this vulnerability to obtain sensitive information.
| VAR-202012-1335 | CVE-2020-35838 | plural NETGEAR Cross-site scripting vulnerabilities in devices |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and information may be tampered with
| VAR-202012-1334 | CVE-2020-35837 | plural NETGEAR Cross-site scripting vulnerabilities in devices |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and information may be tampered with
| VAR-202012-1431 | CVE-2020-5802 | FactoryTalk Linx Vulnerability in handling exceptional conditions in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
An attacker-controlled memory allocation size can be passed to the C++ new operator in RnaDaSvr.dll by sending a specially crafted ConfigureItems message to TCP port 4241. This will cause an unhandled exception, resulting in termination of RSLinxNG.exe. Observed in FactoryTalk 6.11. All versions of FactoryTalk Linx are affected. FactoryTalk Linx Is vulnerable to handling exceptional conditions.Denial of service (DoS) It may be put into a state. Rockwell Automation FactoryTalk Linx is a set of industrial communication solutions from Rockwell Automation, USA. This product is mainly used for communication between small applications and large automation systems
| VAR-202012-1430 | CVE-2020-5801 | FactoryTalk Linx Vulnerability in handling exceptional conditions in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
An attacker can craft and send an OpenNamespace message to port 4241 with valid session-id that triggers an unhandled exception in CFTLDManager::HandleRequest function in RnaDaSvr.dll, resulting in process termination. Observed in FactoryTalk Linx 6.11. All versions of FactoryTalk Linx are affected. FactoryTalk Linx Is vulnerable to handling exceptional conditions.Denial of service (DoS) It may be put into a state. Rockwell Automation FactoryTalk Linx is a set of industrial communication solutions from Rockwell Automation, USA. This product is mainly used for communication between small applications and large automation systems
| VAR-202012-1343 | CVE-2020-35814 | plural NETGEAR Cross-site scripting vulnerabilities in devices |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and information may be tampered with
| VAR-202012-1181 | CVE-2020-35806 | plural NETGEAR Cross-site scripting vulnerabilities in devices |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, RAX120 before 1.0.0.78, RBK22 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and WN3000RPv2 before 1.0.0.78. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and information may be tampered with
| VAR-202012-1328 | CVE-2020-35831 | plural NETGEAR Cross-site scripting vulnerabilities in devices |
CVSS V2: 3.5 CVSS V3: 8.1 Severity: HIGH |
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and information may be tampered with
| VAR-202012-1182 | CVE-2020-35807 | plural NETGEAR Cross-site scripting vulnerabilities in devices |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.68, RAX120 before 1.0.0.78, RBK22 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and WN3000RPv2 before 1.0.0.78. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and information may be tampered with
| VAR-202012-1352 | CVE-2020-35823 | plural NETGEAR Cross-site scripting vulnerabilities in devices |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and information may be tampered with
| VAR-202012-1135 | CVE-2020-35781 | NETGEAR NMS300 Vulnerabilities in devices |
CVSS V2: 4.0 CVSS V3: 6.5 Severity: MEDIUM |
NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service. NETGEAR NMS300 An unspecified vulnerability exists in the device.Denial of service (DoS) It may be put into a state. NETGEAR NMS300 is a ProSAFE network management system. No detailed vulnerability details are currently provided
| VAR-202012-1136 | CVE-2020-35782 | plural NETGEAR device Vulnerability in |
CVSS V2: 7.8 CVSS V3: 8.1 Severity: HIGH |
Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. The TFTP firmware update mechanism does not properly implement firmware validations, allowing remote attackers to write arbitrary data to internal memory. plural NETGEAR device Contains an unspecified vulnerability.Information is tampered with and denial of service (DoS) It may be put into a state
| VAR-202012-1137 | CVE-2020-35783 | plural NETGEAR device Vulnerability in |
CVSS V2: 5.0 CVSS V3: 6.5 Severity: MEDIUM |
Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, GS116Ev2 before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and JGS524PE before 2.6.0.48. The NSDP protocol version allows unauthenticated remote attackers to obtain all the switch configuration parameters by sending the corresponding read requests. plural NETGEAR device Contains an unspecified vulnerability.Information may be obtained
| VAR-202012-1404 | CVE-2020-9125 | huawei smartphone Mate 30 Out-of-bounds read vulnerability |
CVSS V2: 4.6 CVSS V3: 6.7 Severity: MEDIUM |
There is an out-of-bound read vulnerability in huawei smartphone Mate 30 versions earlier than 10.1.0.156 (C00E155R7P2). An attacker with specific permission can exploit this vulnerability by sending crafted packet with specific parameter to the target device. Due to insufficient validation of the parameter, successful exploit can cause the device to behave abnormally. huawei smartphone Mate 30 Is vulnerable to an out-of-bounds read.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Huawei Mate 30 is a smart phone of China's Huawei. Remote attackers can use this vulnerability to submit special requests and execute arbitrary code in the context of the application