VARIoT IoT vulnerabilities database

Gigadevice GD32F103 and GD32F130 devices allow physical attackers to extract data via the probing of easily accessible bonding wires and de-obfuscation of the observed data. Gigadevice GD32F103 and GD32F130 The device contains a vulnerability related to the leakage of resources to the wrong area.Information may be tampered with

TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password. TP-Link TL-WA855RE There is a vulnerability in the lack of authentication for critical features.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. TP-Link TL-WA855RE is a 300Mbps Wi-Fi range extender. TP-Link TL-WA855RE V5 20200415-rel37464 has a privilege escalation vulnerability

Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (V5.0.0.7 and prior) which could cause Denial of Service when sending specific crafted IPV4 packet to the controller: Sending a specific IPv4 protocol package to Schneider Electric Modicon M218 Logic Controller can cause IPv4 devices to go down. The device does not work properly and must be powered back on to return to normal. Modicon M218 Logic Controller Is vulnerable to out-of-bounds writes.Service operation interruption (DoS) It may be put into a state

Incorrect Default Permission vulnerability exists in SoMove (V2.8.1) and prior which could cause elevation of privilege and provide full access control to local system users to SoMove component and services when a SoMove installer script is launched. SoMove There is a vulnerability in improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. SoMove is a PC-oriented user-friendly setting software for setting up a variety of Schneider Electric motor control equipment. SoMove 2.8.1 and earlier versions have permission error vulnerabilities

Missing access control restrictions in the Hypervisor component of the ACRN Project (v2.0 and v1.6.1) allow a malicious entity, with root access in the Service VM userspace, to abuse the PCIe assign/de-assign Hypercalls via crafted ioctls and payloads. This attack results in a corrupt state and Denial of Service (DoS) for previously assigned PCIe devices to the Service VM at runtime. ACRN Project There is an unspecified vulnerability in.Service operation interruption (DoS) It may be put into a state. ACRN is an open source virtual machine monitor for the Internet of Things. A security vulnerability exists in the Hypervisor component of the ACRN project

Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver (see security notification for versions) which could cause local privilege escalation when the Modbus Serial Driver service is invoked. The driver does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. (DoS) It may be put into a state. Schneider Electric Modbus Serial Driver is a serial driver of French Schneider Electric (Schneider Electric)

The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.2 and earlier (for ESP32 devices) does not properly restrict the channel map field of the connection request packet on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet. ESP-IDF Is vulnerable to input validation.Denial of service (DoS) It may be put into a state. Espressif ESP-IDF is a development framework for the Internet of Things of China Espressif. Espressif ESP-IDF 4.2 and earlier versions have security vulnerabilities. Attackers use specially crafted data packets to cause denial of service

ABB (China) Co., Ltd. is committed to providing solutions for customers in the industrial, energy, power, transportation and construction industries. The ABB industrial robot teach pendant has an encryption algorithm vulnerability. Attackers can use the loopholes to crack the user password of ABB industrial robots.

DIGISOL provides a complete integrated communication system solution. 1GE+WIFI router has command execution vulnerability. Attackers can log in to the background with a weak password and execute commands remotely.

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture. Advantech WebAccess/SCADA has an information disclosure vulnerability. Attackers can use vulnerabilities to obtain remote connection passwords, background administrator passwords and other sensitive information.

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture. Advantech WebAccess/SCADA has a command execution vulnerability. Attackers can use the vulnerability to execute console commands.

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture. Advantech WebAccess/SCADA has an information disclosure vulnerability. Attackers can use vulnerabilities to obtain remote connection passwords, background administrator passwords and other sensitive information.

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture. Advantech WebAccess/SCADA has logic flaws. Attackers can use the vulnerability to access and modify the registry of the user's system, and can execute arbitrary commands on the user's system.

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture. Advantech WebAccess/SCADA has a command execution vulnerability. Attackers can use the vulnerability to execute console commands.

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture. Advantech WebAccess/SCADA has a command execution vulnerability. Attackers can use the vulnerability to execute console commands.

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture. Advantech WebAccess/SCADA has logic flaws. Attackers can use the vulnerability to access and modify the registry of the user's system, and can execute arbitrary commands on the user's system.

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture. Advantech WebAccess/SCADA has a command execution vulnerability. Attackers can use the vulnerability to execute console commands.

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture. Advantech WebAccess/SCADA has an arbitrary file deletion vulnerability. Attackers can use vulnerabilities to delete arbitrary files.

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture. Advantech WebAccess/SCADA has an arbitrary file deletion vulnerability. Attackers can use vulnerabilities to delete arbitrary files.

Cross-site request forgery (CSRF) vulnerability in NETGEAR switching hubs (GS716Tv2 Firmware version 5.4.2.30 and earlier, and GS724Tv3 Firmware version 5.4.2.30 and earlier) allow remote attackers to hijack the authentication of administrators and alter the settings of the device via unspecified vectors. NETGEAR Switching hub provided by GS716Tv2 and GS724Tv3 Is a cross-site request forgery vulnerability (CWE-352) Exists. This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Reii Yano MrIf a user who is logged in to the management screen of the product accesses a specially crafted page, the settings of the product may be changed unintentionally