VARIoT IoT vulnerabilities database

u'Bluetooth devices does not properly restrict the L2CAP payload length allowing users in radio range to cause a buffer overflow via a crafted Link Layer packet(Equivalent to CVE-2019-17060,CVE-2019-17061 and CVE-2019-17517 in Sweyntooth paper)' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music in AR9344. plural Qualcomm The product contains an out-of-bounds read vulnerability. This vulnerability is CVE-2019-17060 , CVE-2019-17061 , CVE-2019-17517 It is the same vulnerability as.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Qualcomm AR9344 is a Qualcomm mobile device chip from Qualcomm. Several components in AR9344 have security vulnerabilities, which can cause buffer overflow problems

PACSystems Rx3i is a programmable automation controller of General Electric Company. GE PACSystems Rx3i has a denial of service vulnerability, which can be exploited by attackers to cause device crashes.

Tianqing Security Isolation and Information Exchange System is an access control switch device with network isolation technology independently developed by Beijing Venustech Information Technology Co., Ltd. It provides high-security isolation protection for key data. Tianqing security isolation and information exchange system has a command execution vulnerability, which can be used by attackers to execute arbitrary operating system commands.

Tianqing Security Isolation and Information Exchange System is an access control switch device with network isolation technology independently developed by Beijing Venustech Information Technology Co., Ltd. It provides high-security isolation protection for key data. Tianqing security isolation and information exchange system has a command execution vulnerability, which can be used by attackers to execute arbitrary operating system commands.

China Mobile Railway Tongyao Router is a home router. China Mobile Railcom Co., Ltd. Yao routing has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Siemens is the world's leading technology company, relying on innovations in the fields of electrification, automation and digitalization to provide customers with solutions in the fields of power generation and transmission and distribution, infrastructure, industrial automation, drives and software. Siemens X200 series industrial Ethernet switches have a stack buffer overflow vulnerability, which can be exploited by attackers to affect usability.

Zhejiang Dahua DSS (digital surveillance system) is a comprehensive management platform that integrates four security subsystem management functions: video, alarm, access control, and intercom. The DSS of Zhejiang Dahua Technology Co., Ltd. has an arbitrary file download vulnerability. Attackers can use this vulnerability to download arbitrary files on the login interface to obtain sensitive information.

Hangzhou Hikvision System Technology Co., Ltd. is a provider of security products and industry solutions. Hangzhou Hikvision System Technology Co., Ltd. video encoding equipment access gateway has a weak password vulnerability. Attackers can use this vulnerability to log in to the gateway backend to obtain sensitive information.

Siemens is the world's leading technology company, relying on innovations in the fields of electrification, automation and digitalization to provide customers with solutions in the fields of power generation and transmission and distribution, infrastructure, industrial automation, drives and software. Siemens X200 series industrial Ethernet switches have a stack buffer overflow vulnerability, which can be exploited by attackers to affect system availability.

Siemens is the world's leading technology company, relying on innovations in the fields of electrification, automation and digitalization to provide customers with solutions in the fields of power generation and transmission and distribution, infrastructure, industrial automation, drives and software. Siemens X200 series industrial Ethernet switches have permission and access control loopholes, which can be exploited by attackers to affect system availability.

New H3C Technology Co., Ltd. is committed to becoming the most reliable partner for customers' business innovation and digital transformation. Main products include routers, big data, switches, Internet of Things, cloud computing, servers, etc. H3C's H3C intrusion prevention system product iWare series has a SQL injection vulnerability. Attackers can use this vulnerability to obtain sensitive database information.

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. There is a security vulnerability in FasterXML Jackson Databind, which can be exploited by an attacker to transmit malicious XML data to FasterXML Jackson Databind to read files, scan sites, or trigger a denial of service. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Description: Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. Security Fix(es): * xmlgraphics-commons: SSRF due to improper input validation by the XMPParser (CVE-2020-11988) * xstream: allow a remote attacker to cause DoS only by manipulating the processed input stream (CVE-2021-21341) * xstream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream (CVE-2021-21351) * xstream: arbitrary file deletion on the local host via crafted input stream (CVE-2021-21343) * xstream: arbitrary file deletion on the local host when unmarshalling (CVE-2020-26259) * xstream: ReDoS vulnerability (CVE-2021-21348) * xstream: Server-Side Forgery Request vulnerability can be activated when unmarshalling (CVE-2020-26258) * xstream: SSRF can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host (CVE-2021-21349) * xstream: SSRF via crafted input stream (CVE-2021-21342) * jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) (CVE-2020-25649) * xstream: allow a remote attacker to execute arbitrary code only by manipulating the processed input stream (CVE-2021-21350) * xstream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream (CVE-2021-21347) * xstream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream (CVE-2021-21346) * xstream: allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream (CVE-2021-21345) * xstream: arbitrary code execution via crafted input stream (CVE-2021-21344) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/): 1887664 - CVE-2020-25649 jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) 1908832 - CVE-2020-26258 XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling 1908837 - CVE-2020-26259 XStream: arbitrary file deletion on the local host when unmarshalling 1933816 - CVE-2020-11988 xmlgraphics-commons: SSRF due to improper input validation by the XMPParser 1942539 - CVE-2021-21341 XStream: allow a remote attacker to cause DoS only by manipulating the processed input stream 1942545 - CVE-2021-21342 XStream: SSRF via crafted input stream 1942550 - CVE-2021-21343 XStream: arbitrary file deletion on the local host via crafted input stream 1942554 - CVE-2021-21344 XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet 1942558 - CVE-2021-21345 XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry 1942578 - CVE-2021-21346 XStream: Unsafe deserizaliation of sun.swing.SwingLazyValue 1942629 - CVE-2021-21347 XStream: Unsafe deserizaliation of com.sun.tools.javac.processing.JavacProcessingEnvironment NameProcessIterator 1942633 - CVE-2021-21348 XStream: ReDoS vulnerability 1942635 - CVE-2021-21349 XStream: SSRF can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host 1942637 - CVE-2021-21350 XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader 1942642 - CVE-2021-21351 XStream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream 5. Description: Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. The References section of this erratum contains a download link (you must log in to download the update). The JBoss server process must be restarted for the update to take effect. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.3.4 security update Advisory ID: RHSA-2020:5340-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2020:5340 Issue date: 2020-12-03 CVE Names: CVE-2020-25638 CVE-2020-25644 CVE-2020-25649 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss EAP 7.3 for RHEL 6 Server - noarch 3. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.3, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.4 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (CVE-2020-25649) * hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used (CVE-2020-25638) * wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL (CVE-2020-25644) For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. For details about how to apply this update, see: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1881353 - CVE-2020-25638 hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used 1885485 - CVE-2020-25644 wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL 1887664 - CVE-2020-25649 jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) 6. JIRA issues fixed (https://issues.jboss.org/): JBEAP-20029 - [GSS](7.3.z) Upgrade Artemis from 2.9.0.redhat-00011 to 2.9.0.redhat-00016 JBEAP-20089 - [GSS] (7.3.z) Upgrade undertow from 2.0.31.SP1-redhat-00001 to 2.0.32.SP1-redhat JBEAP-20119 - [GSS](7.3.z) Upgrade JBoss Remoting from 5.0.18.Final-redhat-00001 to 5.0.19.Final-redhat-00001 JBEAP-20161 - [GSS](7.3.z) Upgrade XNIO from 3.7.9.Final to 3.7.11.Final JBEAP-20221 - Tracker bug for the EAP 7.3.4 release for RHEL-6 JBEAP-20239 - [GSS](7.3.z) Upgrade Hibernate Validator from 6.0.20.Final to 6.0.21.Final JBEAP-20246 - [GSS](7.3.z) Upgrade JBoss Marshalling from 2.0.9.Final to 2.0.10.Final JBEAP-20285 - [GSS](7.3.z) Upgrade HAL from 3.2.10.Final-redhat-00001 to 3.2.11.Final JBEAP-20300 - (7.3.z) Upgrade jasypt from 1.9.3-redhat-00001 to 1.9.3-redhat-00002 JBEAP-20325 - (7.3.z) Upgrade WildFly Arquillian to 3.0.1.Final for the ts.bootable profile JBEAP-20364 - (7.3.z) Upgrade com.github.fge.msg-simple to 1.1.0.redhat-00007 and com.github.fge.btf to 1.2.0.redhat-00007 JBEAP-20368 - (7.3.z) Upgrade Bootable JAR Maven plugin to 2.0.1.Final 7. Package List: Red Hat JBoss EAP 7.3 for RHEL 6 Server: Source: eap7-activemq-artemis-2.9.0-6.redhat_00016.1.el6eap.src.rpm eap7-fge-btf-1.2.0-1.redhat_00007.1.el6eap.src.rpm eap7-fge-msg-simple-1.1.0-1.redhat_00007.1.el6eap.src.rpm eap7-hal-console-3.2.11-1.Final_redhat_00001.1.el6eap.src.rpm eap7-hibernate-validator-6.0.21-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jackson-annotations-2.10.4-1.redhat_00002.1.el6eap.src.rpm eap7-jackson-core-2.10.4-1.redhat_00002.1.el6eap.src.rpm eap7-jackson-coreutils-1.6.0-1.redhat_00006.1.el6eap.src.rpm eap7-jackson-jaxrs-providers-2.10.4-1.redhat_00002.1.el6eap.src.rpm eap7-jackson-modules-base-2.10.4-3.redhat_00002.1.el6eap.src.rpm eap7-jackson-modules-java8-2.10.4-1.redhat_00002.1.el6eap.src.rpm eap7-jasypt-1.9.3-1.redhat_00002.1.el6eap.src.rpm eap7-jboss-marshalling-2.0.10-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-remoting-5.0.19-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-server-migration-1.7.2-3.Final_redhat_00004.1.el6eap.src.rpm eap7-jboss-xnio-base-3.7.11-1.Final_redhat_00001.1.el6eap.src.rpm eap7-undertow-2.0.32-1.SP1_redhat_00001.1.el6eap.src.rpm eap7-wildfly-7.3.4-3.GA_redhat_00003.1.el6eap.src.rpm eap7-wildfly-elytron-1.10.9-1.Final_redhat_00001.1.el6eap.src.rpm eap7-wildfly-openssl-1.0.12-1.Final_redhat_00001.1.el6eap.src.rpm noarch: eap7-activemq-artemis-2.9.0-6.redhat_00016.1.el6eap.noarch.rpm eap7-activemq-artemis-cli-2.9.0-6.redhat_00016.1.el6eap.noarch.rpm eap7-activemq-artemis-commons-2.9.0-6.redhat_00016.1.el6eap.noarch.rpm eap7-activemq-artemis-core-client-2.9.0-6.redhat_00016.1.el6eap.noarch.rpm eap7-activemq-artemis-dto-2.9.0-6.redhat_00016.1.el6eap.noarch.rpm eap7-activemq-artemis-hornetq-protocol-2.9.0-6.redhat_00016.1.el6eap.noarch.rpm eap7-activemq-artemis-hqclient-protocol-2.9.0-6.redhat_00016.1.el6eap.noarch.rpm eap7-activemq-artemis-jdbc-store-2.9.0-6.redhat_00016.1.el6eap.noarch.rpm eap7-activemq-artemis-jms-client-2.9.0-6.redhat_00016.1.el6eap.noarch.rpm eap7-activemq-artemis-jms-server-2.9.0-6.redhat_00016.1.el6eap.noarch.rpm eap7-activemq-artemis-journal-2.9.0-6.redhat_00016.1.el6eap.noarch.rpm eap7-activemq-artemis-ra-2.9.0-6.redhat_00016.1.el6eap.noarch.rpm eap7-activemq-artemis-selector-2.9.0-6.redhat_00016.1.el6eap.noarch.rpm eap7-activemq-artemis-server-2.9.0-6.redhat_00016.1.el6eap.noarch.rpm eap7-activemq-artemis-service-extensions-2.9.0-6.redhat_00016.1.el6eap.noarch.rpm eap7-activemq-artemis-tools-2.9.0-6.redhat_00016.1.el6eap.noarch.rpm eap7-fge-btf-1.2.0-1.redhat_00007.1.el6eap.noarch.rpm eap7-fge-msg-simple-1.1.0-1.redhat_00007.1.el6eap.noarch.rpm eap7-hal-console-3.2.11-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-validator-6.0.21-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-validator-cdi-6.0.21-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jackson-annotations-2.10.4-1.redhat_00002.1.el6eap.noarch.rpm eap7-jackson-core-2.10.4-1.redhat_00002.1.el6eap.noarch.rpm eap7-jackson-coreutils-1.6.0-1.redhat_00006.1.el6eap.noarch.rpm eap7-jackson-datatype-jdk8-2.10.4-1.redhat_00002.1.el6eap.noarch.rpm eap7-jackson-datatype-jsr310-2.10.4-1.redhat_00002.1.el6eap.noarch.rpm eap7-jackson-jaxrs-base-2.10.4-1.redhat_00002.1.el6eap.noarch.rpm eap7-jackson-jaxrs-json-provider-2.10.4-1.redhat_00002.1.el6eap.noarch.rpm eap7-jackson-module-jaxb-annotations-2.10.4-3.redhat_00002.1.el6eap.noarch.rpm eap7-jackson-modules-base-2.10.4-3.redhat_00002.1.el6eap.noarch.rpm eap7-jackson-modules-java8-2.10.4-1.redhat_00002.1.el6eap.noarch.rpm eap7-jasypt-1.9.3-1.redhat_00002.1.el6eap.noarch.rpm eap7-jboss-marshalling-2.0.10-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-marshalling-river-2.0.10-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-remoting-5.0.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-server-migration-1.7.2-3.Final_redhat_00004.1.el6eap.noarch.rpm eap7-jboss-server-migration-cli-1.7.2-3.Final_redhat_00004.1.el6eap.noarch.rpm eap7-jboss-server-migration-core-1.7.2-3.Final_redhat_00004.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap6.4-1.7.2-3.Final_redhat_00004.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.2-3.Final_redhat_00004.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.0-1.7.2-3.Final_redhat_00004.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.1-1.7.2-3.Final_redhat_00004.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.2-1.7.2-3.Final_redhat_00004.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.2-3.Final_redhat_00004.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.3-server-1.7.2-3.Final_redhat_00004.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-1.7.2-3.Final_redhat_00004.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-1.7.2-3.Final_redhat_00004.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-1.7.2-3.Final_redhat_00004.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-1.7.2-3.Final_redhat_00004.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly13.0-server-1.7.2-3.Final_redhat_00004.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly14.0-server-1.7.2-3.Final_redhat_00004.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly15.0-server-1.7.2-3.Final_redhat_00004.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly16.0-server-1.7.2-3.Final_redhat_00004.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly17.0-server-1.7.2-3.Final_redhat_00004.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly18.0-server-1.7.2-3.Final_redhat_00004.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-1.7.2-3.Final_redhat_00004.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-1.7.2-3.Final_redhat_00004.1.el6eap.noarch.rpm eap7-jboss-xnio-base-3.7.11-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-undertow-2.0.32-1.SP1_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-7.3.4-3.GA_redhat_00003.1.el6eap.noarch.rpm eap7-wildfly-elytron-1.10.9-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-elytron-tool-1.10.9-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-javadocs-7.3.4-3.GA_redhat_00003.1.el6eap.noarch.rpm eap7-wildfly-modules-7.3.4-3.GA_redhat_00003.1.el6eap.noarch.rpm eap7-wildfly-openssl-1.0.12-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-openssl-java-1.0.12-1.Final_redhat_00001.1.el6eap.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8. References: https://access.redhat.com/security/cve/CVE-2020-25638 https://access.redhat.com/security/cve/CVE-2020-25644 https://access.redhat.com/security/cve/CVE-2020-25649 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/ 9. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX8k7JtzjgjWX9erEAQhfXg//SOObf0dLpceG0IYYJaIk0FWkV70IaOfy DuXhE3gGBQYG/OairpC0tXlEUT8vZQ6hrDoyuBmGJJyTAYcUzun0sw/rx1dOWMX2 W/r6EJIR3bhbmClm0Xk82TuQzgPBfWAH2cqWiYcuJkETX7L6GIXmayijJpBMuFNG DCgMd1yK0+4oZVeVhQgB/syKG+i8EENB7I5UJArKy/rpWUGzP3UJrPcwwKj8nSs2 zQTaX67dxJrbpT0LsjVLgBUzUfa7inFT0hzUdlAIogmz36hwqKucUT+0th2Ty5S7 HEsSkiDJJVBCk9oz/VYIf/aIjZFxJHHyHMKmnuLXGGBlKy5g+oXIwMjOyMsd/UY2 v0ooJXNy2wEUapJuxRPdXc4ug/pCgvlEZaxC5hBULOQ1bmxFkO+QCsUcFKs3k4hl D+ZvkiF8mAOKMMu4NU89Ye3RPzGOZIRVoezn7Ayg+VUQvhrb9xe0CNazoyPV4x7O 75VgXR3WA546QIqHneqE0KpN87WWtYwPEt3UcCLTHQ4f3ZiV4z4+8IJVAe9ZjsD4 ik+XA89UUiqX5w5PphF7GP9HkLoD3J3NfGB+DR+ZjrKkQxEGoiq3448XRI08TnXF mYH94mXB9Weoee4fczhu275Sz2ONmWqGy9YfgljstHbG9nkl3prvq3qacnMG317m 5e5jybOAeu8=kQhq -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Rockchip Microelectronics Co., Ltd. has a R&D team specializing in system-level chip design and algorithm research, providing professional chip solutions for high-end smart hardware, mobile phone peripherals, tablet computers, TV set-top boxes, industrial control and other fields. Rockchip Microchip has loopholes in conditional competition. Attackers can use this vulnerability to cause the program to crash.

China Mobile Yu Router is a router. There are unauthorized access vulnerabilities in China Mobile Yu routing. Attackers can use this vulnerability to directly access the router backend.

China Mobile Yu Router is a router. There is a weak password vulnerability in China Mobile Yu routing. Attackers can use this vulnerability to log in to the router backend to obtain sensitive information.

D-Link DIR-852 is a wireless router. The D-Link DIR-852 UPNP protocol request has a command execution vulnerability. Attackers can use vulnerabilities to control routers to execute commands.

H3C ER5200G2 is a new generation of enterprise-class Gigabit high-performance routers, which are positioned in the SMB market for Ethernet/optical/xDSL access, mainly including government agencies, small and medium-sized enterprises, hotels, schools, hospitals, Internet cafes, etc. that require high-speed Internet access Web environment. H3C ER5200G2 has weak password vulnerability. Attackers can use this vulnerability to log in to the router backend to obtain sensitive information.

H3C ERG2-450W is an enterprise-class Gigabit VPN router. H3C ERG2-450W has a weak password vulnerability. Attackers can use this vulnerability to log in to the router background to obtain sensitive information.

WIFI industrial router F5936 is an industrial grade WIFI router. Xiamen Sixin Communication Technology Co., Ltd. WIFI industrial router F5936 has an unauthorized access vulnerability. Attackers can use vulnerabilities to obtain sensitive information.

Rockchip Microelectronics Co., Ltd. has a R&D team specializing in system-level chip design and algorithm research, providing professional chip solutions for high-end smart hardware, mobile phone peripherals, tablet computers, TV set-top boxes, industrial control and other fields. Rockchip Microchip has loopholes in conditional competition. Attackers can use this vulnerability to cause the program to crash.