VARIoT IoT vulnerabilities database
| VAR-202011-1552 | No CVE | Advantech WebAccess HMI Runtime has a binary vulnerability (CNVD-2020-61111) |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
Advantech WebAccess/HMI Designer is a man-machine interface integrated development tool.
Advantech WebAccess HMI Runtime has a binary vulnerability that can be exploited by attackers to cause a denial of service on the server.
| VAR-202011-1554 | No CVE | Advantech WebAccess HMI PanelSim.exe has integer overflow vulnerability |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
Advantech WebAccess/HMI Designer is a man-machine interface integrated development tool.
Advantech's WebAccess HMI PanelSim.exe has an integer overflow vulnerability. Attackers can use the vulnerability to cause an integer overflow and cause the program to crash.
| VAR-202011-1555 | No CVE | Advantech WebAccess HMI PanelSim.exe has heap overflow vulnerability |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
Advantech WebAccess/HMI Designer is a man-machine interface integrated development tool.
Advantech's WebAccess HMI PanelSim.exe has a heap overflow vulnerability. Attackers can use the vulnerability to cause heap overflow and cause the program to crash.
| VAR-202011-1556 | No CVE | SIMATIC S7-300 PLC has industrial control equipment vulnerabilities |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
S7-300 is a modular small PLC system.
SIMATIC S7-300 PLC has a vulnerability in industrial control equipment. Attackers can use the vulnerability to cause a denial of service on the server.
| VAR-202011-1557 | No CVE | Advantech WebAccess HMI PanelSim.exe has binary vulnerability |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
Advantech WebAccess/HMI Designer is a man-machine interface integrated development tool.
Advantech's WebAccess HMI PanelSim.exe has a binary vulnerability that can be exploited to cause a denial of service on the server.
| VAR-202011-1567 | No CVE | Advantech WebAccess HMI PanelSim.exe has stack overflow vulnerability (CNVD-2020-61115) |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
Advantech WebAccess/HMI Designer is a man-machine interface integrated development tool.
Advantech's WebAccess HMI PanelSim.exe has a stack overflow vulnerability, which can be exploited by attackers to make the server denial of service.
| VAR-202011-1568 | No CVE | Advantech WebAccess HMI Runtime has a heap overflow vulnerability (CNVD-2020-61112) |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
Advantech WebAccess/HMI Designer is a man-machine interface integrated development tool.
Advantech's WebAccess HMI Runtime has a heap overflow vulnerability. Attackers can use this vulnerability to cause a denial of service on the server.
| VAR-202011-1569 | No CVE | Advantech WebAccess HMI Designer has dll hijacking vulnerability (CNVD-2020-61113) |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
Advantech WebAccess/HMI Designer is a man-machine interface integrated development tool.
Advantech's WebAccess HMI Designer has a dll hijacking vulnerability, which can be exploited by attackers to gain administrator rights.
| VAR-202011-1570 | No CVE | Advantech WebAccess HMI Designer has dll hijacking vulnerability |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
Advantech WebAccess/HMI Designer is a man-machine interface integrated development tool.
Advantech's WebAccess HMI Designer has a dll hijacking vulnerability, which can be exploited by attackers to gain administrator rights.
| VAR-202011-0869 | CVE-2020-28373 | plural NETGEAR Out-of-bounds write vulnerability in device |
CVSS V2: 8.3 CVSS V3: 8.8 Severity: HIGH |
upnpd on certain NETGEAR devices allows remote (LAN) attackers to execute arbitrary code via a stack-based buffer overflow. This affects R6400v2 V1.0.4.102_10.0.75, R6400 V1.0.1.62_1.0.41, R7000P V1.3.2.126_10.1.66, XR300 V1.0.3.50_10.3.36, R8000 V1.0.4.62, R8300 V1.0.2.136, R8500 V1.0.2.136, R7300DST V1.0.0.74, R7850 V1.0.5.64, R7900 V1.0.4.30, RAX20 V1.0.2.64, RAX80 V1.0.3.102, and R6250 V1.0.4.44. plural NETGEAR The device contains an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
| VAR-202011-0859 | CVE-2020-28349 | ChirpStack Network Server Input confirmation vulnerability |
CVSS V2: 6.8 CVSS V3: 6.5 Severity: MEDIUM |
An inaccurate frame deduplication process in ChirpStack Network Server 3.9.0 allows a malicious gateway to perform uplink Denial of Service via malformed frequency attributes in CollectAndCallOnceCollect in internal/uplink/collect.go. NOTE: the vendor's position is that there are no "guarantees that allowing untrusted LoRa gateways to the network should still result in a secure network. ** Unsettled ** This case has not been confirmed as a vulnerability. ChirpStack Network Server There is an input verification vulnerability in. Vendors have challenged this vulnerability. For more information, please see below NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2020-28349Denial of service (DoS) It may be put into a state. The software is applied to the wireless connection of the Internet of Things, and has the characteristics of low power consumption, long distance and high capacity. No detailed vulnerability details are currently provided
| VAR-202011-0857 | CVE-2020-28347 | TP-Link Archer A7 AC1750 Command Injection Vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows remote attackers to execute arbitrary code via the slave_mac parameter. NOTE: this issue exists because of an incomplete fix for CVE-2020-10882 in which shell quotes are mishandled. TP-Link Archer A7 AC1750 A command injection vulnerability exists in the device. This vulnerability is CVE-2020-10882 It is a vulnerability caused by an incomplete fix.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. TP-Link Archer A7 AC1750 is a wireless router from China TP-Link Company
| VAR-202011-1544 | No CVE | Omron small PLC series CP1L has a denial of service vulnerability (CNVD-2020-58493) |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
CP1L is an Omron small PLC series, integrated PLC with built-in pulse output, analog input and output, and serial communication functions.
Omron small PLC series CP1L has a denial of service vulnerability, which can be exploited by attackers to cause device connection interruption.
| VAR-202011-1553 | No CVE | Omron small PLC series CP1L has a denial of service vulnerability |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
CP1L is an Omron small PLC series, integrated PLC with built-in pulse output, analog input and output, and serial communication functions.
Omron's small PLC series CP1L has a denial of service vulnerability. Attackers can use the vulnerability to stop the program running on the device itself.
| VAR-202011-1559 | No CVE | Omron small PLC series CP1L has a denial of service vulnerability (CNVD-2020-58494) |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
CP1L is an Omron small PLC series, integrated PLC with built-in pulse output, analog input and output, and serial communication functions.
Omron's small PLC series CP1L has a denial of service vulnerability. Attackers can use the vulnerability to clear the logic files running inside the device, causing production and business interruption.
| VAR-202011-1599 | No CVE | Mitsubishi PLC FX3U-32M has a denial of service vulnerability (CNVD-2020-58825) |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
FX3U series Mitsubishi PLC is the third-generation micro-programmable controller.
Mitsubishi PLC FX3U-32M has a denial of service vulnerability. Attackers can use the vulnerability to cause the RUN light of the device to go out and the output module to stop working.
| VAR-202011-1519 | No CVE | An information disclosure vulnerability exists in the wolink plugin of Unicom Optical Cat |
CVSS V2: 3.3 CVSS V3: - Severity: LOW |
Unicom optical modem is a router.
There is an information disclosure vulnerability in the wolink plug-in of China Unicom Optical Cat. The vulnerability is caused by the failure of the plug-in authentication process. Attackers can use the vulnerability to obtain sensitive information.
| VAR-202011-1521 | No CVE | A command execution vulnerability exists in the Unicom Optical modem web service |
CVSS V2: 8.3 CVSS V3: - Severity: HIGH |
Unicom optical modem is a router.
There is a command execution vulnerability in the Unicom Optical modem web service. Attackers can use the vulnerability to obtain server permissions.
| VAR-202011-1522 | No CVE | Rockchip Microelectronics Co., Ltd. Rockchip has a binary vulnerability |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
Rockchip focuses on mobile Internet and digital multimedia chip design, and is a professional personal mobile information terminal SOC solution provider.
Rockchip Microelectronics Co., Ltd. Rockchip has a binary vulnerability. Attackers can use the vulnerability to launch a denial of service attack.
| VAR-202011-0384 | CVE-2020-26892 | NATS nats-server Vulnerability in Using Hard Coded Credentials |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled. NATS nats-server Is vulnerable to the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. NATS Server is an open source messaging system. The system is mainly used for cloud-native applications, IoT messaging, and microservice architecture