VARIoT IoT vulnerabilities database

China Mobile Railway Tongyao Router is a home router. China Mobile Railcom Co., Ltd. Yao routing has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Siemens is the world's leading technology company, relying on innovations in the fields of electrification, automation and digitalization to provide customers with solutions in the fields of power generation and transmission and distribution, infrastructure, industrial automation, drives and software. Siemens X200 series industrial Ethernet switches have a stack buffer overflow vulnerability, which can be exploited by attackers to affect usability.

Zhejiang Dahua DSS (digital surveillance system) is a comprehensive management platform that integrates four security subsystem management functions: video, alarm, access control, and intercom. The DSS of Zhejiang Dahua Technology Co., Ltd. has an arbitrary file download vulnerability. Attackers can use this vulnerability to download arbitrary files on the login interface to obtain sensitive information.

Hangzhou Hikvision System Technology Co., Ltd. is a provider of security products and industry solutions. Hangzhou Hikvision System Technology Co., Ltd. video encoding equipment access gateway has a weak password vulnerability. Attackers can use this vulnerability to log in to the gateway backend to obtain sensitive information.

Siemens is the world's leading technology company, relying on innovations in the fields of electrification, automation and digitalization to provide customers with solutions in the fields of power generation and transmission and distribution, infrastructure, industrial automation, drives and software. Siemens X200 series industrial Ethernet switches have a stack buffer overflow vulnerability, which can be exploited by attackers to affect system availability.

Siemens is the world's leading technology company, relying on innovations in the fields of electrification, automation and digitalization to provide customers with solutions in the fields of power generation and transmission and distribution, infrastructure, industrial automation, drives and software. Siemens X200 series industrial Ethernet switches have permission and access control loopholes, which can be exploited by attackers to affect system availability.

New H3C Technology Co., Ltd. is committed to becoming the most reliable partner for customers' business innovation and digital transformation. Main products include routers, big data, switches, Internet of Things, cloud computing, servers, etc. H3C's H3C intrusion prevention system product iWare series has a SQL injection vulnerability. Attackers can use this vulnerability to obtain sensitive database information.

Rockchip Microelectronics Co., Ltd. has a R&D team specializing in system-level chip design and algorithm research, providing professional chip solutions for high-end smart hardware, mobile phone peripherals, tablet computers, TV set-top boxes, industrial control and other fields. Rockchip Microchip has loopholes in conditional competition. Attackers can use this vulnerability to cause the program to crash.

China Mobile Yu Router is a router. There are unauthorized access vulnerabilities in China Mobile Yu routing. Attackers can use this vulnerability to directly access the router backend.

China Mobile Yu Router is a router. There is a weak password vulnerability in China Mobile Yu routing. Attackers can use this vulnerability to log in to the router backend to obtain sensitive information.

D-Link DIR-852 is a wireless router. The D-Link DIR-852 UPNP protocol request has a command execution vulnerability. Attackers can use vulnerabilities to control routers to execute commands.

H3C ER5200G2 is a new generation of enterprise-class Gigabit high-performance routers, which are positioned in the SMB market for Ethernet/optical/xDSL access, mainly including government agencies, small and medium-sized enterprises, hotels, schools, hospitals, Internet cafes, etc. that require high-speed Internet access Web environment. H3C ER5200G2 has weak password vulnerability. Attackers can use this vulnerability to log in to the router backend to obtain sensitive information.

H3C ERG2-450W is an enterprise-class Gigabit VPN router. H3C ERG2-450W has a weak password vulnerability. Attackers can use this vulnerability to log in to the router background to obtain sensitive information.

WIFI industrial router F5936 is an industrial grade WIFI router. Xiamen Sixin Communication Technology Co., Ltd. WIFI industrial router F5936 has an unauthorized access vulnerability. Attackers can use vulnerabilities to obtain sensitive information.

Rockchip Microelectronics Co., Ltd. has a R&D team specializing in system-level chip design and algorithm research, providing professional chip solutions for high-end smart hardware, mobile phone peripherals, tablet computers, TV set-top boxes, industrial control and other fields. Rockchip Microchip has loopholes in conditional competition. Attackers can use this vulnerability to cause the program to crash.

China Mobile Yu Router is a router. There are unauthorized access vulnerabilities in China Mobile Yu routing. Attackers can use this vulnerability to directly access the router backend.

China Mobile Yu Router is a router. There is a weak password vulnerability in China Mobile Yu routing. Attackers can use this vulnerability to log in to the router backend to obtain sensitive information.

Modicon M580 is a programmable logic controller launched by Schneider Electric. Schneider Electric Modicon M580 has a denial of service vulnerability. Attackers can use the vulnerability to cause PLC denial of service and interrupt remote communication with the device.

Improper access control vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Provided by Mitsubishi Electric Corporation MELSEC iQ-R Of the series EtherNet/IP Network interface unit, PROFINET IO Controller unit, high-speed data logger unit, MES Interface unit and OPC UA Of the server unit TCP/IP There are multiple vulnerabilities in the stack. ‥ * Buffer error (CWE-119) - CVE-2020-5653 ‥ * Session immobilization (CWE-384) - CVE-2020-5654 ‥ * NULL Pointer dereference (CWE-476) - CVE-2020-5655 ‥ * Inappropriate access control (CWE-284) - CVE-2020-5656 ‥ * Insert or change arguments (CWE-88) - CVE-2020-5657 ‥ * Resource management issues (CWE-399) - CVE-2020-5658 This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.Receiving packets crafted by a third party can cause the product's network functionality to stop or malicious programs to run

Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet. Provided by Mitsubishi Electric Corporation MELSEC iQ-R Of the series EtherNet/IP Network interface unit, PROFINET IO Controller unit, high-speed data logger unit, MES Interface unit and OPC UA Of the server unit TCP/IP There are multiple vulnerabilities in the stack. ‥ * Buffer error (CWE-119) - CVE-2020-5653 ‥ * Session immobilization (CWE-384) - CVE-2020-5654 ‥ * NULL Pointer dereference (CWE-476) - CVE-2020-5655 ‥ * Inappropriate access control (CWE-284) - CVE-2020-5656 ‥ * Insert or change arguments (CWE-88) - CVE-2020-5657 ‥ * Resource management issues (CWE-399) - CVE-2020-5658 This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.Receiving packets crafted by a third party can cause the product's network functionality to stop or malicious programs to run