VARIoT IoT vulnerabilities database

A vulnerability classified as critical has been found in TOTOLINK N150RT 3.4.0-B20190525. Affected is an unknown function of the file /boafrm/formPortFw. The manipulation of the argument service_type leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of N150RT The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N150RT is a wireless router from China's TOTOLINK Electronics. TOTOLINK N150RT has a buffer overflow vulnerability, which is caused by the parameter service_type in the file /boafrm/formPortFw failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been rated as critical. This issue affects some unknown processing of the file /boafrm/formWsc. The manipulation of the argument localPin leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of N150RT The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N150RT is a wireless router from China's TOTOLINK Electronics. TOTOLINK N150RT has a command injection vulnerability, which is caused by the failure of the localPin parameter in the file /boafrm/formWsc to properly filter special characters and commands in the constructed command. No detailed vulnerability details are currently provided

Sony (China) Co., Ltd. is a company engaged in investment, product marketing, customer after-sales service contact, etc. in the electronic information industry. Sony (China) Co., Ltd. SONY SNC-CH260 camera has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

TP-Link Technologies Co., Ltd. is a leading global supplier of network communication equipment, mainly providing network communication equipment and solutions. TP-Link Technologies Co., Ltd. TL-IPC43AN-4GY PTZ network camera has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

HP OfficeJet Pro 8740 is a multi-function printer with multiple functions such as printing, copying, scanning and faxing. HP OfficeJet Pro 8740 of HP Trading (Shanghai) Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

HP LaserJet MFP M132nw is a black and white laser multifunction printer, mainly used for printing, copying and scanning. ‌ HP LaserJet MFP M132nw of HP Trading (Shanghai) Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

B-LINK Router is a network device, mainly used for network connection and data forwarding. B-LINK Router has a logic flaw vulnerability, which can be exploited by attackers to reset account passwords.

Emerson Electric (China) Investment Co., Ltd. is a global technology and engineering company. Emerson DCS DeltaV MQ Controller of Emerson Electric (China) Investment Co., Ltd. has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

‌HollySys Technology Group Co., Ltd. is a high-tech enterprise group mainly engaged in automation control system platforms and industry solutions‌. HollySys Technology Group Co., Ltd. LE5118 programmable logic controller has a denial of service vulnerability, which can be exploited by attackers to cause denial of service.

Beijing Yakong Technology Development Co., Ltd. is a high-tech enterprise of industrial automation and information software platform, focusing on independent research and development, marketing and service of domestic industrial software. Beijing Yakong Technology Development Co., Ltd. KingH5Stream has an unauthorized access vulnerability, which can be exploited by attackers to add/delete users beyond their authority.

SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system. SAP of SAP NetWeaver Contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

DocuCentre-IV 2060 is a medium-speed digital multifunction printer with main functions including copying, printing and scanning. Fuji Xerox (China) Co., Ltd. DocuCentre-IV 2060 has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Brother MFC-L2713DW is a multifunction laser printer with printing, copying, scanning and faxing functions. Brother MFC-L2713DW has a weak password vulnerability that can be exploited by attackers to obtain sensitive information.

HP LaserJet Pro MFP 3101-3108 is a multi-function laser printer that supports printing, copying, and scanning functions, suitable for small and medium-sized enterprises and office environments. ‌ HP LaserJet Pro MFP 3101-3108 of HP Trading (Shanghai) Co., Ltd. has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.

Brother MFC-J491DW is a multi-function color inkjet printer suitable for various office and personal use scenarios. Brother MFC-J491DW has a weak password vulnerability that can be exploited by attackers to obtain sensitive information.

HP LaserJet Pro MFP 4101 is a multi-function laser printer that integrates printing, copying, scanning and faxing functions, suitable for office use. HP LaserJet Pro MFP 4101 of HP Trading (Shanghai) Co., Ltd. has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.

HA Bridge is a gateway product of BWS Systems. BWS Systems HA Bridge has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information.

D-Link DCS-960L is a network camera product of China's D-Link company. D-Link DCS-960L has a binary vulnerability that can be exploited by attackers to cause a denial of service.

Xerox® VersaLink® B7030 MFP is a multi-function printer with multiple functions and performance features. Fuji Xerox (China) Co., Ltd. Xerox® VersaLink® B7030 MFP has a weak password vulnerability that can be exploited by attackers to obtain sensitive information.

OnCell 3120-LTE-1 is a low-power LTE modem that supports the world's advanced LTE Cat 1 technology. Mosa Technology (Shanghai) Co., Ltd. OnCell_3120-LTE-1 has a weak password vulnerability that can be exploited by attackers to obtain sensitive information.