VARIoT IoT vulnerabilities database

TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name. TP-Link USB Network Server TL-PS310U A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. TP-Link TL-PS310U is a single USB2.0 port MFP and storage server. TP-Link TL-PS310U version before 2.079.000.t0210 has a cross-site scripting vulnerability

KingView (KingView) is an industrial automation configuration software produced by Beijing Yakong Technology Development Co., Ltd. Beijing Yakong Technology Development Co., Ltd. KingView has a code execution vulnerability. Attackers can use the vulnerability to gain control of the website server.

WebAccess Node is an HMI/SCADA monitoring software completely based on IE browser from Advantech (China) Co., Ltd. Advantech (China) Co., Ltd. WebAccess Node has a denial of service vulnerability. Attackers can use the vulnerability to cause a denial of service.

WebAccess Node is an HMI/SCADA monitoring software completely based on IE browser from Advantech (China) Co., Ltd. Advantech (China) Co., Ltd. WebAccess Node has a denial of service vulnerability. Attackers can use the vulnerability to cause a denial of service.

TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. TP-Link USB Network Server TL-PS310U Devices contain vulnerabilities in inadequate protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. TP-Link TL-PS310U is a single USB2.0 port MFP and storage server. The TP-Link TL-PS310U version prior to 2.079.000.t0210 has a privilege escalation vulnerability. Attackers on the same network can use this vulnerability to increase privileges

TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter. (DoS) It may be put into a state. TP-Link TL-PS310U is a single USB2.0 port MFP and storage server. TP-Link TL-PS310U version before 2.079.000.t0210 has an authentication bypass vulnerability

DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. (DoS) It may be put into a state. Assmann Electronic DIGITUS DA-70254 4-Port Gigabit Network Hub is a gigabit network hub made by Assmann Electronic in Germany. Attackers can use this vulnerability by sniffing unencrypted UDP traffic to obtain management passwords and increase their authority

TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to denial-of-service the device via long input values. TP-Link TL-PS310U is a single USB2.0 port MFP and storage server. TP-Link TL-PS310U version before 2.079.000.t0210 has a denial of service vulnerability

Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter. (DoS) It may be put into a state. Lindy 42633 2.078.000 has an authentication bypass vulnerability

Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. (DoS) It may be put into a state. Lindy 42633 2.078.000 has a privilege escalation vulnerability. Attackers on the same network can use this vulnerability to elevate permissions

DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name. The vulnerability stems from the lack of correct verification of client data in WEB applications. An attacker can use this vulnerability to execute client code

DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to denial-of-service the device via long input values. The vulnerability stems from the network system or product not correctly verifying the input data. No detailed vulnerability details are currently provided

Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to denial-of-service the device via long input values. Lindy 42633 2.078.000 has a denial of service vulnerability

Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name. Lindy 42633 2.078.000 has a persistent cross-site scripting vulnerability. Attackers can use this vulnerability to conduct cross-site scripting attacks through specially crafted server names

DKIM key management page vulnerability on Micro Focus Secure Messaging Gateway (SMG). Affecting all SMG Appliance running releases prior to July 2020. The vulnerability could allow a logged in user with rights to generate DKIM key information to inject system commands into the call to the DKIM system command. (DoS) It may be put into a state. The product supports functions such as email scanning and inbound and outbound protection

Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code. Sophos XG Firewall is a next-generation endpoint protection and enterprise-class firewall product from Sophos, UK. The vulnerability stems from the fact that the network system or product does not correctly filter special characters, commands, etc. in the process of constructing executable commands of the operating system from external input data. Attackers can exploit this vulnerability to execute illegal operating system commands

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by opening specially crafted project files that may overflow the heap, which may allow remote code execution, disclosure/modification of information, or cause the application to crash. WebAccess HMI Designer Is Advantech Company Provides Human Machine Interface (HMI) Development software. WebAccess HMI Designer The following multiple vulnerabilities exist in. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PM3 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. The product has functions such as data transmission, menu editing and text editing

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a type confusion condition, which may allow remote code execution, disclosure/modification of information, or cause the application to crash. WebAccess HMI Designer Is Advantech Company Provides Human Machine Interface (HMI) Development software. WebAccess HMI Designer The following multiple vulnerabilities exist in. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PM3 files. An attacker can leverage this vulnerability to execute code in the context of the current process. The product has functions such as data transmission, menu editing and text editing. There is a type confusion vulnerability in Advantech WebAccess HMI Designer 2.1.9.31 and earlier versions, which is caused by the program's failure to correctly verify the data submitted by the user

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, which may allow remote code execution, disclosure/modification of information, or cause the application to crash. WebAccess HMI Designer Is Advantech Company Provides Human Machine Interface (HMI) Development software. WebAccess HMI Designer The following multiple vulnerabilities exist in. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PM3 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. The product has functions such as data transmission, menu editing and text editing. There is a buffer overflow vulnerability in Advantech WebAccess HMI Designer 2.1.9.31 and earlier versions, which is caused by the program's failure to correctly verify the data submitted by the user

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. An out-of-bounds read vulnerability may be exploited by processing specially crafted project files, which may allow an attacker to read information. WebAccess HMI Designer Is Advantech Company Provides Human Machine Interface (HMI) Development software. WebAccess HMI Designer The following multiple vulnerabilities exist in. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PM3 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. The product has functions such as data transmission, menu editing and text editing. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow