VARIoT IoT vulnerabilities database

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 179478. Vendor exploits this vulnerability IBM X-Force ID: 179478 It is published as.Information may be obtained. The following products and versions are affected: IBM IVG RADIUS version 1.0.0, PAM version 1.0.0, version 1.0.1, WinLogin version 1.0.0, version 1.0.1

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 179009. Vendor exploits this vulnerability IBM X-Force ID: 179009 It is published as.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. The following products and versions are affected: IBM IVG RADIUS version 1.0.0, PAM version 1.0.0, version 1.0.1, WinLogin version 1.0.0, version 1.0.1

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 transmits sensitive information in plain text which could be obtained by an attacker using man in the middle techniques. IBM X-Force ID: 179428. Vendor exploits this vulnerability IBM X-Force ID: 179428 It is published as.Information may be obtained. IBM Verify Gateway (IVG) is a set of cloud-based identity verification solutions from IBM Corporation in the United States. Attackers can exploit this vulnerability to obtain information through man-in-the-middle techniques

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that could be used aid a local user in further attacks against the system. IBM X-Force ID: 179008. Vendor exploits this vulnerability IBM X-Force ID: 179008 It is published as.Information may be obtained. IBM Verify Gateway (IVG) is a set of cloud-based identity verification solutions from IBM Corporation in the United States. A security vulnerability exists in IBM IVG PAM versions 1.0.0 and 1.0.1. A local attacker can exploit this vulnerability to further attack the system

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores highly sensitive information in cleartext that could be obtained by a user. IBM X-Force ID: 179004. Vendor exploits this vulnerability IBM X-Force ID: 179004 It is published as.Information may be obtained. IBM Verify Gateway (IVG) is a set of cloud-based identity verification solutions from IBM Corporation in the United States. A security vulnerability exists in IBM IVG PAM versions 1.0.0 and 1.0.1 due to the fact that the program allows sensitive information to be transmitted in clear text. An attacker could exploit this vulnerability to obtain information

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.20B10_BETA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP requests. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the router. Was ZDI-CAN-10835. Zero Day Initiative To this vulnerability ZDI-CAN-10835 Was numbered.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DIR-878 and D-Link DIR-867 are both wireless routers manufactured by D-Link in Taiwan. DIR-867-US using firmware version 1.20B10 and earlier and DIR-878 using firmware version 1.20B05 and earlier have security loopholes in HNAP request processing, which stems from incorrect string matching logic

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-842 3.13B05 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HNAP GetCAPTCHAsetting requests. The issue results from the lack of proper handling of sessions. An attacker can leverage this vulnerability to execute arbitrary code in the context of the device. Was ZDI-CAN-10083. Zero Day Initiative To this vulnerability ZDI-CAN-10083 Was numbered.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DIR-842 is a wireless router made by D-Link in Taiwan. There are security loopholes in the HNAP GetCAPTCHAsetting request processing process in D-Link DIR-842. The vulnerability stems from the network system or product not properly verifying the user's identity

ZLAN5102/ZLAN5103 serial server is an industrial-grade protocol converter between RS232/485 and TCP/IP produced by Shanghai ZLAN. ZLAN serial server has a denial of service vulnerability. Attackers can use the vulnerability to cause the device to deny service and restart.

China Mobile Railcom's main business is communication technology, information system development, consulting services, and construction project management. China Mobile Railcom's Suzhou branch Yu Luqi has a logic flaw vulnerability. Attackers can use the vulnerability to gain unauthorized access to the system background.

China Mobile Tietong Intelligent Products Branch is a branch of China Mobile Tietong specializing in intelligent manufacturing, intelligent integration and intelligent operation. China Mobile Railway Tongyu routing has a weak password vulnerability, attackers can use the vulnerability to log in to the system background.

The server management software module of ZTE has a storage XSS vulnerability. The attacker inserts some attack codes through the foreground login page, which will cause the user to execute the predefined malicious script in the browser. This affects <R5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020;R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020;R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100>. Shenzhen Zhongxing Mobile Communication Co., Ltd. was established in 2002 and is headquartered in Shenzhen High-tech Industrial Park. It is a national high-tech enterprise. Attackers can use the vulnerability to obtain user cookie information

The server management software module of ZTE has an authentication issue vulnerability, which allows users to skip the authentication of the server and execute some commands for high-level users. This affects: <R5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020;R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020;R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100>. ZTE Server management software contains an authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Shenzhen Zhongxing Mobile Communication Co., Ltd. was established in 2002 and is headquartered in Shenzhen High-tech Industrial Park. It is a national high-tech enterprise. There is an unauthorized access vulnerability in the ZTE server, which can be exploited by attackers to gain server permissions. ZTE R5300G4, R8500G4, and R5500G4 devices could allow a remote malicious user to execute arbitrary commands on the system, caused by improper authentication validation

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 1.04B03_HOTFIX WiFi extenders. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the HNAP service, which listens on TCP port 80 by default. When parsing the SOAPAction header, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-10084. D-Link DAP-1860 To OS A command injection vulnerability exists. Zero Day Initiative To this vulnerability ZDI-CAN-10084 Was numbered.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DAP-1860 is a WiFi range extender manufactured by D-Link in Taiwan. This vulnerability does not correctly verify the characters submitted by the user before executing the system call

AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe in ScreenPad2_Upgrade_Tool.msi V1.0.3 for ASUS PCs with ScreenPad 1.0 (UX450FDX, UX550GDX and UX550GEX) could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name. ASUS PC for ScreenPad2_Upgrade_Tool.msi Exists in an unreliable search path vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ASUS ScreenPad2 Upgrade Tool is an update tool for ASUS ScreenPad2 touchpad produced by ASUS, Taiwan, China. A code issue vulnerability exists in the AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe files in ASUS ScreenPad2 Upgrade Tool version 1.0.3. An attacker could exploit this vulnerability to execute code

BDCOM F5100-48 NGFW next-generation firewall is a firewall product designed and launched by Shanghai BORDA Data Communication Co., Ltd. for medium-sized network security demand scenarios such as enterprises, governments, hotels, hospitals, and schools. Shanghai BDCOM F5100-48 NGFW next-generation firewall has an arbitrary file download vulnerability. Attackers can use this vulnerability to download arbitrary files, resulting in the disclosure of sensitive system information.

New H3C Technology Co., Ltd. is committed to becoming a trusted partner for customers' business innovation and digital transformation. The web network management system of New H3C Technology Co., Ltd. has an arbitrary file download vulnerability. Attackers can use this vulnerability to download arbitrary files on the server and obtain sensitive information.

The RG-WALL 1600-E800 brand new next-generation firewall is a firewall product launched by Ruijie Networks, which has rich interfaces, flexible configuration, and integrates security, routing, and switching. The new generation firewall of Ruijie Networks Co., Ltd. RG-WALL 1600-E800 has an arbitrary file download vulnerability. Attackers can use this vulnerability to download arbitrary files, resulting in the disclosure of sensitive system information.

The AC15 upgrade software is produced by Shenzhen Jixiang Tengda Technology Co., Ltd. It has a built-in dual-core processor with DDR3 memory. Shenzhen Jixiang Tengda Technology Co., Ltd. AC15 upgrade software has a command execution vulnerability. Attackers can use the vulnerability to gain control of the server.

The AC15 upgrade software is produced by Shenzhen Jixiang Tengda Technology Co., Ltd. It has a built-in dual-core processor with DDR3 memory. Shenzhen Jixiang Tengda Technology Co., Ltd. AC15 upgrade software has a command execution vulnerability. Attackers can use the vulnerability to gain control of the server.

The AC15 upgrade software is produced by Shenzhen Jixiang Tengda Technology Co., Ltd. It has a built-in dual-core processor with DDR3 memory. Shenzhen Jixiang Tengda Technology Co., Ltd. AC15 upgrade software has a command execution vulnerability. Attackers can use the vulnerability to gain control of the server.