VARIoT IoT vulnerabilities database

ZXR10 ZSR V2 series routers are the next-generation intelligent access router products launched by ZTE that integrate routing, switching, wireless, security, VPN, and AC. ZTE Corporation's ZXR10 ZSR V2 next-generation access router has a weak password vulnerability. Attackers can use this vulnerability to obtain sensitive information.

Advantech WebAccessNode is a HMI/SCADA monitoring software based entirely on IE browser. Advantech WebAccessNode has a code execution vulnerability, which can be exploited by attackers to obtain server administrator permissions.

Proficy Machine Edition is a PLC programming software developed by Emerson Trading (Shanghai) Co., Ltd. It is used to design, debug, program, and maintain GE RX 3i and GE RX7i series PLCs. It is widely used in electric power, machinery manufacturing, steel, and petroleum. , Chemical and other industrial control fields. Proficy Machine Edition has a denial of service vulnerability. Attackers can use the vulnerability to send constructed malicious data packets to cause a denial of service.

Shenzhen Fuji Intelligent System Co., Ltd. is a supplier of intelligent entrance and exit management equipment and a professional supplier of intelligent ecological environment solutions. There is a file upload vulnerability in the smart car license plate recognition machine. Attackers can use the vulnerability to obtain server permissions.

Proficy Machine Edition is a PLC programming software developed by Emerson Trading (Shanghai) Co., Ltd. It is used to design, debug, program, and maintain GE RX 3i and GE RX7i series PLCs. It is widely used in electric power, machinery manufacturing, steel, and petroleum. , Chemical and other industrial control fields. Proficy Machine Edition has a denial of service vulnerability. Attackers can use the vulnerability to send constructed malicious data packets to cause a denial of service.

Advantech WebAccessNode is a HMI/SCADA monitoring software based entirely on IE browser. Advantech WebAccessNode has an arbitrary file deletion vulnerability. Attackers can use the vulnerability to delete files in any path in the system.

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can bypass command injection mitigations and execute commands as the root user by sending a crafted HTTP POST to the UCM's "New" HTTPS API. (DoS) It may be put into a state. Grandstream UCM6200 is a set of enterprise-level switches used for IP telephone communications from Grandstream

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a crafted HTTP GET to the UCM's "Old" HTTPS API. (DoS) It may be put into a state. Grandstream UCM6200 is a set of enterprise-level switches used for IP telephone communications from Grandstream

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH. An authenticated remote attacker can execute commands as the root user by issuing a specially crafted "unset" command. (DoS) It may be put into a state. Grandstream UCM6200 is a set of enterprise-level switches used for IP telephone communications from Grandstream

Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.02 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by injecting malicious client-side code into the 'URL/ Host / Connection' form in the 'DATA TO SERVER' configuration section. Teltonika A cross-site scripting vulnerability exists in the firmware.Information may be obtained and tampered with. Teltonika TRB245 is a cellular network gateway product of Teltonika, Lithuania. The vulnerability stems from the lack of correct verification of client data in the WEB application. An attacker can use this vulnerability to execute client code

Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router. Grandstream GWN7000 For firmware, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Grandstream GWN7000 is an enterprise-class multi-WAN gigabit VPN router

SonicOS SSLVPN LDAP login request allows remote attackers to cause external service interaction (DNS) due to improper validation of the request. This vulnerability impact SonicOS version 6.5.4.4-44n and earlier. SonicOS SSLVPN LDAP There is an input verification vulnerability in.Service operation interruption (DoS) It may be put into a state. SonicWall SonicOS is a set of operating system specially designed for SonicWall firewall equipment of SonicWall Company in the United States. An input validation error vulnerability exists in SonicWall SonicOS 6.5.4.4-44n and prior versions. The vulnerability stems from the failure of the network system or product to properly validate the input data

SonicWall NetExtender Windows client vulnerable to arbitrary file write vulnerability, this allows attacker to overwrite a DLL and execute code with the same privilege in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 9.0.815 and earlier. SonicWall NetExtender Windows The client is vulnerable to input verification.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. SonicWall NetExtender Windows client is a Windows-based SSL VPN (virtual private network) client application developed by SonicWall in the United States

A vulnerability in the API subsystem of Cisco Meetings App could allow an unauthenticated, remote attacker to retain and reuse the Traversal Using Relay NAT (TURN) server credentials that are configured in an affected system. The vulnerability is due to insufficient protection mechanisms for the TURN server credentials. An attacker could exploit this vulnerability by intercepting the legitimate traffic that is generated by an affected system. An exploit could allow the attacker to obtain the TURN server credentials, which the attacker could use to place audio/video calls and forward packets through the configured TURN server. The attacker would not be able to take control of the TURN server unless the same credentials were used in multiple systems. Cisco Meetings The application contains an authentication vulnerability.Information may be obtained

Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions

Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions

A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper processing of FTP traffic. An attacker could exploit this vulnerability by sending crafted FTP packets through an affected device. A successful exploit could allow the attacker to make the device reboot continuously, causing a DoS condition. Cisco SD-WAN vEdge An unspecified vulnerability exists in the router.Service operation interruption (DoS) It may be put into a state. Cisco SD-WAN vEdge 5000 Series Routers is Cisco's SD-WAN solution routing equipment

A vulnerability in the CLI of Cisco Data Center Network Manager (DCNM) could allow an authenticated, local attacker to elevate privileges to root and execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient restrictions during the execution of an affected CLI command. An attacker could exploit this vulnerability by authenticating as the fmserver user and submitting malicious input to a specific command. A successful exploit could allow the attacker to elevate privileges to root and execute arbitrary commands on the underlying operating system. Cisco Data Center Network Manager (DCNM) Is vulnerable to insertion or modification.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates values within SQL queries. An attacker could exploit this vulnerability by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on or return values from the underlying database or the operating system. Cisco SD-WAN vManage Software is a management software for SD-WAN (Software Defined Wide Area Network) solutions from Cisco

Suzhou Tianxiao Network Technology Co., Ltd. is a company engaged in software development, network information services and operating office automation equipment. The website building system of Suzhou Tianxiao Network Technology Co., Ltd. has a SQL injection vulnerability. Attackers can use the vulnerability to obtain sensitive database information.