VARIoT IoT vulnerabilities database

The AC15 upgrade software is produced by Shenzhen Jixiang Tengda Technology Co., Ltd. It has a built-in dual-core processor with DDR3 memory. Shenzhen Jixiang Tengda Technology Co., Ltd. AC15 upgrade software has a command execution vulnerability. Attackers can use the vulnerability to gain control of the server.

The AC15 upgrade software is produced by Shenzhen Jixiang Tengda Technology Co., Ltd. It has a built-in dual-core processor with DDR3 memory. Shenzhen Jixiang Tengda Technology Co., Ltd. AC15 upgrade software has a command execution vulnerability. Attackers can use the vulnerability to gain control of the server.

The AC15 upgrade software is produced by Shenzhen Jixiang Tengda Technology Co., Ltd. It has a built-in dual-core processor with DDR3 memory. Shenzhen Jixiang Tengda Technology Co., Ltd. AC15 upgrade software has a command execution vulnerability. Attackers can use the vulnerability to gain control of the server.

ZXR10 ZSR V2 series routers are the next-generation intelligent access router products launched by ZTE that integrate routing, switching, wireless, security, VPN, and AC. ZTE Corporation's ZXR10 ZSR V2 next-generation access router has a weak password vulnerability. Attackers can use this vulnerability to obtain sensitive information.

Advantech WebAccessNode is a HMI/SCADA monitoring software based entirely on IE browser. Advantech WebAccessNode has a code execution vulnerability, which can be exploited by attackers to obtain server administrator permissions.

Proficy Machine Edition is a PLC programming software developed by Emerson Trading (Shanghai) Co., Ltd. It is used to design, debug, program, and maintain GE RX 3i and GE RX7i series PLCs. It is widely used in electric power, machinery manufacturing, steel, and petroleum. , Chemical and other industrial control fields. Proficy Machine Edition has a denial of service vulnerability. Attackers can use the vulnerability to send constructed malicious data packets to cause a denial of service.

Shenzhen Fuji Intelligent System Co., Ltd. is a supplier of intelligent entrance and exit management equipment and a professional supplier of intelligent ecological environment solutions. There is a file upload vulnerability in the smart car license plate recognition machine. Attackers can use the vulnerability to obtain server permissions.

Proficy Machine Edition is a PLC programming software developed by Emerson Trading (Shanghai) Co., Ltd. It is used to design, debug, program, and maintain GE RX 3i and GE RX7i series PLCs. It is widely used in electric power, machinery manufacturing, steel, and petroleum. , Chemical and other industrial control fields. Proficy Machine Edition has a denial of service vulnerability. Attackers can use the vulnerability to send constructed malicious data packets to cause a denial of service.

Advantech WebAccessNode is a HMI/SCADA monitoring software based entirely on IE browser. Advantech WebAccessNode has an arbitrary file deletion vulnerability. Attackers can use the vulnerability to delete files in any path in the system.

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can bypass command injection mitigations and execute commands as the root user by sending a crafted HTTP POST to the UCM's "New" HTTPS API. (DoS) It may be put into a state. Grandstream UCM6200 is a set of enterprise-level switches used for IP telephone communications from Grandstream

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a crafted HTTP GET to the UCM's "Old" HTTPS API. (DoS) It may be put into a state. Grandstream UCM6200 is a set of enterprise-level switches used for IP telephone communications from Grandstream

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH. An authenticated remote attacker can execute commands as the root user by issuing a specially crafted "unset" command. (DoS) It may be put into a state. Grandstream UCM6200 is a set of enterprise-level switches used for IP telephone communications from Grandstream

Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.02 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by injecting malicious client-side code into the 'URL/ Host / Connection' form in the 'DATA TO SERVER' configuration section. Teltonika A cross-site scripting vulnerability exists in the firmware.Information may be obtained and tampered with. Teltonika TRB245 is a cellular network gateway product of Teltonika, Lithuania. The vulnerability stems from the lack of correct verification of client data in the WEB application. An attacker can use this vulnerability to execute client code

Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router. Grandstream GWN7000 For firmware, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Grandstream GWN7000 is an enterprise-class multi-WAN gigabit VPN router

SonicOS SSLVPN LDAP login request allows remote attackers to cause external service interaction (DNS) due to improper validation of the request. This vulnerability impact SonicOS version 6.5.4.4-44n and earlier. SonicOS SSLVPN LDAP There is an input verification vulnerability in.Service operation interruption (DoS) It may be put into a state. SonicWall SonicOS is a set of operating system specially designed for SonicWall firewall equipment of SonicWall Company in the United States. An input validation error vulnerability exists in SonicWall SonicOS 6.5.4.4-44n and prior versions. The vulnerability stems from the failure of the network system or product to properly validate the input data

SonicWall NetExtender Windows client vulnerable to arbitrary file write vulnerability, this allows attacker to overwrite a DLL and execute code with the same privilege in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 9.0.815 and earlier. SonicWall NetExtender Windows The client is vulnerable to input verification.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. SonicWall NetExtender Windows client is a Windows-based SSL VPN (virtual private network) client application developed by SonicWall in the United States

Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the TaskEditDeviceTable class. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Advantech iView is a device management application provided by Advantech

A vulnerability in the API subsystem of Cisco Meetings App could allow an unauthenticated, remote attacker to retain and reuse the Traversal Using Relay NAT (TURN) server credentials that are configured in an affected system. The vulnerability is due to insufficient protection mechanisms for the TURN server credentials. An attacker could exploit this vulnerability by intercepting the legitimate traffic that is generated by an affected system. An exploit could allow the attacker to obtain the TURN server credentials, which the attacker could use to place audio/video calls and forward packets through the configured TURN server. The attacker would not be able to take control of the TURN server unless the same credentials were used in multiple systems. Cisco Meetings The application contains an authentication vulnerability.Information may be obtained

Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions

Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions