VARIoT IoT vulnerabilities database
| VAR-202101-0413 | CVE-2020-27859 | NEC ESMPRO Manager Traversal Vulnerability in Japan |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ESMPRO Manager 6.42. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GetEuaLogDownloadAction class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-9607. NEC ESMPRO Manager Contains a path traversal vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-9607 Was numbered.Information may be obtained
| VAR-202006-1927 | No CVE | Chongqing Jutai Internet of Things Group Co., Ltd. energy information management system has a universal password bypass vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Chongqing Jutai Internet of Things Group Co., Ltd. is a company engaged in the research and development, production, sales/computer system integration of software and hardware of Internet of Things products.
Chongqing Jutai Internet of Things Group Co., Ltd.'s energy information management system has a universal password bypass vulnerability, which can be used by attackers to obtain sensitive database information.
| VAR-202006-1924 | No CVE | A remote command execution vulnerability exists in the hard disk recorder of Zhejiang Yushi Technology Co., Ltd. |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Zhejiang Yushi Technology Co., Ltd. (abbreviation: Yushi) was founded in 2011 and is a global public safety and intelligent transportation solution provider.
There is a remote command execution vulnerability in the hard disk recorder of Zhejiang Yushi Technology Co., Ltd. An attacker can use this vulnerability to execute system commands, upload a webshell, and obtain server permissions.
| VAR-202006-1863 | No CVE | Haiwell SCADA has a hard-coded certificate authorization bypass vulnerability |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
Haiwei Cloud Configuration Software is a .NET Framework-based industrial automation monitoring and management platform software developed by Xiamen Haiwei Technology Co., Ltd.
Haiwell SCADA has a hard-coded certificate authorization bypass vulnerability that attackers can use to obtain sensitive software information.
| VAR-202006-1865 | No CVE | Haiwell SCADA has arbitrary file download vulnerability |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
Haiwei Cloud Configuration Software is a .NET Framework-based industrial automation monitoring and management platform software developed by Xiamen Haiwei Technology Co., Ltd.
Haiwell SCADA has an arbitrary file download vulnerability, which can be exploited by attackers to obtain software sensitive information.
| VAR-202006-1884 | CVE-2020-14481 | FactoryTalk View SE Cryptographic strength vulnerabilities in |
CVSS V2: 2.1 CVSS V3: 7.8 Severity: HIGH |
The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows DeskLock passwords. If the compromised user has an administrative account, an attacker could gain full access to the user’s operating system and certain components of FactoryTalk View SE. FactoryTalk View SE There is a security level vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Rockwell Automation FactoryTalk View SE is an industrial automation system view interface of Rockwell Automation
| VAR-202006-1882 | CVE-2020-14480 | FactoryTalk View Vulnerability in plaintext storage of important information in |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
Due to usernames/passwords being stored in plaintext in Random Access Memory (RAM), a local, authenticated attacker could gain access to certain credentials, including Windows Logon credentials. FactoryTalk View There is a vulnerability in plaintext storage of important information.Information may be obtained. Rockwell Automation FactoryTalk View SE is an industrial automation system view interface of Rockwell Automation.
An information disclosure vulnerability exists in Rockwell Automation FactoryTalk View SE, which can be used by attackers to obtain sensitive information
| VAR-202006-1883 | CVE-2020-14478 | FactoryTalk Services Platform In XML External entity vulnerabilities |
CVSS V2: 5.6 CVSS V3: 7.1 Severity: HIGH |
A local, authenticated attacker could use an XML External Entity (XXE) attack to exploit weakly configured XML files to access local or remote content. A successful exploit could potentially cause a denial-of-service condition and allow the attacker to arbitrarily read any local file via system-level services. FactoryTalk Services Platform for, XML There is a vulnerability in an external entity.Information is obtained and service operation is interrupted (DoS) It may be in a state. Rockwell Automation FactoryTalk Services Platform is a service platform composed of multiple products by Rockwell Automation in the United States. It provides routine services for applications, such as diagnostic information, health monitoring, and real-time data access
| VAR-202006-0891 | CVE-2019-19506 | Tenda PA6 Wi-Fi Powerline extender Infinite loop vulnerability in |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a denial of service, caused by an error in the "homeplugd" process. By sending a specially crafted UDP packet, an attacker could exploit this vulnerability to cause the device to reboot. An attacker can use this vulnerability to execute arbitrary code or cause an application to crash
| VAR-202006-1857 | No CVE | Memory damage vulnerability exists in the software for quick-control PLC |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
Quick Control Cloud (Shanghai) Intelligent Technology Co., Ltd., a high-tech company specialized in the research and development of industrial Internet of Things automation products such as cloud boxes, human-machine interfaces, and PLC, in cooperation with Shanghai Jiaotong University.
There is a memory destruction vulnerability in the software for quick-control PLC development. An attacker can use this vulnerability to cause a system denial of service.
| VAR-202006-1864 | No CVE | Haiwell SCADA has information disclosure vulnerability |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
Haiwei Cloud Configuration Software is a .NET Framework-based industrial automation monitoring and management platform software developed by Xiamen Haiwei Technology Co., Ltd.
There is an information disclosure vulnerability in Haiwell SCADA, which an attacker can use to obtain sensitive software information.
| VAR-202006-0890 | CVE-2019-19505 | Tenda PA6 Wi-Fi Powerline extender Out-of-bounds write vulnerability in |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the "Wireless" section in the web-UI. By sending a specially crafted hostname, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. (DoS) It may be put into a state
| VAR-202006-0749 | CVE-2019-16213 | Tenda PA6 Wi-Fi Powerline extender In OS Command injection vulnerabilities |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted string, an attacker could modify the device name of an attached PLC adapter to inject and execute arbitrary commands on the system with root privileges. (DoS) It may be put into a state
| VAR-202006-0485 | CVE-2020-14005 | Solarwinds Orion Vulnerability in |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows remote attackers to execute arbitrary code via a defined event. (DoS) It may be put into a state. Authentication is required to exploit this vulnerability.The specific flaw exists within the ExecuteExternalProgram method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of system. SolarWinds Orion Platform is a set of network fault and network performance management platform of SolarWinds in the United States. The platform can provide real-time monitoring and analysis of network equipment, and supports customized web interface, multiple user opinions, and map browsing of the entire network
| VAR-202006-1919 | No CVE | Unauthorized RCE 0day vulnerability in D-Link DCS-2530L camera |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
D-Link DCS-2530L is a camera of D-Link.
D-Link DCS-2530L camera has an unauthorized RCE 0day vulnerability, which can be exploited by an attacker to root
The identity executes arbitrary commands on the target device.
| VAR-202006-1925 | No CVE | Unauthorized remote code execution vulnerability in multiple Netgear devices |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
NETGEAR is a computer network equipment developer founded in 1996 and headquartered in San Jose, California.
Many NETGEAR devices have unauthorized remote code execution vulnerabilities. Attackers can use the vulnerability to execute commands directly.
| VAR-202006-0486 | CVE-2020-14006 | Solarwinds Orion Cross-site scripting vulnerability in |
CVSS V2: 3.5 CVSS V3: 5.4 Severity: MEDIUM |
Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a Responsible Team. SolarWinds Orion Platform is a set of network fault and network performance management platform of SolarWinds in the United States. The platform can provide real-time monitoring and analysis of network equipment, and supports customized web interface, multiple user opinions, and map browsing of the entire network. The vulnerability stems from the lack of correct verification of client data in WEB applications. An attacker can use this vulnerability to execute client code
| VAR-202006-0487 | CVE-2020-14007 | SolarWinds Orion Platform cross-site scripting vulnerability |
CVSS V2: 3.5 CVSS V3: 5.4 Severity: MEDIUM |
Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a name of an alert definition. SolarWinds Orion Platform is a set of network fault and network performance management platform of SolarWinds in the United States. The platform can provide real-time monitoring and analysis of network equipment, and supports customized web interface, multiple user opinions, and map browsing of the entire network. The vulnerability stems from the lack of correct verification of client data in WEB applications. An attacker can use this vulnerability to execute client code
| VAR-202006-0021 | CVE-2020-10561 | Xiaomi Mi Jia ink-jet printer injection vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
An issue was discovered on Xiaomi Mi Jia ink-jet printer < 3.4.6_0138. Injecting parameters to ippserver through the web management background, resulting in command execution vulnerabilities. Xiaomi Mi Jia ink-jet printer There is an injection vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
| VAR-202006-0925 | CVE-2020-14473 | plural Vigor Out-of-bounds write vulnerabilities in firmware |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Stack-based buffer overflow vulnerability in Vigor3900, Vigor2960, and Vigor300B with firmware before 1.5.1.1. Vigor3900 , Vigor2960 and Vigor300B There is an out-of-bounds write vulnerability in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. DrayTek Vigor3900, etc. are all products of DrayTek, Taiwan, China. DrayTek Vigor3900 is a broadband router/VPN gateway device. Vigor2960 is a load balancing router and VPN gateway device. Vigor300B is a load balancing router. Attackers can use this vulnerability to execute arbitrary code or cause denial of service by sending long parameters