VARIoT IoT vulnerabilities database

A unauthorized remote access vulnerability was discovered in HPE IOT + GCP version(s): 1.4.0, 1.4.1, 1.4.2, 1.2.4.2. HPE IOT + GCP Exists in a vulnerability related to lack of authentication.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. HPE UIoT is a set of universal Internet of Things platforms for Hewlett Packard Enterprise (HPE). The platform has functions such as data analysis, currency security, and synchronization management. There is a security hole in HPE IOT + GCP. The following products and versions are affected: HPE IOT + GCP version 1.4.0, version 1.4.1, version 1.4.2, version 1.2.4.2

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R8300 before 1.0.2.106 and R8500 before 1.0.2.106. NETGEAR R8300 and R8500 A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R8500 and NETGEAR R8300 are both wireless routers of NETGEAR. This vulnerability stems from network systems or products performing operations on memory without properly verifying the data boundary, which leads to other associated memory locations. This affects R8300 prior to 1.0.2.106 and R8500 prior to 1.0.2.106

In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization mechanisms do not use any form of authentication for connecting to the peer. BIG-IQ There is a vulnerability in the lack of authentication for critical features.Information may be obtained and tampered with. F5 BIG-IQ is a set of software-based cloud management solutions from F5 Corporation of the United States. The solution supports the deployment of application delivery and network services across public and private clouds, traditional data centers and hybrid environments. An attacker could exploit this vulnerability with a specially crafted request to bypass access restrictions

In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization is not secure by TLS and may allow on-path attackers to read / modify confidential data in transit. BIG-IQ There is a vulnerability related to information leakage for important functions.Information may be obtained and tampered with. F5 BIG-IQ is a set of software-based cloud management solutions from F5 Corporation of the United States. The solution supports the deployment of application delivery and network services across public and private clouds, traditional data centers and hybrid environments. A security vulnerability exists in F5 BIG-IQ versions 5.2.0 to 7.0.0. Attackers can exploit this vulnerability to read/modify confidential information in transmission

In BIG-IQ 6.0.0-7.0.0, a remote access vulnerability has been discovered that may allow a remote user to execute shell commands on affected systems using HTTP requests to the BIG-IQ user interface. BIG-IQ To OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. F5 BIG-IQ Centralized Management is a set of software-based cloud management solutions from F5 Corporation of the United States. The solution supports the deployment of application delivery and network services across public and private clouds, traditional data centers and hybrid environments. A security vulnerability exists in F5 BIG-IQ Centralized Management versions 7.0.0 and 6.0.0 through 6.1.0. Attackers can use the Grafana component to exploit this vulnerability to run local shell commands on the system

NETGEAR ReadyNAS devices before 6.9.3 are affected by CSRF. NETGEAR ReadyNAS A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. The vulnerability stems from the WEB application not adequately verifying that the request is from a trusted user. An attacker could exploit this vulnerability to send unexpected requests to the server through an affected client

Xinhua III Group is committed to characterization solutions. Provide one-stop digital solutions including cloud computing, big data, intelligent connection, information security, new security, Internet of Things, edge computing, artificial intelligence, 5G, etc., as well as end-to-end technical services. Xinhua III Technology Co., Ltd. H3C cloud desktop system has an information disclosure vulnerability, which can be exploited by attackers to cause sensitive information to leak.

Huangshi Kewei Automatic Control Co., Ltd. is a high-tech enterprise and software enterprise that develops, produces, and sells a series of industrial control products such as embedded PLC, intelligent servo, and man-machine interface. KEWEI WSP series text display screen configuration software has a memory corruption vulnerability, and an attacker can exploit the vulnerability by constructing a deformed KECX to cause the program to crash.

Wuxi Xinjie Electric Co., Ltd. (XINJE) is a well-known domestic enterprise focusing on the development and application of industrial automation products. Xinjie Electric's touch screen editing software Twin 2.D.3n has a memory corruption vulnerability. An attacker can exploit this vulnerability by constructing a malformed txp file to cause the program to crash.

Wuxi Xinjie Electric Co., Ltd. (XINJE) is a well-known domestic enterprise focusing on the development and application of industrial automation products. Xinjie Electric’s touch screen editing software Twin 2.C.6c has a memory corruption vulnerability. An attacker can exploit this vulnerability by constructing a malformed file to cause the program to crash.

Wuxi Xinjie Electric Co., Ltd. (XINJE) is a well-known domestic enterprise focusing on the development and application of industrial automation products. Xinjie Electric's touch screen screen editing software Twin 2.D.3o has a memory corruption vulnerability. An attacker can exploit this vulnerability by constructing a malformed file to cause the program to crash.

Wuxi Xinjie Electric Co., Ltd. (XINJE) is a well-known domestic enterprise focusing on the development and application of industrial automation products. Xinjie Electric's touch screen editing software Twin 2.C.6i has a memory corruption vulnerability, which can be exploited by an attacker to cause the program to crash.

Wuxi Xinjie Electric Co., Ltd. (XINJE) is a well-known domestic enterprise focusing on the development and application of industrial automation products. Xinjie Electric's touch screen screen editing software Twin 2.E.2 has a memory corruption vulnerability. An attacker can use this vulnerability to construct a malformed file and cause the program to crash.

KingSCADA is a SCADA product for medium and high-end markets, with integrated management, modular development, visual operation, intelligent diagnosis and control. KingSCADA has a buffer overflow vulnerability that an attacker can use to execute arbitrary code.

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects DGN2200Bv4 before 1.0.0.102, DGN2200v4 before 1.0.0.102, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.22, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150 before 1.0.0.38, EX6200 before 1.0.3.86, EX7000 before 1.0.0.64, R6300v2 before 1.0.4.22, R6900P before 1.3.0.18, R7000P before 1.3.0.18, R7300DST before 1.0.0.62, R7900P before 1.3.0.10, R8000 before 1.0.4.12, R8000P before 1.3.0.10, WN2500RPv2 before 1.0.1.52, and WNDR3400v3 before 1.0.1.18. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR EX7000 etc. are all products of NETGEAR company. NETGEAR EX7000 is a wireless network signal extender. NETGEAR DGN2200 is a wireless router. NETGEAR EX3700 is a wireless network signal extender. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow

An issue was discovered in Contiki-NG through 4.3 and Contiki through 3.0. A buffer overflow is present due to an integer underflow during 6LoWPAN fragment processing in the face of truncated fragments in os/net/ipv6/sicslowpan.c. This results in accesses of unmapped memory, crashing the application. An attacker can cause a denial-of-service via a crafted 6LoWPAN frame. Contiki-NG and Contiki Exists in an integer overflow vulnerability.Service operation interruption (DoS) It may be put into a state. Contiki is an open source cross-platform operating system for IoT (Internet of Things) devices. Contiki-NG is an open source cross-platform operating system for next-generation IoT (Internet of Things) devices. There are security vulnerabilities in Contiki-NG 4.3 and earlier and Contiki 3.0 and earlier. An attacker could use this vulnerability to cause an application to crash, leading to denial of service

Certain NETGEAR devices are affected by CSRF. This affects JR6150 before 1.0.1.10, R6050 before 1.0.1.10, R6250 before 1.0.4.12, R6300v2 before 1.0.4.8, R6700 before 1.0.1.16, R6900 before 1.0.1.16, R7300DST before 1.0.0.54, R7900 before 1.0.1.12, R8000 before 1.0.3.32, and R8500 before 1.0.2.74. plural NETGEAR A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R6250, etc. are all wireless routers from NETGEAR. The vulnerability stems from the fact that the WEB application does not fully verify whether the request comes from a trusted user. An attacker can use this vulnerability to send unexpected requests to the server through the affected client

Certain NETGEAR devices are affected by a hardcoded password. This affects D3600 before 1.0.0.76 and D6000 before 1.0.0.76. NETGEAR D3600 and D6000 A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D3600 and NETGEAR D6000 are both wireless modems of NETGEAR. NETGEAR D3600 versions prior to 1.0.0.76 and D6000 versions prior to 1.0.0.76 have vulnerabilities in trust management issues. No detailed vulnerability details are currently available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects EX6150v2 before 1.0.1.54, R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.10, R7000P before 1.2.0.22, R6900P before 1.2.0.22, R7100LG before 1.0.0.32, R7300DST before 1.0.0.54, R7900 before 1.0.1.18, R8000 before 1.0.3.48, R8300 before 1.0.2.106, R8500 before 1.0.2.106, R6100 before 1.0.1.16, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R6400, etc. are all products of NETGEAR. NETGEAR R6400 is a wireless router. NETGEAR EX6150 is a wireless network signal extender. NETGEAR WNDR4300 is a wireless router

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects R6250 before 1.0.4.12, R6300v2 before 1.0.4.12, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.4, R7900 before 1.0.1.12, R8000 before 1.0.3.24, and R8500 before 1.0.2.74. plural NETGEAR A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R6250, etc. are all wireless routers from NETGEAR. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations