VARIoT IoT vulnerabilities database

Beijing Yakong Technology Development Co., Ltd., referred to as "Yakong Technology", is a high-tech enterprise of industrial automation and information software platform established in 1997. KingH5Stream of Beijing Yakong Technology Development Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Beijing Yakong Technology Development Co., Ltd. is a high-tech enterprise of industrial automation and information software platform established in 1997. Beijing Yakong Technology Development Co., Ltd. KingPortal development system has a logic defect vulnerability, which can be exploited by attackers to obtain sensitive information.

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected device. Rockwell Automation of thinmanager and thinserver Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, USA. It allows thin clients to be assigned to multiple remote desktop servers at the same time

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™. Rockwell Automation of thinmanager and thinserver Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, USA. It allows thin clients to be assigned to multiple remote desktop servers at the same time

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™. Rockwell Automation of thinmanager and thinserver Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, USA. It allows thin clients to be assigned to multiple remote desktop servers at the same time

A leftover debug code vulnerability exists in the cli_server debug functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.4.1 Build 20240117 Rel.57421. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. TP-LINK ER7206 is a multi-function gigabit router from China's TP-LINK company. The vulnerability is caused by the presence of residual debugging code

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to accepting a format string from an external source as an argument. An attacker could modify an externally controlled format string to cause a memory leak and denial of service. ONCELLG3470A-LTE-EU-T firmware, ONCELLG3470A-LTE-EU firmware, OnCellG3470A-LTE-US-T firmware etc. Moxa Inc. The product contains a vulnerability in format strings.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. MOXA OnCell G3470A-LTE is a series of cellular gateways/routers from China's MOXA company. MOXA OnCell G3470A-LTE v1.7.7 and earlier firmware versions have a security vulnerability

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to missing bounds checking on buffer operations. An attacker could write past the boundaries of allocated buffer regions in memory, causing a program crash. ONCELLG3470A-LTE-EU-T firmware, ONCELLG3470A-LTE-EU firmware, OnCellG3470A-LTE-US-T firmware etc. Moxa Inc. The product contains a classic buffer overflow vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be in a state. MOXA OnCell G3470A-LTE is a series of cellular gateways/routers from China's MOXA company. MOXA OnCell G3470A-LTE v1.7.7 and earlier firmware versions have a buffer overflow vulnerability. The vulnerability is caused by the lack of boundary checks on buffer operations

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in IPSec configuration. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized commands. ONCELLG3470A-LTE-EU-T firmware, ONCELLG3470A-LTE-EU firmware, OnCellG3470A-LTE-US-T firmware etc. Moxa Inc. The product contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. MOXA OnCell G3470A-LTE is a series of cellular gateways/routers from China's MOXA company. MOXA OnCell G3470A-LTE v1.7.7 and earlier firmware versions have a command injection vulnerability

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in the web key upload function. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized commands. ONCELLG3470A-LTE-EU-T firmware, ONCELLG3470A-LTE-EU firmware, OnCellG3470A-LTE-US firmware etc. Moxa Inc. The product contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. MOXA OnCell G3470A-LTE is a series of cellular gateways/routers from China's MOXA company. MOXA OnCell G3470A-LTE v1.7.7 and earlier firmware versions have a command injection vulnerability

Zhejiang Dahua Technology Co., Ltd. is a global leading video-centric smart IoT solution provider and operation service provider. Zhejiang Dahua Technology Co., Ltd. Digital Surveillance System has a file upload vulnerability, which can be exploited by attackers to upload malicious files.

H3C Magic R230 V100R002 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. Magic R230 is a wireless router from H3C, a Chinese company. H3C Technologies Co., Ltd

Buffer Overflow vulnerability in ASUS router RT-AX88U with firmware versions v3.0.0.4.388_24198 allows a remote attacker to execute arbitrary code via the connection_state_machine due to improper length validation for the cookie field. ASUS RT-AX88U is a wireless router from ASUS, a Chinese company. ASUS RT-AX88U v3.0.0.4.388_24198 has a buffer overflow vulnerability, which is caused by a boundary error when the application processes untrusted input

Beijing StarNet Ruijie Network Technology Co., Ltd. NBR6210-E is a router product. Beijing StarNet Ruijie Network Technology Co., Ltd. NBR6210-E has a command execution vulnerability, which can be exploited by attackers to gain control of the server.

RG-UAC 6000-E20C is an Internet behavior management and auditing product. RG-UAC 6000-E20C of Beijing Xingwang Ruijie Network Technology Co., Ltd. has a command execution vulnerability, which can be exploited by attackers to obtain server permissions.

A vulnerability was found in Tenda A301 15.13.08.12. It has been classified as critical. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269160. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Tenda of a301 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

There is an unauthorized access vulnerability in ZTE H388X. If H388X is caused by brute-force serial port cracking,attackers with common user permissions can use this vulnerability to obtain elevated permissions on the affected device by performing specific operations. ZTE of ZXHN H388X A vulnerability exists in the firmware related to improperly preserving permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ZTE ZXHN H388X is a router produced by ZTE

TP-LINK TL-7DR5130 v1.0.23 is vulnerable to forged ICMP redirect message attacks. An attacker in the same WLAN as the victim can hijack the traffic between the victim and any remote server by sending out forged ICMP redirect messages. TP-Link TL-7DR5130 is a wireless router from China's TP-LINK company

A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the system. Rockwell Automation FactoryTalk View SE is an industrial automation system view interface from Rockwell Automation of the United States

A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. Due to the lack of proper authentication, this action is allowed without proper authentication verification