65 matches found
JNC IAQS and JNC I6 security vulnerabilities
JNC IAQS and JNC I6 are products of JNC, a company from Taiwan, China. JNC IAQS is an intelligent indoor air quality monitoring and management system. JNC I6 is an IoT gateway recorder. Both JNC IAQS and JNC I6 have security vulnerabilities. These vulnerabilities stem from the client-side...
EUVD-2019-3273
Malware in sbrugna...
EUVD-2023-31165
Malicious code in bioql PyPI...
EUVD-2023-31643
Malicious code in bioql PyPI...
EUVD-2023-27675
Malicious code in bioql PyPI...
MAL-2025-23324 Malicious code in iot-gateway-plugin-rtls (npm)
The package iot-gateway-plugin-rtls was found to contain malicious code...
CVE-2023-23575
Improper access control vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker to bypass access restriction and access Network Maintenance page, which may result in obtaining the network information of the product. The affected products and versions are as follows:...
CVE-2023-27917
OS command injection vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker who can access Network Maintenance page to execute arbitrary OS commands with a root privilege. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 a...
CVE-2023-27389
Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker with an administrative privilege to apply a specially crafted Firmware update file, alter the information, cause a denial-of-service DoS condition, and/or execute arbitrary code...
CVE-2025-3325
CVE-2025-3325 affects iteaj iboot 物联网网关 1.1.3, specifically the Admin Password Handler in the file near /core/admin/pwd. The root cause is manipulation of the ID argument that leads to improper access controls. This enables a remote attack, and the exploit has been publicly disclosed per the sour...
CVE-2025-3325 iteaj iboot 物联网网关 Admin Password pwd access control
A vulnerability, which was classified as problematic, was found in iteaj iboot 物联网网关 1.1.3. This affects an unknown part of the file /core/admin/pwd of the component Admin Password Handler. The manipulation of the argument ID leads to improper access controls. It is possible to initiate the attac...
China Mobile多款产品 安全漏洞
China Mobile P22g-CIac and others are an IoT enterprise gateway from China Mobile China, a Chinese company. A security vulnerability exists in various China Mobile products, which stems from improper authorization. The following products and versions are affected: China Mobile P22g-CIac,...
Wattsense Bridge 安全漏洞
Wattsense Bridge is an intuitive and powerful IoT gateway from Wattsense. A security vulnerability exists in Wattsense Bridge. An attacker exploiting this vulnerability could gain remote root access to the device...
Open Automation Software OAS Platform OAS Engine Save Security Configuration file write vulnerability
Talos Vulnerability Report TALOS-2024-1951 Open Automation Software OAS Platform OAS Engine Save Security Configuration file write vulnerability April 3, 2024 CVE Number CVE-2024-22178 SUMMARY A file write vulnerability exists in the OAS Engine Save Security Configuration functionality of Open...
Open Automation Software OAS Platform OAS Engine Tags Configuration file write vulnerability
Talos Vulnerability Report TALOS-2024-1950 Open Automation Software OAS Platform OAS Engine Tags Configuration file write vulnerability April 3, 2024 CVE Number CVE-2024-21870 SUMMARY A file write vulnerability exists in the OAS Engine Tags Configuration functionality of Open Automation Software...
CVE-2023-6248
The Syrus4 IoT gateway utilizes an unsecured MQTT server to download and execute arbitrary commands, allowing a remote unauthenticated attacker to execute code on any Syrus4 device connected to the cloud service. The MQTT server also leaks the location, video and diagnostic data from each connect...
Hardcoded credentials
The Syrus4 IoT gateway utilizes an unsecured MQTT server to download and execute arbitrary commands, allowing a remote unauthenticated attacker to execute code on any Syrus4 device connected to the cloud service. The MQTT server also leaks the location, video and diagnostic data from each connect...
CVE-2023-6248 Data leakage and arbitrary remote code execution in Syrus cloud devices
The Syrus4 IoT gateway utilizes an unsecured MQTT server to download and execute arbitrary commands, allowing a remote unauthenticated attacker to execute code on any Syrus4 device connected to the cloud service. The MQTT server also leaks the location, video and diagnostic data from each connect...
Siemens SIMATIC Cloud Connect 7 Path Traversal Vulnerability
SIMATIC Cloud Connect 7 is an IoT gateway for connecting programmable logic controllers to cloud services and allows field devices with OPC UA server interfaces to be connected as OPC UA clients. A path traversal vulnerability exists in Siemens SIMATIC Cloud Connect 7, which can be exploited by a...
Siemens SIMATIC Cloud Connect 7 Path Traversal Vulnerability (CNVD-2023-35768)
SIMATIC Cloud Connect 7 is an IoT gateway for connecting programmable logic controllers to cloud services and allows field devices with OPC UA server interfaces to be connected as OPC UA clients. A path traversal vulnerability exists in Siemens SIMATIC Cloud Connect 7, which can be exploited by a...