VARIoT IoT exploits database

Affected products: vendor, model and version
Type can be e.g: Remote Code Execution or Denial of Service
Look up free text in title and description

VAR-E-202307-0298 No CVE TP-Link TL-WR740N Directory Traversal No EDB ID
TP-Link TL-WR740N suffers from a directory traversal vulnerability.
VAR-E-202307-0194 No CVE TP-Link TL-WR740N - Authenticated Directory Transversal - Hardware webapps Exploit EDB ID: 51606
TP-Link TL-WR740N - Authenticated Directory Transversal.. webapps exploit for Hardware platform
VAR-E-202307-0292 CVE-2023-36355
TP-Link TL-WR940N V4 - Buffer OverFlow - Hardware dos Exploit

Related entries in the VARIoT vulnerabilities database: VAR-202306-1898
EDB ID: 51561
TP-Link TL-WR940N V4 - Buffer OverFlow. CVE-2023-36355 . dos exploit for Hardware platform
VAR-E-202306-0259 No CVE Polycom BToE Connector 4.4.0.0 Buffer Overflow / Man-In-The-Middle No EDB ID
Polycom BToE Connector version 4.4.0.0 suffers from remote buffer overflow and man-in-the-middle vulnerabilities.
VAR-E-202305-0084 No CVE Trend Micro OfficeScan Client 10.0 Local Privilege Escalation No EDB ID
Trend Micro OfficeScan Client version 10.0 suffers from an ACL service related local privilege escalation vulnerability.
VAR-E-202305-0344 No CVE Trend Micro OfficeScan Client 10.0 - ACL Service LPE - Windows local Exploit EDB ID: 51453
Trend Micro OfficeScan Client 10.0 - ACL Service LPE.. local exploit for Windows platform
VAR-E-202304-0282 CVE-2022-46552
D-Link DIR-846 - Remote Command Execution (RCE) vulnerability - Hardware remote Exploit

Related entries in the VARIoT vulnerabilities database: VAR-202302-0131
EDB ID: 51243
D-Link DIR-846 - Remote Command Execution (RCE) vulnerability. CVE-2022-46552 . remote exploit for Hardware platform
VAR-E-202303-0355 No CVE D-Link DNR-322L <=2.60B15 - Authenticated Remote Code Execution - Hardware remote Exploit EDB ID: 51046
D-Link DNR-322L <=2.60B15 - Authenticated Remote Code Execution.. remote exploit for Hardware platform
VAR-E-202209-0076 CVE-2021-4045
TP-Link Tapo c200 1.1.15 - Remote Code Execution (RCE) - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-202203-0288
EDB ID: 51017
TP-Link Tapo c200 1.1.15 - Remote Code Execution (RCE). CVE-2021-4045 . webapps exploit for Hardware platform
VAR-E-202208-0063 No CVE Fiberhome AN5506-02-B Cross Site Scripting No EDB ID
Fiberhome AN5506-02-B with firmware version RP2521 suffers from a persistent cross site scripting vulnerability.
VAR-E-202205-0043 CVE-2022-1388
F5 BIG-IP 16.0.x - Remote Code Execution (RCE) - Multiple remote Exploit

Related entries in the VARIoT vulnerabilities database: VAR-202205-0394
EDB ID: 50932
F5 BIG-IP 16.0.x - Remote Code Execution (RCE). CVE-2022-1388 . remote exploit for Multiple platform
VAR-E-202205-0091 No CVE Tenda HG6 v3.3.0 - Remote Command Injection - Hardware remote Exploit EDB ID: 50916
Tenda HG6 v3.3.0 - Remote Command Injection.. remote exploit for Hardware platform
VAR-E-202203-0014 CVE-2022-24112
CVE-2020-13945
Apache APISIX 2.12.1 - Remote Code Execution (RCE) - Multiple remote Exploit

Related entries in the VARIoT vulnerabilities database: VAR-202012-0118, VAR-202202-0171
EDB ID: 50829
Apache APISIX 2.12.1 - Remote Code Execution (RCE). CVE-2022-24112 . remote exploit for Multiple platform
VAR-E-202203-0029 CVE-2021-46387
Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting (XSS) - Multiple webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-202203-0913
EDB ID: 50797
Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting (XSS). CVE-2021-46387 . webapps exploit for Multiple platform
VAR-E-202201-0135 CVE-2021-46559
Moxa TN-5900 Firmware Upgrade Checksum Validation

Related entries in the VARIoT vulnerabilities database: VAR-202201-1815
No EDB ID
Moxa TN-5900 versions 3.1.0 and below use an insecure method to validate firmware updates. A malicious user with access to the management interface can upload arbitrary code in a crafted
VAR-E-202110-0176 No CVE Netgear Genie 2.4.64 Unquoted Service Path No EDB ID
Netgear Genie version 2.4.64 suffers from an unquoted service path vulnerability.
VAR-E-202110-0089 No CVE Netgear Genie 2.4.64 - Unquoted Service Path - Windows local Exploit EDB ID: 50443
Netgear Genie 2.4.64 - Unquoted Service Path.. local exploit for Windows platform
VAR-E-202107-0038 No CVE Netgear DGN2200v1 - Remote Command Execution (RCE) (Unauthenticated) - Hardware webapps Exploit EDB ID: 50099
Netgear DGN2200v1 - Remote Command Execution (RCE) (Unauthenticated).. webapps exploit for Hardware platform
VAR-E-202106-0265 No CVE Netgear WNAP320 2.0.3 Remote Code Execution No EDB ID
Netgear WNAP320 version 2.0.3 suffers from an unauthenticated remote code execution vulnerability.
VAR-E-202106-0127 No CVE Netgear WNAP320 2.0.3 - 'macAddress' Remote Code Execution (RCE) (Unauthenticated) - Hardware webapps Exploit EDB ID: 50069
Netgear WNAP320 2.0.3 - 'macAddress' Remote Code Execution (RCE) (Unauthenticated).. webapps exploit for Hardware platform