Sign-up

VARIoT IoT exploits database

Affected products: vendor, model and version
Type can be e.g: Remote Code Execution or Denial of Service
Look up free text in title and description

VAR-E-201704-0410 CVE-2017-2149
 Multiple Toshiba memory card installers DLL Loading Remote Code Execution Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-201704-0898		 No EDB ID
Multiple Toshiba memory card installers are prone to a remote code-execution vulnerability. A remote attacker can leverage this issue to execute arbitrary code in the context of the affected application. The following products are vulnerable: SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool 1.00.03 and prior versions. SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Configuration Software 3.0.2 and prior versions. SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Software Update tool (SD-WE series) 3.00.01 SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Software Update tool (SD-WD/WC series) 2.00.03 and prior versions. SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Software Update tool (SD-WB/WL series) 1.00.04 and prior versions. SDHC Memory Card with embedded TransferJetTM functionality Configuration Software 1.02 and prior versions. SDHC Memory Card with embedded TransferJetTM functionality Software Update tool 1.00.06 and prior versions.
VAR-E-201704-0194 No CVE Brother MFC-J6520DW - Authentication Bypass / Password Change Exploit No EDB ID
VAR-E-201704-0429 CVE-2017-7588
 Brother MFC-J6520DW - Authentication Bypass / Password Change - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201704-1432		 EDB ID: 41863
Brother MFC-J6520DW - Authentication Bypass / Password Change. CVE-2017-7588 . webapps exploit for Hardware platform
VAR-E-201704-0497 CVE-2017-7455
 Moxa MXview 2.8 - Private Key Disclosure - Windows remote Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201704-1540		 EDB ID: 41850
Moxa MXview 2.8 - Private Key Disclosure. CVE-2017-7455 . remote exploit for Windows platform
VAR-E-201704-0047 CVE-2017-7456
 Moxa MXview 2.8 - Denial of Service - Windows dos Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201704-1541		 EDB ID: 41851
Moxa MXview 2.8 - Denial of Service. CVE-2017-7456 . dos exploit for Windows platform
VAR-E-201704-0508 CVE-2015-2884
 Philips In.Sight CVE-2015-2884 Information Disclosure Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-201704-0478		 No EDB ID
Philips In.Sight is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Philips In.Sight B120/37 is vulnerable.
VAR-E-201704-0299 No CVE Sony Playstation 4 (PS4) 3.50 < 4.07 - WebKit Code Execution (PoC) - Hardware local Exploit EDB ID: 44198
Sony Playstation 4 (PS4) 3.50 < 4.07 - WebKit Code Execution (PoC).. local exploit for Hardware platform
VAR-E-201704-0089 CVE-2018-10822
CVE-2017-6190
CVE-2018-10823
CVE-2018-10824
 D-Link Routers - Directory Traversal - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201810-0934, VAR-201810-0937, VAR-201810-0936, VAR-201704-1225		 EDB ID: 45678
D-Link Routers - Directory Traversal. CVE-2018-10822 . webapps exploit for Hardware platform
VAR-E-201704-0525 No CVE Cesanta Mongoose OS - Use-After-Free Vulnerability No EDB ID
VAR-E-201704-0086 CVE-2018-10824
CVE-2017-6190
CVE-2018-10822
CVE-2018-10823
 D-Link Routers - Plaintext Password - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201810-0934, VAR-201810-0937, VAR-201810-0936, VAR-201704-1225		 EDB ID: 45677
D-Link Routers - Plaintext Password. CVE-2018-10824 . webapps exploit for Hardware platform
VAR-E-201704-0088 CVE-2018-10823
CVE-2017-6190
CVE-2018-10822
CVE-2018-10824
 D-Link Routers - Command Injection - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201810-0934, VAR-201810-0937, VAR-201810-0936, VAR-201704-1225		 EDB ID: 45676
D-Link Routers - Command Injection. CVE-2018-10823 . webapps exploit for Hardware platform
VAR-E-201704-0087 CVE-2017-6190
CVE-2018-10822
CVE-2018-10823
CVE-2018-10824
 D-Link DWR-116 / DWR-116A1 - Arbitrary File Download - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201810-0934, VAR-201810-0937, VAR-201810-0936, VAR-201704-1225		 EDB ID: 41840
D-Link DWR-116 / DWR-116A1 - Arbitrary File Download. CVE-2017-6190 . webapps exploit for Hardware platform
VAR-E-201704-0206 CVE-2017-7398
 D-Link DIR-615 - Cross-Site Request Forgery - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201704-1487		 EDB ID: 41821
D-Link DIR-615 - Cross-Site Request Forgery. CVE-2017-7398 . webapps exploit for Hardware platform
VAR-E-201704-0059 No CVE Zyxel EMG2926 < V1.00(AAQT.4)b8 - OS Command Injection Vulnerability No EDB ID
VAR-E-201704-0168 CVE-2017-7185
 Cesanta Mongoose OS - Use-After-Free - Hardware dos Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201704-1519		 EDB ID: 41826
Cesanta Mongoose OS - Use-After-Free. CVE-2017-7185 . dos exploit for Hardware platform
VAR-E-201704-0230 CVE-2017-14459
 Moxa AWK-3131A 1.4 < 1.7 - 'Username' OS Command Injection - Hardware remote Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201804-0372		 EDB ID: 44398
Moxa AWK-3131A 1.4 < 1.7 - 'Username' OS Command Injection. CVE-2017-14459 . remote exploit for Hardware platform
VAR-E-201704-0138 CVE-2017-6884
 Zyxel, EMG2926 < V1.00(AAQT.4)b8 - OS Command Injection - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201704-1556		 EDB ID: 41782
Zyxel, EMG2926 < V1.00(AAQT.4)b8 - OS Command Injection. CVE-2017-6884 . webapps exploit for Hardware platform
VAR-E-201703-1166 CVE-2016-10306
 Trango Altum AC600 Devices CVE-2016-10306 Insecure Default Password Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-201703-0101		 No EDB ID
Trango Altum AC600 Devices are prone to an insecure default-password vulnerability. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. All Trango Altum AC600 Devices are vulnerable.
VAR-E-201703-0572 No CVE MikroTik RouterBoard 6.38.5 - Denial of Service Exploit No EDB ID
VAR-E-201703-0001 CVE-2017-7285
 MikroTik RouterBoard 6.38.5 - Denial of Service - Hardware dos Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201703-1222		 EDB ID: 41752
MikroTik RouterBoard 6.38.5 - Denial of Service. CVE-2017-7285 . dos exploit for Hardware platform