Sign-up

VARIoT IoT exploits database

Affected products: vendor, model and version
Type can be e.g: Remote Code Execution or Denial of Service
Look up free text in title and description

VAR-E-201703-0842 No CVE NETGEAR WNR2000v5 - (Un)authenticated hidden_lang_avi Stack Overflow Exploit No EDB ID
VAR-E-201703-0300 CVE-2017-5900
 NetComm NB16WV-02 Cross Site Scripting

Related entries in the VARIoT vulnerabilities database: VAR-201703-0470		 No EDB ID
NetComm NB16WV-02 suffers from a persistent cross site scripting vulnerability.
VAR-E-201703-0419 CVE-2017-7851
 D-Link DCS-936L Network Camera - Cross-Site Request Forgery - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201711-1034		 EDB ID: 43146
D-Link DCS-936L Network Camera - Cross-Site Request Forgery. CVE-2017-7851 . webapps exploit for Hardware platform
VAR-E-201703-1035 No CVE D-Link DSL-2640B Remote DNS Changer No EDB ID
D-Link DSL-2640B remote DNS changing exploit.
VAR-E-201703-0441 CVE-2017-5565
 Multiple Trend Micro Products CVE-2017-5565 DLL Loading Local Code Injection Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-201703-0719		 No EDB ID
Multiple Trend Micro products are prone to a local code-injection vulnerability. A local attacker can exploit this issue to execute arbitrary code in the context of the system running the affected application; this can also result in the attacker gaining complete control of the affected application. The following products are vulnerable: Trend Micro Maximum Security 11.0 and prior. Trend Micro Internet Security 11.0 and prior. Trend Micro Antivirus+ Security 11.0 and prior.
VAR-E-201703-0271 CVE-2017-6896
 DIGISOL DG-HR1400 1.00.02 Wireless Router - Privilege Escalation - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201703-1354		 EDB ID: 41633
DIGISOL DG-HR1400 1.00.02 Wireless Router - Privilege Escalation. CVE-2017-6896 . webapps exploit for Hardware platform
VAR-E-201703-0055 CVE-2015-8258
 AXIS Communications - Cross-Site Scripting / Content Injection - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201704-0285		 EDB ID: 41625
AXIS Communications - Cross-Site Scripting / Content Injection. CVE-2015-8258 . webapps exploit for Hardware platform
VAR-E-201703-0208 CVE-2015-8255
 AXIS (Multiple Products) - Cross-Site Request Forgery - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201704-0283		 EDB ID: 41626
AXIS (Multiple Products) - Cross-Site Request Forgery. CVE-2015-8255 . webapps exploit for Hardware platform
VAR-E-201703-0008 CVE-2017-3881
 Cisco Catalyst 2960 IOS 12.2(55)SE1 - 'ROCEM' Remote Code Execution - Hardware remote Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201703-0892		 EDB ID: 42122
Cisco Catalyst 2960 IOS 12.2(55)SE1 - 'ROCEM' Remote Code Execution. CVE-2017-3881 . remote exploit for Hardware platform
VAR-E-201703-0009 CVE-2017-3881
 Cisco Catalyst 2960 IOS 12.2(55)SE11 - 'ROCEM' Remote Code Execution - Hardware remote Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201703-0892		 EDB ID: 41872
Cisco Catalyst 2960 IOS 12.2(55)SE11 - 'ROCEM' Remote Code Execution. CVE-2017-3881 . remote exploit for Hardware platform
VAR-E-201703-0444 CVE-2017-6950
 SAP GUI CVE-2017-6950 Remote Code Execution Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-201703-1156		 No EDB ID
SAP GUI is prone to a remote code-execution vulnerability. An attacker may exploit this issue to execute arbitrary code within the context of the affected application. Note: This issue was previously titled 'SAP GUI Unspecified Remote Code Execution Vulnerability'. The title and technical details have been changed to better reflect the vulnerability impact.
VAR-E-201703-0156 CVE-2017-6552
 Livebox 3 Sagemcom SG30_sip-fr-5.15.8.1 - Denial of Service - Hardware dos Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201703-1113		 EDB ID: 41565
Livebox 3 Sagemcom SG30_sip-fr-5.15.8.1 - Denial of Service. CVE-2017-6552 . dos exploit for Hardware platform
VAR-E-201703-1171 CVE-2017-5796
 HP 2620 Series Network Switches CVE-2017-5796 Cross Site Request Forgery Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-201802-0173		 No EDB ID
HP 2620 series network switches are prone to a cross-site request-forgery vulnerability because it fails to properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform certain unauthorized administrative actions. Other attacks are also possible.
VAR-E-201703-0668 No CVE Huawei HG658 V2 Cross Site Scripting No EDB ID
Huawei HG658 V2 suffers from a cross site scripting vulnerability.
VAR-E-201703-0071 CVE-2017-6547
CVE-2017-6549
CVE-2017-6548
 ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Cross-Site Scripting - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201703-1110, VAR-201703-1109, VAR-201703-1111		 EDB ID: 41571
ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Cross-Site Scripting. CVE-2017-6547 . webapps exploit for Hardware platform
VAR-E-201703-0072 CVE-2017-6549
CVE-2017-6547
CVE-2017-6548
 ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Session Stealing - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201703-1110, VAR-201703-1109, VAR-201703-1111		 EDB ID: 41572
ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Session Stealing. CVE-2017-6549 . webapps exploit for Hardware platform
VAR-E-201703-0070 CVE-2017-6548
CVE-2017-6549
CVE-2017-6547
 ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Remote Code Execution - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201703-1110, VAR-201703-1109, VAR-201703-1111		 EDB ID: 41573
ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Remote Code Execution. CVE-2017-6548 . webapps exploit for Hardware platform
VAR-E-201703-0133 No CVE Western Digital My Cloud Command Injection / File Upload No EDB ID
Western Digital My Cloud suffers from unauthenticated OS command injection and arbitrary file upload vulnerabilities.
VAR-E-201703-0544 No CVE Western Digital My Cloud Buffer Overflow No EDB ID
Western Digital My Cloud suffers from a buffer overflow vulnerability that allows for remote code execution.
VAR-E-201703-1044 No CVE Western Digital My Cloud Command Injection No EDB ID
Western Digital My Cloud suffers from multiple command injection vulnerabilities.