Sign-up

VARIoT IoT exploits database

Affected products: vendor, model and version
Type can be e.g: Remote Code Execution or Denial of Service
Look up free text in title and description

VAR-E-201703-0137 CVE-2017-6444
 MikroTik Router - ARP Table OverFlow Denial Of Service - Hardware dos Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201703-1051		 EDB ID: 41601
MikroTik Router - ARP Table OverFlow Denial Of Service. CVE-2017-6444 . dos exploit for Hardware platform
VAR-E-201703-0246 No CVE WePresent WiPG-1500 - Backdoor Account Vulnerability No EDB ID
VAR-E-201703-0164 CVE-2017-6411
 D-Link DSL-2730U Wireless N 150 - Cross-Site Request Forgery - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201703-1033		 EDB ID: 41478
D-Link DSL-2730U Wireless N 150 - Cross-Site Request Forgery. CVE-2017-6411 . webapps exploit for Hardware platform
VAR-E-201703-0910 No CVE NETGEAR DGN2200 v1/v2/v3/v4 - Cross-Site Request Forgery Vulnerability No EDB ID
VAR-E-201702-0017 No CVE NETGEAR DGN2200 v1/v2/v3/v4 - dnslookup.cgi Remote Command Execution Exploit No EDB ID
VAR-E-201702-0236 CVE-2017-6351
 WePresent WiPG-1500 - Backdoor Account - Hardware remote Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201703-1065		 EDB ID: 41480
WePresent WiPG-1500 - Backdoor Account. CVE-2017-6351 . remote exploit for Hardware platform
VAR-E-201702-0161 No CVE D-Link DSL-2730U - Denial of Service No EDB ID
VAR-E-201702-0148 CVE-2017-6334
 Netgear DGN2200 - 'dnslookup.cgi' Command Injection (Metasploit) - CGI remote Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201703-1017		 EDB ID: 42257
Netgear DGN2200 - 'dnslookup.cgi' Command Injection (Metasploit). CVE-2017-6334 . remote exploit for CGI platform
VAR-E-201702-0147 CVE-2017-6334
CVE-2017-6366
 Netgear DGN2200v1/v2/v3/v4 - Cross-Site Request Forgery - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201703-1017, VAR-201703-1072		 EDB ID: 41472
Netgear DGN2200v1/v2/v3/v4 - Cross-Site Request Forgery. CVE-2017-6334CVE-2017-6366 . webapps exploit for Hardware platform
VAR-E-201702-0018 No CVE DLink DSL-2730U - Denial of Service Vulnerability No EDB ID
VAR-E-201702-0149 CVE-2017-6334
 Netgear DGN2200v1/v2/v3/v4 - 'dnslookup.cgi' Remote Command Execution - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201703-1017		 EDB ID: 41459
Netgear DGN2200v1/v2/v3/v4 - 'dnslookup.cgi' Remote Command Execution. CVE-2017-6334 . webapps exploit for Hardware platform
VAR-E-201702-0506 No CVE DIGISOL DG-HR1400 Cross Site Request Forgery No EDB ID
DIGISOL DG-HR1400 wireless router suffers from a cross site request forgery vulnerability.
VAR-E-201702-0538 CVE-2017-6127
 DIGISOL DG-HR1400 Wireless Router CVE-2017-6127 Multiple Cross Site Request Forgery Vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-201702-0960		 No EDB ID
DIGISOL DG-HR1400 is prone to multiple cross-site request-forgery vulnerabilities. Exploiting these issues may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks. DG-HR1400 1.00.02 is vulnerable; other versions may also be affected.
VAR-E-201702-0193 CVE-2017-5173
CVE-2017-5174
 Geutebruck 5.02024 G-Cam/EFD-2250 - 'testaction.cgi' Remote Command Execution (Metasploit) - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201705-3256, VAR-201705-3255		 EDB ID: 41360
Geutebruck 5.02024 G-Cam/EFD-2250 - 'testaction.cgi' Remote Command Execution (Metasploit). CVE-2017-5174CVE-2017-5173 . webapps exploit for Hardware platform
VAR-E-201702-0686 No CVE D-Link DIR-600M - Cross-Site Request Forgery - Hardware webapps Exploit EDB ID: 41299
D-Link DIR-600M - Cross-Site Request Forgery.. webapps exploit for Hardware platform
VAR-E-201702-0954 CVE-2016-6024
 NetCommWireless Wireless Router CVE-2016-6024 Remote Command Injection Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-201711-0017		 No EDB ID
NetCommWireless Wireless Router is prone to a remote command-injection vulnerability. Successful exploit allows an attacker to execute arbitrary commands in context of the affected application. NetCommWireless Wireless Router 3G10WVE-L101-S306ETS-C01_R03 is vulnerable; other versions may also be affected.
VAR-E-201702-0115 CVE-2016-9244
 F5 BIG-IP SSL Virtual Server - 'Ticketbleed' Memory Disclosure - Hardware remote Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201702-0942		 EDB ID: 41298
F5 BIG-IP SSL Virtual Server - 'Ticketbleed' Memory Disclosure. CVE-2016-9244 . remote exploit for Hardware platform
VAR-E-201702-0114 CVE-2016-9244
 F5 BIG-IP 11.6 SSL Virtual Server - 'Ticketbleed' Memory Disclosure - Hardware remote Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201702-0942		 EDB ID: 44446
F5 BIG-IP 11.6 SSL Virtual Server - 'Ticketbleed' Memory Disclosure. CVE-2016-9244 . remote exploit for Hardware platform
VAR-E-201702-0419 No CVE Multiple TP-Link Routers Multiple Security Vulnerabilities No EDB ID
Multiple TP-Link Routers are prone to the following security vulnerabilities: 1. A denial-of-service vulnerability 2. A security-bypass vulnerability 3. A command-injection vulnerability An attacker can exploit these issues to bypass certain security restrictions and perform unauthorized actions, cause denial-of-service conditions or to execute arbitrary commands with user privileges in context of the affected application. The following products are vulnerable: TP-Link Archer C2 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n. TP-Link Archer C20i 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n.
VAR-E-201702-0541 CVE-2016-9355
CVE-2016-8375
 Alaris 8015 PC unit CVE-2016-9355 Information Disclosure Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-201702-0856, VAR-201702-0080		 No EDB ID
Alaris 8015 PC unit is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks.