VARIoT IoT exploits database
| VAR-E-201702-0810 | No CVE | Netwave IP Camera - Password Disclosure - Hardware remote Exploit | EDB ID: 41236 |
Netwave IP Camera - Password Disclosure.. remote exploit for Hardware platform
| VAR-E-201701-0681 |
CVE-2016-10185 CVE-2016-10184 CVE-2016-10182 CVE-2016-10181 CVE-2016-10186 CVE-2016-10180 CVE-2016-10178 CVE-2016-10183 CVE-2016-10179 CVE-2016-10177 |
Dlink DWR-932B Multiple Security Vulnerabilities
Related entries in the VARIoT vulnerabilities database: VAR-201701-0164, VAR-201701-0165, VAR-201701-0167, VAR-201701-0168, VAR-201701-0169, VAR-201701-0170, VAR-201701-0172, VAR-201701-0173, VAR-201701-0171, VAR-201701-0166 | No EDB ID |
Dlink DWR-932B is prone to the following security vulnerabilities:
1. An insecure default-password vulnerability
2. An authentication-bypass vulnerability
3. A security-bypass vulnerability
4. Multiple security weaknesses
5. An information-disclosure vulnerability
6. A command-injection vulnerability
7. Multiple directory-traversal vulnerabilities
An attacker can exploit these issues to bypass certain security restrictions to perform unauthorized actions, bypass-authentication mechanism, gain access to potentially sensitive information, or execute arbitrary commands in the context of the affected device. This may lead to further attacks.
| VAR-E-201701-0618 | No CVE | Friends in War Make or Break 1.7 - imgid Parameter SQL Injection Vulnerability | No EDB ID |
| VAR-E-201701-0193 | No CVE | D-Link DIR-615 Open Redirection / Cross Site Scripting | No EDB ID |
D-Link DIR-615 suffers from cross site scripting and open redirection vulnerabilities. Hardware version E3 with firmware version 5.10 is affected.
| VAR-E-201701-0676 | No CVE | D-Link DIR-615 - Multiple Vulnerabilities - Hardware webapps Exploit | EDB ID: 41033 |
D-Link DIR-615 - Multiple Vulnerabilities.. webapps exploit for Hardware platform
| VAR-E-201701-0878 | No CVE | Friends in War Make or Break 1.7 - 'imgid' SQL Injection - PHP webapps Exploit | EDB ID: 41002 |
Friends in War Make or Break 1.7 - 'imgid' SQL Injection.. webapps exploit for PHP platform
| VAR-E-201701-0323 |
CVE-2018-17153 CVE-2016-10108 |
Western Digital My Cloud Authentication Bypass
Related entries in the VARIoT vulnerabilities database: VAR-201809-0306 | No EDB ID |
It was discovered that the Western Digital My Cloud is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the My Cloud device. This vulnerability was successfully verified on a Western Digital My Cloud model WDBCTL0020HWT running firmware version 2.30.172. This issue is not limited to the model that was used to find this vulnerability since most of the products in the My Cloud series share the same (vulnerable) code.
| VAR-E-201701-0177 | No CVE | Xfinity Gateway (Technicolor DPC3941T) - Cross-Site Request Forgery Vulnerability | No EDB ID |
| VAR-E-201612-0219 | No CVE | NETGEAR WNR2000v5 - Remote Code Execution Exploit | No EDB ID |
| VAR-E-201612-0001 | No CVE | Multiple Samsung Devices 'OTP' Service Remote Heap Buffer Overflow Vulnerability | No EDB ID |
Multiple Samsung Devices are prone to a remote heap-based buffer-overflow vulnerability.
An attacker can exploit this issue to cause denial-of-service condition. Due to the nature of this issue, code execution may be possible but this has not been confirmed.
| VAR-E-201612-0015 |
CVE-2016-10174 CVE-2016-10175 CVE-2016-10176 |
Netgear WNR2000v5 - 'hidden_lang_avi' Remote Stack Overflow (Metasploit) - Hardware remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201701-0161, VAR-201701-0162, VAR-201701-0163 | EDB ID: 41719 |
Netgear WNR2000v5 - 'hidden_lang_avi' Remote Stack Overflow (Metasploit). CVE-2016-10174 . remote exploit for Hardware platform
| VAR-E-201612-0016 |
CVE-2016-10174 CVE-2016-10175 CVE-2016-10176 |
Netgear WNR2000v5 - Remote Code Execution - CGI remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201701-0161, VAR-201701-0162, VAR-201701-0163 | EDB ID: 40949 |
Netgear WNR2000v5 - Remote Code Execution. CVE-2016-10176CVE-2016-10175CVE-2016-10174 . remote exploit for CGI platform
| VAR-E-201612-0344 | No CVE | TP-LINK TD-W8951ND - Denial of Service Exploit | No EDB ID |
| VAR-E-201612-0289 | No CVE | Netgear R7000 - Cross-Site Scripting Vulnerability | No EDB ID |
| VAR-E-201612-0116 | No CVE | Netgear R7000 - Command Injection Vulnerability | No EDB ID |
| VAR-E-201612-0114 | No CVE | TP-LINK TD-W8151N - Denial of Service Vulnerability | No EDB ID |
| VAR-E-201612-0507 | No CVE | TP-LINK TD-W8151N Denial Of Service | No EDB ID |
TP-LINK TD-W8151N suffers from a denial of service vulnerability.
| VAR-E-201612-0090 | No CVE | TP-LINK TD-W8151N - Denial of Service - Hardware dos Exploit | EDB ID: 40910 |
TP-LINK TD-W8151N - Denial of Service.. dos exploit for Hardware platform
| VAR-E-201612-0378 | No CVE | Multiple Sony IPELA Engine IP Cameras Unspecified Remote Code Execution Vulnerability | No EDB ID |
Multiple Sony IPELA Engine IP Cameras are prone to unspecified remote code-execution vulnerability.
An attacker can exploit this issue to execute arbitrary code. Failed exploit attempts may result in a denial-of-service condition.
| VAR-E-201612-0124 | No CVE | Netgear R7000 - XSS via. DHCP hostname | No EDB ID |