VARIoT IoT exploits database

Affected products: vendor, model and version
Type can be e.g: Remote Code Execution or Denial of Service
Look up free text in title and description

VAR-E-202011-0110 No CVE Cisco 7937G - DoS/Privilege Escalation - Hardware remote Exploit EDB ID: 49057
Cisco 7937G - DoS/Privilege Escalation.. remote exploit for Hardware platform
VAR-E-202011-0179 CVE-2018-9285
ASUS TM-AC1900 - Arbitrary Command Execution (Metasploit) - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201804-1341
EDB ID: 49036
ASUS TM-AC1900 - Arbitrary Command Execution (Metasploit).. webapps exploit for Hardware platform
VAR-E-202011-0048 No CVE Sony Playstation 4 (PS4) < 6.72 - 'ValidationMessage::buildBubbleTree()' Use-After-Free WebKit Code Execution (PoC) - Hardware webapps Exploit EDB ID: 49308
Sony Playstation 4 (PS4) < 6.72 - 'ValidationMessage::buildBubbleTree()' Use-After-Free WebKit Code Execution (PoC).. webapps exploit for Hardware platform
VAR-E-202011-0011 CVE-2020-25015
Genexis Platinum-4410 P4410-V2-1.28 - Broken Access Control and CSRF - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-202009-0727
EDB ID: 49000
Genexis Platinum-4410 P4410-V2-1.28 - Broken Access Control and CSRF. CVE-2020-25015 . webapps exploit for Hardware platform
VAR-E-202011-0114 No CVE Apache Flink 1.9.x - File Upload RCE (Unauthenticated) - Java webapps Exploit EDB ID: 48978
Apache Flink 1.9.x - File Upload RCE (Unauthenticated).. webapps exploit for Java platform
VAR-E-202011-0291 No CVE Apache Flink 1.9.x Shell Upload No EDB ID
Apache Flink version 1.9.x suffers from a remote code execution vulnerability via a malicious upload.
VAR-E-202010-0085 No CVE Genexis Platinum-4410 P4410-V2-1.28 Cross Site Request Forgery No EDB ID
Genexis Platinum-4410 version P4410-V2-1.28 suffers from a cross site request forgery vulnerability.
VAR-E-202010-0039 No CVE Genexis Platinum-4410 P4410-V2-1.28 - Cross Site Request Forgery to Reboot - Hardware webapps Exploit EDB ID: 48972
Genexis Platinum-4410 P4410-V2-1.28 - Cross Site Request Forgery to Reboot.. webapps exploit for Hardware platform
VAR-E-202010-0140 No CVE Genexis Platinum-4410 Cross Site Scripting No EDB ID
The Genexis Platinum-4410 router suffers from a persistent cross site scripting vulnerability.
VAR-E-202010-0069 No CVE Genexis Platinum-4410 - 'SSID' Persistent XSS - Hardware webapps Exploit EDB ID: 48948
Genexis Platinum-4410 - 'SSID' Persistent XSS.. webapps exploit for Hardware platform
VAR-E-202009-0057 No CVE D-Link DGS-1210-28 Denial Of Service No EDB ID
D-Link DGS-1210-28 suffers from a denial of service vulnerability.
VAR-E-202009-0013 CVE-2020-24034
Sagemcom F@ST 5280 Privilege Escalation

Related entries in the VARIoT vulnerabilities database: VAR-202009-0960
No EDB ID
Sagemcom F@ST 5280 routers using firmware version 1.150.61, and possibly others, have an insecure deserialization vulnerability that allows any authenticated user to perform a privilege escalation to any other user. By making a request with valid sess_id, nonce, and ha1 values inside of the serialized session cookie, an attacker may alter the user value inside of this cookie, and assume the role and permissions of the user specified. By assuming the role of the user internal, which is inaccessible to end users by default, the attacker gains the permissions of the internal account, which includes the ability to flash custom firmware to the router, allowing the attacker to achieve a complete compromise.
VAR-E-202008-0037 CVE-2020-16137
CVE-2020-16138
CVE-2020-16139
Cisco 7937G Privilege Escalation

Related entries in the VARIoT vulnerabilities database: VAR-202008-0711, VAR-202008-0721, VAR-202008-0712
No EDB ID
Cisco 7947G versions SIP-1-4-5-7 and below privilege escalation exploit.
VAR-E-202006-0118 CVE-2020-10644
CVE-2020-12004
Inductive Automation Ignition Remote Code Execution

Related entries in the VARIoT vulnerabilities database: VAR-202006-0006, VAR-202006-0363
No EDB ID
This Metasploit module exploits a Java deserialization vulnerability in the Inductive Automation Ignition SCADA product, versions 8.0.0 to (and including) 8.0.7. This exploit was tested on versions 8.0.0 and 8.0.7 on both Linux and Windows. The default configuration is exploitable by an unauthenticated attacker, which can achieve remote code execution as SYSTEM on a Windows installation and root on Linux. The vulnerability was discovered and exploited at Pwn2Own Miami 2020 by the Flashback team (Pedro Ribeiro + Radek Domanski).
VAR-E-202006-0013 CVE-2020-11679
CVE-2020-11680
CVE-2020-11681
CVE-2020-11682
Castel NextGen DVR 1.0.0 Bypass / CSRF / Disclosure

Related entries in the VARIoT vulnerabilities database: VAR-202006-0044, VAR-202006-0042, VAR-202006-0043, VAR-202006-0045
No EDB ID
Castel NextGen DVR version 1.0.0 suffers from authorization bypass, credential disclosure, and cross site request forgery vulnerabilities.
VAR-E-202006-0104 CVE-2019-17525
D-Link DIR-615 T1 20.10 - CAPTCHA Bypass - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-202004-0708
EDB ID: 48551
D-Link DIR-615 T1 20.10 - CAPTCHA Bypass. CVE-2019-17525 . webapps exploit for Hardware platform
VAR-E-202005-0257 No CVE Draytek VigorAP Cross Site Scripting No EDB ID
Draytek VigorAP suffers from a persistent cross site scripting vulnerability. Multiple different versions are affected.
VAR-E-202005-0048 No CVE Draytek VigorAP 1000C - Persistent Cross-Site Scripting - Hardware webapps Exploit EDB ID: 48436
Draytek VigorAP 1000C - Persistent Cross-Site Scripting.. webapps exploit for Hardware platform
VAR-E-202004-0257 CVE-2020-3161
Cisco IP Phone 11.7 - Denial of service (PoC) - Hardware dos Exploit

Related entries in the VARIoT vulnerabilities database: VAR-202004-1234
EDB ID: 48342
Cisco IP Phone 11.7 - Denial of service (PoC). CVE-2020-3161 . dos exploit for Hardware platform
VAR-E-202003-0030 CVE-2019-20499
DLINK DWL-2600 - Authenticated Remote Command Injection (Metasploit) - Hardware remote Exploit

Related entries in the VARIoT vulnerabilities database: VAR-202003-0962
EDB ID: 48274
DLINK DWL-2600 - Authenticated Remote Command Injection (Metasploit). CVE-2019-20499 . remote exploit for Hardware platform