VARIoT IoT exploits database

Affected products: vendor, model and version
Type can be e.g: Remote Code Execution or Denial of Service
Look up free text in title and description

VAR-E-202009-0013 CVE-2020-24034
Sagemcom F@ST 5280 Privilege Escalation

Related entries in the VARIoT vulnerabilities database: VAR-202009-0960
No EDB ID
Sagemcom F@ST 5280 routers using firmware version 1.150.61, and possibly others, have an insecure deserialization vulnerability that allows any authenticated user to perform a privilege escalation to any other user. By making a request with valid sess_id, nonce, and ha1 values inside of the serialized session cookie, an attacker may alter the user value inside of this cookie, and assume the role and permissions of the user specified. By assuming the role of the user internal, which is inaccessible to end users by default, the attacker gains the permissions of the internal account, which includes the ability to flash custom firmware to the router, allowing the attacker to achieve a complete compromise.
VAR-E-202008-0037 CVE-2020-16137
CVE-2020-16138
CVE-2020-16139
Cisco 7937G Privilege Escalation

Related entries in the VARIoT vulnerabilities database: VAR-202008-0711, VAR-202008-0721, VAR-202008-0712
No EDB ID
Cisco 7947G versions SIP-1-4-5-7 and below privilege escalation exploit.
VAR-E-202006-0118 CVE-2020-10644
CVE-2020-12004
Inductive Automation Ignition Remote Code Execution

Related entries in the VARIoT vulnerabilities database: VAR-202006-0006, VAR-202006-0363
No EDB ID
This Metasploit module exploits a Java deserialization vulnerability in the Inductive Automation Ignition SCADA product, versions 8.0.0 to (and including) 8.0.7. This exploit was tested on versions 8.0.0 and 8.0.7 on both Linux and Windows. The default configuration is exploitable by an unauthenticated attacker, which can achieve remote code execution as SYSTEM on a Windows installation and root on Linux. The vulnerability was discovered and exploited at Pwn2Own Miami 2020 by the Flashback team (Pedro Ribeiro + Radek Domanski).
VAR-E-202006-0013 CVE-2020-11679
CVE-2020-11680
CVE-2020-11681
CVE-2020-11682
Castel NextGen DVR 1.0.0 Bypass / CSRF / Disclosure

Related entries in the VARIoT vulnerabilities database: VAR-202006-0044, VAR-202006-0042, VAR-202006-0043, VAR-202006-0045
No EDB ID
Castel NextGen DVR version 1.0.0 suffers from authorization bypass, credential disclosure, and cross site request forgery vulnerabilities.
VAR-E-202006-0104 CVE-2019-17525
D-Link DIR-615 T1 20.10 - CAPTCHA Bypass - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-202004-0708
EDB ID: 48551
D-Link DIR-615 T1 20.10 - CAPTCHA Bypass. CVE-2019-17525 . webapps exploit for Hardware platform
VAR-E-202005-0257 No CVE Draytek VigorAP Cross Site Scripting No EDB ID
Draytek VigorAP suffers from a persistent cross site scripting vulnerability. Multiple different versions are affected.
VAR-E-202005-0048 No CVE Draytek VigorAP 1000C - Persistent Cross-Site Scripting - Hardware webapps Exploit EDB ID: 48436
Draytek VigorAP 1000C - Persistent Cross-Site Scripting.. webapps exploit for Hardware platform
VAR-E-202004-0257 CVE-2020-3161
Cisco IP Phone 11.7 - Denial of service (PoC) - Hardware dos Exploit

Related entries in the VARIoT vulnerabilities database: VAR-202004-1234
EDB ID: 48342
Cisco IP Phone 11.7 - Denial of service (PoC). CVE-2020-3161 . dos exploit for Hardware platform
VAR-E-202003-0030 CVE-2019-20499
DLINK DWL-2600 - Authenticated Remote Command Injection (Metasploit) - Hardware remote Exploit

Related entries in the VARIoT vulnerabilities database: VAR-202003-0962
EDB ID: 48274
DLINK DWL-2600 - Authenticated Remote Command Injection (Metasploit). CVE-2019-20499 . remote exploit for Hardware platform
VAR-E-202003-0032 CVE-2020-9375
TP-Link Archer C50 3 - Denial of Service (PoC) - Hardware dos Exploit

Related entries in the VARIoT vulnerabilities database: VAR-202003-1473
EDB ID: 48255
TP-Link Archer C50 3 - Denial of Service (PoC). CVE-2020-9375 . dos exploit for Hardware platform
VAR-E-202003-0206 CVE-2019-19356
Netis WF2419 2.2.36123 Remote Code Execution

Related entries in the VARIoT vulnerabilities database: VAR-202002-0403
No EDB ID
Netis WF2419 version 2.2.36123 suffers from a remote code execution vulnerability.
VAR-E-202003-0038 CVE-2020-9374
TP LINK TL-WR849N - Remote Code Execution - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-202002-1073
EDB ID: 48155
TP LINK TL-WR849N - Remote Code Execution. CVE-2020-9374 . webapps exploit for Hardware platform
VAR-E-202003-0128 No CVE Netis WF2419 2.2.36123 - Remote Code Execution - Hardware webapps Exploit EDB ID: 48149
Netis WF2419 2.2.36123 - Remote Code Execution.. webapps exploit for Hardware platform
VAR-E-202002-0251 No CVE Wago PFC200 Remote Code Execution No EDB ID
This Metasploit module exploits an authenticated remote code execution vulnerability in Wago PFC200.
VAR-E-202002-0119 No CVE Wago PFC200 - Authenticated Remote Code Execution (Metasploit) - Hardware webapps Exploit EDB ID: 47998
Wago PFC200 - Authenticated Remote Code Execution (Metasploit).. webapps exploit for Hardware platform
VAR-E-202002-0072 CVE-2018-7777
Schneider Electric U.Motion Builder 1.3.4 - Authenticated Command Injection - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201807-1850
EDB ID: 47991
Schneider Electric U.Motion Builder 1.3.4 - Authenticated Command Injection. CVE-2018-7777 . webapps exploit for Hardware platform
VAR-E-202001-0228 No CVE TP-Link TP-SG105E 1.0.0 Unauthenticated Remote Reboot No EDB ID
TP-Link TP-SG105E version 1.0.0 suffers from an unauthenticated remote reboot vulnerability.
VAR-E-202001-0032 CVE-2019-16893
TP-Link TP-SG105E 1.0.0 - Unauthenticated Remote Reboot - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-202002-0460
EDB ID: 47958
TP-Link TP-SG105E 1.0.0 - Unauthenticated Remote Reboot. CVE-2019-16893 . webapps exploit for Hardware platform
VAR-E-202001-0080 CVE-2020-6170
Genexis Platinum-4410 2.1 - Authentication Bypass - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-202001-1817
EDB ID: 47961
Genexis Platinum-4410 2.1 - Authentication Bypass. CVE-2020-6170 . webapps exploit for Hardware platform
VAR-E-202001-0263 No CVE Trend Micro Maximum Security 2019 - Privilege Escalation - Windows local Exploit EDB ID: 47943
Trend Micro Maximum Security 2019 - Privilege Escalation.. local exploit for Windows platform