VARIoT IoT exploits database
| VAR-E-201407-0200 | No CVE | NETGEAR DGN2200 1.0.0.29_1.7.29_HotS - Password Disclosure | No EDB ID |
| VAR-E-201407-0198 | No CVE | Netgear DGN2200 1.0.0.29_1.7.29_HotS - Password Disclosure - Hardware webapps Exploit | EDB ID: 34149 |
Netgear DGN2200 1.0.0.29_1.7.29_HotS - Password Disclosure. CVE-109552 . webapps exploit for Hardware platform
| VAR-E-201407-0244 | No CVE | MTS MBlaze Ultra Wi-Fi / ZTE AC3633 - Multiple Vulnerabilities - Hardware webapps Exploit | EDB ID: 34128 |
MTS MBlaze Ultra Wi-Fi / ZTE AC3633 - Multiple Vulnerabilities. CVE-109374CVE-109373CVE-109372CVE-109371 . webapps exploit for Hardware platform
| VAR-E-201407-0126 |
CVE-2014-2364 |
Advantech Webaccess - dvs.ocx GetColor Buffer Overflow (Metasploit) - Windows remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201407-0233 | EDB ID: 34757 |
Advantech Webaccess - dvs.ocx GetColor Buffer Overflow (Metasploit). CVE-2014-2364CVE-109329CVE-109328CVE-109327CVE-109326CVE-109325CVE-109324CVE-109323CVE-109322CVE-109321CVE-109320CVE-109319CVE-109315 . remote exploit for Windows platform
| VAR-E-201407-0436 | No CVE | D-Link DSP-W215 - v1.02 info.cgi POST Request Buffer Overflow | No EDB ID |
| VAR-E-201407-0158 |
CVE-2014-3888 |
Yokogawa CS3000 - 'BKFSim_vhfd.exe' Remote Buffer Overflow (Metasploit) - Windows remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201407-0492 | EDB ID: 34009 |
Yokogawa CS3000 - 'BKFSim_vhfd.exe' Remote Buffer Overflow (Metasploit). CVE-2014-3888CVE-108756 . remote exploit for Windows platform
| VAR-E-201406-0360 | No CVE | Multiple TP-Link Routers Multiple Input Validation Vulnerabilities | No EDB ID |
Multiple TP-Link Routers are prone to multiple cross-site request-forgery, cross-site scripting and HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input.
An attacker can exploit these vulnerabilities to perform certain unauthorized actions, execute arbitrary script or HTML code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials. Other attacks are also possible.
| VAR-E-201406-0365 | No CVE | ZyXEL P660RT2 EE Security Bypass and Cross Site Scripting Vulnerabilities | No EDB ID |
ZyXEL P660RT2 EE is prone to a security-bypass and a cross-site scripting vulnerability.
An attacker may leverage these issues to bypass the security restrictions and gain unauthorized access to the affected device or to execute arbitrary HTML and script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Note: This issue was previously titled 'ZyXEL P660RT2 EE Brute Force Authentication Bypass and Cross Site Scripting Vulnerabilities'. The title and short summary have been changed to better reflect the underlying component affected.
ZyXEL P660RT2 EE 3.40 (AXN.1) is vulnerable; other versions may also be affected.
| VAR-E-201406-0326 | No CVE | D-link DSL-2760U-E1 - Persistent XSS Vulnerability | No EDB ID |
| VAR-E-201406-0044 |
CVE-2014-4645 |
D-Link DSL-2760U-E1 - Persistent Cross-Site Scripting - Hardware webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201406-0434 | EDB ID: 33822 |
D-Link DSL-2760U-E1 - Persistent Cross-Site Scripting. CVE-108356CVE-2014-4645 . webapps exploit for Hardware platform
| VAR-E-201406-0088 |
CVE-2014-3778 |
Motorola SBG901 Wireless Modem - Cross-Site Request Forgery - Hardware webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201406-0395 | EDB ID: 33792 |
Motorola SBG901 Wireless Modem - Cross-Site Request Forgery. CVE-2014-3778CVE-108236 . webapps exploit for Hardware platform
| VAR-E-201406-0036 | No CVE | Yealink VoIP Phone SIP-T38G Privilege Escalation | No EDB ID |
Yealink VoIP phone version SIP-T38G suffers from a remote privilege escalation vulnerability that gains a root shell.
| VAR-E-201406-0112 |
CVE-2013-5756 CVE-2013-5757 |
Yealink VoIP Phone SIP-T38G - Local File Inclusion - Hardware webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201408-0025, VAR-201408-0024 | EDB ID: 33740 |
Yealink VoIP Phone SIP-T38G - Local File Inclusion. CVE-2013-5757CVE-2013-5756CVE-108081CVE-108079 . webapps exploit for Hardware platform
| VAR-E-201406-0216 |
CVE-2013-5758 CVE-2013-5759 |
Yealink VoIP Phone SIP-T38G - Privilege Escalation - Hardware remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201408-0026, VAR-201408-0027 | EDB ID: 33742 |
Yealink VoIP Phone SIP-T38G - Privilege Escalation. CVE-2013-5759CVE-2013-5758CVE-108080 . remote exploit for Hardware platform
| VAR-E-201406-0217 |
CVE-2013-5758 CVE-2013-5759 |
Yealink VoIP Phone SIP-T38G - Remote Command Execution - Hardware remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201408-0026, VAR-201408-0027 | EDB ID: 33741 |
Yealink VoIP Phone SIP-T38G - Remote Command Execution. CVE-2013-5759CVE-2013-5758CVE-108080 . remote exploit for Hardware platform
| VAR-E-201406-0133 |
CVE-2013-5755 |
Yealink VoIP Phone SIP-T38G - Default Credentials - Hardware remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201407-0011 | EDB ID: 33739 |
Yealink VoIP Phone SIP-T38G - Default Credentials. CVE-2013-5755CVE-108078 . remote exploit for Hardware platform
| VAR-E-201406-0300 | No CVE | Multiple TP-Link Routers RomPager Denial of Service Vulnerability | No EDB ID |
Multiple TP-Link routers are prone to a denial-of-service vulnerability.
Attackers may exploit this issue to cause an affected device to crash, resulting in a denial-of-service condition.
TP-Link TD-W8901G, TD-W8101G, TD-8840G, TD-8817 running firmware version
3.11.2.175_TC3086 and hardware version T14.F7_5.0 are vulnerable.
| VAR-E-201405-0422 | No CVE | Zyxel P-660HW-T1 Cross Site Request Forgery | No EDB ID |
Zyxel P-660HW-T1 version 3 suffers from a cross site request forgery vulnerability.
| VAR-E-201405-0066 |
CVE-2014-3789 |
Cogent DataHub - Command Injection (Metasploit) - Windows remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201405-0535 | EDB ID: 33880 |
Cogent DataHub - Command Injection (Metasploit). CVE-2014-3789CVE-107097 . remote exploit for Windows platform
| VAR-E-201405-0070 |
CVE-2014-0782 |
Yokogawa CS3000 - 'BKESimmgr.exe' Remote Buffer Overflow (Metasploit) - Windows remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201405-0456 | EDB ID: 33331 |
Yokogawa CS3000 - 'BKESimmgr.exe' Remote Buffer Overflow (Metasploit). CVE-2014-0782CVE-106866 . remote exploit for Windows platform