VARIoT IoT exploits database
| VAR-E-201312-0065 | No CVE | D-Link DSL-2750u ME_1.09 - Cross-Site Request Forgery - Hardware webapps Exploit | EDB ID: 30547 |
D-Link DSL-2750u ME_1.09 - Cross-Site Request Forgery. CVE-101776 . webapps exploit for Hardware platform
| VAR-E-201312-0438 | No CVE | D-Link DSL-2750U Cross Site Request Forgery Vulnerability | No EDB ID |
D-Link DSL-2750U is prone to a cross-site request-forgery vulnerability.
Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected device. Other attacks are also possible.
| VAR-E-201312-0128 |
CVE-2014-8358 CVE-2014-8359 |
Huawei Technologies du Mobile Broadband 16.0 - Local Privilege Escalation - Windows local Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201712-0033, VAR-201411-0377 | EDB ID: 30477 |
Huawei Technologies du Mobile Broadband 16.0 - Local Privilege Escalation. CVE-90090CVE-2014-8359CVE-2014-8358 . local exploit for Windows platform
| VAR-E-201312-0435 | No CVE | Huawei B593u-12 And T-Mobile HOME NET Router Multiple Security Vulnerabilities | No EDB ID |
Huawei B593u-12 And T-Mobile HOME NET Router are prone to the following security vulnerabilities:
1. An information-disclosure vulnerability
2. A security-bypass vulnerability
3. A command-injection vulnerability
4. A directory-traversal vulnerability.
5. A cross-site request-forgery vulnerability
Exploiting these issues may allow a remote attacker to obtain sensitive information, perform certain administrative actions, bypass certain security restrictions, access arbitrary files, execute arbitrary commands, and gain unauthorized access to the affected device. Other attacks are also possible.
The following products are vulnerable:
Huawei B593u-12 version V100R001C54SP063
T-Mobile HOME NET Router version V100R001C54SP063
| VAR-E-201312-0330 | No CVE | ABB MicroSCADA - 'wserver.exe' Remote Code Execution (Metasploit) - Windows remote Exploit | EDB ID: 30009 |
ABB MicroSCADA - 'wserver.exe' Remote Code Execution (Metasploit). CVE-100324 . remote exploit for Windows platform
| VAR-E-201312-0443 | No CVE | TP-Link TL-WR740N/TL-WR740ND Wireless N Routers HTTP Processing Denial of Service Vulnerability | No EDB ID |
TP-Link TL-WR740N/TL-WR740ND are prone to a denial-of-service vulnerability.
Attackers may exploit this issue to cause an affected device to crash, resulting in a denial-of-service condition.
TP-Link TL-WR740N/TL-WR740ND running firmware version 3.12.11 Build 120320 Rel.51047n is vulnerable.
| VAR-E-201312-0081 | No CVE | D-Link DIR-Series Routers - '/model/__show_info.php' Local File Disclosure - Hardware webapps Exploit | EDB ID: 38853 |
D-Link DIR-Series Routers - '/model/__show_info.php' Local File Disclosure. CVE-100579 . webapps exploit for Hardware platform
| VAR-E-201312-0241 |
CVE-2013-6695 |
Cisco Secure Access Control System CVE-2013-6695 Information Disclosure Vulnerability
Related entries in the VARIoT vulnerabilities database: VAR-201312-0236 | No EDB ID |
Cisco Secure Access Control System is prone to a remote information-disclosure vulnerability.
Successful exploits will allow attackers to obtain sensitive information. This may result in further attacks.
This issue is tracked by Cisco Bug ID CSCuj39274.
| VAR-E-201311-0198 | No CVE | ZyXEL GS1510-16 'webctrl.cgi' Remote Password Disclosure Vulnerability | No EDB ID |
ZyXEL GS1510-16 is prone to a password-disclosure vulnerability.
Attackers can exploit this issue to gain access to administrator password that may lead to further attacks.
| VAR-E-201311-0397 |
CVE-2013-6811 |
D-Link DSL-6740U CVE-2013-6811 Cross Site Request Forgery Vulnerability
Related entries in the VARIoT vulnerabilities database: VAR-201911-1529 | No EDB ID |
D-Link DSL-6740U is prone to a cross-site request-forgery vulnerability.
Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected device. Other attacks are also possible.
| VAR-E-201311-0400 | No CVE | ADB Discus DRG A125G Router Multiple Cross Site Request Forgery Vulnerabilities | No EDB ID |
ADB Discus DRG A125G is prone to multiple cross-site request-forgery vulnerabilities.
Exploiting these issues may allow a remote attacker to perform certain unauthorized actions and compromise the affected device.
| VAR-E-201311-0483 | No CVE | TP-LINK TL-WR740N/TL-WR740ND 'WlanSecurityRpm.htm' Cross Site Request Forgery Vulnerability | No EDB ID |
TPLINK TL-WR740N/TL-WR740ND are prone to a cross-site request-forgery vulnerability because it fails to properly validate HTTP requests.
Exploiting this issue may allow a remote attacker to perform certain unauthorized administrative actions. Other attacks are also possible.
TP-Link TL-WR740N/TL-WR740ND running firmware 3.16.6 Build 130529 are vulnerable; other versions may also be affected.
| VAR-E-201311-0200 | No CVE | ADB Discus DRG A125G 'wlbasic.html' Password Information Disclosure Vulnerability | No EDB ID |
Discus DRG A125G is prone to an information-disclosure vulnerability.
Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks.
Discus DRG A125G is vulnerable; other versions may also be affected.
| VAR-E-201311-0106 |
CVE-2013-6780 | Cisco Ironport AsyncOS Cross Site Scripting | No EDB ID |
| VAR-E-201311-0046 |
CVE-2013-5223 |
D-Link DSL-500B Gen 2 - Parental Control Configuration Panel Persistent Cross-Site Scripting - Hardware webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201311-0288 | EDB ID: 36987 |
D-Link DSL-500B Gen 2 - Parental Control Configuration Panel Persistent Cross-Site Scripting. CVE-2013-5223CVE-99603 . webapps exploit for Hardware platform
| VAR-E-201311-0047 |
CVE-2013-5223 |
D-Link DSL-500B Gen 2 - URL Filter Configuration Panel Persistent Cross-Site Scripting - Hardware webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201311-0288 | EDB ID: 36988 |
D-Link DSL-500B Gen 2 - URL Filter Configuration Panel Persistent Cross-Site Scripting. CVE-2013-5223CVE-99603 . webapps exploit for Hardware platform
| VAR-E-201310-0073 |
CVE-2013-3591 |
vTiger CRM 5.3.0 5.4.0 - (Authenticated) Remote Code Execution (Metasploit) - PHP remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-202002-0570 | EDB ID: 29319 |
vTiger CRM 5.3.0 5.4.0 - (Authenticated) Remote Code Execution (Metasploit). CVE-2013-3591CVE-99150 . remote exploit for PHP platform
| VAR-E-201310-0513 | No CVE | ASUS RT-N13U Backdoor Account | No EDB ID |
The ASUS RT-N13U home router comes configured with an administrative root shell with a default password and is available via telnetd. Changing the password on the web interface does not remediate the issue.
| VAR-E-201310-0005 |
CVE-2013-6236 |
Stem Innovation - 'IZON' Hard-Coded Credentials - Hardware webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-202002-0687 | EDB ID: 29266 |
Stem Innovation - 'IZON' Hard-Coded Credentials. CVE-2013-6236CVE-99069 . webapps exploit for Hardware platform
| VAR-E-201310-0215 | No CVE | ARRIS DG860A - NVRAM Backup Password Disclosure - Hardware webapps Exploit | EDB ID: 29131 |
ARRIS DG860A - NVRAM Backup Password Disclosure. CVE-98759 . webapps exploit for Hardware platform