VARIoT IoT exploits database
| VAR-E-201305-0424 | No CVE | D-Link DSL-320B - Multiple Vulnerabilities - Hardware webapps Exploit | EDB ID: 25251 |
D-Link DSL-320B - Multiple Vulnerabilities. CVE-93020CVE-93019CVE-93018CVE-93014CVE-93013 . webapps exploit for Hardware platform
| VAR-E-201305-0048 |
CVE-2013-2673 CVE-2013-2675 CVE-2013-2507 CVE-2013-2670 CVE-2013-2671 CVE-2013-2672 CVE-2013-2674 CVE-2013-2676 |
Brother MFC-9970CDW Firmware 0D Cross Site Scripting
Related entries in the VARIoT vulnerabilities database: VAR-202002-0516, VAR-201403-0065, VAR-201403-0045, VAR-201403-0046, VAR-202002-0514, VAR-202002-0515, VAR-202002-0517, VAR-202002-0518 | No EDB ID |
Brother MFC-9970CDW Firmware 0D suffers from multiple cross site scripting vulnerabilities.
| VAR-E-201305-0207 | No CVE | ABBS Audio Media Player 3.1 - '.lst' Local Buffer Overflow - Windows local Exploit | EDB ID: 25204 |
ABBS Audio Media Player 3.1 - '.lst' Local Buffer Overflow. CVE-75096 . local exploit for Windows platform
| VAR-E-201305-0418 | No CVE | D-Link DNS-323 File Upload / Traversal / Command Execution | No EDB ID |
D-Link DNS-323 suffers from remote arbitrary file upload, directory traversal, and command execution vulnerabilities.
| VAR-E-201305-0075 | No CVE | D-Link DNS-323 - Multiple Vulnerabilities - Hardware webapps Exploit | EDB ID: 25142 |
D-Link DNS-323 - Multiple Vulnerabilities. CVE-92942CVE-92941 . webapps exploit for Hardware platform
| VAR-E-201304-0137 |
CVE-2013-1599 CVE-2013-1602 CVE-2013-1601 CVE-2013-1600 CVE-2013-1603 |
D-Link IP Cameras - Multiple Vulnerabilities - Hardware webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-202001-0843, VAR-202001-0841, VAR-202001-0839, VAR-202001-0842, VAR-202001-0840 | EDB ID: 25138 |
D-Link IP Cameras - Multiple Vulnerabilities. CVE-2013-1603CVE-2013-1602CVE-2013-1601CVE-2013-1600CVE-2013-1599CVE-92864CVE-92863CVE-92862CVE-92861CVE-92860 . webapps exploit for Hardware platform
| VAR-E-201304-0092 |
CVE-2013-2678 CVE-2013-2679 CVE-2013-2682 CVE-2013-2680 CVE-2013-2681 CVE-2013-2683 CVE-2013-2684 |
Cisco Linksys E4200 - Multiple Vulnerabilities - Hardware webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-202002-0524, VAR-202002-0520, VAR-202002-0525, VAR-202002-0523, VAR-202002-0522, VAR-202002-0519, VAR-202002-0521 | EDB ID: 25292 |
Cisco Linksys E4200 - Multiple Vulnerabilities. CVE-2013-2684CVE-2013-2683CVE-2013-2682CVE-2013-2681CVE-2013-2680CVE-2013-2679CVE-2013-2678CVE-93065CVE-93064CVE-93063CVE-93062CVE-93061CVE-93060CVE-93059CVE-89911 . webapps exploit for Hardware platform
| VAR-E-201304-0093 |
CVE-2013-2679 CVE-2013-2682 CVE-2013-2678 CVE-2013-2680 CVE-2013-2681 CVE-2013-2683 CVE-2013-2684 |
Cisco Linksys E4200 - '/apply.cgi' Multiple Cross-Site Scripting Vulnerabilities - Hardware remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-202002-0524, VAR-202002-0520, VAR-202002-0525, VAR-202002-0523, VAR-202002-0522, VAR-202002-0519, VAR-202002-0521 | EDB ID: 38501 |
Cisco Linksys E4200 - '/apply.cgi' Multiple Cross-Site Scripting Vulnerabilities. CVE-2013-2679CVE-93060 . remote exploit for Hardware platform
| VAR-E-201304-0197 | No CVE | D-Link DIR-635 Cross Site Request Forgery / Cross Site Scripting | No EDB ID |
D-Link DIR-635 suffers from cross site request forgery and multiple cross site scripting vulnerabilities.
| VAR-E-201304-0463 | No CVE | D-Link DIR-635 - Multiple Vulnerabilities - Hardware webapps Exploit | EDB ID: 25024 |
D-Link DIR-635 - Multiple Vulnerabilities. CVE-92843CVE-92842CVE-90178CVE-89860 . webapps exploit for Hardware platform
| VAR-E-201304-0526 | No CVE | D-Link DIR-635 Multiple Security Vulnerabilities | No EDB ID |
D-Link DIR-635 is prone to the following security vulnerabilities:
1. An HTML-injection vulnerability
2. A cross-site request-forgery vulnerability
3. A cross-site scripting vulnerability
4. A security-bypass vulnerability
An attacker can exploit these issues to execute HTML and arbitrary script code in the browser of an unsuspecting user in the context of the affected device, steal cookie-based authentication credentials, and perform unauthorized actions in the context of a user session. Other attacks are also possible.
| VAR-E-201304-0164 |
CVE-2013-1178 |
Multiple Cisco Products CVE-2013-1178 Multiple Remote Buffer Overflow Vulnerabilities
Related entries in the VARIoT vulnerabilities database: VAR-201304-0277 | No EDB ID |
Multiple Cisco NX-OS-Based products are prone to multiple remote buffer-overflow vulnerabilities because they fail to perform adequate boundary-checks on user-supplied data.
An attacker can exploit these issues to execute arbitrary code with the elevated privileges. Failed exploit attempts will result in a denial-of-service condition.
These issues being tracked by Cisco Bug IDs CSCtu10630, CSCtu10551, CSCtu10550, CSCtw56581, CSCtu10548, CSCtu10544, and CSCuf61275.
| VAR-E-201304-0287 | No CVE | D-Link DIR-600 and DIR-300 Multiple Security Vulnerabilities | No EDB ID |
D-Link DIR-600 and DIR-300 are prone to the following security vulnerabilities:
1. Multiple command-injection vulnerabilities
2. A cross-site request-forgery vulnerability
3. A cross-site scripting vulnerability
4. A password encryption weakness
5. Multiple information-disclosure vulnerabilities
6. An HTTP-header-injection vulnerability
7. A security-bypass vulnerability
An attacker can exploit these issues to gain access to potentially sensitive information, decrypt stored passwords, execute arbitrary commands in the context of the affected device, steal cookie-based authentication credentials, perform unauthorized actions in the context of a user session, or redirect users to arbitrary sites and perform HTTP-request smuggling. Other attacks are also possible.
| VAR-E-201304-0339 | No CVE | TP-Link TL-WR741N / TL-WR741ND Routers - Multiple Denial of Service Vulnerabilities - Hardware dos Exploit | EDB ID: 38483 |
TP-Link TL-WR741N / TL-WR741ND Routers - Multiple Denial of Service Vulnerabilities.. dos exploit for Hardware platform
| VAR-E-201304-0225 |
CVE-2013-3095 |
D-Link DIR-865L - Cross-Site Request Forgery - Hardware remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201311-0097 | EDB ID: 38481 |
D-Link DIR-865L - Cross-Site Request Forgery. CVE-2013-3095CVE-92550 . remote exploit for Hardware platform
| VAR-E-201304-0313 | No CVE | Sitecom WLM-3500 Backdoor Accounts | No EDB ID |
Sitecom WLM-3500 routers contain an undocumented access backdoor that can be abused to bypass existing authentication mechanisms.
| VAR-E-201304-0008 |
CVE-2013-3069 |
NetGear WNDR4700 CVE-2013-3069 Cross-Site Scripting Vulnerability
Related entries in the VARIoT vulnerabilities database: VAR-201404-0101 | No EDB ID |
NetGear WNDR4700 is prone to an unspecified cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected device. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
NetGear WNDR4700 running firmware 1.0.0.34 is vulnerable.
| VAR-E-201304-0226 |
CVE-2013-3051 |
Motorola Multiple Devices For Android CVE-2013-3051 Local Privilege Escalation Vulnerability
Related entries in the VARIoT vulnerabilities database: VAR-201304-0438 | No EDB ID |
Multiple Motorola devices for Android are prone to a local privilege-escalation vulnerability.
Local attackers can exploit this issue to gain administrator privileges and perform unauthorized actions.
| VAR-E-201304-0431 | No CVE | AT-TFTP Server Stack Buffer Overflow Vulnerability | No EDB ID |
AT-TFTP is prone to a remote stack-based buffer-overflow vulnerability.
Successful exploits will allow attackers to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
AT-TFTP 2.0 is vulnerable; other versions may also be affected.
| VAR-E-201304-0479 |
CVE-2012-5415 |
Cisco Adaptive Security Appliance CVE-2012-5415 Denial of Service Vulnerability
Related entries in the VARIoT vulnerabilities database: VAR-201304-0035 | No EDB ID |
Cisco Adaptive Security Appliance is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to cause CPU exhaustion and reload an affected device, denying service to legitimate users.
This issue is being tracked by Cisco Bug IDs CSCue31622 and CSCuc71272.