Sign-up

VARIoT IoT exploits database

Affected products: vendor, model and version
Type can be e.g: Remote Code Execution or Denial of Service
Look up free text in title and description

VAR-E-201302-0094 CVE-2013-2678
CVE-2013-2679
CVE-2013-2682
CVE-2013-2680
CVE-2013-2681
CVE-2013-2683
CVE-2013-2684
 Linksys WRT160N - Multiple Vulnerabilities - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-202002-0524, VAR-202002-0520, VAR-202002-0525, VAR-202002-0523, VAR-202002-0522, VAR-202002-0519, VAR-202002-0521		 EDB ID: 24478
Linksys WRT160N - Multiple Vulnerabilities. CVE-90094CVE-90093CVE-90092CVE-89916CVE-89915CVE-2013-2678CVE-89912CVE-89911 . webapps exploit for Hardware platform
VAR-E-201302-0551 CVE-2012-4694
CVE-2012-4712
 MOXA EDR-G903 Unauthorized Access Vulnerability and Insufficient Entropy Weakness

Related entries in the VARIoT vulnerabilities database: VAR-201302-0026, VAR-201302-0035		 No EDB ID
MOXA EDR-G903 is prone to an unauthorized access vulnerability and a weakness in the entropy of the generated key. Successful exploits will allow attackers to gain access to the device and sensitive information. Successful exploits may result in the attacker executing arbitrary commands or gain unauthorized access on the affected system.
VAR-E-201302-0284 No CVE Netgear DGN1000B XSS / Command Injection No EDB ID
The Netgear N150 Wireless ADSL2+ Modem Router DGN1000 suffers from cross site scripting, OS command injection, and insecure cryptographic storage vulnerabilities. Firmware versions 1.1.00.24 and 1.1.00.45 are affected.
VAR-E-201302-0007 No CVE TP-Link TL-WR2543ND Router - Admin Panel Multiple Cross-Site Request Forgery Vulnerabilities - Hardware remote Exploit EDB ID: 38308
TP-Link TL-WR2543ND Router - Admin Panel Multiple Cross-Site Request Forgery Vulnerabilities.. remote exploit for Hardware platform
VAR-E-201302-0164 No CVE Netgear DGN1000B - Multiple Vulnerabilities - Hardware webapps Exploit EDB ID: 24464
Netgear DGN1000B - Multiple Vulnerabilities. CVE-89986CVE-89985CVE-89984 . webapps exploit for Hardware platform
VAR-E-201302-0089 No CVE Netgear DGN1000B - Multiple Vulnerabilities No EDB ID
VAR-E-201302-0343 No CVE D-Link DIR-300 Cross Site Scripting No EDB ID
D-Link DIR-300 suffers from an administratively inflicted cross site scripting vulnerability.
VAR-E-201301-0123 No CVE Broadcom UPnP Stack 'SetConnectionType()' Function Format String Vulnerability No EDB ID
Broadcom UPnP is prone to a format-string vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary code with root privileges. Failed exploit attempts will likely result in a denial-of-service condition.
VAR-E-201301-0049 CVE-2013-0229
CVE-2013-0230
 INFOMARK IMW-C920W MiniUPnPd 1.0 - Denial of Service - Hardware dos Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201301-0243		 EDB ID: 37517
INFOMARK IMW-C920W MiniUPnPd 1.0 - Denial of Service. CVE-2013-0230CVE-2013-0229CVE-89625CVE-89624 . dos exploit for Hardware platform
VAR-E-201301-0050 CVE-2013-0230
CVE-2013-0229
 MiniUPnPd 1.0 - Remote Stack Buffer Overflow Remote Code Execution (Metasploit) - Linux remote Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201301-0243		 EDB ID: 25975
MiniUPnPd 1.0 - Remote Stack Buffer Overflow Remote Code Execution (Metasploit). CVE-2013-0230CVE-89624 . remote exploit for Linux platform
VAR-E-201301-0051 CVE-2013-0230
CVE-2013-0229
 MiniUPnPd 1.0 (MIPS) - Remote Stack Overflow Remote Code Execution for AirTies RT Series - Multiple remote Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201301-0243		 EDB ID: 36839
MiniUPnPd 1.0 (MIPS) - Remote Stack Overflow Remote Code Execution for AirTies RT Series. CVE-2013-0230CVE-89624 . remote exploit for Multiple platform
VAR-E-201301-0211 CVE-2013-1102
CVE-2013-1103
CVE-2013-1104
CVE-2013-1105
 Cisco Wireless LAN Controller Multiple Security Vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-201301-0343, VAR-201301-0344, VAR-201301-0345, VAR-201301-0346		 No EDB ID
The Cisco Wireless LAN Controller is prone to multiple security vulnerabilities. Exploiting these issues could allow an attacker to deny service to legitimate users, execute arbitrary code, or gain unauthorized access. Other attacks may also be possible.
VAR-E-201301-0467 No CVE SAP NetWeaver SDM Multiple Security Vulnerabilities No EDB ID
SAP NetWeaver is prone to multiple security vulnerabilities. Attackers can exploit these issues to cause denial-of-service conditions, obtain sensitive information, or bypass certain security restrictions that may lead to further attacks.
VAR-E-201301-0068 CVE-2012-3000
 F5 BIG-IP 11.2.0 SQL Injection

Related entries in the VARIoT vulnerabilities database: VAR-201401-0017		 No EDB ID
F5 BIG-IP versions 11.2.0 and below suffer from a remote SQL injection vulnerability.
VAR-E-201301-0209 CVE-2013-0658
 Schneider Electric Accutech Manager - Heap Overflow (PoC) - Windows dos Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201302-0261		 EDB ID: 24474
Schneider Electric Accutech Manager - Heap Overflow (PoC). CVE-2013-0658CVE-89691 . dos exploit for Windows platform
VAR-E-201301-0169 CVE-2012-2997
 F5 Networks BIG-IP - XML External Entity Injection - Hardware remote Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201401-0016		 EDB ID: 38233
F5 Networks BIG-IP - XML External Entity Injection. CVE-2012-2997CVE-89447 . remote exploit for Hardware platform
VAR-E-201301-0495 No CVE NVidia Display Driver Buffer Overflow No EDB ID
This is an exploit for a stack buffer overflow in the NVidia Display Driver Service. The service listens on a named pipe (\\pipe\\nsvr) which has a NULL DACL configured, which should mean that any logged on user or remote user in a domain context (Windows firewall/file sharing permitting) should be able to exploit this vulnerability. This is updated by Sean de Regge to target the 30 Aug 2012 nvvsvc.exe build.
VAR-E-201301-0122 CVE-2013-2679
CVE-2013-2682
CVE-2013-2678
CVE-2013-2680
CVE-2013-2681
CVE-2013-2683
CVE-2013-2684
 Linksys WRT54GL Firmware 4.30.15 build 2 - Multiple Vulnerabilities - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-202002-0524, VAR-202002-0520, VAR-202002-0525, VAR-202002-0523, VAR-202002-0522, VAR-202002-0519, VAR-202002-0521		 EDB ID: 24202
Linksys WRT54GL Firmware 4.30.15 build 2 - Multiple Vulnerabilities. CVE-89421CVE-89420CVE-89419CVE-2013-2679 . webapps exploit for Hardware platform
VAR-E-201301-0013 CVE-2012-6436
CVE-2012-6438
CVE-2012-6437
CVE-2012-6440
 Rockwell Automation ControlLogix CVE-2012-6436 Remote Denial of Service Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-201301-0157, VAR-201301-0154, VAR-201301-0153, VAR-201301-0155		 No EDB ID
Rockwell Automation ControlLogix is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the NIC to crash, denying service to legitimate users.
VAR-E-201301-0264 No CVE Schmid Watson Management Console - Directory Traversal - Linux remote Exploit EDB ID: 38203
Schmid Watson Management Console - Directory Traversal.. remote exploit for Linux platform