VARIoT IoT exploits database

D-Link DSL-2750U is prone to multiple authentication-bypass vulnerabilities. An attacker can exploit these issues to bypass authentication mechanism and perform unauthorized actions. This may lead to further attacks. D-Link DSL-2750U Router 1.11 is vulnerable; other versions may also be affected.

CISCO Small Business 200 / 300 / 500 Switches - Multiple Vulnerabilities. CVE-2019-1943 . webapps exploit for Hardware platform

D-Link DIR-818LW is prone to multiple command-injection vulnerabilities. Exploiting these issues could allow an attacker to execute arbitrary commands in the context of the affected device. Failed exploit attempts will likely result in denial-of-service conditions. D-Link DIR-818LW devices with firmware 2.06betab01 are vulnerable.

Siemens TIA Portal - Remote Command Execution.. remote exploit for Hardware platform

Huawei HG530 suffers from a cross site request forgery vulnerability.

SAP Crystal Reports - Information Disclosure. CVE-2019-0285 . webapps exploit for Multiple platform

KCodes NetUSB is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. KCodes NetUSB.ko versions 1.0.2.66 and 1.0.2.69 are vulnerable; other versions may also be affected.

KCodes NetUSB is prone to a memory-corruption vulnerability. Attackers can exploit this issue to obtain sensitive information or crash the application resulting in a denial-of-service condition. KCodes NetUSB.ko versions 1.0.2.66 and 1.0.2.69 are vulnerable; other versions may also be affected.

The IDAL HTTP server CGI interface contains a URL, which allows an unauthenticated attacker to bypass authentication and gain access to privileged functions. In the IDAL CGI interface, there is a URL (/cgi/loginDefaultUser), which will create a session in an authenticated state and return the session ID along with the username and plaintext password of the user. An attacker can then login with the provided credentials or supply the string 'IDALToken=......' in a cookie which will allow them to perform privileged operations such as restarting the service with /cgi/restart.

Telus Actiontec T2200H with firmware T2200H-31.128L.08 suffers from a local privilege escalation vulnerability.

Fuji Electric V-Server is prone to multiple security vulnerabilities: 1. A remote denial-of-service vulnerability 2. An information disclosure vulnerability An attacker can exploit these issues to cause a denial-of-service condition or obtain sensitive information that may lead to further attacks . Versions prior to V-SFT 6.0.33.0 are vulnerable.

DRAM is prone to an information disclosure vulnerability. A local attacker may leverage this issue to gain sensitive information from the physical address space.

Dlink DCS-1130 suffers from command injection, cross site request forgery, stack overflow, and various other vulnerabilities.

Securifi Almond 2015 suffers from buffer overflow, command injection, cross site scripting, cross site request forgery, and various other vulnerabilities.

Amcrest IPM-721S suffers from credential disclosure, privilege escalation, and a long list of other vulnerabilities.

NUUO NVRMini 2 3.9.1 - 'sscanf' Stack Overflow. CVE-2018-19864 . remote exploit for Hardware platform

TP-LINK TL-WR840N v5 00000005 - Cross-Site Scripting. CVE-2019-12195 . webapps exploit for Hardware platform

Huawei eSpace 1.1.11.103 - 'ContactsCtrl.dll' / 'eSpaceStatusCtrl.dll' ActiveX Heap Overflow. CVE-2014-9418 . dos exploit for Windows platform

Huawei eSpace 1.1.11.103 - Image File Format Handling Buffer Overflow. CVE-2014-9417 . dos exploit for Windows platform

Huawei eSpace 1.1.11.103 - DLL Hijacking. CVE-2014-9416 . local exploit for Windows platform