VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-201909-0693 CVE-2019-13140 Inteno Group EG200 Configuration Error Vulnerability CVSS V2: 4.0
CVSS V3: 6.5
Severity: MEDIUM
Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 routers have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to decrypt the provisioning file provided by Adamo Telecom on a public URL via cleartext HTTP. Inteno EG200 Routers contain information disclosure vulnerabilities due to differences in responses to security-related processing.Information may be obtained. The Inteno Group EG200 is a home gateway device from Inteno Group, Sweden. A configuration error vulnerability exists in the Inteno Group EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 version, which can be exploited by an attacker to extract 3DES keys using JSON commands
VAR-202009-1222 CVE-2018-19948 QNAP Systems TS-870 cross-site request forgery vulnerability CVSS V2: 4.3
CVSS V3: 6.5
Severity: MEDIUM
The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this cross-site request forgery (CSRF) vulnerability could allow attackers to force NAS users to execute unintentional actions through a web application. QNAP has already fixed the issue in Helpdesk 3.0.3 and later. QNAP Systems TS-870 is a NAS (Network Attached Storage) device of China QNAP Systems. A cross-site request forgery vulnerability exists in QNAP Systems TS-870 using firmware version 4.3.4.0486. The vulnerability stems from the failure of the WEB application to fully verify whether the request comes from a trusted user. Attackers can use this vulnerability to send unexpected requests to the server through the affected client
VAR-202002-0270 CVE-2019-12511 NETGEAR Nighthawk X10-R9000 In OS Command injection vulnerabilities CVSS V2: 9.3
CVSS V3: 9.8
Severity: CRITICAL
In NETGEAR Nighthawk X10-R9000 prior to 1.0.4.26, an attacker may execute arbitrary system commands as root by sending a specially-crafted MAC address to the "NETGEAR Genie" SOAP endpoint at AdvancedQoS:GetCurrentBandwidthByMAC. Although this requires QoS being enabled, advanced QoS being enabled, and a valid authentication JWT, additional vulnerabilities (CVE-2019-12510) allow an attacker to interact with the entire SOAP API without authentication. Additionally, DNS rebinding techniques may be used to exploit this vulnerability remotely. Exploiting this vulnerability is somewhat involved. The following limitations apply to the payload and must be overcome for successful exploitation: - No more than 17 characters may be used. - At least one colon must be included to prevent mangling. - A single-quote and meta-character must be used to break out of the existing command. - Parent command remnants after the injection point must be dealt with. - The payload must be in all-caps. Despite these limitations, it is still possible to gain access to an interactive root shell via this vulnerability. Since the web server assigns certain HTTP headers to environment variables with all-caps names, it is possible to insert a payload into one such header and reference the subsequent environment variable in the injection point. NETGEAR Nighthawk X10-R9000 To OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR Nighthawk X10-R9000 is a wireless router from NETGEAR. The vulnerability stems from the fact that the network system or product did not properly filter the special elements in the process of constructing executable commands from external input data. An attacker could use this vulnerability to execute an illegal command
VAR-202002-0271 CVE-2019-12512 NETGEAR Nighthawk X10-R900 Cross-site scripting vulnerability in CVSS V2: 4.3
CVSS V3: 6.1
Severity: MEDIUM
In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, an attacker may execute stored XSS attacks against this device by supplying a malicious X-Forwarded-For header while performing an incorrect login attempt. The value supplied by this header will be inserted into administrative logs, found at Advanced settings->Administration->Logs, and may trigger when the page is viewed. Although this value is inserted into a textarea tag, the attack simply needs to supply a closing textarea tag. NETGEAR Nighthawk X10-R900 Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. NETGEAR Nighthawk X10-R9000 is a wireless router from NETGEAR. The vulnerability stems from the lack of proper validation of client data by web applications. An attacker could use this vulnerability to execute client code
VAR-202002-0269 CVE-2019-12510 NETGEAR Nighthawk X10-R900 Authentication vulnerabilities in CVSS V2: 6.4
CVSS V3: 9.1
Severity: CRITICAL
In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may bypass all authentication checks on the device's "NETGEAR Genie" SOAP API ("/soap/server_sa") by supplying a malicious X-Forwarded-For header of the device's LAN IP address (192.168.1.1) in every request. As a result, an attacker may modify almost all of the device's settings and view various configuration settings. NETGEAR Nighthawk X10-R900 There is an authentication vulnerability in.Information may be obtained and tampered with. NETGEAR Nighthawk X10-R9000 is a wireless router from NETGEAR
VAR-202002-0879 CVE-2018-13313 TOTOLINK A3002RU Vulnerability in insecure storage of critical information in CVSS V2: 4.0
CVSS V3: 6.5
Severity: MEDIUM
In TOTOLINK A3002RU 1.0.8, the router provides a page that allows the user to change their account name and password. This page, password.htm, contains JavaScript which is used to confirm the user knows their current password before allowing them to change their password. However, this JavaScript contains the current user’s password in plaintext. TOTOLINK A3002RU There is a vulnerability in the insecure storage of important information.Information may be obtained
VAR-202002-0272 CVE-2019-12513 NETGEAR Nighthawk X10-R9000 Cross-Site Scripting Vulnerability CVSS V2: 4.3
CVSS V3: 6.1
Severity: MEDIUM
In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, by sending a DHCP discover request containing a malicious hostname field, an attacker may execute stored XSS attacks against this device. When the malicious DHCP request is received, the device will generate a log entry containing the malicious hostname. This log entry may then be viewed at Advanced settings->Administration->Logs to trigger the exploit. Although this value is inserted into a textarea tag, converted to all-caps, and limited in length, attacks are still possible. NETGEAR Nighthawk X10-R900 Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. NETGEAR Nighthawk X10-R9000 is a wireless router from NETGEAR. The vulnerability stems from the lack of proper validation of client data by web applications. An attacker could use this vulnerability to execute client code
VAR-202011-1204 CVE-2018-19955 QNAP Systems TS-870 cross-site scripting vulnerability CVSS V2: 4.3
CVSS V3: 6.1
Severity: MEDIUM
The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10. QNAP Systems TS-870 is a NAS (Network Attached Storage) device of China QNAP Systems. The vulnerability stems from the lack of correct verification of client data in the WEB application
VAR-202011-1206 CVE-2018-19950 QNAP Music Station  In  OS  Command injection vulnerability CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
If exploited, this command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11. QNAP Music Station Has OS There are command injection vulnerabilities and command injection vulnerabilities.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. QNAP Systems TS-870 is a NAS (Network Attached Storage) device of China QNAP Systems. The UserName of the Music Station that uses the file upload function of QNAP Systems TS-870 with firmware version 4.3.4.0486 has a command injection vulnerability
VAR-202011-1203 CVE-2018-19954 QNAP Systems TS-870 cross-site scripting vulnerability CVSS V2: 4.3
CVSS V3: 6.1
Severity: MEDIUM
The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10. QNAP Systems TS-870 is a NAS (Network Attached Storage) device of China QNAP Systems. The vulnerability stems from the lack of correct verification of client data in the WEB application
VAR-202010-1066 CVE-2018-19953 QNAP Systems TS-870 cross-site scripting vulnerability CVSS V2: 4.3
CVSS V3: 6.1
Severity: MEDIUM
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20200107; QTS 4.3.3.1161 on build 20200109; QTS 4.2.6 on build 20200109. QTS Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. QNAP Systems TS-870 is a NAS (Network Attached Storage) device of China QNAP Systems. A cross-site scripting vulnerability exists in QNAP Systems TS-870 using firmware version 4.3.4.0486
VAR-202011-1202 CVE-2018-19952 QNAP Systems TS-870 SQL injection vulnerability CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
If exploited, this SQL injection vulnerability could allow remote attackers to obtain application information. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11. QNAP Systems TS-870 is a NAS (Network Attached Storage) device of China QNAP Systems. A security vulnerability exists in QNAP Systems TS-870 using firmware version 4.3.4.0486. An attacker can use this vulnerability to use LIMIT and retrieve data
VAR-202011-1207 CVE-2018-19951 QNAP Systems TS-870 cross-site scripting vulnerability CVSS V2: 4.3
CVSS V3: 6.1
Severity: MEDIUM
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11. Music Station Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. QNAP Systems TS-870 is a NAS (Network Attached Storage) device of China QNAP Systems. The vulnerability stems from the lack of correct verification of client data in the WEB application. An attacker can use this vulnerability to execute client code
VAR-202011-1205 CVE-2018-19956 Photo Station Cross-site scripting vulnerability in CVSS V2: 4.3
CVSS V3: 6.1
Severity: MEDIUM
The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10. QNAP Systems TS-870 is a NAS (Network Attached Storage) device of China QNAP Systems. The vulnerability stems from the lack of correct verification of client data in the WEB application
VAR-201909-0594 CVE-2019-16057 D-Link DNS-320 In OS Command injection vulnerability CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection. D-Link DNS-320 Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DNS-320 is a dual-bay ShareCenter series NAS storage device. A remote unauthenticated attacker could use this vulnerability to access all application commands with root privileges
VAR-201909-1490 CVE-2019-11166 Intel(R) Easy Streaming Wizard Vulnerability in Permission Management CVSS V2: 4.6
CVSS V3: 6.7
Severity: MEDIUM
Improper file permissions in the installer for Intel(R) Easy Streaming Wizard before version 2.1.0731 may allow an authenticated user to potentially enable escalation of privilege via local attack. Intel(R) Easy Streaming Wizard Contains a privilege management vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Easy Streaming Wizard is a set of streaming media transmission (live broadcast) configuration software developed by Intel Corporation. A local attacker could exploit this vulnerability to elevate privileges
VAR-201909-1667 No CVE Shenzhen Long Brother Digital Lock Co., Ltd. OKLOK Smart Door Latches in Logic Design Vulnerability CVSS V2: 4.0
CVSS V3: -
Severity: MEDIUM
Shenzhen Long Brother Digital Lock Co., Ltd. is a modern enterprise integrating R & D, production and sales. Shenzhen Long Brother Digital Lock Co., Ltd. OKLOK smart door latches a loophole in the logic design. Attackers can use vulnerabilities to view other people's binding information, obtain sensitive information, and perform unauthorized operations.
VAR-201909-0780 CVE-2019-16313 ifw8 Router ROM Vulnerable to information leak from cache CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
ifw8 Router ROM v4.31 allows credential disclosure by reading the action/usermanager.htm HTML source code. Zhifeng Technology ifw8 Router ROM is a router operating system developed by China Zhifeng Technology Company
VAR-201909-0862 CVE-2019-13918 Siemens SINEMA Remote Connect Server Password guessing vulnerability CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). The web interface has no means to prevent password guessing attacks. The vulnerability could be exploited by an attacker with network access to the vulnerable software, requiring no privileges and no user interaction. The vulnerability could allow full access to the web interface. At the time of advisory publication no public exploitation of this security vulnerability was known. SINEMA Remote Connect Server Contains a vulnerability related to weak password requests.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SINEMA Remote Connect helps users access remote devices or machines for easy and safe maintenance. The platform is mainly used for remote access, maintenance, control and diagnosis of the underlying network
VAR-201909-1510 CVE-2019-13919 Siemens SINEMA Remote Connect Server Unprivileged User Access Vulnerability CVSS V2: 4.0
CVSS V3: 4.3
Severity: MEDIUM
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some pages that should only be accessible by a privileged user can also be accessed by a non-privileged user. The security vulnerability could be exploited by an attacker with network access and valid credentials for the web interface. No user interaction is required. The vulnerability could allow an attacker to access information that he should not be able to read. The affected information does not include passwords. At the time of advisory publication no public exploitation of this security vulnerability was known. SINEMA Remote Connect helps users access remote devices or machines for easy and safe maintenance. The platform is mainly used for remote access, maintenance, control and diagnosis of the underlying network