VARIoT IoT vulnerabilities database

ARRIS SBG6580-2 D30GW-SEAEAGLE-1.5.2.5-GA-00-NOSH devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. ARRIS SBG6580-2 The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ARRIS SBG6580-2 is a cable modem produced by Arris Group Corporation in the United States. A security vulnerability exists in ARRIS SBG6580-2 D30GW-SEAEAGLE-1.5.2.5-GA-00-NOSH version

Jiuzhou BCM93383WRG 139.4410mp1.3921132mp1.899.004404.004 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. Jiuzhou BCM93383WRG The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Jiuzhou BCM93383WRG is a modem. There is a security vulnerability in Jiuzhou BCM93383WRG 139.4410mp1.3921132mp1.899.004404.004 version

plural CastleNet Product devices contain vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CastleNet CBV38Z4EC etc. are the cable modem products of CostleNet Technology Company. Security vulnerabilities exist in several CastleNet products. A remote attacker could exploit this vulnerability to obtain credentials by sending SNMP requests. The following products and versions are affected: CastleNet CBV38Z4EC version 125.553mp1.39219mp1.899.007; CBV38Z4ECNIT version 125.553mp1.39219mp1.899.005ITT; CBW383G4J version 37.556mp5.008; CBW38G4J version 17.0083

Ambit DDW2600 5.100.1009, DDW2602 5.105.1003, T60C926 4.64.1012, and U10C019 5.66.1026 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. plural Ambit The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Ambit DDW2600 etc. are all modem products. There are security vulnerabilities in several Ambit products. The following products and versions are affected: Ambit DDW2600 version 5.100.1009; DDW2602 version 5.105.1003; T60C926 version 4.64.1012; U10C019 version 5.66.1026

iNovo Broadband IB-8120-W21 139.4410mp1.004200.002 and IB-8120-W21E1 139.4410mp1.3921132mp1.899.004404.004 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. iNovo Broadband IB-8120-W21 and IB-8120-W21E1 The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both iNovo Broadband IB-8120-W21 and IB-8120-W21E1 are modem products. There are security vulnerabilities in iNovo Broadband IB-8120-W21 version 139.4410mp1.004200.002 and IB-8120-W21E1 version 139.4410mp1.3921132mp1.899.004404.004

Comtrend CM-6200un 123.447.007 and CM-6300n 123.553mp1.005 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. Comtrend CM-6200un and CM-6300n The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Comtrend CM-6200un and CM-6300n are cable modem products of Comtrend Company. There are security vulnerabilities in Comtrend CM-6200un 123.447.007 version and CM-6300n 123.553mp1.005 version

Bnmux BCW700J 5.20.7, BCW710J 5.30.6a, and BCW710J2 5.30.16 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. Bnmux BCW700J , BCW710J , BCW710J2 The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Bnmux BCW700J, BCW710J and BCW710J2 are all modem products of Japan Broad Net Mux (Bnmux) company. There are security vulnerabilities in Bnmux BCW700J version 5.20.7, BCW710J version 5.30.6a and BCW710J2 version 5.30.16

Technicolor DPC2320 dpc2300r2-v202r1244101-150420a-v6 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. Technicolor DPC2320 The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Technicolor DPC2320 is a modem from Technicolor Group. Technicolor DPC2320 dpc2300r2-v202r1244101-150420a-v6 has a security vulnerability

ARRIS DG950A 7.10.145 and DG950S 7.10.145.EURO devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. ARRIS DG950A and DG950S The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both ARRIS DG950A and DG950S are cable modems from Arris Group Corporation in the United States. A security vulnerability exists in ARRIS DG950A version 7.10.145 and DG950S version 7.10.145.EURO

NETWAVE MNG6200 C4835805jrc12FU121413.cpr devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. NETWAVE MNG6200 The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NETWAVE MNG6200 is a modem product. A security vulnerability exists in NETWAVE MNG6200 C4835805jrc12FU121413.cpr version

TEKNOTEL CBW700N 81.447.392110.729.024 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. TEKNOTEL CBW700N The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TEKNOTEL CBW700N is a modem. A security vulnerability exists in TEKNOTEL CBW700N version 81.447.392110.729.024

mplus CBC383Z CBC383Z_mplus_MDr026 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. mplus CBC383Z The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. mplus CBC383Z is a modem product. A security vulnerability exists in mplus CBC383Z CBC383Z_mplus_MDr026 version

S-A WebSTAR DPC2100 v2.0.2r1256-060303 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. S-A WebSTAR DPC2100 The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SA WebSTAR DPC2100 is a modem. There is a security vulnerability in SA WebSTAR DPC2100 v2.0.2r1256-060303 version

NET&SYS MNG2120J 5.76.1006c and MNG6300 5.83.6305jrc2 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. NET&SYS MNG2120J and MNG6300 The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NET&SYS MNG2120J and MNG6300 are both cable modem products of Korea NET&SYS Company. A security vulnerability exists in NET&SYS MNG2120J version 5.76.1006c and MNG6300 version 5.83.6305jrc2

D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. D-Link DCM-604 and DCM-704 The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The D-Link DCM-604 and DCM-704 are both D-Link wireless router products. A security vulnerability exists in the D-LinkDCM-604DCM604_C1_ViaCabo_1.04_20130606 and DCM-704EU_DCM-704_1.10 versions

Kaonmedia CG2001-AN22A 1.2.1, CG2001-UDBNA 3.0.8, and CG2001-UN2NA 3.0.8 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. Kaonmedia CG2001-AN22A , CG2001-UDBNA , CG2001-UN2NA The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Kaonmedia CG2001-AN22A, CG2001-UDBNA and CG2001-UN2NA are cable modem products of Kaonmedia Company in South Korea. There are security vulnerabilities in Kaonmedia CG2001-AN22A version 1.2.1, CG2001-UDBNA version 3.0.8 and CG2001-UN2NA version 3.0.8

Zoom 5352 v5.5.8.6Y devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. Zoom 5352 The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Zoom5352 is a modem device from ZoomTelephonics of the United States. An information disclosure vulnerability exists in the Zoom53525.5.8.6Y version

Motorola SBG901 SBG901-2.10.1.1-GA-00-581-NOSH, SBG941 SBG941-2.11.0.0-GA-07-624-NOSH, and SVG1202 SVG1202-2.1.0.0-GA-14-LTSH devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. Motorola SBG901 , SBG941 , SVG1202 The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Multiple Motorola products are prone to an information-disclosure vulnerability. Attackers can exploit this issue to view sensitive information. Information obtained may lead to further attacks. The following versions of product are vulnerable: Motorola SBG901 SBG901-2.10.1.1-GA-00-581-NOSH Motorola SBG941 SBG941-2.11.0.0-GA-07-624-NOSH Motorola SVG1202 SVG1202-2.1.0.0-GA-14-LTSH. Security vulnerability exists in Motorola SBG901 SBG901-2.10.1.1-GA-00-581-NOSH version, SBG941 SBG941-2.11.0.0-GA-07-624-NOSH version, and SVG1202 SVG1202-2.1.0.0-GA-14-LTSH version

Skyworth CM5100 V1.1.0, CM5100-440 V1.2.1, CM5100-511 4.1.0.14, CM5100-GHD00 V1.2.2, and CM5100.g2 4.1.0.17 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. plural Skyworth Product devices contain vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Skyworth CM5100 and others are different types of cable modem products of China Skyworth Group. Security flaws exist in several Skyworth products. The following products and versions are affected: Skyworth CM5100 version 1.1.0; CM5100-440 version 1.2.1; CM5100-511 version 4.1.0.14; CM5100-GHD00 version 1.2.2; CM5100.g2 version 4.1.0.17

Ubee DVW2108 6.28.1017 and DVW2110 6.28.2012 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. Ubee DVW2108 and DVW2110 The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Ubee DVW2108 and DVW2110 are modem products of Ubee Interactive Company. There are security vulnerabilities in Ubee DVW2108 version 6.28.1017 and DVW2110 version 6.28.2012