VARIoT IoT vulnerabilities database

NETWAVE MNG6200 C4835805jrc12FU121413.cpr devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. NETWAVE MNG6200 The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NETWAVE MNG6200 is a modem product. A security vulnerability exists in NETWAVE MNG6200 C4835805jrc12FU121413.cpr version

TEKNOTEL CBW700N 81.447.392110.729.024 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. TEKNOTEL CBW700N The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TEKNOTEL CBW700N is a modem. A security vulnerability exists in TEKNOTEL CBW700N version 81.447.392110.729.024

mplus CBC383Z CBC383Z_mplus_MDr026 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. mplus CBC383Z The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. mplus CBC383Z is a modem product. A security vulnerability exists in mplus CBC383Z CBC383Z_mplus_MDr026 version

S-A WebSTAR DPC2100 v2.0.2r1256-060303 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. S-A WebSTAR DPC2100 The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SA WebSTAR DPC2100 is a modem. There is a security vulnerability in SA WebSTAR DPC2100 v2.0.2r1256-060303 version

NET&SYS MNG2120J 5.76.1006c and MNG6300 5.83.6305jrc2 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. NET&SYS MNG2120J and MNG6300 The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NET&SYS MNG2120J and MNG6300 are both cable modem products of Korea NET&SYS Company. A security vulnerability exists in NET&SYS MNG2120J version 5.76.1006c and MNG6300 version 5.83.6305jrc2

D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. D-Link DCM-604 and DCM-704 The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The D-Link DCM-604 and DCM-704 are both D-Link wireless router products. A security vulnerability exists in the D-LinkDCM-604DCM604_C1_ViaCabo_1.04_20130606 and DCM-704EU_DCM-704_1.10 versions

Kaonmedia CG2001-AN22A 1.2.1, CG2001-UDBNA 3.0.8, and CG2001-UN2NA 3.0.8 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. Kaonmedia CG2001-AN22A , CG2001-UDBNA , CG2001-UN2NA The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Kaonmedia CG2001-AN22A, CG2001-UDBNA and CG2001-UN2NA are cable modem products of Kaonmedia Company in South Korea. There are security vulnerabilities in Kaonmedia CG2001-AN22A version 1.2.1, CG2001-UDBNA version 3.0.8 and CG2001-UN2NA version 3.0.8

Zoom 5352 v5.5.8.6Y devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. Zoom 5352 The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Zoom5352 is a modem device from ZoomTelephonics of the United States. An information disclosure vulnerability exists in the Zoom53525.5.8.6Y version

Motorola SBG901 SBG901-2.10.1.1-GA-00-581-NOSH, SBG941 SBG941-2.11.0.0-GA-07-624-NOSH, and SVG1202 SVG1202-2.1.0.0-GA-14-LTSH devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. Motorola SBG901 , SBG941 , SVG1202 The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Multiple Motorola products are prone to an information-disclosure vulnerability. Attackers can exploit this issue to view sensitive information. Information obtained may lead to further attacks. The following versions of product are vulnerable: Motorola SBG901 SBG901-2.10.1.1-GA-00-581-NOSH Motorola SBG941 SBG941-2.11.0.0-GA-07-624-NOSH Motorola SVG1202 SVG1202-2.1.0.0-GA-14-LTSH. Security vulnerability exists in Motorola SBG901 SBG901-2.10.1.1-GA-00-581-NOSH version, SBG941 SBG941-2.11.0.0-GA-07-624-NOSH version, and SVG1202 SVG1202-2.1.0.0-GA-14-LTSH version

Skyworth CM5100 V1.1.0, CM5100-440 V1.2.1, CM5100-511 4.1.0.14, CM5100-GHD00 V1.2.2, and CM5100.g2 4.1.0.17 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. plural Skyworth Product devices contain vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Skyworth CM5100 and others are different types of cable modem products of China Skyworth Group. Security flaws exist in several Skyworth products. The following products and versions are affected: Skyworth CM5100 version 1.1.0; CM5100-440 version 1.2.1; CM5100-511 version 4.1.0.14; CM5100-GHD00 version 1.2.2; CM5100.g2 version 4.1.0.17

Ubee DVW2108 6.28.1017 and DVW2110 6.28.2012 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. Ubee DVW2108 and DVW2110 The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Ubee DVW2108 and DVW2110 are modem products of Ubee Interactive Company. There are security vulnerabilities in Ubee DVW2108 version 6.28.1017 and DVW2110 version 6.28.2012

plural Technicolor Product Contains a vulnerability related to certificate and password management.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Technicolor CGA0111 etc. are the modem products of the French Technicolor Group. A security vulnerability exists in several Technicolor products. A remote attacker could exploit this vulnerability to obtain credentials by sending SNMP requests. The following products and versions are affected: Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU ​​version; CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC version; Version; TC7110.AR STD3.38.03 version; TC7110.B STC8.62.02 version; TC7110.D STDB.79.02 version; TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT version;

Orange Livebox 00.96.320S devices allow remote attackers to discover Wi-Fi credentials via /get_getnetworkconf.cgi on port 8080, leading to full control if the admin password equals the Wi-Fi password or has the default admin value. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2. Orange Livebox Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Orange Livebox Contains an input validation vulnerability.Information may be tampered with. The Orange Livebox is an ADSL (Asymmetric Digital Subscriber Line) modem. A security vulnerability exists in Orange Livebox version 00.96.320S. A remote attacker could exploit this vulnerability by sending a GET request to the /get_getnetworkconf.cgi URI to obtain the device's SSID and WI-FI password

Thomson DWG849 STC0.01.16, DWG850-4 ST9C.05.25, DWG855 ST80.20.26, and TWG870 STB2.01.36 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. plural Thomson Product devices contain vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Thomson DWG849 etc. are all modem products. A security vulnerability exists in several Thomson products. The following products and versions are affected: Thomson DWG849 STC version 0.01.16; DWG850-4 ST9C.05.25 version; DWG855 ST80.20.26 version; TWG870 STB version 2.01.36

Barracuda Message Archiver 2018 has XSS in the error_msg exception-handling value for the ldap_user parameter to the cgi-mod/ldap_load_entry.cgi module. The injection point of the issue is the Add_Update module. The solution supports indexing and saving of all e-mail, and can enhance operational efficiency and enforce compliance policies. A remote attacker could exploit this vulnerability to inject malicious scripts into client web application requests

A researcher has disclosed several vulnerabilities against FortiClient for Windows version 6.0.5 and below, version 5.6.6, the combination of these vulnerabilities can turn into an exploit chain, which allows a user to gain system privileges on Microsoft Windows. Windows for Fortinet FortiClient Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fortinet FortiClient is prone to multiple local privilege-escalation vulnerabilities. An attacker can exploit these issues to gain the elevated privileges on the system. Failed exploit attempts may result in a denial of service condition. Fortinet FortiClient 6.0.4 and prior are vulnerable. Fortinet FortiClient is a mobile terminal security solution developed by Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to FortiGate firewall appliances. The vulnerability stems from the lack of effective permissions and access control measures in network systems or products

A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attackers to execute unauthorized code or commands via the named pipe responsible for Forticlient updates. Windows for Fortinet FortiClient Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fortinet FortiClient is prone to multiple local privilege-escalation vulnerabilities. An attacker can exploit these issues to gain the elevated privileges on the system. Failed exploit attempts may result in a denial of service condition. Fortinet FortiClient 6.0.4 and prior are vulnerable

A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the command injection. Windows for Fortinet FortiClient Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fortinet FortiClient is prone to multiple local privilege-escalation vulnerabilities. An attacker can exploit these issues to gain the elevated privileges on the system. Failed exploit attempts may result in a denial of service condition. Fortinet FortiClient 6.0.4 and prior are vulnerable. Fortinet FortiClient is a mobile terminal security solution developed by Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to FortiGate firewall appliances. Vulnerabilities in permissions and access control issues exist in Fortinet FortiClient version 6.0.4 based on the Windows platform. The vulnerability stems from the lack of effective permissions and access control measures in network systems or products

The Floureon IP Camera SP012 provides a root terminal on a UART serial interface without proper access control. This allows attackers with physical access to execute arbitrary commands with root privileges. Floureon IP Camera SP012 Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

An exploitable pool corruption vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400). A specially crafted IRP request can cause a buffer overflow, resulting in kernel memory corruption and, potentially, privilege escalation. An attacker can send an IRP request to trigger this vulnerability. WIBU-SYSTEMS WibuKey.sys Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Wibu Systems WibuKey Digital Rights Management is prone to multiple input-validation vulnerabilities. Attackers can exploit these issues to obtain sensitive information, to execute arbitrary code in the context of the user running the application. Failed exploit attempts may result in a denial-of-service condition. WibuKey versions prior to 6.50 are vulnerable