VARIoT IoT vulnerabilities database

Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 was discovered to store credentials in plaintext. of netgear WNR614 The firmware contains a vulnerability related to plaintext storage of sensitive information.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Netgear WNR614 is a N300 wireless router with an external antenna from Netgear. Netgear WNR614 has a security vulnerability that is caused by storing credentials in plain text. No detailed vulnerability details are provided at this time

An issue in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to create passwords that do not conform to defined security standards. of netgear WNR614 A weak password requirement vulnerability exists in the firmware.Information may be obtained and information may be tampered with. Netgear WNR614 is an N300 wireless router with an external antenna from Netgear. No detailed vulnerability details are available at this time

Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 does not properly set the HTTPOnly flag for cookies. This allows attackers to possibly intercept and access sensitive communications between the router and connected devices. of netgear WNR614 There are unspecified vulnerabilities in the firmware.Information may be obtained and information may be tampered with. Netgear WNR614 is an N300 wireless router with an external antenna from Netgear

An issue in Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 allows attackers to bypass authentication and access the administrative interface via unspecified vectors. of netgear WNR614 The firmware contains a vulnerability related to weak authentication.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR WNR614 is a N300 wireless router with an external antenna from Netgear. No detailed vulnerability details are currently available

The Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. An attacker with the ability to edit documents in the catalog application/database created from this template can embed a cross site scripting attack. The attack would be activated by an end user clicking it. HCL Technologies Limited of Domino server Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

Insecure permissions in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to access URLs and directories embedded within the firmware via unspecified vectors. of netgear WNR614 A path traversal vulnerability exists in firmware.Information may be tampered with. NETGEAR WNR614 is an N300 wireless router with an external antenna from NETGEAR Inc. Attackers can exploit this vulnerability to cause information leakage

Trend Micro Security 17.x (Consumer) is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the coreServiceShell. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM

A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Authentication is required to exploit this vulnerability.The specific flaw exists within the HTTP Inspection component. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user

Fuji Electric Monitouch V-SFT is vulnerable to a type confusion, which could cause a crash or code execution. Fuji Electric's Monitouch V-SFT contains a type confusion vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of V9 files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Fuji Electric Monitouch V-SFT is a human-machine interface software from Fuji Electric

TOTOLINK CP300 V2.0.4-B20201102 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root. TOTOLINK of CP300 A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK is a mid-to-high-end wireless router brand in the Asia-Pacific region

TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection via the host_time parameter in the NTPSyncWithHost function. TOTOLINK of lr350 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK LR350 is a wireless router from China's TOTOLINK Electronics. No detailed vulnerability details are currently available

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action wizard_ipv6 with a sufficiently long reboot_type key. TRENDnet of TEW-827DRU A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action vlan_setting with a sufficiently long dns1 or dns 2 key

Information disclosure in Video while parsing mp2 clip with invalid section length. AQT1000 firmware, fastconnect 6200 firmware, fastconnect 6700 Multiple Qualcomm products, such as firmware, contain an out-of-bounds read vulnerability.Information may be obtained

Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command. 315 5g iot modem firmware, 9205 lte modem firmware, 9206 lte modem Multiple Qualcomm products, such as firmware, contain vulnerabilities related to authentication.Information may be tampered with

In modem, there is a possible information disclosure due to using risky cryptographic algorithm during connection establishment negotiation. This could lead to remote information disclosure, when weak encryption algorithm is used, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00942482; Issue ID: MSV-1469. media tech's NR15 , nr16 , NR17 Exists in the use of cryptographic algorithms.Information is obtained and service operation is interrupted (DoS) It may be in a state

In modem, there is a possible selection of less-secure algorithm during the VoWiFi IKE due to a missing DH downgrade check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01286330; Issue ID: MSV-1430. media tech's NR15 Exists in unspecified vulnerabilities.Information may be obtained

In modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is no needed for exploitation. Patch ID: MOLY01270721; Issue ID: MSV-1479. media tech's nr16 and NR17 Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state

In modem, there is a possible out of bounds write due to improper input invalidation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01267285; Issue ID: MSV-1462. media tech's nr16 and NR17 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

In modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is no needed for exploitation. Patch ID: MOLY01267281; Issue ID: MSV-1477. media tech's nr16 and NR17 Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state