VARIoT IoT vulnerabilities database

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RAX200 before 1.0.4.120, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. This affects RAX200 prior to 1.0.4.120, RAX75 prior to 1.0.4.120, RAX80 prior to 1.0.4.120, RBK852 prior to 3.2.17.12, RBR850 prior to 3.2.17.12, and RBS850 prior to 3.2.17.12

MP C3004ex is a color digital copier. Ricoh (China) Investment Co., Ltd. MP C3004ex has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

Certain NETGEAR devices are affected by CSRF. This affects EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, and EX6130 before 1.0.0.44. This affects EX3700 prior to 1.0.0.90, EX3800 prior to 1.0.0.90, EX6120 prior to 1.0.0.64, and EX6130 prior to 1.0.0.44

MP C2004ex is a digital copier. Ricoh (China) Investment Co., Ltd. MP C2004ex has an unauthorized access vulnerability. Attackers can use the vulnerability to obtain sensitive information.

Ricoh (China) Investment Co., Ltd. provides office image processing equipment (such as MFPs, printers, etc.), production digital printers, etc., such as document output management services and IT solutions. Ricoh (China) Investment Co., Ltd. MP 402SPF has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

Null pointer dereference vulnerability in D-Link DAP-2310 2,10RC039, DAP-2330 1.10RC036 BETA, DAP-2360 2.10RC055, DAP-2553 3.10rc039 BETA, DAP-2660 1.15rc131b, DAP-2690 3.20RC115 BETA, DAP-2695 1.20RC093, DAP-3320 1.05RC027 BETA and DAP-3662 1.05rc069 in the sbin/httpd binary. The crash happens at the `atoi' operation when a specific network package are sent to the httpd binary. plural D-Link DAP The product has NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be put into a state. D-Link DAP-2310 is a single-band wireless network access point, suitable for small businesses or schools that require fast and reliable wireless networks. D-Link DAP-2330 is a wireless N300 single frequency PoE access point

NETGEAR R6400 devices before 1.0.1.70 are affected by a stack-based buffer overflow by an authenticated user. NETGEAR R6400 The device contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects MK62 before 1.0.6.110, MR60 before 1.0.6.110, MS60 before 1.0.6.110, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX45 before 1.0.2.32, RAX50 before 1.0.2.32, RAX75 before 1.0.3.106, RAX80 before 1.0.3.106, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, and RBS750 before 3.2.16.6. plural NETGEAR The product contains a vulnerability related to out-of-bounds writes.Service operation interruption (DoS) It may be in a state. This affects MK62 prior to 1.0.6.110, MR60 prior to 1.0.6.110, MS60 prior to 1.0.6.110, RAX15 prior to 1.0.2.82, RAX20 prior to 1.0.2.82, RAX200 prior to 1.0.3.106, RAX45 prior to 1.0.2.32, RAX50 prior to 1.0.2.32, RAX75 prior to 1.0.3.106, RAX80 prior to 1.0.3.106, RBK752 prior to 3.2.16.6, RBR750 prior to 3.2.16.6, and RBS750 prior to 3.2.16.6

Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 by sending the POST request to apply_cgi with an unknown action name

A Format String vulnerablity exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service due to a logic bug at address 0x40dcd0 when calling fprintf with "%s: key len = %d, too long\n" format. The two variables seem to be put in the wrong order. The vulnerability could be triggered by sending the POST request to apply_cgi with a long and unknown key in the request body. plural TRENDnet The product contains a vulnerability in format strings.Service operation interruption (DoS) It may be in a state

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.36, D7000 before 1.0.1.70, EX6200v2 before 1.0.1.78, EX7000 before 1.0.1.78, EX8000 before 1.0.1.186, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.42, R6050 before 1.0.1.18, R6080 before 1.0.0.42, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.64, R6300v2 before 1.0.4.34, R6700 before 1.0.2.6, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R6900v2 before 1.2.0.36, R7000 before 1.0.9.42, R7000P before 1.3.1.64, R7800 before 1.0.2.60, R8900 before 1.0.4.12, R9000 before 1.0.4.12, and XR500 before 2.3.2.40. plural NETGEAR The product contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects D3600 prior to 1.0.0.76, D6000 prior to 1.0.0.76, D6200 prior to 1.1.00.36, D7000 prior to 1.0.1.70, EX6200v2 prior to 1.0.1.78, EX7000 prior to 1.0.1.78, EX8000 prior to 1.0.1.186, JR6150 prior to 1.0.1.18, PR2000 prior to 1.0.0.28, R6020 prior to 1.0.0.42, R6050 prior to 1.0.1.18, R6080 prior to 1.0.0.42, R6120 prior to 1.0.0.46, R6220 prior to 1.1.0.80, R6260 prior to 1.1.0.64, R6300v2 prior to 1.0.4.34, R6700 prior to 1.0.2.6, R6700v2 prior to 1.2.0.36, R6800 prior to 1.2.0.36, R6900 prior to 1.0.2.4, R6900P prior to 1.3.1.64, R6900v2 prior to 1.2.0.36, R7000 prior to 1.0.9.42, R7000P prior to 1.3.1.64, R7800 prior to 1.0.2.60, R8900 prior to 1.0.4.12, R9000 prior to 1.0.4.12, and XR500 prior to 2.3.2.40

Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6220 before 1.0.0.48, D6400 before 1.0.0.82, D7000v2 before 1.0.0.52, D7800 before 1.0.1.44, D8500 before 1.0.3.43, DC112A before 1.0.0.40, DGN2200v4 before 1.0.0.108, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBR40 before 2.3.0.28, RBS40 before 2.3.0.28, R6020 before 1.0.0.34, R6080 before 1.0.0.34, R6120 before 1.0.0.44, R6220 before 1.1.0.80, R6230 before 1.1.0.80, R6250 before 1.0.4.34, R6260 before 1.1.0.40, R6850 before 1.1.0.40, R6350 before 1.1.0.40, R6400v2 before 1.0.2.62, R6700v3 before 1.0.2.62, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, R7000 before 1.0.9.34, R6900P before 1.3.1.44, R7000P before 1.3.1.44, R7100LG before 1.0.0.48, R7200 before 1.2.0.48, R7350 before 1.2.0.48, R7400 before 1.2.0.48, R7450 before 1.2.0.36, AC2100 before 1.2.0.36, AC2400 before 1.2.0.36, AC2600 before 1.2.0.36, R7500v2 before 1.0.3.38, R7800 before 1.0.2.58, R7900 before 1.0.3.8, R7960P before 1.4.1.44, R8000 before 1.0.4.28, R7900P before 1.4.1.30, R8000P before 1.4.1.30, R8900 before 1.0.4.2, R9000 before 1.0.4.2, RAX120 before 1.0.0.74, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, WNR3500Lv2 before 1.2.0.56, XR450 before 2.3.2.32, and XR500 before 2.3.2.32. This affects D6220 prior to 1.0.0.48, D6400 prior to 1.0.0.82, D7000v2 prior to 1.0.0.52, D7800 prior to 1.0.1.44, D8500 prior to 1.0.3.43, DC112A prior to 1.0.0.40, DGN2200v4 prior to 1.0.0.108, RBK50 prior to 2.3.0.32, RBR50 prior to 2.3.0.32, RBS50 prior to 2.3.0.32, RBK20 prior to 2.3.0.28, RBR20 prior to 2.3.0.28, RBS20 prior to 2.3.0.28, RBK40 prior to 2.3.0.28, RBR40 prior to 2.3.0.28, RBS40 prior to 2.3.0.28, R6020 prior to 1.0.0.34, R6080 prior to 1.0.0.34, R6120 prior to 1.0.0.44, R6220 prior to 1.1.0.80, R6230 prior to 1.1.0.80, R6250 prior to 1.0.4.34, R6260 prior to 1.1.0.40, R6850 prior to 1.1.0.40, R6350 prior to 1.1.0.40, R6400v2 prior to 1.0.2.62, R6700v3 prior to 1.0.2.62, R6700v2 prior to 1.2.0.36, R6800 prior to 1.2.0.36, R6900v2 prior to 1.2.0.36, R7000 prior to 1.0.9.34, R6900P prior to 1.3.1.44, R7000P prior to 1.3.1.44, R7100LG prior to 1.0.0.48, R7200 prior to 1.2.0.48, R7350 prior to 1.2.0.48, R7400 prior to 1.2.0.48, R7450 prior to 1.2.0.36, AC2100 prior to 1.2.0.36, AC2400 prior to 1.2.0.36, AC2600 prior to 1.2.0.36, R7500v2 prior to 1.0.3.38, R7800 prior to 1.0.2.58, R7900 prior to 1.0.3.8, R7960P prior to 1.4.1.44, R8000 prior to 1.0.4.28, R7900P prior to 1.4.1.30, R8000P prior to 1.4.1.30, R8900 prior to 1.0.4.2, R9000 prior to 1.0.4.2, RAX120 prior to 1.0.0.74, RBK752 prior to 3.2.16.6, RBR750 prior to 3.2.16.6, RBS750 prior to 3.2.16.6, RBK852 prior to 3.2.16.6, RBR850 prior to 3.2.16.6, RBS850 prior to 3.2.16.6, WNR3500Lv2 prior to 1.2.0.56, XR450 prior to 2.3.2.32, and XR500 prior to 2.3.2.32

NETGEAR RAX40 devices before 1.0.3.64 are affected by stored XSS. NETGEAR RAX40 A cross-site scripting vulnerability exists in the device.Information may be obtained and information may be tampered with. NETGEAR RAX40 is a 4-stream AX3000 dual-band WiFi 6 router. An attacker could exploit this vulnerability to execute client code

Null Pointer Deference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial os service by sending the POST request to apply_cgi via action do_graph_auth without login_name key. plural TRENDnet The product has NULL A pointer dereference vulnerability exists.Denial of service (DoS) It may be put into a state

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.68, R8900 before 1.0.4.26, R9000 before 1.0.4.26, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and XR500 before 2.3.2.56. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and information may be tampered with. This affects D7800 prior to 1.0.1.56, R7800 prior to 1.0.2.68, R8900 prior to 1.0.4.26, R9000 prior to 1.0.4.26, RAX120 prior to 1.0.0.78, RBK20 prior to 2.3.5.26, RBR20 prior to 2.3.5.26, RBS20 prior to 2.3.5.26, RBK40 prior to 2.3.5.30, RBR40 prior to 2.3.5.30, RBS40 prior to 2.3.5.30, RBK50 prior to 2.3.5.30, RBR50 prior to 2.3.5.30, RBS50 prior to 2.3.5.30, and XR500 prior to 2.3.2.56

MP C6004ex is a color digital copier. Ricoh (China) Investment Co., Ltd. MP C6004ex has an unauthorized access vulnerability. Attackers can use the vulnerability to obtain sensitive information.

Ricoh (China) Investment Co., Ltd. provides office image processing equipment (such as MFPs, printers, etc.), production digital printers, etc., such as document output management services and IT solutions. Ricoh (China) Investment Co., Ltd. MP C307 has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

Certain NETGEAR devices are affected by authentication bypass. This affects RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, RBS850 before 3.2.10.11, CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, MK62 before 1.0.6.110, MR60 before 1.0.6.110, MS60 before 1.0.6.110, RBK752 before 3.2.10.10, RBR750 before 3.2.10.10, and RBS750 before 3.2.10.10. plural NETGEAR There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Netgear RBR750 is a home WiFi system from Netgear. Several NETGEAR devices have an access control error vulnerability that stems from the product not properly restricting access from unauthorized roles. No detailed vulnerability details are currently provided. This affects RBK852 prior to 3.2.10.11, RBR850 prior to 3.2.10.11, RBS850 prior to 3.2.10.11, CBR40 prior to 2.5.0.10, EAX20 prior to 1.0.0.48, MK62 prior to 1.0.6.110, MR60 prior to 1.0.6.110, MS60 prior to 1.0.6.110, RBK752 prior to 3.2.10.10, RBR750 prior to 3.2.10.10, and RBS750 prior to 3.2.10.10

Shanghai Andatong Information Security Technology Co., Ltd. is a high-tech enterprise founded in Pudong Zhangjiang Hi-tech Park on February 8, 2002. The company is specialized in VPN security gateways, VPN network management platforms, identity authentication and network behavior management systems. R&D vendors. The TPN-2G gateway console has a weak password vulnerability. Attackers use weak passwords to log in to the background to obtain sensitive information.

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6400 before 1.0.1.52, R6400v2 before 1.0.4.84, R6700v3 before 1.0.4.84, R6700v2 before 1.2.0.62, R6900v2 before 1.2.0.62, and R7000P before 1.3.2.124. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Netgear NETGEAR is a router from Netgear. A hardware device that connects two or more networks and acts as a gateway between networks. A variety of NETGEAR device command injection vulnerabilities, the vulnerability stems from the product does not filter special characters in user input data, attackers can execute system commands through this vulnerability. This affects R6400 prior to 1.0.1.52, R6400v2 prior to 1.0.4.84, R6700v3 prior to 1.0.4.84, R6700v2 prior to 1.2.0.62, R6900v2 prior to 1.2.0.62, and R7000P prior to 1.3.2.124