VARIoT IoT vulnerabilities database
| VAR-202012-1214 | CVE-2020-35840 | plural NETGEAR Cross-site scripting vulnerabilities in devices |
CVSS V2: 3.5 CVSS V3: 5.4 Severity: MEDIUM |
Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JNR1010v2 before 1.1.0.62, JR6150 before 1.0.1.24, JWNR2010v5 before 1.1.0.62, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.76, WNR1000v4 before 1.1.0.62, WNR2020 before 1.1.0.62, and WNR2050 before 1.1.0.62. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and information may be tampered with
| VAR-202012-1332 | CVE-2020-35835 | plural NETGEAR Cross-site scripting vulnerabilities in devices |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and information may be tampered with
| VAR-202012-1189 | CVE-2020-35790 | plural NETGEAR Command injection vulnerabilities in devices |
CVSS V2: 5.2 CVSS V3: 6.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.68, R8900 before 1.0.4.26, and R9000 before 1.0.4.26. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. NETGEAR D7800 is an AC2600 WiFi VDSL/ADSL modem router. NETGEAR R7800 is an AC2600 dual-band Gigabit wireless router. NETGEAR R8900 is a Nighthawk X10 AD7000 smart WiFi router. NETGEAR R9000 is a Nighthawk X10 AD7200 smart WiFi router. No detailed vulnerability details are currently provided
| VAR-202012-1131 | CVE-2020-35777 | NETGEAR DGN2200v1 Command injection vulnerabilities in devices |
CVSS V2: 7.7 CVSS V3: 8.4 Severity: HIGH |
NETGEAR DGN2200v1 devices before v1.0.0.58 are affected by command injection. NETGEAR DGN2200v1 A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. NETGEAR DGN2200v1 is a N300 wireless ADSL2+ modem router. No detailed vulnerability details are currently provided
| VAR-202012-1133 | CVE-2020-35779 | NETGEAR NMS300 Vulnerabilities in devices |
CVSS V2: 7.8 CVSS V3: 8.6 Severity: HIGH |
NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service. NETGEAR NMS300 An unspecified vulnerability exists in the device.Denial of service (DoS) It may be put into a state. NETGEAR NMS300 is a ProSAFE network management system. No detailed vulnerability details are currently provided
| VAR-202012-1134 | CVE-2020-35780 | NETGEAR NMS300 Vulnerabilities in devices |
CVSS V2: 4.0 CVSS V3: 6.5 Severity: MEDIUM |
NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service. NETGEAR NMS300 is a ProSAFE network management system. No detailed vulnerability details are currently provided
| VAR-202012-1338 | CVE-2020-35809 | plural NETGEAR Cross-site scripting vulnerabilities in devices |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and information may be tampered with. This affects D7800 prior to 1.0.1.56, R7500v2 prior to 1.0.3.46, R7800 prior to 1.0.2.74, R8900 prior to 1.0.4.28, R9000 prior to 1.0.4.28, RAX120 prior to 1.0.0.78, RBK50 prior to 2.3.5.30, RBR50 prior to 2.3.5.30, RBS50 prior to 2.3.5.30, XR500 prior to 2.3.2.56, and XR700 prior to 1.0.1.10
| VAR-202012-1132 | CVE-2020-35778 | plural NETGEAR Cross-site request forgery vulnerability in device |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
Certain NETGEAR devices are affected by CSRF. This affects GS716Tv3 before 6.3.1.36 and GS724Tv4 before 6.3.1.36. plural NETGEAR A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. NETGEAR GS716Tv3 is a 16-port Gigabit Ethernet intelligent management professional switch with 2 SFP ports. NETGEAR GS724Tv4 is a 24-port Gigabit intelligent management professional switch with 2 SFP ports.
NETGEAR GS716Tv3 and GS724Tv4 have cross-site request forgery vulnerabilities. No detailed vulnerability details are currently provided. This affects GS716Tv3 prior to 6.3.1.36 and GS724Tv4 prior to 6.3.1.36
| VAR-202012-1347 | CVE-2020-35818 | plural NETGEAR Cross-site scripting vulnerabilities in devices |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and information may be tampered with. This affects D7800 prior to 1.0.1.56, R7500v2 prior to 1.0.3.46, R7800 prior to 1.0.2.74, R8900 prior to 1.0.4.28, R9000 prior to 1.0.4.28, RAX120 prior to 1.0.0.78, RBR20 prior to 2.3.5.26, RBR20 prior to 2.3.5.26, RBS20 prior to 2.3.5.26, RBK40 prior to 2.3.5.30, RBR40 prior to 2.3.5.30, RBS40 prior to 2.3.5.30, RBK50 prior to 2.3.5.30, RBR50 prior to 2.3.5.30, RBS50 prior to 2.3.5.30, XR500 prior to 2.3.2.56, and XR700 prior to 1.0.1.10
| VAR-202012-1629 | No CVE | China Mobile Railway Tongyu routing has unauthorized access vulnerabilities |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
YuRoute is an IoT router.
China Mobile Railway Tongyu routing has unauthorized access vulnerabilities. Attackers can use the vulnerability to directly log in to the administrator page to perform operations.
| VAR-202012-1630 | No CVE | China Mobile Railway Tongyu routing has an information disclosure vulnerability (CNVD-2020-67110) |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
YuRoute is an IoT router.
China Mobile Railway Tongyu routing has information leakage vulnerabilities. Attackers can use vulnerabilities to obtain sensitive information.
| VAR-202012-1628 | No CVE | Zero Vision Technology (Shanghai) Co., Ltd. H5S CONSOLE has an unauthorized access vulnerability |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
Zero Vision Technology (Shanghai) Co., Ltd. serves customers with leading video technology and is committed to simplifying the development of Internet of Things video. Relying on new technologies such as HTML5 WebRTC, it realizes the simplification of video playback on all platforms.
Zero Vision Technology (Shanghai) Co., Ltd. H5S CONSOLE has an unauthorized access vulnerability. Attackers can use vulnerabilities to access corresponding ports in the background and perform unauthorized operations.
| VAR-202012-1588 | No CVE | Rockchip has a binary vulnerability (CNVD-2020-67105) |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
Rockchip Microelectronics Co., Ltd. has a R&D team specializing in system-level chip design and algorithm research, providing professional chip solutions for high-end smart hardware, mobile phone peripherals, tablet computers, TV set-top boxes, industrial control and other fields.
Rockchip has a binary vulnerability. Attackers can use this vulnerability to cause the program to crash.
| VAR-202012-1589 | No CVE | Rockchip has a binary vulnerability |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
Rockchip Microelectronics Co., Ltd. has a R&D team specializing in system-level chip design and algorithm research, providing professional chip solutions for high-end smart hardware, mobile phone peripherals, tablet computers, TV set-top boxes, industrial control and other fields.
Rockchip has a binary vulnerability. Attackers can use this vulnerability to cause the program to crash.
| VAR-202012-1615 | No CVE | Schneider Tricon safety instrumented system MP3009 processor has a denial of service vulnerability (CNVD-2020-67121) |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
Tricon safety instrumented system is the safety instrumented system of Schneider Electric Co., Ltd., MP3009 module is the processor module of Schneider Tricon safety instrumented system.
Schneider Tricon safety instrumented system MP3009 processor has a denial of service vulnerability. An attacker can use this vulnerability to launch a denial of service attack.
| VAR-202012-1616 | No CVE | Schneider Tricon safety instrumented system MP3009 processor has a denial of service vulnerability (CNVD-2020-67122) |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
Tricon safety instrumented system is the safety instrumented system of Schneider Electric Co., Ltd., MP3009 module is the processor module of Schneider Tricon safety instrumented system.
Schneider Tricon safety instrumented system MP3009 processor has a denial of service vulnerability. An attacker can use this vulnerability to launch a denial of service attack.
| VAR-202012-1617 | No CVE | Schneider Tricon safety instrumented system MP3009 processor has a denial of service vulnerability (CNVD-2020-67123) |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
Tricon safety instrumented system is the safety instrumented system of Schneider Electric Co., Ltd., MP3009 module is the processor module of Schneider Tricon safety instrumented system.
Schneider Tricon safety instrumented system MP3009 processor has a denial of service vulnerability. An attacker can use this vulnerability to launch a denial of service attack.
| VAR-202012-0811 | CVE-2020-28094 | Tenda AC1200 Vulnerabilities in devices |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, the default settings for the router speed test contain links to download malware named elive or CNKI E-Learning. Tenda AC1200 (Model AC6) An unspecified vulnerability exists in the device.Information may be obtained. Tenda AC1200 is a wireless router of China Tenda (Tenda) company. No detailed vulnerability details are currently provided
| VAR-202012-0810 | CVE-2020-28093 | Tenda AC1200 Vulnerabilities in devices |
CVSS V2: 6.5 CVSS V3: 7.2 Severity: HIGH |
On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, admin, support, user, and nobody have a password of 1234. Tenda AC1200 (Model AC6) An unspecified vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Tenda AC1200 is a wireless router of China Tenda (Tenda) company.
Tenda AC1200 (Model AC6) 15.03.06.51_multi has a default credential disclosure vulnerability. The default password is 1234. Attackers can use this default credential to log in to the management device
| VAR-202012-1528 | CVE-2020-14273 | HCL Domino Input confirmation vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
HCL Domino is susceptible to a Denial of Service (DoS) vulnerability due to insufficient validation of input to its public API. An unauthenticated attacker could could exploit this vulnerability to crash the Domino server