VARIoT IoT vulnerabilities database
| VAR-202102-1618 | No CVE | EasyBuilder Pro has a dll hijacking vulnerability (CNVD-2021-05667) |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
EasyBuilder Pro is an HMI software developed by Weilun.
EasyBuilder Pro has a dll hijacking vulnerability, which can be exploited by an attacker to gain server control rights.
| VAR-202102-1619 | No CVE | EasyBuilder Pro has a binary vulnerability (CNVD-2021-05666) |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
EasyBuilder Pro is a configuration software developed by Weilun.
EasyBuilder Pro has a binary vulnerability, which can be exploited by an attacker to cause a denial of service.
| VAR-202102-1620 | No CVE | EasyBuilder Pro has a dll hijacking vulnerability (CNVD-2021-05692) |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
EasyBuilder Pro is an HMI software developed by Weilun.
EasyBuilder Pro has a dll hijacking vulnerability, which can be exploited by an attacker to gain server control rights.
| VAR-202102-1623 | No CVE | A denial of service vulnerability exists in SIMATIC S7-PLCSM (CNVD-2021-05558) |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
SIMATIC S7-PLCSM is a PLC simulation software developed by Siemens.
SIMATIC S7-PLCSM has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service.
| VAR-202102-1624 | No CVE | EasyBuilder Pro has a dll hijacking vulnerability (CNVD-2021-05695) |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
EasyBuilder Pro is a configuration software developed by Weilun.
EasyBuilder Pro has a dll hijacking vulnerability, which can be exploited by an attacker to gain server control rights.
| VAR-202102-1626 | No CVE | EasyBuilder Pro has a binary vulnerability |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
EasyBuilder Pro is an HMI software developed by Weilun.
EasyBuilder Pro has a binary vulnerability, which can be exploited by an attacker to cause a denial of service.
| VAR-202102-1629 | No CVE | EasyBuilder Pro has a dll hijacking vulnerability (CNVD-2021-05693) |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
EasyBuilder Pro is a configuration software developed by Weilun.
EasyBuilder Pro has a dll hijacking vulnerability, which can be exploited by an attacker to gain server control rights.
| VAR-202102-1630 | No CVE | EasyBuilder Pro has a dll hijacking vulnerability (CNVD-2021-05668) |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
EasyBuilder Pro is an HMI software developed by Weilun.
EasyBuilder Pro has a dll hijacking vulnerability, which can be exploited by an attacker to gain server control rights.
| VAR-202102-1631 | No CVE | EasyBuilder Pro has dll hijacking vulnerability |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
EasyBuilder Pro is a configuration software developed by Weilun.
EasyBuilder Pro has a dll hijacking vulnerability, which can be exploited by an attacker to gain server control rights.
| VAR-202102-1567 | No CVE | Cisco RV110W has a binary vulnerability |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
Cisco RV110W is a wireless router.
The Cisco RV110W has a binary vulnerability. Attackers can use the vulnerability to directly execute arbitrary system commands as root.
| VAR-202102-1577 | No CVE | TP-Link router TL-ER6220G has a denial of service vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
TL-ER6220G is a dual-core multi-WAN port gigabit enterprise VPN router.
TP-Link router TL-ER6220G has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service attack.
| VAR-202102-1578 | No CVE | TP-Link router TL-ER3229G has a denial of service vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
TL-ER3229G is a dual-core multi-WAN port gigabit enterprise VPN router.
TP-Link router TL-ER3229G has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service attack.
| VAR-202102-1579 | No CVE | TP-Link router TL-ER2220G has a denial of service vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
TL-ER2220G is a dual-core multi-WAN port gigabit enterprise VPN router.
TP-Link router TL-ER2220G has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service attack.
| VAR-202102-1580 | No CVE | TP-Link router TL-ER6120G has a denial of service vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
TL-ER6120G is a multi-WAN port Gigabit enterprise VPN router.
TP-Link router TL-ER6120G has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service attack.
| VAR-202102-1581 | No CVE | TP-Link router TL-ER5120G has a denial of service vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
TL-ER5120G is a multi-WAN port Gigabit commercial router.
TP-Link router TL-ER5120G has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service attack.
| VAR-202102-1582 | No CVE | TP-Link router TL-ER3210G has a denial of service vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
TL-ER3210G is a dual-core gigabit enterprise VPN router.
TP-Link router TL-ER3210G has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service attack.
| VAR-202102-1583 | No CVE | TP-Link router TL-ER5110G has a denial of service vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
TL-ER5110G is a gigabit commercial router.
TP-Link router TL-ER5110G has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service attack.
| VAR-202102-1558 | No CVE | TP-Link TL-ER3220G has a denial of service vulnerability |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
TL-ER3220G is a router of TP-LINK.
TP-Link TL-ER3220G has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service attack.
| VAR-202103-0947 | CVE-2021-27256 | NETGEAR R7800 In firmware OS Command injection vulnerability |
CVSS V2: 8.3 CVSS V3: 8.8 Severity: HIGH |
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_save.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12355. NETGEAR R7800 For firmware, OS A command injection vulnerability exists. Zero Day Initiative To this vulnerability ZDI-CAN-12355 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
| VAR-202103-0946 | CVE-2021-27255 | NETGEAR R7800 Vulnerability regarding lack of authentication for important functions in firmware |
CVSS V2: 8.3 CVSS V3: 8.8 Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the refresh_status.aspx endpoint. The issue results from a lack of authentication required to start a service on the server. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12360. Zero Day Initiative To this vulnerability ZDI-CAN-12360 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state