VARIoT IoT vulnerabilities database
| VAR-202103-1721 | No CVE | TP-Link TL-R498GPM-AC has a denial of service vulnerability |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
TP-Link TL-R498GPM-AC is a router.
TP-Link TL-R498GPM-AC has a denial of service vulnerability. Attackers can use the loopholes to send carefully constructed data packets (pointing to a specific destination address) to cause the target router and its upper carrier's router to cause a denial of service.
| VAR-202103-1722 | No CVE | TP-Link TL-R488GPM-AC has a denial of service vulnerability |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
TP-Link TL-R488GPM-AC is a router.
TP-Link TL-R488GPM-AC has a denial of service vulnerability. Attackers can use the loopholes to send carefully constructed data packets (pointing to a specific destination address) to cause the target router and its upper carrier's router to cause a denial of service.
| VAR-202103-1723 | No CVE | TP-Link TL-R483G has a denial of service vulnerability |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
TP-Link TL-R483G is a multi-WAN port gigabit enterprise VPN router.
TP-Link TL-R483G has a denial of service vulnerability. Attackers can use the loopholes to send carefully constructed data packets (pointing to a specific destination address) to cause the target router and its upper carrier's router to cause a denial of service.
| VAR-202103-1724 | No CVE | TP-Link TL-WAR1200L has a denial of service vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
TL-WAR1200L is a router.
TP-Link TL-WAR1200L has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service attack.
| VAR-202103-1725 | No CVE | Several LB-LINK routers have command execution vulnerabilities |
CVSS V2: 8.3 CVSS V3: - Severity: HIGH |
BL-X22, BL-X16 and BL-X12 are all wireless routers of Shenzhen Bilian Electronics Co., Ltd.
Many LB-LINK routers have command execution vulnerabilities. An attacker can use this vulnerability to gain control of the website server.
| VAR-202103-1726 | No CVE | Ruijie RSR series routers have weak password vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Ruijie Networks Co., Ltd. is a data communication solution provider.
Ruijie RSR series routers have weak password vulnerabilities. Attackers can use the vulnerability to log in to the device with a weak password to obtain sensitive information.
| VAR-202103-1727 | No CVE | Tenda AC15 has a buffer overflow vulnerability |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
Tenda AC15 is a wireless router product.
Tenda AC15 has a buffer overflow vulnerability. An attacker can use this vulnerability to cause a denial of service.
| VAR-202103-1728 | No CVE | Tenda AC9 has a buffer overflow vulnerability |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
Tenda AC9 is a wireless router product.
Tenda AC9 has a buffer overflow vulnerability. An attacker can use this vulnerability to cause a denial of service.
| VAR-202103-1729 | No CVE | TP-Link TL-R473GP-AC has a denial of service vulnerability (CNVD-2021-08391) |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
TL-R473GP-AC is a PoE·AC integrated VPN router product developed by TP-LINK for small and micro enterprises, offices, villas and other environments.
TP-Link TL-R473GP-AC has a denial of service vulnerability. Attackers can use the loopholes to send carefully constructed data packets (pointing to a specific destination address) to cause the target router and its upper carrier's router to cause a denial of service.
| VAR-202103-1730 | No CVE | TP-Link TL-R473GP-AC has a denial of service vulnerability |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
TL-R473GP-AC is a PoE·AC integrated VPN router product developed by TP-LINK for small and micro enterprises, offices, villas and other environments.
TP-Link TL-R473GP-AC has a denial of service vulnerability. Attackers can use the loopholes to send carefully constructed data packets (pointing to a specific destination address) to cause the target router and its upper carrier's router to cause a denial of service.
| VAR-202103-1731 | No CVE | TP-Link TL-R470GP-AC has a denial of service vulnerability |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
TP-Link TL-R470GP-AC is a router.
TP-Link TL-R470GP-AC has a denial of service vulnerability. Attackers can use the loopholes to send carefully constructed data packets (pointing to a specific destination address) to cause the target router and its upper carrier's router to cause a denial of service.
| VAR-202103-1732 | No CVE | TP-Link TL-R476G has a denial of service vulnerability |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
TP-Link TL-R476G is a multi-WAN port gigabit enterprise wired router.
TP-Link TL-R476G has a denial of service vulnerability. Attackers can use the loopholes to send carefully constructed data packets (pointing to a specific destination address) to cause the target router and its upper carrier's router to cause a denial of service.
| VAR-202103-1733 | No CVE | Tenda AC15 has a denial of service vulnerability |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
Tenda AC15 is a wireless router product.
Tenda AC15 has a denial of service vulnerability. An attacker can use this vulnerability to cause a denial of service.
| VAR-202103-1734 | No CVE | Shenzhen Meikexing Communication Technology Co., Ltd. YR1800XG has a denial of service vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
YR1800XG is a router of Shenzhen Meikexing Communication Technology Co., Ltd.
Shenzhen Meikexing Communication Technology Co., Ltd. YR1800XG has a denial of service vulnerability. Attackers can use the vulnerability to cause a denial of service attack.
| VAR-202103-1735 | No CVE | Tenda AC9 has a denial of service vulnerability |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
Tenda AC9 is a wireless router product.
Tenda AC9 has a denial of service vulnerability. An attacker can use this vulnerability to cause a denial of service.
| VAR-202103-1736 | No CVE | Samsung WLAN AP has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Samsung (China) Investment Co., Ltd. is the headquarters of Samsung Group in China. As of the end of 2008, 20 of Samsung's more than 30 companies have invested in China, including Samsung Electronics, Samsung SDI, Samsung SDS, and Samsung Electro-Mechanics.
Samsung WLAN AP has a weak password vulnerability. Attackers can use this vulnerability to log in to the router backend to obtain sensitive information.
| VAR-202103-0241 | CVE-2020-29020 | Secomea SiteManager Authentication Vulnerability in Microsoft |
CVSS V2: 6.5 CVSS V3: 7.2 Severity: HIGH |
Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. This issue affects: Secomea SiteManager All versions prior to 9.4.620527004 on Hardware. Secomea SiteManager Contains an improper authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
| VAR-202103-0244 | CVE-2020-29030 | Secomea GateManager Cross Site Request Forgery Vulnerability |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
Cross-Site Request Forgery (CSRF) vulnerability in web GUI of Secomea GateManager allows an attacker to execute malicious code. This issue affects: Secomea GateManager All versions prior to 9.4. Secomea GateManager Contains a cross-site request forgery vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Secomea GateManager is a remote access server product of Denmark Secomea Company
| VAR-202103-0243 | CVE-2020-29029 | Secomea GateManager Cross-site Scripting Vulnerability |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
Improper Input Validation, Cross-site Scripting (XSS) vulnerability in Web GUI of Secomea GateManager allows an attacker to execute arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4. Secomea GateManager Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Secomea GateManager is a remote access server product of Denmark Secomea Company. The vulnerability stems from incorrect input validation
| VAR-202103-0242 | CVE-2020-29028 | Secomea GateManager Cross-site Scripting Vulnerability |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
Cross-site Scripting (XSS) vulnerability in web GUI of Secomea GateManager allows an attacker to inject arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4. Secomea GateManager Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Secomea GateManager is a remote access server product of Denmark Secomea Company