VARIoT IoT vulnerabilities database

Delta Group's areas of involvement include the provision of overall solutions for power management, video displays, industrial automation, network communication products, and renewable energy-related products. DELTA DOP 107EG has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service.

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-35801. Reason: This candidate is a reservation duplicate of CVE-2020-35801. Notes: All CVE users should reference CVE-2020-35801 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. NETGEAR JGS516PE/GS116Ev2 is a 16-port gigabit intelligent network management Plus switch. NETGEAR JGS516PE/GS116Ev2 2.6.0.43 version has firmware update vulnerability. The vulnerability stems from the fact that the TFTP server is active by default. An attacker can use this vulnerability to update the switch firmware

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-35783. Reason: This candidate is a reservation duplicate of CVE-2020-35783. Notes: All CVE users should reference CVE-2020-35783 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. NETGEAR JGS516PE/GS116Ev2 is a 16-port gigabit intelligent network management Plus switch. NETGEAR JGS516PE/GS116Ev2 2.6.0.43 version of the NSDP protocol implementation has an information disclosure vulnerability. A remote unauthenticated attacker can use this vulnerability to obtain all configuration parameters of the switch by sending a corresponding read request

The hashing algorithm implemented for NSDP password authentication on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was found to be insecure, allowing attackers (with access to a network capture) to quickly generate multiple collisions to generate valid passwords, or infer some parts of the original. NETGEAR JGS516PE and GS116E There are cryptographic strength vulnerabilities in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. NETGEAR JGS516PE/GS116Ev2 is a 16-port gigabit intelligent network management Plus switch. NETGEAR JGS516PE/GS116Ev2 2.6.0.43 version has security vulnerabilities. Allow external attackers to gain administrative access to the switch

NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allow unauthenticated users to modify the switch DHCP configuration by sending the corresponding write request command. NETGEAR JGS516PE and GS116E The device is vulnerable to a lack of authentication for critical features.Information is tampered with and denial of service (DoS) It may be put into a state. NETGEAR JGS516PE/GS116Ev2 is a 16-port gigabit intelligent network management Plus switch. NETGEAR JGS516PE/GS116Ev2 2.6.0.43 version has security vulnerabilities. Attackers can use the vulnerability to force multiple DHCP requests or disable them, which may lead to a denial of service attack

Multiple integer overflow parameters were found in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices. Most of the integer parameters sent through the web server can be abused to cause a denial of service attack. NETGEAR JGS516PE and GS116E An integer overflow vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. NETGEAR JGS516PE/GS116Ev2 is a 16-port gigabit intelligent network management Plus switch

The CSRF protection mechanism implemented in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices could be bypassed by omitting the CSRF token parameter in HTTP requests. NETGEAR JGS516PE and GS116Ev2 A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was not properly validating the length of string parameters sent in write requests, potentially allowing denial of service attacks. NETGEAR JGS516PE and GS116Ev2 A classic buffer overflow vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. NETGEAR JGS516PE/GS116Ev2 is a 16-port gigabit intelligent network management Plus switch. NETGEAR JGS516PE/GS116Ev2 2.6.0.43 version has security vulnerabilities. An attacker can use this vulnerability to cause a denial of service

The authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices is not properly invalidated and can be reused until a new token is generated, which allows attackers (with access to network traffic) to effectively gain administrative privileges. NETGEAR JGS516PE and GS116E A session immobilization vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. NETGEAR JGS516PE/GS116Ev2 is a 16-port gigabit intelligent network management Plus switch. NETGEAR JGS516PE/GS116Ev2 2.6.0.43 has an authentication token reuse vulnerability. An attacker can use this vulnerability to gain administrator privileges

The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was affected by an authentication issue that allows an attacker to bypass access controls and obtain full control of the device. NETGEAR JGS516PE and GS116E There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. NETGEAR JGS516PE/GS116Ev2 is a 16-port gigabit intelligent network management Plus switch

A cross-site scripting (XSS) vulnerability in the administration web panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote attackers to inject arbitrary web script or HTML via the language parameter. NETGEAR JGS516PE and GS116E A cross-site scripting vulnerability exists in the device.Information may be obtained and information may be tampered with. NETGEAR JGS516PE/GS116Ev2 is a 16-port gigabit intelligent network management Plus switch

A buffer overflow vulnerability in the access control section on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices (in the administration web panel) allows an attacker to inject IP addresses into the whitelist via the checkedList parameter to the delete command. NETGEAR JGS516PE and GS116Ev2 A classic buffer overflow vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. NETGEAR JGS516PE/GS116Ev2 is a 16-port gigabit intelligent network management Plus switch. NETGEAR JGS516PE/GS116Ev2 2.6.0.43 has a buffer overflow vulnerability in the access control part

A buffer overflow vulnerability in the NSDP protocol authentication method on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote unauthenticated attackers to force a device reboot. NETGEAR JGS516PE and GS116Ev2 A classic buffer overflow vulnerability exists in the device.Denial of service (DoS) It may be put into a state. NETGEAR JGS516PE/GS116Ev2 is a 16-port gigabit intelligent network management Plus switch. An attacker can use this vulnerability to cause the device to restart

The TFTP server fails to handle multiple connections on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices, and allows external attackers to force device reboots by sending concurrent connections, aka a denial of service attack. NETGEAR JGS516PE and GS116E The device contains a resource exhaustion vulnerability.Denial of service (DoS) It may be put into a state. NETGEAR JGS516PE/GS116Ev2 is a 16-port gigabit intelligent network management Plus switch. NETGEAR JGS516PE/GS116Ev2 2.6.0.43 has a denial of service vulnerability

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-35782. Reason: This candidate is a reservation duplicate of CVE-2020-35782. Notes: All CVE users should reference CVE-2020-35782 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. NETGEAR JGS516PE/GS116Ev2 is a 16-port gigabit intelligent network management Plus switch. NETGEAR JGS516PE/GS116Ev2 2.6.0.43 has an arbitrary data writing vulnerability. The vulnerability stems from the fact that the TFTP firmware update mechanism does not correctly implement firmware verification. A remote attacker can use this vulnerability to write arbitrary data into the internal memory

Western Digital My Cloud OS 5 devices before 5.10.122 mishandle Symbolic Link Following on SMB and AFP shares. This can lead to code execution and information disclosure (by reading local files). This vulnerability allows remote attackers to disclose sensitive information on affected installations of Western Digital MyCloud PR4100. Authentication is not required to exploit this vulnerability.The specific flaw exists within the SMB and AFP services. By creating a symbolic link, an attacker can abuse the service to read arbitrary files. An attacker can leverage this vulnerability to disclose information in the context of the service account. Western Digital My Cloud is a personal cloud storage device of Western Digital Corporation

On BIG-IP versions 13.1.3.4-13.1.3.6 and 12.1.5.2, if the tmm.http.rfc.enforcement BigDB key is enabled in a BIG-IP system, or the Bad host header value is checked in the AFM HTTP security profile associated with a virtual server, in rare instances, a specific sequence of malicious requests may cause TMM to restart. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. BIG-IP Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. F5 BIG-IP has a security vulnerability that could be exploited by an attacker to trigger a fatal error via tmm.http.rfc

On versions 15.0.x before 15.1.0 and 14.1.x before 14.1.4, the BIG-IP system provides an option to connect HTTP/2 clients to HTTP/1.x servers. When a client is slow to accept responses and it closes a connection prematurely, the BIG-IP system may indefinitely retain some streams unclosed. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. BIG-IP There are unspecified vulnerabilities in the system.Denial of service (DoS) It may be put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. F5 BIG-IP has a security vulnerability that could be exploited by an attacker to trigger a fatal error over an HTTP 2 connection, triggering a denial of service

On BIG-IP Advanced WAF and BIG-IP ASM versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, DOM-based XSS on DoS Profile properties page. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. BIG-IP Advanced WAF and ASM Contains a cross-site scripting vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. F5 BIG-IP has a cross-site scripting vulnerability, which can be exploited by an attacker to trigger cross-site scripting through DoS configuration file attributes to run JavaScript code in the context of the website

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, a malicious HTTP response to an Advanced WAF/BIG-IP ASM virtual server with Login Page configured in its policy may trigger a buffer overflow, resulting in a DoS attack. In certain situations, it may allow remote code execution (RCE), leading to complete system compromise. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. BIG-IP Contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in the F5 BIG-IP that could be exploited by an attacker to run code