VARIoT IoT vulnerabilities database

Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.36, D7000 before 1.0.1.74, PR2000 before 1.0.0.30, R6020 before 1.0.0.42, R6050 before 1.0.1.22, JR6150 before 1.0.1.22, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R69002 before 1.2.0.62, and WNR2020 before 1.1.0.62. plural NETGEAR An unspecified vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186142. Vendor exploits this vulnerability IBM X-Force ID: 186142 Is published as.Information may be obtained. The product implements access management control through integrated devices for Web, mobile and cloud computing

IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186140. Vendor exploits this vulnerability IBM X-Force ID: 186140 Is published as.Information may be obtained. The product implements access management control through integrated devices for Web, mobile and cloud computing

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. plural NETGEAR The product contains a vulnerability related to insufficient protection of credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Certain NETGEAR devices are affected by stored XSS. This affects EX7000 before 1.0.1.78, R6250 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R6700v3 before 1.0.2.66, R7100LG before 1.0.0.50, R7300DST before 1.0.0.70, R7900 before 1.0.3.8, R8300 before 1.0.2.128, and R8500 before 1.0.2.128. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and information may be tampered with

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. plural NETGEAR The device contains a vulnerability related to insufficient protection of credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This affects CBR40 prior to 2.5.0.10, RBK752 prior to 3.2.15.25, RBR750 prior to 3.2.15.25, RBS750 prior to 3.2.15.25, RBK852 prior to 3.2.10.11, RBR850 prior to 3.2.10.11, and RBS850 prior to 3.2.10.11

NETGEAR RAX40 devices before 1.0.3.80 are affected by incorrect configuration of security settings. NETGEAR RAX40 An unspecified vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25

NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function level. NETGEAR JGS516PE An unspecified vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186947. Vendor exploits this vulnerability IBM X-Force ID: 186947 Is published as.Information may be obtained. The product implements access management control through integrated devices for Web, mobile and cloud computing

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WAC720 before 3.9.1.13 and WAC730 before 3.9.1.13. Both NETGEAR WAC720 and NETGEAR WAC730 are products of NETGEAR. NETGEAR WAC720 is a wireless access point. This device is the access point for users who use wireless devices (mobile devices such as mobile phones and wireless devices such as laptop computers) to enter the wired network. NETGEAR WAC730 is a wireless access point. This device is the access point for users who use wireless devices (mobile devices such as mobile phones and wireless devices such as laptop computers) to enter the wired network. Certain NETGEAR devices WAC720 versions before 3.9.1.13 and WAC730 versions before 3.9.1.13 have security vulnerabilities, which are caused by configuration errors in network systems or products during operation. This affects WAC720 prior to 3.9.1.13 and WAC730 prior to 3.9.1.13

Advantech focuses on the automation market, embedded computer market and intelligent service market. Advantech Technology (China) Co., Ltd. EKI-1511X-AE/ADAM-4571-CE serial server has a buffer overflow vulnerability. Attackers can use this vulnerability to cause a denial of service.

C2000-B2-SFE0101-BB1 is a serial device networking server. It provides data transmission from RS232 to TCP/IP network and TCP/IP network to RS232. Shenzhen Zhonglian Innovation Automation System Co., Ltd. C2000-B2-SFE0101-BB1 serial server has an unauthorized access vulnerability. Attackers can use this vulnerability to obtain sensitive information.

Tmall Elf Sugar R is a smart speaker. Zhejiang Tmall Network Co., Ltd. Tmall Elf Sugar R smart speaker has an information disclosure vulnerability. Attackers can use this vulnerability to obtain sensitive information on the website.

A vulnerability in the Cisco Discovery Protocol of Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect processing of certain Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending certain Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DOS condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). The vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. Attackers can use this vulnerability to illegally access or damage system resources

A vulnerability in the management REST API of Cisco Industrial Network Director (IND) could allow an authenticated, remote attacker to cause the CPU utilization to increase to 100 percent, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of requests sent to the REST API. An attacker could exploit this vulnerability by sending a crafted request to the REST API. A successful exploit could allow the attacker to cause a permanent DoS condition that is due to high CPU utilization. Manual intervention may be required to recover the Cisco IND. Cisco Industrial Network Director (IND) Is vulnerable to input validation.Denial of service (DoS) It may be put into a state. The system realizes automated management by visualizing the industrial Ethernet infrastructure. The vulnerability stems from the failure of the network system or product to properly validate the input data

A vulnerability in the Session Initiation Protocol (SIP) of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect handling of incoming SIP traffic. An attacker could exploit this vulnerability by sending a series of SIP packets to an affected device. A successful exploit could allow the attacker to exhaust memory on an affected device, causing it to crash and leading to a DoS condition. Cisco Expressway Series is an advanced collaboration gateway for unified communications

A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. The vulnerability is due to insufficient input validation of URLs. An attacker could exploit this vulnerability by crafting a URL in a particular way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for the affected device, which could allow malicious URLs to pass through the device. Cisco AsyncOS The software contains an input verification vulnerability.Information may be tampered with. AsyncOS Software is a set of operating systems running in it

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker would need to have valid administrative credentials. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. The vulnerability stems from the lack of correct validation of client data in WEB applications

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to modify parts of the configuration on an affected device. The vulnerability is due to improper enforcement of role-based access control (RBAC) within the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to modify parts of the configuration. The modified configuration could either allow unauthorized devices onto the network or prevent authorized devices from accessing the network. To exploit this vulnerability, an attacker would need valid Read-Only Administrator credentials. Cisco Identity Services Engine (ISE) Contains an improper authentication vulnerability.Denial of service (DoS) It may be put into a state. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies