VARIoT IoT vulnerabilities database

Certain NETGEAR devices are affected by stored XSS. This affects EX7000 before 1.0.1.78, R6250 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R6700v3 before 1.0.2.66, R7100LG before 1.0.0.50, R7300DST before 1.0.0.70, R7900 before 1.0.3.8, R8300 before 1.0.2.128, and R8500 before 1.0.2.128. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and information may be tampered with

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. plural NETGEAR The device contains a vulnerability related to insufficient protection of credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This affects CBR40 prior to 2.5.0.10, RBK752 prior to 3.2.15.25, RBR750 prior to 3.2.15.25, RBS750 prior to 3.2.15.25, RBK852 prior to 3.2.10.11, RBR850 prior to 3.2.10.11, and RBS850 prior to 3.2.10.11

NETGEAR RAX40 devices before 1.0.3.80 are affected by incorrect configuration of security settings. NETGEAR RAX40 An unspecified vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25

NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function level. NETGEAR JGS516PE An unspecified vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186947. Vendor exploits this vulnerability IBM X-Force ID: 186947 Is published as.Information may be obtained. The product implements access management control through integrated devices for Web, mobile and cloud computing

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WAC720 before 3.9.1.13 and WAC730 before 3.9.1.13. Both NETGEAR WAC720 and NETGEAR WAC730 are products of NETGEAR. NETGEAR WAC720 is a wireless access point. This device is the access point for users who use wireless devices (mobile devices such as mobile phones and wireless devices such as laptop computers) to enter the wired network. NETGEAR WAC730 is a wireless access point. This device is the access point for users who use wireless devices (mobile devices such as mobile phones and wireless devices such as laptop computers) to enter the wired network. Certain NETGEAR devices WAC720 versions before 3.9.1.13 and WAC730 versions before 3.9.1.13 have security vulnerabilities, which are caused by configuration errors in network systems or products during operation. This affects WAC720 prior to 3.9.1.13 and WAC730 prior to 3.9.1.13

Advantech focuses on the automation market, embedded computer market and intelligent service market. Advantech Technology (China) Co., Ltd. EKI-1511X-AE/ADAM-4571-CE serial server has a buffer overflow vulnerability. Attackers can use this vulnerability to cause a denial of service.

C2000-B2-SFE0101-BB1 is a serial device networking server. It provides data transmission from RS232 to TCP/IP network and TCP/IP network to RS232. Shenzhen Zhonglian Innovation Automation System Co., Ltd. C2000-B2-SFE0101-BB1 serial server has an unauthorized access vulnerability. Attackers can use this vulnerability to obtain sensitive information.

Tmall Elf Sugar R is a smart speaker. Zhejiang Tmall Network Co., Ltd. Tmall Elf Sugar R smart speaker has an information disclosure vulnerability. Attackers can use this vulnerability to obtain sensitive information on the website.

A vulnerability in the Cisco Discovery Protocol of Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect processing of certain Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending certain Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DOS condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). The vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. Attackers can use this vulnerability to illegally access or damage system resources

A vulnerability in the management REST API of Cisco Industrial Network Director (IND) could allow an authenticated, remote attacker to cause the CPU utilization to increase to 100 percent, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of requests sent to the REST API. An attacker could exploit this vulnerability by sending a crafted request to the REST API. A successful exploit could allow the attacker to cause a permanent DoS condition that is due to high CPU utilization. Manual intervention may be required to recover the Cisco IND. Cisco Industrial Network Director (IND) Is vulnerable to input validation.Denial of service (DoS) It may be put into a state. The system realizes automated management by visualizing the industrial Ethernet infrastructure. The vulnerability stems from the failure of the network system or product to properly validate the input data

A vulnerability in the Session Initiation Protocol (SIP) of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect handling of incoming SIP traffic. An attacker could exploit this vulnerability by sending a series of SIP packets to an affected device. A successful exploit could allow the attacker to exhaust memory on an affected device, causing it to crash and leading to a DoS condition. Cisco Expressway Series is an advanced collaboration gateway for unified communications

A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. The vulnerability is due to insufficient input validation of URLs. An attacker could exploit this vulnerability by crafting a URL in a particular way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for the affected device, which could allow malicious URLs to pass through the device. Cisco AsyncOS The software contains an input verification vulnerability.Information may be tampered with. AsyncOS Software is a set of operating systems running in it

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker would need to have valid administrative credentials. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. The vulnerability stems from the lack of correct validation of client data in WEB applications

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to modify parts of the configuration on an affected device. The vulnerability is due to improper enforcement of role-based access control (RBAC) within the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to modify parts of the configuration. The modified configuration could either allow unauthorized devices onto the network or prevent authorized devices from accessing the network. To exploit this vulnerability, an attacker would need valid Read-Only Administrator credentials. Cisco Identity Services Engine (ISE) Contains an improper authentication vulnerability.Denial of service (DoS) It may be put into a state. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies

A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by first entering input within the web-based management interface and then persuading a user of the interface to view the crafted input within the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

An issue was discovered on D-Link DSR-250N before 3.17B devices. The CGI script upgradeStatusReboot.cgi can be accessed without authentication. Any access reboots the device, rendering it therefore unusable for several minutes. D-Link DSR-250N The device is vulnerable to a lack of authentication for critical features.Denial of service (DoS) It may be put into a state. D-Link DSR-250N is a unified service router produced by D-Link in Taiwan

A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to access confidential information or make configuration changes. The vulnerability is due to missing authentication for a specific section of the web-based management interface. An attacker could exploit this vulnerability by accessing a crafted URL. A successful exploit could allow the attacker to obtain access to a section of the interface, which they could use to read confidential information or make configuration changes. This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles

A vulnerability in the configuration restore feature of Cisco Nexus Data Broker software could allow an unauthenticated, remote attacker to perform a directory traversal attack on an affected device. The vulnerability is due to insufficient validation of configuration backup files. An attacker could exploit this vulnerability by persuading an administrator to restore a crafted configuration backup file. A successful exploit could allow the attacker to overwrite arbitrary files that are accessible through the affected software on an affected device. Cisco Nexus Data Broker is a network routing monitoring solution of Cisco (Cisco). The software is event-driven and can provide real-time network flow visualization