VARIoT IoT vulnerabilities database

Certain NETGEAR devices are affected by CSRF. This affects EX6100 before 1.0.2.16_1.1.130, EX6100v2 before 1.0.1.70, EX6150v2 before 1.0.1.54, EX6200v2 before 1.0.1.50, EX6400 before 1.0.1.60, EX7300 before 1.0.1.60, and WN3000RPv3 before 1.0.2.44. plural NETGEAR A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR EX6200, etc. are all a wireless network signal extender from NETGEAR. The vulnerability stems from the fact that the WEB application does not fully verify whether the request comes from a trusted user. An attacker can use this vulnerability to send unexpected requests to the server through the affected client

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6120 before 1.0.0.32, EX6130 before 1.0.0.16, R6300v2 before 1.0.4.12, R6700 before 1.0.1.26, R6900 before 1.0.1.22, R7000 before 1.0.9.6, R7300DST before 1.0.0.52, R7900 before 1.0.1.12, R8000 before 1.0.3.24, and R8500 before 1.0.2.94. plural NETGEAR The device contains a vulnerability related to information leakage.Information may be obtained. NETGEAR R8500, etc. are all products of NETGEAR. NETGEAR R8500 is a wireless router. NETGEAR R6300 is a wireless router. NETGEAR EX3700 is a wireless WiFi signal range extender. There are security vulnerabilities in many NETGEAR products

A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists which could leak sensitive information transmitted between the software and the Modicon M218, M241, M251, and M258 controllers. Schneider Electric Modicon M218 Logic Controller, etc. are all programmable logic controllers of French Schneider Electric (Schneider Electric) company. There are security vulnerabilities in many Schneider Electric products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42. NETGEAR R6700 , R6800 , R6900 The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R6700, etc. are all wireless routers from NETGEAR. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow

NETGEAR XR500 devices before 2.3.2.32 are affected by authentication bypass. NETGEAR XR500 There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR XR500 is a wireless router from NETGEAR. There are security vulnerabilities in NETGEAR XR500 versions prior to 2.3.2.32

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow the attacker to execute malicious code on the Modicon M218, M241, M251, and M258 controllers. plural Modicon The product contains vulnerabilities to inadequate validation of data reliability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Schneider Electric Modicon M218 Logic Controller, etc. are all programmable logic controllers of French Schneider Electric (Schneider Electric) company

Certain NETGEAR devices are affected by denial of service. This affects GS110EMX before 1.0.0.9, GS810EMX before 1.0.0.5, XS512EM before 1.0.0.6, and XS724EM before 1.0.0.6. plural NETGEAR The device contains an input verification vulnerability.Service operation interruption (DoS) It may be put into a state. NETGEAR XS512EM, etc. are all products of NETGEAR. NETGEAR XS512EM is a switch. NETGEAR XS724EM is a switch. NETGEAR GS810EMX is an Ethernet switch. There are security vulnerabilities in many NETGEAR products

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WC7500 before 6.5.3.9, WC7520 before 6.5.3.9, WC7600v1 before 6.5.3.9, and WC7600v2 before 6.5.3.9. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WC7500, etc. are all a wireless LAN controller from NETGEAR. Injection vulnerabilities exist in many NETGEAR products. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, D8500 before 1.0.3.39, R6400 before 1.0.1.14, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.4, R7100LG before 1.0.0.32, R7300 before 1.0.0.56, R7800 before 1.0.2.36, R7900 before 1.0.2.10, R8000 before 1.0.3.24, R8300 before 1.0.2.74, and R8500 before 1.0.2.74. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R6400, etc. are all products of NETGEAR. NETGEAR R6400 is a wireless router. NETGEAR R7800 is a wireless router. NETGEAR D7800 is a wireless modem. Injection vulnerabilities exist in many NETGEAR products. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided. This affects D7800 prior to 1.0.1.34, D8500 prior to 1.0.3.39, R6400 prior to 1.0.1.14, R6400v2 prior to 1.0.2.32, R6700 prior to 1.0.1.22, R6900 prior to 1.0.1.22, R7000 prior to 1.0.9.4, R7100LG prior to 1.0.0.32, R7300 prior to 1.0.0.56, R7800 prior to 1.0.2.36, R7900 prior to 1.0.2.10, R8000 prior to 1.0.3.24, R8300 prior to 1.0.2.74, and R8500 prior to 1.0.2.74

NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers. NETGEAR XR500 The device contains an input verification vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR XR500 is a wireless router of NETGEAR

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.30, R6100 before 1.0.1.16, R7500 before 1.0.0.116, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.40, WNDR4300v2 before 1.0.0.48, WNDR4300v1 before 1.0.2.90, and WNDR4500v3 before 1.0.0.48. plural NETGEAR An unspecified vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR D7800, etc. are all products of NETGEAR. NETGEAR D7800 is a wireless modem. NETGEAR R7500 is a wireless router. NETGEAR WNDR4300 is a wireless router. No detailed vulnerability details are currently provided

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17. NETGEAR WAC505 and WAC510 On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

Certain NETGEAR devices are affected by authentication bypass. This affects GS810EMX before 1.0.0.5, XS512EM before 1.0.0.6, and XS724EM before 1.0.0.6. NETGEAR GS810EMX , XS512EM , XS724EM There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR XS512EM, etc. are all products of NETGEAR. NETGEAR XS512EM is a switch. NETGEAR XS724EM is a switch. NETGEAR GS810EMX is an Ethernet switch. There are security vulnerabilities in NETGEAR GS810EMX versions before 1.0.0.5, XS512EM versions before 1.0.0.6, and XS724EM versions before 1.0.0.6

NETGEAR R8000 devices before 1.0.4.2 are affected by a stack-based buffer overflow by an authenticated user. NETGEAR R8000 The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R8000 is a wireless router from NETGEAR. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R7800 before 1.0.2.36, PLW1000v2 before 1.0.0.14, and PLW1010v2 before 1.0.0.14. NETGEAR R7800 , PLW1000v2 , PLW1010v2 A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7800, etc. are all products of NETGEAR. NETGEAR R7800 is a wireless router. NETGEAR PLW1000 is a power line communication modem. NETGEAR PLW1010 is a power line communication modem. NETGEAR R7800 prior to 1.0.2.36, PLW1000v2 prior to 1.0.0.14 and PLW1010v2 prior to 1.0.0.14 have a buffer overflow vulnerability, which originated when the network system or product performed operations on the memory and did not correctly verify the data boundary, resulting in An erroneous read and write operation was performed on the associated other memory location. An attacker could use this vulnerability to cause a buffer overflow or heap overflow

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WNDR3700v4 before 1.0.2.88, WNDR4300v1 before 1.0.2.90, and WNR2000v5 before 1.0.0.58. NETGEAR WNDR3700 , WNDR4300 , WNR2000 A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WNDR3700, etc. are all wireless routers from NETGEAR. There are injection vulnerabilities in NETGEAR WNDR3700v4 versions before 1.0.2.88, WNDR4300v1 versions before 1.0.2.90, and WNR2000v5 versions before 1.0.0.58. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6100 before 1.0.0.58, D7800 before 1.0.1.42, R6100 before 1.0.1.28, R7500 before 1.0.0.130, R7500v2 before 1.0.3.36, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WNDR3700v4 before 1.0.2.102, WNDR4300 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, and WNDR4500v3 before 1.0.0.56. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7800, etc. are all products of NETGEAR. NETGEAR R7800 is a wireless router. NETGEAR D6100 is a wireless modem. NETGEAR WNDR3700 is a wireless router. There are injection vulnerabilities in many NETGEAR products, which can be exploited by an attacker to cause the system or product to produce an incorrect interpretation or interpretation method

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WAC505 before 5.0.5.4 and WAC510 before 5.0.5.4. NETGEAR WAC505 and WAC510 A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WAC505 and NETGEAR WAC510 are both a wireless access point (AP) of NETGEAR. There are injection vulnerabilities in NETGEAR WAC505 versions before 5.0.5.4 and WAC510 versions before 5.0.5.4. The vulnerability stems from the fact that the network system or product does not properly filter special elements in the process of constructing executable commands from external input data. Attackers can use this vulnerability to execute illegal commands

Improper implementation of Access Control in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows an unauthorized user to access data marked as restricted, such as viewing or editing user profiles and application settings. ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway Exists in a privilege management vulnerability.Information may be obtained and tampered with. Attackers can use this vulnerability to access restricted data

Certain NETGEAR devices are affected by administrative password disclosure. This affects D6220 before V1.0.0.28, D6400 before V1.0.0.60, D8500 before V1.0.3.29, DGN2200v4 before 1.0.0.82, DGN2200Bv4 before 1.0.0.82, R6300v2 before 1.0.4.8, R6400 before 1.0.1.20, R6700 before 1.0.1.20, R6900 before 1.0.1.20, R7000 before 1.0.7.10, R7100LG before V1.0.0.32, R7300DST before 1.0.0.52, R7900 before 1.0.1.16, R8000 before 1.0.3.36, R8300 before 1.0.2.94, R8500 before 1.0.2.94, WNDR3400v3 before 1.0.1.12, and WNR3500Lv2 before 1.2.0.40. plural NETGEAR Devices contain vulnerabilities in insufficient protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WNR3500L, etc. are all products of NETGEAR. WNR3500L is a wireless router. NETGEAR R6700 is a wireless router. NETGEAR D6220 is a wireless modem