VARIoT IoT vulnerabilities database
| VAR-202004-1580 | CVE-2018-21144 | plural NETGEAR Out-of-bounds write vulnerabilities in devices |
CVSS V2: 5.2 CVSS V3: 6.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects DM200 before 1.0.0.52, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.16, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7800, etc. are all wireless routers from NETGEAR. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow. This affects DM200 prior to 1.0.0.52, R7500 prior to 1.0.0.122, R7800 prior to 1.0.2.42, R8900 prior to 1.0.3.10, R9000 prior to 1.0.3.16, WNDR3700v4 prior to 1.0.2.96, WNDR4300 prior to 1.0.2.98, WNDR4300v2 prior to 1.0.0.54, WNDR4500v3 prior to 1.0.0.54, and WNR2000v5 prior to 1.0.0.64
| VAR-202004-1383 | CVE-2017-18820 | NETGEAR ReadyNAS OS 6 Cross-site scripting vulnerabilities in devices |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. NETGEAR ReadyNAS OS 6 A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code
| VAR-202004-1382 | CVE-2017-18819 | NETGEAR ReadyNAS OS Vulnerability in |
CVSS V2: 2.1 CVSS V3: 3.3 Severity: LOW |
NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6.8.0 are affected by incorrect configuration of security settings. NETGEAR ReadyNAS OS There is an unspecified vulnerability in.Information may be obtained. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements
| VAR-202004-1381 | CVE-2017-18816 | NETGEAR ReadyNAS OS 6 Cross-site scripting vulnerabilities in devices |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. NETGEAR ReadyNAS OS 6 A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code
| VAR-202004-1380 | CVE-2017-18815 | NETGEAR ReadyNAS OS 6 Cross-site scripting vulnerabilities in devices |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. NETGEAR ReadyNAS OS 6 A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code
| VAR-202004-1379 | CVE-2017-18814 | NETGEAR ReadyNAS OS 6 Cross-site scripting vulnerabilities in devices |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. NETGEAR ReadyNAS OS 6 A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code
| VAR-202004-1378 | CVE-2017-18813 | NETGEAR ReadyNAS OS Cross-site scripting vulnerability in |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. NETGEAR ReadyNAS OS Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code
| VAR-202004-1377 | CVE-2017-18812 | NETGEAR ReadyNAS OS Cross-site scripting vulnerability in |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. NETGEAR ReadyNAS OS Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code
| VAR-202004-1376 | CVE-2017-18811 | NETGEAR ReadyNAS OS Cross-site scripting vulnerability in |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. NETGEAR ReadyNAS OS Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code
| VAR-202004-1375 | CVE-2017-18810 | NETGEAR ReadyNAS OS 6 Cross-site scripting vulnerabilities in devices |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. NETGEAR ReadyNAS OS 6 A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code
| VAR-202004-1374 | CVE-2017-18809 | NETGEAR ReadyNAS OS Cross-site scripting vulnerability in |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. NETGEAR ReadyNAS OS Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code
| VAR-202004-1373 | CVE-2017-18808 | NETGEAR ReadyNAS OS 6 Vulnerabilities in devices |
CVSS V2: 4.6 CVSS V3: 4.2 Severity: MEDIUM |
NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by incorrect configuration of security settings. NETGEAR ReadyNAS OS 6 An unspecified vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements
| VAR-202004-1372 | CVE-2017-18807 | NETGEAR ReadyNAS OS 6 Cross-site scripting vulnerabilities in devices |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. NETGEAR ReadyNAS OS 6 A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code
| VAR-202004-2269 | No CVE | Shenzhen Wulian Lock Technology Co., Ltd. O1 smart padlock has unauthorized access vulnerability |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
The O1 smart padlock produced by Shenzhen Wulian Lock Technology Co., Ltd. is a smart lock that uses a mobile phone APP to unlock via Bluetooth.
Unauthorized access vulnerability exists in the O1 smart padlock of Shenzhen Wulian Lock Technology Co., Ltd. An attacker can use this vulnerability to remotely unlock by replaying the user's unlock command.
| VAR-202004-1870 | CVE-2020-9275 | D-Link DSL-2640B B2 Inadequate protection of credentials on devices |
CVSS V2: 5.0 CVSS V3: 9.8 Severity: CRITICAL |
An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A cfm UDP service listening on port 65002 allows remote, unauthenticated exfiltration of administrative credentials. D-Link DSL-2640B B2 Devices contain vulnerabilities in insufficient protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DSL-2640B B2 is a wireless router from D-Link, Taiwan. Attackers can use this vulnerability to obtain management credentials
| VAR-202004-1390 | CVE-2017-18827 | plural NETGEAR Cross-site scripting vulnerabilities in devices |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR. The vulnerability stems from the lack of correct verification of client data in WEB applications. An attacker can use this vulnerability to execute client code
| VAR-202004-1322 | CVE-2017-18850 | plural NETGEAR Authentication vulnerabilities in devices |
CVSS V2: 4.6 CVSS V3: 8.4 Severity: HIGH |
Certain NETGEAR devices are affected by authentication bypass. This affects D6220 before 1.0.0.26, D6400 before 1.0.0.60, D8500 before 1.0.3.29, R6250 before 1.0.4.12, R6400 before 1.01.24, R6400v2 before 1.0.2.30, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R6900P before 1.0.0.56, R7000 before 1.0.9.4, R7000P before 1.0.0.56, R7100LG before 1.0.0.32, R7300DST before 1.0.0.54, R7900 before 1.0.1.18, R8000 before 1.0.3.44, R8300 before 1.0.2.100_1.0.82, and R8500 before 1.0.2.100_1.0.82. plural NETGEAR There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R6400, etc. are all products of NETGEAR. NETGEAR R6400 is a wireless router. NETGEAR D6400 is a wireless modem. NETGEAR D6220 is a wireless modem.
There are security vulnerabilities in many NETGEAR products
| VAR-202004-1400 | CVE-2017-18837 | plural NETGEAR Device permission management vulnerabilities |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A vulnerability exists in the device regarding permission management.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR.
There are security vulnerabilities in many NETGEAR products. Attackers can use this vulnerability to elevate permissions
| VAR-202004-1321 | CVE-2017-18849 | plural NETGEAR Injection vulnerabilities in devices |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
Certain NETGEAR devices are affected by command injection. This affects D6220 before 1.0.0.26, D6400 before 1.0.0.60, D8500 before 1.0.3.29, R6250 before 1.0.4.12, R6400 before 1.01.24, R6400v2 before 1.0.2.30, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R6900P before 1.0.0.56, R7000 before 1.0.9.4, R7000P before 1.0.0.56, R7100LG before 1.0.0.32, R7300DST before 1.0.0.54, R7900 before 1.0.1.18, R8000 before 1.0.3.44, R8300 before 1.0.2.100_1.0.82, and R8500 before 1.0.2.100_1.0.82. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
| VAR-202004-1394 | CVE-2017-18831 | plural NETGEAR Cross-site scripting vulnerabilities in devices |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR. The vulnerability stems from the lack of correct verification of client data in WEB applications. An attacker can use this vulnerability to execute client code