VARIoT IoT vulnerabilities database

Certain NETGEAR devices are affected by directory traversal. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A path traversal vulnerability exists in the device.Information may be obtained. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR. The vulnerability stems from the failure of network systems or products to properly filter resources or special elements in file paths. Attackers can use this vulnerability to access locations outside of the restricted directory

Certain NETGEAR devices are affected by privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A vulnerability exists in the device regarding permission management.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR. There are security vulnerabilities in many NETGEAR products. Attackers can use this vulnerability to elevate permissions

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects R6700v2 before 1.1.0.38 and R6800 before 1.1.0.38. NETGEAR R6700v2 and R6800 Devices contain vulnerabilities in insufficient protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Both NETGEAR R6700v2 and NETGEAR R6800 are wireless routers from NETGEAR. There are security vulnerabilities in NETGEAR R6700v2 versions before 1.1.0.38 and R6800 versions before 1.1.0.38. Attackers can use this vulnerability to obtain management credentials

Certain NETGEAR devices are affected by a stack-based buffer overflow. This affects R6250 before 1.0.4.12, R6400v2 before 1.0.2.32, R7000P/R6900P before 1.0.0.56, R7900 before 1.0.1.18, R8300 before 1.0.2.100_1.0.82, R8500 before 1.0.2.100_1.0.82, and D8500 before 1.0.3.29. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D8500, etc. are all products of NETGEAR. NETGEAR D8500 is a wireless modem. NETGEAR R6250 is a wireless router. NETGEAR R8300 is a wireless router. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow

Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR. The vulnerability stems from the lack of correct verification of client data in the WEB application. An attacker can use this vulnerability to execute client code

An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The device can be reset to its default configuration by accessing an unauthenticated URL. D-Link DSL-2640B B2 The device contains an input verification vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. D-Link DSL-2640B B2 is a wireless router from D-Link, Taiwan. There is a security vulnerability in the D-Link DSL-2640B B2 EU_4.01B version

Certain NETGEAR devices are affected by denial of service. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR An unspecified vulnerability exists in the device.Service operation interruption (DoS) It may be put into a state. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR. There are security vulnerabilities in many NETGEAR products

Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with

Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A vulnerability exists in the device regarding permission management.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR. There are security vulnerabilities in many NETGEAR products. Attackers can use this vulnerability to elevate permissions

An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The function do_cgi(), which processes cgi requests supplied to the device's web servers, is vulnerable to a remotely exploitable stack-based buffer overflow. Unauthenticated exploitation is possible by combining this vulnerability with CVE-2020-9277. D-Link DSL-2640B B2 The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DSL-2640B B2 is a wireless router from D-Link, Taiwan. There is a buffer error vulnerability in the ‘do_cgi()’ function in the D-Link DSL-2640B B2 EU_4.01B version. An attacker can exploit this vulnerability by providing a malicious cgi module name in the URL to execute the code on the device with administrative rights

NA-VIEW is a touch screen configuration software. NA-VIEW V2.0 (only for 15-inch touch screen) of Nanda Auto Technology Jiangsu Co., Ltd. has a denial of service vulnerability. An attacker can use the vulnerability to construct a malformed prj file and cause the program to crash.

NA-VIEW is a touch screen configuration software. NA-VIEW V1.02.4 has a denial of service vulnerability. An attacker can use the vulnerability to construct a malformed BMP image file and cause the program to crash.

NA-VIEW is a touch screen configuration software. NA-VIEW V1.02.4 has a denial of service vulnerability. An attacker can use the vulnerability to construct a malformed HMI file and the program may crash.

NAop401 is an OP series text screen design tool. There is a denial-of-service vulnerability in NAOP401 of Nanda Auto Technology. An attacker can exploit the vulnerability by constructing a malformed evp file to cause the program to crash.

NAop401 is an OP series text screen design tool. There is a denial-of-service vulnerability in NAOP401 of Nanda Auto Technology. An attacker can exploit the vulnerability by constructing a malformed evp file to cause the program to crash.

Nanda Auto Technology Jiangsu Co., Ltd. is committed to independent R&D and production of cutting-edge industrial control products with reliable performance, excellent quality and advanced technology. There is a denial-of-service vulnerability in NATouch's NATouch touch screen configuration software. An attacker can exploit the vulnerability by constructing a malformed skm file to cause the program to crash.

NA-VIEW is a touch screen configuration software. NA-VIEW V2.0 (only for 15-inch touch screen) of Nanda Auto Technology Jiangsu Co., Ltd. has a denial of service vulnerability. An attacker can use the vulnerability to construct a malformed BMP image that can cause the program to crash.

The main function of the SIP routing distribution server is to route SIP signaling, including SIP proxy (stateful and stateless) services and SIP registration authentication services, providing location services and redirection services. Hangzhou Hang Seng Digital Equipment Technology Co., Ltd. SIP routing distribution server has a weak password vulnerability, and attackers can use the vulnerability to obtain server permissions.

Tenda AC6 is a 1200M 11ac dual-band wireless router specifically designed for home users with broadband upgrades and routing updates. Tenda AC15 is a 1900M wireless router. Tenda AC18 is a wireless router product. There is a buffer overflow vulnerability in the Tenda router. An attacker can use this vulnerability to cause a denial of service attack. The constructed payload can gain control of the device.

A weak encryption vulnerability in Mitel MiVoice Connect Client before 214.100.1214.0 could allow an unauthenticated attacker to gain access to user credentials. A successful exploit could allow an attacker to access the system with compromised user credentials. (DoS) It may be put into a state