VARIoT IoT vulnerabilities database
| VAR-202004-0090 | CVE-2020-10514 | iCatch DVR Input verification vulnerability in firmware |
CVSS V2: 6.5 CVSS V3: 8.8 Severity: HIGH |
iCatch DVR firmware before 20200103 do not validate function parameter properly, resulting attackers executing arbitrary command. iCatch DVR There is an input verification vulnerability in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. iCATCH DVR is a digital video recorder (DVR) from China Desirable International (iCATCH). Attackers can use this vulnerability to execute arbitrary commands
| VAR-202004-2245 | No CVE | D-Link DIR-842 has a buffer overflow vulnerability |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
D-Link DIR-842 is a 2.4GHz and 5GHz dual-band router.
D-Link DIR-842 has a buffer overflow vulnerability, which can be exploited by an attacker to cause the program to crash.
| VAR-202004-2254 | No CVE | Huawei HG630 V2 Home Pass Certification Bypass Vulnerability |
CVSS V2: 5.5 CVSS V3: - Severity: MEDIUM |
Huawei Technologies Co., Ltd. (hereinafter referred to as Huawei) was established in 1987, and its headquarter is located in Yigang District, Shenzhen City, East China. Huawei is a leading global provider of information and communication technology (ICT) solutions, focusing on the ICT field.
The Huawei HG630 V2 family gateway has an authentication bypass vulnerability. Attackers can use this vulnerability to access /api/system/deviceinfo to obtain device information such as serial numbers.
| VAR-202004-0912 | CVE-2019-20678 | plural NETGEAR Cross-site scripting vulnerabilities in devices |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR RBK50 is a wireless router of NETGEAR. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code
| VAR-202004-0490 | CVE-2020-11781 | plural NETGEAR Cross-site scripting vulnerabilities in devices |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, RBK50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR D7800, etc. are all products of NETGEAR. NETGEAR D7800 is a wireless modem. NETGEAR R7500 is a wireless router. NETGEAR XR500 is a wireless router. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code
| VAR-202004-0914 | CVE-2019-20680 | plural NETGEAR Injection vulnerabilities in devices |
CVSS V2: 5.2 CVSS V3: 8.0 Severity: HIGH |
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7000v2 before 1.0.0.53, R6220 before 1.1.0.80, R6260 before 1.1.0.64, R6700 before 1.0.2.6, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R6900v2 before 1.2.0.36, R7000 before 1.0.9.60, R7000P before 1.3.1.64, R7800 before 1.0.2.60, R7900 before 1.0.3.8, R7900P before 1.4.1.30, R8000 before 1.0.4.46, R8000P before 1.4.1.30, R8300 before 1.0.2.128, R8500 before 1.0.2.128, R8900 before 1.0.4.12, R9000 before 1.0.4.12, and XR500 before 2.3.2.32. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR XR500 and so on are all products of NETGEAR. NETGEAR XR500 is a wireless router. NETGEAR D7000 is a wireless modem. NETGEAR R6220 is a wireless router. The vulnerability stems from the process of constructing executable commands from external input data. The network system or product does not properly filter the special elements. The attacker can use this vulnerability to execute illegal commands
| VAR-202004-0885 | CVE-2019-20645 | NETGEAR RAX40 cross-site scripting vulnerability |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
NETGEAR RAX40 devices before 1.0.3.62 are affected by stored XSS. NETGEAR RAX40 A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR RAX40 is a wireless router of NETGEAR. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code
| VAR-202004-0365 | CVE-2020-0578 | Intel(R) Modular Server MFS2600KISPP Compute Privilege management vulnerabilities in modules |
CVSS V2: 5.8 CVSS V3: 8.8 Severity: HIGH |
Improper conditions check for Intel(R) Modular Server MFS2600KISPP Compute Module may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. (DoS) It may be put into a state. Intel Modular Server MFS2600KISPP Compute Module is a computing module of American Intel Corporation. An attacker in a physical location can use this vulnerability to elevate permissions
| VAR-202004-0931 | CVE-2019-20666 | plural NETGEAR Cross-site scripting vulnerabilities in devices |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30. NETGEAR RBR50 , RBS50 , RBK50 A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR RBK50 is a wireless router of NETGEAR. This vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute Client code
| VAR-202004-0450 | CVE-2020-11786 | plural NETGEAR Cross-site scripting vulnerabilities in devices |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, RBK50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR D7800, etc. are all products of NETGEAR. NETGEAR D7800 is a wireless modem. NETGEAR R7500 is a wireless router. NETGEAR XR500 is a wireless router. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code
| VAR-202004-0883 | CVE-2019-20643 | NETGEAR RAX40 information disclosure vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
NETGEAR RAX40 devices before 1.0.3.64 are affected by disclosure of sensitive information. NETGEAR RAX40 is a wireless router of NETGEAR
| VAR-202004-0451 | CVE-2020-11787 | plural NETGEAR Cross-site scripting vulnerabilities in devices |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, RBK50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR D7800, etc. are all products of NETGEAR. NETGEAR D7800 is a wireless modem. NETGEAR R7500 is a wireless router. NETGEAR XR500 is a wireless router. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code
| VAR-202004-0485 | CVE-2020-11776 | plural NETGEAR Cross-site scripting vulnerabilities in devices |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with
| VAR-202006-1714 | CVE-2020-9071 | plural Huawei Out-of-bounds read vulnerabilities in the product |
CVSS V2: 4.0 CVSS V3: 6.5 Severity: MEDIUM |
There is a few bytes out-of-bounds read vulnerability in some Huawei products. The software reads data past the end of the intended buffer when parsing certain message, an authenticated attacker could exploit this vulnerability by sending crafted messages to the device. Successful exploit may cause service abnormal in specific scenario.Affected product versions include:AR120-S versions V200R007C00SPC900,V200R007C00SPCa00. plural Huawei The product contains an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be put into a state. Huawei AR1200 is an enterprise router of Huawei.
There are buffer error vulnerabilities in many Huawei products
| VAR-202004-0894 | CVE-2019-20654 | NETGEAR Input verification vulnerabilities on devices |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects WAC505 before 8.0.6.4 and WAC510 before 8.0.6.4. NETGEAR The device contains an input verification vulnerability.Information may be tampered with
| VAR-202004-0483 | CVE-2020-11774 | plural NETGEAR Cross-site scripting vulnerabilities in devices |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with
| VAR-202004-0890 | CVE-2019-20650 | plural NETGEAR Input verification vulnerabilities on devices |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Certain NETGEAR devices are affected by denial of service. This affects R8900 before 1.0.5.2, R9000 before 1.0.5.2, XR500 before 2.3.2.56, and XR700 before 1.0.1.20. plural NETGEAR The device contains an input verification vulnerability.Service operation interruption (DoS) It may be put into a state. NETGEAR R8900 is a wireless router of NETGEAR.
There are security holes in many NETGEAR products. This affects R8900 prior to 1.0.5.2, R9000 prior to 1.0.5.2, XR500 prior to 2.3.2.56, and XR700 prior to 1.0.1.20
| VAR-202004-0929 | CVE-2019-20664 | plural NETGEAR Cross-site scripting vulnerabilities in devices |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR RBK50 is a wireless router of NETGEAR. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code
| VAR-202004-0491 | CVE-2020-11782 | plural NETGEAR Cross-site scripting vulnerabilities in devices |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR D7800, etc. are all products of NETGEAR. NETGEAR D7800 is a wireless modem. NETGEAR R7500 is a wireless router. NETGEAR XR500 is a wireless router. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code
| VAR-202004-0882 | CVE-2019-20642 | NETGEAR RAX40 Authentication vulnerabilities in devices |
CVSS V2: 5.2 CVSS V3: 8.0 Severity: HIGH |
NETGEAR RAX40 devices before 1.0.3.64 are affected by authentication bypass. NETGEAR RAX40 There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR RAX40 is a wireless router of NETGEAR