VARIoT IoT vulnerabilities database

NETGEAR RAX40 devices before 1.0.3.62 are affected by stored XSS. NETGEAR RAX40 A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR RAX40 is a wireless router of NETGEAR. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code

NETGEAR RN42400 devices before 6.10.2 are affected by incorrect configuration of security settings. NETGEAR RN42400 The device contains an input verification vulnerability.Information may be tampered with. NETGEAR RAX40 is a wireless router of NETGEAR. There is currently no detailed vulnerability details provided

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, RBK50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR D7800, etc. are all products of NETGEAR. NETGEAR D7800 is a wireless modem. NETGEAR R7500 is a wireless router. NETGEAR XR500 is a wireless router. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR D7800, etc. are all products of NETGEAR. NETGEAR D7800 is a wireless modem. NETGEAR R7500 is a wireless router. NETGEAR XR500 is a wireless router. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code

Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30. NETGEAR RBR50 , RBS50 ,and RBK50 A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR RBK50 is a wireless router of NETGEAR. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with

A vulnerability in the web-based management interface of Cisco Mobility Express Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user with an active session on an affected device to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions, including modifying the configuration, with the privilege level of the user

Insufficient control flow for Intel(R) Modular Server MFS2600KISPP Compute Module may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. (DoS) It may be put into a state. Intel Modular Server MFS2600KISPP Compute Module is a computing module of American Intel Corporation. The vulnerability stems from the failure to properly access control. An attacker can use the specially crafted request to exploit the vulnerability to elevate permissions

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WAC505 before 8.2.1.16 and WAC510 before 8.2.1.16. NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WAC505 and NETGEAR WAC510 are both wireless access points (AP) of NETGEAR. There is an injection vulnerability in NETGEAR WAC505 before 8.2.1.16 and WAC510 before 8.2.1.16. The vulnerability stems from the operation process of the user inputting the construction command, data structure or record, the network system or product lacks the correct verification of the user input data, and the special elements are not filtered or properly filtered out. The attacker can use the vulnerability to cause the system Or the product has a wrong interpretation or interpretation method

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBK50 before 2.3.5.30, RBS50 before 2.3.5.30, RBK50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR D7800, etc. are all products of NETGEAR. NETGEAR D7800 is a wireless modem. NETGEAR R7500 is a wireless router. NETGEAR RAX120 is a wireless router. The vulnerability stems from the lack of correct verification of client data in WEB applications. An attacker can use this vulnerability to execute client code

Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30. NETGEAR RBR50 , RBS50 , RBK50 A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR RBK50 is a wireless router of NETGEAR. This vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute Client code

Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR RBK50 is a wireless router of NETGEAR. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code

A vulnerable SNMP in Draytek VigorAP910C cannot be disabled, which may cause information leakage

Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.34, D7000 before 1.0.1.68, PR2000 before 1.0.0.28, R6050 before 1.0.1.18, JR6150 before 1.0.1.18, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6230 before 1.1.0.80, R6260 before 1.1.0.64, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, and R6900v2 before 1.2.0.36. plural NETGEAR There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D6200, etc. are all products of NETGEAR. NETGEAR D6200 is a wireless modem. NETGEAR JR6150 is a wireless router. NETGEAR PR2000 is a wireless router. There are security holes in many NETGEAR products

NETGEAR JGS516PE devices before 2.6.0.43 are affected by reflected XSS. plural NETGEAR JGS516PE A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR JGS516PE is a switch of NETGEAR. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code

Western Digital My Cloud Home and ibi devices before 2.2.0 allow clickjacking on sign-in pages. Western Digital My Cloud is a personal cloud storage device of Western Digital (Western Digital). Attackers can use this vulnerability to hijack click operations on the login page

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6400v2 before 1.0.4.84, R6700 before 1.0.2.8, R6700v3 before 1.0.4.84, R6900 before 1.0.2.8, and R7900 before 1.0.3.10. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R6400 is a wireless router of NETGEAR. There are injection vulnerabilities in many NETGEAR products, which can be exploited by an attacker to cause the system or product to produce an incorrect interpretation or interpretation method

NETGEAR WAC505 devices before 8.2.1.16 are affected by disclosure of sensitive information

Certain NETGEAR devices are affected by Stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with

Certain NETGEAR devices are affected by denial of service. This affects WAC505 before 8.0.6.4 and WAC510 before 8.0.6.4. NETGEAR The device contains an input verification vulnerability.Service operation interruption (DoS) It may be put into a state