VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202004-1566 CVE-2018-21130 NETGEAR WAC505 and WAC510 On the device OS Command injection vulnerabilities CVSS V2: 5.8
CVSS V3: 8.8
Severity: HIGH
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17. NETGEAR WAC505 and WAC510 On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WAC505 and NETGEAR WAC510 are both a wireless access point (AP) of NETGEAR. The vulnerability stems from the fact that the network system or product does not correctly filter the special characters, commands, etc. in the process of constructing the executable command of the operating system by external input data. Attackers can use this vulnerability to execute illegal operating system commands
VAR-202004-1427 CVE-2017-18784 plural NETGEAR Cross-site scripting vulnerabilities in devices CVSS V2: 4.3
CVSS V3: 6.1
Severity: MEDIUM
Certain NETGEAR devices are affected by XSS. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR D6200, etc. NETGEAR D6200 is a wireless modem. NETGEAR WNR2020 is a wireless router. NETGEAR R6220 is a wireless router. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code
VAR-202004-1358 CVE-2017-18755 plural NETGEAR Cross-site request forgery vulnerability in device CVSS V2: 6.8
CVSS V3: 8.8
Severity: HIGH
Certain NETGEAR devices are affected by CSRF. This affects R6300v2 before 1.0.4.8, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000P before 1.0.0.86, R6900P before 1.0.0.56, R7300 before 1.0.0.54, R8300 before 1.0.2.106, R8500 before 1.0.2.106, DGN2200v4 before 1.0.0.86, DGND2200Bv4 before 1.0.0.86, R6050 before 1.0.0.86, JR6150 before 1.0.1.10, R6220 before 1.1.0.50, and WNDR3700v5 before V1.1.0.48. plural NETGEAR A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R6700, etc. are all wireless routers from NETGEAR. Attackers can use this vulnerability to read arbitrary files
VAR-202004-1550 CVE-2018-21114 plural NETGEAR Injection vulnerabilities in devices CVSS V2: 5.2
CVSS V3: 6.8
Severity: MEDIUM
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.44, EX6150v2 before 1.0.1.70, EX6100v2 before 1.0.1.70, EX6200v2 before 1.0.1.64, EX7300 before 1.0.2.136, EX6400 before 1.0.2.136, R6100 before 1.0.1.16, R7500 before 1.0.0.110, R7800 before 1.0.2.32, R9000 before 1.0.4.12, WN3000RPv2 before 1.0.0.56, WN3000RPv3 before 1.0.2.52, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7800, etc. are all products of NETGEAR. NETGEAR R7800 is a wireless router. NETGEAR D7800 is a wireless modem. NETGEAR WNDR4300 is a wireless router. There are injection vulnerabilities in many NETGEAR products, which can be exploited by an attacker to cause the system or product to produce an incorrect interpretation or interpretation method
VAR-202004-1860 CVE-2020-7490 Vijeo Designer Basic and Vijeo Designer Unreliable search path vulnerabilities in CVSS V2: 6.9
CVSS V3: 7.8
Severity: HIGH
A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 15 and prior) and Vijeo Designer (V6.9 SP9 and prior), which could cause arbitrary code execution on the system running Vijeo Basic when a malicious DLL library is loaded by the Product. (DoS) It may be put into a state. Schneider Electric Vijeo Designer Basic is a set of programming and design software for HMI (Human Machine Interface) for Schneider Electric (France Schneider Electric) Schneider Electric Vijeo Designer Basic 1.1 HotFix 15 and earlier and Vijeo Designer 6.9 SP9 and earlier have code issue vulnerabilities. The vulnerability stems from the problem of improper design or implementation in the code development process of network systems or products. There is currently no detailed vulnerability details provided
VAR-202004-1335 CVE-2017-18769 plural NETGEAR Information leakage vulnerabilities in devices CVSS V2: 2.1
CVSS V3: 4.6
Severity: MEDIUM
Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects D6220 before 1.0.0.40, D6400 before 1.0.0.74, D7000 before 1.0.1.60, D7800 before 1.0.1.34, D8500 before 1.0.3.39, DGN2200v4 before 1.0.0.94, DGN2200Bv4 before 1.0.0.94, EX6200v2 before 1.0.1.50, EX7000 before 1.0.0.56, JR6150 before 1.0.1.18, R6050 before 1.0.1.10J, R6100 before 1.0.1.16, R6150 before 1.0.1.10, R6220 before 1.1.0.50, R6250 before 1.0.4.12, R6300v2 before 1.0.4.12, R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.26, R6700v2 before 1.2.0.4, R6800 before 1.0.1.10, R6900 before 1.0.1.26, R6900P before 1.0.0.58, R6900v2 before 1.2.0.4, R7000 before 1.0.9.6, R7000P before 1.0.0.58, R7100LG before 1.0.0.32, R7300 before 1.0.0.54, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R7900 before 1.0.1.18, R8000 before 1.0.3.48, R8300 before 1.0.2.104, R8500 before 1.0.2.104, R9000 before 1.0.2.40, WNDR3400v3 before 1.0.1.14, WNDR3700v4 before 1.0.2.96, WNDR4300v1 before 1.0.2.98, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR3500Lv2 before 1.2.0.44. plural NETGEAR The device is vulnerable to information leakage.Information may be obtained. NETGEAR WNR3500L, etc. are all products of NETGEAR. WNR3500L is a wireless router. NETGEAR R7500 is a wireless router. NETGEAR D6220 is a wireless modem
VAR-202004-1370 CVE-2017-18768 plural NETGEAR Cross-site request forgery vulnerability in device CVSS V2: 6.8
CVSS V3: 8.8
Severity: HIGH
Certain NETGEAR devices are affected by CSRF. This affects EX6100 before 1.0.2.16_1.1.130, EX6100v2 before 1.0.1.70, EX6150v2 before 1.0.1.54, EX6200v2 before 1.0.1.50, EX6400 before 1.0.1.60, EX7300 before 1.0.1.60, and WN3000RPv3 before 1.0.2.44. plural NETGEAR A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR EX6200, etc. are all a wireless network signal extender from NETGEAR. The vulnerability stems from the fact that the WEB application does not fully verify whether the request comes from a trusted user. An attacker can use this vulnerability to send unexpected requests to the server through the affected client
VAR-202004-1356 CVE-2017-18752 plural NETGEAR Information leakage vulnerabilities in devices CVSS V2: 3.3
CVSS V3: 6.5
Severity: MEDIUM
Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6120 before 1.0.0.32, EX6130 before 1.0.0.16, R6300v2 before 1.0.4.12, R6700 before 1.0.1.26, R6900 before 1.0.1.22, R7000 before 1.0.9.6, R7300DST before 1.0.0.52, R7900 before 1.0.1.12, R8000 before 1.0.3.24, and R8500 before 1.0.2.94. plural NETGEAR The device contains a vulnerability related to information leakage.Information may be obtained. NETGEAR R8500, etc. are all products of NETGEAR. NETGEAR R8500 is a wireless router. NETGEAR R6300 is a wireless router. NETGEAR EX3700 is a wireless WiFi signal range extender. There are security vulnerabilities in many NETGEAR products
VAR-202004-1858 CVE-2020-7488 plural Modicon Vulnerability in plaintext transmission of critical information in controller CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists which could leak sensitive information transmitted between the software and the Modicon M218, M241, M251, and M258 controllers. Schneider Electric Modicon M218 Logic Controller, etc. are all programmable logic controllers of French Schneider Electric (Schneider Electric) company. There are security vulnerabilities in many Schneider Electric products
VAR-202004-1361 CVE-2017-18758 plural NETGEAR Out-of-bounds write vulnerabilities in devices CVSS V2: 5.2
CVSS V3: 8.0
Severity: HIGH
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42. NETGEAR R6700 , R6800 , R6900 The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R6700, etc. are all wireless routers from NETGEAR. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow
VAR-202004-1554 CVE-2018-21118 NETGEAR XR500 Authentication vulnerabilities in devices CVSS V2: 5.8
CVSS V3: 8.8
Severity: HIGH
NETGEAR XR500 devices before 2.3.2.32 are affected by authentication bypass. NETGEAR XR500 There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR XR500 is a wireless router from NETGEAR. There are security vulnerabilities in NETGEAR XR500 versions prior to 2.3.2.32
VAR-202004-1857 CVE-2020-7487 plural Modicon Inadequate validation vulnerabilities for data reliability in products CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow the attacker to execute malicious code on the Modicon M218, M241, M251, and M258 controllers. plural Modicon The product contains vulnerabilities to inadequate validation of data reliability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Schneider Electric Modicon M218 Logic Controller, etc. are all programmable logic controllers of French Schneider Electric (Schneider Electric) company
VAR-202004-1558 CVE-2018-21122 plural NETGEAR Input verification vulnerabilities on devices CVSS V2: 3.3
CVSS V3: 6.5
Severity: MEDIUM
Certain NETGEAR devices are affected by denial of service. This affects GS110EMX before 1.0.0.9, GS810EMX before 1.0.0.5, XS512EM before 1.0.0.6, and XS724EM before 1.0.0.6. plural NETGEAR The device contains an input verification vulnerability.Service operation interruption (DoS) It may be put into a state. NETGEAR XS512EM, etc. are all products of NETGEAR. NETGEAR XS512EM is a switch. NETGEAR XS724EM is a switch. NETGEAR GS810EMX is an Ethernet switch. There are security vulnerabilities in many NETGEAR products
VAR-202004-1559 CVE-2018-21123 plural NETGEAR Injection vulnerabilities in devices CVSS V2: 5.8
CVSS V3: 8.8
Severity: HIGH
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WC7500 before 6.5.3.9, WC7520 before 6.5.3.9, WC7600v1 before 6.5.3.9, and WC7600v2 before 6.5.3.9. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WC7500, etc. are all a wireless LAN controller from NETGEAR. Injection vulnerabilities exist in many NETGEAR products. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided
VAR-202004-1369 CVE-2017-18767 plural NETGEAR Injection vulnerabilities in devices CVSS V2: 5.2
CVSS V3: 6.8
Severity: MEDIUM
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, D8500 before 1.0.3.39, R6400 before 1.0.1.14, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.4, R7100LG before 1.0.0.32, R7300 before 1.0.0.56, R7800 before 1.0.2.36, R7900 before 1.0.2.10, R8000 before 1.0.3.24, R8300 before 1.0.2.74, and R8500 before 1.0.2.74. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R6400, etc. are all products of NETGEAR. NETGEAR R6400 is a wireless router. NETGEAR R7800 is a wireless router. NETGEAR D7800 is a wireless modem. Injection vulnerabilities exist in many NETGEAR products. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided. This affects D7800 prior to 1.0.1.34, D8500 prior to 1.0.3.39, R6400 prior to 1.0.1.14, R6400v2 prior to 1.0.2.32, R6700 prior to 1.0.1.22, R6900 prior to 1.0.1.22, R7000 prior to 1.0.9.4, R7100LG prior to 1.0.0.32, R7300 prior to 1.0.0.56, R7800 prior to 1.0.2.36, R7900 prior to 1.0.2.10, R8000 prior to 1.0.3.24, R8300 prior to 1.0.2.74, and R8500 prior to 1.0.2.74
VAR-202004-1551 CVE-2018-21115 NETGEAR XR500 input validation error vulnerability CVSS V2: 5.8
CVSS V3: 8.8
Severity: HIGH
NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers. NETGEAR XR500 The device contains an input verification vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR XR500 is a wireless router of NETGEAR
VAR-202004-1360 CVE-2017-18757 plural NETGEAR Vulnerabilities in devices CVSS V2: 4.8
CVSS V3: 5.4
Severity: MEDIUM
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.30, R6100 before 1.0.1.16, R7500 before 1.0.0.116, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.40, WNDR4300v2 before 1.0.0.48, WNDR4300v1 before 1.0.2.90, and WNDR4500v3 before 1.0.0.48. plural NETGEAR An unspecified vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR D7800, etc. are all products of NETGEAR. NETGEAR D7800 is a wireless modem. NETGEAR R7500 is a wireless router. NETGEAR WNDR4300 is a wireless router. No detailed vulnerability details are currently provided
VAR-202004-1563 CVE-2018-21127 NETGEAR WAC505 and WAC510 On the device OS Command injection vulnerabilities CVSS V2: 5.8
CVSS V3: 8.8
Severity: HIGH
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17. NETGEAR WAC505 and WAC510 On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
VAR-202004-1557 CVE-2018-21121 plural NETGEAR Authentication vulnerabilities in devices CVSS V2: 5.8
CVSS V3: 8.8
Severity: HIGH
Certain NETGEAR devices are affected by authentication bypass. This affects GS810EMX before 1.0.0.5, XS512EM before 1.0.0.6, and XS724EM before 1.0.0.6. NETGEAR GS810EMX , XS512EM , XS724EM There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR XS512EM, etc. are all products of NETGEAR. NETGEAR XS512EM is a switch. NETGEAR XS724EM is a switch. NETGEAR GS810EMX is an Ethernet switch. There are security vulnerabilities in NETGEAR GS810EMX versions before 1.0.0.5, XS512EM versions before 1.0.0.6, and XS724EM versions before 1.0.0.6
VAR-202004-1363 CVE-2017-18761 NETGEAR R8000 Out-of-bounds write vulnerabilities in devices CVSS V2: 5.2
CVSS V3: 6.8
Severity: MEDIUM
NETGEAR R8000 devices before 1.0.4.2 are affected by a stack-based buffer overflow by an authenticated user. NETGEAR R8000 The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R8000 is a wireless router from NETGEAR. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow