VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202004-1336 CVE-2017-18770 plural NETGEAR Classic buffer overflow vulnerability in device CVSS V2: 5.2
CVSS V3: 6.8
Severity: MEDIUM
Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R7800 before 1.0.2.36, PLW1000v2 before 1.0.0.14, and PLW1010v2 before 1.0.0.14. NETGEAR R7800 , PLW1000v2 , PLW1010v2 A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7800, etc. are all products of NETGEAR. NETGEAR R7800 is a wireless router. NETGEAR PLW1000 is a power line communication modem. NETGEAR PLW1010 is a power line communication modem. NETGEAR R7800 prior to 1.0.2.36, PLW1000v2 prior to 1.0.0.14 and PLW1010v2 prior to 1.0.0.14 have a buffer overflow vulnerability, which originated when the network system or product performed operations on the memory and did not correctly verify the data boundary, resulting in An erroneous read and write operation was performed on the associated other memory location. An attacker could use this vulnerability to cause a buffer overflow or heap overflow
VAR-202004-1357 CVE-2017-18754 plural NETGEAR Injection vulnerabilities in devices CVSS V2: 5.2
CVSS V3: 6.8
Severity: MEDIUM
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WNDR3700v4 before 1.0.2.88, WNDR4300v1 before 1.0.2.90, and WNR2000v5 before 1.0.0.58. NETGEAR WNDR3700 , WNDR4300 , WNR2000 A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WNDR3700, etc. are all wireless routers from NETGEAR. There are injection vulnerabilities in NETGEAR WNDR3700v4 versions before 1.0.2.88, WNDR4300v1 versions before 1.0.2.90, and WNR2000v5 versions before 1.0.0.58. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided
VAR-202004-1549 CVE-2018-21113 plural NETGEAR Injection vulnerabilities in devices CVSS V2: 5.8
CVSS V3: 8.8
Severity: HIGH
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6100 before 1.0.0.58, D7800 before 1.0.1.42, R6100 before 1.0.1.28, R7500 before 1.0.0.130, R7500v2 before 1.0.3.36, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WNDR3700v4 before 1.0.2.102, WNDR4300 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, and WNDR4500v3 before 1.0.0.56. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7800, etc. are all products of NETGEAR. NETGEAR R7800 is a wireless router. NETGEAR D6100 is a wireless modem. NETGEAR WNDR3700 is a wireless router. There are injection vulnerabilities in many NETGEAR products, which can be exploited by an attacker to cause the system or product to produce an incorrect interpretation or interpretation method
VAR-202004-1555 CVE-2018-21119 NETGEAR WAC505 and WAC510 Injection vulnerabilities in devices CVSS V2: 5.2
CVSS V3: 6.8
Severity: MEDIUM
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WAC505 before 5.0.5.4 and WAC510 before 5.0.5.4. NETGEAR WAC505 and WAC510 A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WAC505 and NETGEAR WAC510 are both a wireless access point (AP) of NETGEAR. There are injection vulnerabilities in NETGEAR WAC505 versions before 5.0.5.4 and WAC510 versions before 5.0.5.4. The vulnerability stems from the fact that the network system or product does not properly filter special elements in the process of constructing executable commands from external input data. Attackers can use this vulnerability to execute illegal commands
VAR-202004-0866 CVE-2019-19106 ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway Vulnerability related to authority management in CVSS V2: 6.4
CVSS V3: 9.1
Severity: CRITICAL
Improper implementation of Access Control in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows an unauthorized user to access data marked as restricted, such as viewing or editing user profiles and application settings. ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway Exists in a privilege management vulnerability.Information may be obtained and tampered with. Attackers can use this vulnerability to access restricted data
VAR-202004-1341 CVE-2017-18777 plural NETGEAR Inadequate protection of credentials on devices CVSS V2: 2.1
CVSS V3: 7.8
Severity: HIGH
Certain NETGEAR devices are affected by administrative password disclosure. This affects D6220 before V1.0.0.28, D6400 before V1.0.0.60, D8500 before V1.0.3.29, DGN2200v4 before 1.0.0.82, DGN2200Bv4 before 1.0.0.82, R6300v2 before 1.0.4.8, R6400 before 1.0.1.20, R6700 before 1.0.1.20, R6900 before 1.0.1.20, R7000 before 1.0.7.10, R7100LG before V1.0.0.32, R7300DST before 1.0.0.52, R7900 before 1.0.1.16, R8000 before 1.0.3.36, R8300 before 1.0.2.94, R8500 before 1.0.2.94, WNDR3400v3 before 1.0.1.12, and WNR3500Lv2 before 1.2.0.40. plural NETGEAR Devices contain vulnerabilities in insufficient protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WNR3500L, etc. are all products of NETGEAR. WNR3500L is a wireless router. NETGEAR R6700 is a wireless router. NETGEAR D6220 is a wireless modem
VAR-202004-1638 CVE-2018-21151 plural NETGEAR Classic buffer overflow vulnerability in device CVSS V2: 5.2
CVSS V3: 6.8
Severity: MEDIUM
Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR4300v2 before 1.0.0.54, and WNDR4500v3 before 1.0.0.54. plural NETGEAR A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7800, etc. are all products of NETGEAR. NETGEAR R7800 is a wireless router. NETGEAR D7800 is a wireless modem. NETGEAR WNDR4300 is a wireless router. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow
VAR-202004-1426 CVE-2017-18783 plural NETGEAR Cross-site scripting vulnerabilities in devices CVSS V2: 4.3
CVSS V3: 6.1
Severity: MEDIUM
Certain NETGEAR devices are affected by XSS. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR D6200, etc. NETGEAR D6200 is a wireless modem. NETGEAR WNR2020 is a wireless router. NETGEAR R6220 is a wireless router. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code
VAR-202004-1343 CVE-2017-18779 plural NETGEAR Classic buffer overflow vulnerability in device CVSS V2: 4.6
CVSS V3: 7.8
Severity: HIGH
Certain NETGEAR devices are affected by a buffer overflow. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44. plural NETGEAR A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D6200, etc. are all products of NETGEAR. NETGEAR D6200 is a wireless modem. NETGEAR WNR2020 is a wireless router. NETGEAR R6220 is a wireless router. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow
VAR-202004-1344 CVE-2017-18780 plural NETGEAR Vulnerabilities in devices CVSS V2: 2.1
CVSS V3: 5.5
Severity: MEDIUM
Certain NETGEAR devices are affected by denial of service. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44. plural NETGEAR An unspecified vulnerability exists in the device.Service operation interruption (DoS) It may be put into a state. NETGEAR D6200, etc. are all products of NETGEAR. NETGEAR D6200 is a wireless modem. NETGEAR WNR2020 is a wireless router. NETGEAR R6220 is a wireless router
VAR-202004-1359 CVE-2017-18756 plural NETGEAR Vulnerabilities in devices CVSS V2: 5.8
CVSS V3: 8.8
Severity: HIGH
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6220 before 1.0.0.32, D6400 before 1.0.0.66, D8500 before 1.0.3.35, DGN2200Bv4 before 1.0.0.94, DGN2200v4 before 1.0.0.94, R6250 before 1.0.4.14, R6300v2 before 1.0.4.18, R6400 before 1.01.32, R6400v2 before 1.0.2.44, R6700 before 1.0.1.36, R6900 before 1.0.1.30, R6900P before 1.3.0.8, R7000 before 1.0.9.14, R7000P before 1.3.0.8, R7100LG before 1.0.0.34, R7900 before 1.0.2.4, R8000 before 1.0.4.2, WN2500RPv2 before 1.0.1.50, WNDR3400v3 before 1.0.1.14, and WNDR4000 before 1.0.2.10. plural NETGEAR An unspecified vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WNDR3400v3, etc. are all products of NETGEAR Corporation. NETGEAR WNDR3400v3 is a wireless router. The NETGEAR D6220 is a wireless modem. NETGEAR R6900 is a wireless router. No detailed vulnerability details are currently provided
VAR-202004-1552 CVE-2018-21116 NETGEAR XR500 Vulnerabilities in devices CVSS V2: 5.8
CVSS V3: 8.8
Severity: HIGH
NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers. NETGEAR XR500 An unspecified vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR XR500 is a wireless router of NETGEAR
VAR-202004-1367 CVE-2017-18765 plural NETGEAR Vulnerabilities in devices CVSS V2: 3.3
CVSS V3: 6.5
Severity: MEDIUM
Certain NETGEAR devices are affected by denial of service. This affects R6300v2 before 1.0.4.8, R6400 before 1.0.1.22, R6400v2 before 1.0.2.32, R6700 before 1.0.1.20, R6900 before 1.0.1.20, WNR3500Lv2 before 1.2.0.44, and WNR2000v2 before 1.2.0.8. plural NETGEAR An unspecified vulnerability exists in the device.Service operation interruption (DoS) It may be put into a state. NETGEAR WNR3500L, etc. are all wireless routers from NETGEAR. There are security vulnerabilities in many NETGEAR products
VAR-202004-1337 CVE-2017-18772 plural NETGEAR Authentication vulnerabilities in devices CVSS V2: 5.8
CVSS V3: 8.8
Severity: HIGH
Certain NETGEAR devices are affected by authentication bypass. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6120 before 1.0.0.32, EX6130 before 1.0.0.16, R6300v2 before 1.0.4.12, R6700 before 1.0.1.26, R6900 before 1.0.1.22, R7000 before 1.0.9.6, R7300DST before 1.0.0.52, R7900 before 1.0.1.12, R8000 before 1.0.3.24, R8500 before 1.0.2.74, and WNR2000v2 before 1.2.0.8. plural NETGEAR There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R8500, etc. are all products of NETGEAR. NETGEAR R8500 is a wireless router. NETGEAR WNR2000 is a wireless router. NETGEAR EX3700 is a wireless WiFi signal range extender
VAR-202004-1366 CVE-2017-18764 plural NETGEAR Injection vulnerabilities in devices CVSS V2: 5.8
CVSS V3: 8.8
Severity: HIGH
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6100 before 1.0.0.55, D7000 before 1.0.1.50, D7800 before 1.0.1.28, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6100 before 1.0.1.14, R6120 before 1.0.0.30, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, R7500 before 1.0.0.110, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.52, WN3000RPv3 before 1.0.2.50, WNDR3700v4 before 1.0.2.88, WNDR3700v5 before 1.1.0.48, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.58, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
VAR-202004-2183 CVE-2019-19107 ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway Vulnerability regarding inadequate protection of credentials in CVSS V2: 2.1
CVSS V3: 5.5
Severity: MEDIUM
The Configuration pages in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway for user profiles and services transfer the password in plaintext (although hidden when displayed). ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway Exists in an inadequate protection of credentials.Information may be obtained. The vulnerability stems from the lack of effective permission permissions and access control measures for network systems or products. There is currently no detailed vulnerability details provided
VAR-202004-1340 CVE-2017-18776 plural NETGEAR Authentication vulnerabilities in devices CVSS V2: 4.6
CVSS V3: 8.4
Severity: HIGH
Certain NETGEAR devices are affected by authentication bypass. This affects D6100 before V1.0.0.55, D7000 before V1.0.1.50, D7800 before V1.0.1.24, JNR1010v2 before 1.1.0.40, JWNR2010v5 before 1.1.0.40, R6100 before 1.0.1.12, R6220 before 1.1.0.50, R7500 before 1.0.0.108, R7500v2 before 1.0.3.10, WNDR4300v1 before 1.0.2.88, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.40, WNR2000v5 before 1.0.0.42, WNR2020 before 1.1.0.40, and WNR2050 before 1.1.0.40. plural NETGEAR There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D7000 and so on are all products of NETGEAR. NETGEAR D7000 is a wireless modem. NETGEAR R7500 is a wireless router. NETGEAR WNR2000 is a wireless router
VAR-202004-1368 CVE-2017-18766 NETGEAR DST6501 and WNR2000 Information leakage vulnerabilities in devices CVSS V2: 3.3
CVSS V3: 6.5
Severity: MEDIUM
Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects DST6501 before 1.1.0.6 and WNR2000v2 before 1.2.0.8. NETGEAR DST6501 and WNR2000 The device contains a vulnerability related to information leakage.Information may be obtained. NETGEAR WNR2000 and NETGEAR DST6501 are both products of NETGEAR. NETGEAR WNR2000 is a wireless router. NETGEAR DST6501 is a wireless extender adapter. There are security vulnerabilities in NETGEAR DST6501 versions before 1.1.0.6 and WNR2000v2 versions before 1.2.0.8
VAR-202004-1362 CVE-2017-18759 NETGEAR R8300 and R8500 Out-of-bounds write vulnerabilities in devices CVSS V2: 5.2
CVSS V3: 6.8
Severity: MEDIUM
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R8300 before 1.0.2.104 and R8500 before 1.0.2.104. NETGEAR R8300 and R8500 The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R8500 and NETGEAR R8300 are both wireless routers of NETGEAR. The vulnerabilities stem from network systems or products performing incorrect operations on memory and incorrectly verifying data boundaries, leading to other associated memory locations. An erroneous read and write operation was performed, and an attacker could use the vulnerability to cause a buffer overflow or heap overflow
VAR-202004-1301 CVE-2017-18788 plural NETGEAR Injection vulnerabilities in devices CVSS V2: 4.6
CVSS V3: 6.7
Severity: MEDIUM
plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WNR3500L, etc. are all products of NETGEAR. WNR3500L is a wireless router. NETGEAR D3600 is a wireless modem. NETGEAR D6000 is a wireless modem. There are injection vulnerabilities in many NETGEAR products, which can be exploited by an attacker to cause the system or product to produce an incorrect interpretation or interpretation method