VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202004-0959 CVE-2020-1805 Huawei Honor V10 Out-of-bounds read vulnerabilities on smartphones CVSS V2: 5.8
CVSS V3: 7.1
Severity: HIGH
Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00E156R2P4) has three out of bounds vulnerabilities. Certain driver program does not sufficiently validate certain parameters received, that would lead to several bytes out of bound read. Successful exploit may cause information disclosure or service abnormal. This is 2 out of 3 out of bounds vulnerabilities found. Different than CVE-2020-1804 and CVE-2020-1806. This vulnerability is CVE-2020-1804 and CVE-2020-1806 Is a different vulnerability.Information is obtained and service operation is interrupted (DoS) It may be put into a state. The vulnerability stems from a driver not fully verifying the received parameters
VAR-202004-1548 CVE-2018-21112 plural NETGEAR Injection vulnerabilities in devices CVSS V2: 5.2
CVSS V3: 6.8
Severity: MEDIUM
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.44, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.12, and R9000 before 1.0.4.12. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7800, etc. are all products of NETGEAR. NETGEAR R7800 is a wireless router. NETGEAR D7800 is a wireless modem. NETGEAR R7500 is a wireless router. There are injection vulnerabilities in many NETGEAR products, which can be exploited by an attacker to cause the system or product to produce an incorrect interpretation or interpretation method. This affects D7800 prior to 1.0.1.44, R7500v2 prior to 1.0.3.38, R7800 prior to 1.0.2.52, R8900 prior to 1.0.4.12, and R9000 prior to 1.0.4.12
VAR-202004-1339 CVE-2017-18775 plural NETGEAR Cross-site request forgery vulnerability in device CVSS V2: 6.8
CVSS V3: 8.8
Severity: HIGH
Certain NETGEAR devices are affected by CSRF. This affects R6100 before 1.0.1.12, R7500 before 1.0.0.108, WNDR3700v4 before 1.0.2.86, WNDR4300v1 before 1.0.2.88, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.42. plural NETGEAR A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7500 is a wireless router of NETGEAR. The vulnerability stems from the fact that the WEB application does not fully verify whether the request comes from a trusted user. An attacker can use this vulnerability to send an unexpected request to the server through the affected client. This affects R6100 prior to 1.0.1.12, R7500 prior to 1.0.0.108, WNDR3700v4 prior to 1.0.2.86, WNDR4300v1 prior to 1.0.2.88, WNDR4300v2 prior to 1.0.0.48, WNDR4500v3 prior to 1.0.0.48, and WNR2000v5 prior to 1.0.0.42
VAR-202004-0961 CVE-2020-1807 HUAWEI Mate 20 Unauthorized authentication vulnerabilities in smartphones CVSS V2: 3.6
CVSS V3: 3.5
Severity: LOW
HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.188(C00E74R3P8) have an improper authorization vulnerability. The software does not properly restrict certain user's modification of certain configuration file, successful exploit could allow the attacker to bypass app lock after a series of operation in ADB mode. Huawei Mate 20 is a smart phone of the Chinese company Huawei. Before Huawei Mate 20 10.0.0.188 (C00E74R3P8), there was an access control error vulnerability. The vulnerability stems from the system’s failure to properly restrict the modification of configuration files by specific users. An attacker can exploit a series of operations in ADB debugging mode. The vulnerability caused the application lock to be bypassed
VAR-202004-1565 CVE-2018-21129 NETGEAR WAC505 and WAC510 Information leakage vulnerabilities in devices CVSS V2: 3.3
CVSS V3: 6.5
Severity: MEDIUM
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17. NETGEAR WAC505 and NETGEAR WAC510 are both a wireless access point (AP) of NETGEAR. There are security vulnerabilities in NETGEAR WAC505 versions before 5.0.0.17 and WAC510 versions before 5.0.0.17. This affects WAC505 prior to 5.0.0.17 and WAC510 prior to 5.0.0.17
VAR-202004-1560 CVE-2018-21124 NETGEAR WAC510 Device permission management vulnerabilities CVSS V2: 5.8
CVSS V3: 8.8
Severity: HIGH
NETGEAR WAC510 devices before 5.0.0.17 are affected by privilege escalation. NETGEAR WAC510 A vulnerability exists in the device regarding permission management.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WAC510 is a wireless access point (AP) of NETGEAR. There are security vulnerabilities in NETGEAR WAC510 versions before 5.0.0.17. Attackers can use this vulnerability to elevate permissions
VAR-202004-1562 CVE-2018-21126 NETGEAR WAC505 and WAC510 On the device OS Command injection vulnerabilities CVSS V2: 5.8
CVSS V3: 8.8
Severity: HIGH
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17. NETGEAR WAC505 and WAC510 On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WAC505 and NETGEAR WAC510 are both a wireless access point (AP) of NETGEAR. The vulnerability stems from the fact that the network system or product does not correctly filter the special characters, commands, etc. in the process of constructing the executable command of the operating system by external input data. Attackers can use this vulnerability to execute illegal operating system commands. This affects WAC505 prior to 5.0.0.17 and WAC510 prior to 5.0.0.17
VAR-202004-1553 CVE-2018-21117 NETGEAR XR500 Vulnerabilities in devices CVSS V2: 5.8
CVSS V3: 8.8
Severity: HIGH
NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers via the traceroute handler. NETGEAR XR500 An unspecified vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR XR500 is a wireless router of NETGEAR. There is a security vulnerability in NETGEAR XR500 before 2.3.2.32
VAR-202004-1586 CVE-2018-21150 plural NETGEAR Out-of-bounds write vulnerabilities in devices CVSS V2: 5.2
CVSS V3: 6.8
Severity: MEDIUM
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D7800, etc. are all products of NETGEAR. NETGEAR D7800 is a wireless modem. NETGEAR R7500 is a wireless router. NETGEAR WNDR3700 is a wireless router. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow. This affects D7800 prior to 1.0.1.34, DM200 prior to 1.0.0.50, R6100 prior to 1.0.1.22, R7500 prior to 1.0.0.122, R7500v2 prior to 1.0.3.26, R7800 prior to 1.0.2.42, R8900 prior to 1.0.3.10, R9000 prior to 1.0.3.10, WNDR3700v4 prior to 1.0.2.96, WNDR4300 prior to 1.0.2.98, WNDR4300v2 prior to 1.0.0.54, WNDR4500v3 prior to 1.0.0.54, and WNR2000v5 prior to 1.0.0.64
VAR-202004-1561 CVE-2018-21125 NETGEAR WAC510 Authentication vulnerabilities in devices CVSS V2: 5.8
CVSS V3: 8.8
Severity: HIGH
NETGEAR WAC510 devices before 5.0.0.17 are affected by authentication bypass. NETGEAR WAC510 There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WAC510 is a wireless access point (AP) of NETGEAR. There are security vulnerabilities in NETGEAR WAC510 versions before 5.0.0.17
VAR-202004-0276 CVE-2020-11539 D-Link DIR-615 T1 Vulnerability in improperly limiting excessive authentication attempts on devices CVSS V2: 4.8
CVSS V3: 8.1
Severity: HIGH
An issue was discovered on Tata Sonata Smart SF Rush 1.12 devices. It has been identified that the smart band has no pairing (mode 0 Bluetooth LE security level) The data being transmitted over the air is not encrypted. Adding to this, the data being sent to the smart band doesn't have any authentication or signature verification. Thus, any attacker can control a parameter of the device. D-Link DIR-615 T1 The device is vulnerable to improper restrictions on excessive authentication attempts.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. The product supports functions such as calorie counting and sleep tracking
VAR-202004-0996 CVE-2020-1845 Huawei PCManager Vulnerability related to authority management in CVSS V2: 4.6
CVSS V3: 6.7
Severity: MEDIUM
Huawei PCManager product with versions earlier than 10.0.5.53 have a local privilege escalation vulnerability. An authenticated, local attacker can perform specific operation to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. Huawei PCManager Exists in a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Huawei PCManager is a set of computer management software developed by China Huawei (Huawei)
VAR-202004-2268 No CVE Amovision AM-Q6320-WIFI HD Camera remote configuration leak CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Amovision AM-Q6320-WIFI HD Camera is a high-definition camera. Amovision AM-Q6320-WIFI HD Camera has a remote configuration leak. Attackers can use vulnerabilities to disclose sensitive information.
VAR-202004-1371 CVE-2017-18806 plural NETGEAR Injection vulnerabilities in devices CVSS V2: 4.6
CVSS V3: 6.7
Severity: MEDIUM
Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WAC510, etc. are all a wireless access point (AP) of NETGEAR company. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided
VAR-202004-0708 CVE-2019-17525 D-Link DIR-615 T1 Vulnerability in improperly limiting excessive authentication attempts on devices

Related entries in the VARIoT exploits database: VAR-E-202006-0104
CVSS V2: 4.0
CVSS V3: 8.8
Severity: HIGH
The login page on D-Link DIR-615 T1 20.10 devices allows remote attackers to bypass the CAPTCHA protection mechanism and conduct brute-force attacks. D-Link DIR-615 T1 The device is vulnerable to improper restrictions on excessive authentication attempts.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DIR-615 is a wireless router from D-Link, Taiwan. D-Link DIR-615 T1 20.10 version of the login page has a security vulnerability
VAR-202004-1318 CVE-2017-18805 plural NETGEAR Injection vulnerabilities in devices CVSS V2: 4.6
CVSS V3: 6.7
Severity: MEDIUM
Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WAC510, etc. are all a wireless access point (AP) of NETGEAR company. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided
VAR-202004-1313 CVE-2017-18800 NETGEAR R6700v2 and R6800 Cross-site scripting vulnerabilities in devices CVSS V2: 4.3
CVSS V3: 6.1
Severity: MEDIUM
Certain NETGEAR devices are affected by reflected XSS. This affects R6700v2 before 1.1.0.42 and R6800 before 1.1.0.42. NETGEAR R6700v2 and R6800 A cross-site scripting vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Both NETGEAR R6700v2 and NETGEAR R6800 are wireless routers from NETGEAR. There are cross-site scripting vulnerabilities in NETGEAR R6700v2 versions before 1.1.0.42 and R6800 versions before 1.1.0.42. The vulnerability stems from the lack of correct verification of client data in WEB applications. An attacker can use this vulnerability to execute client code
VAR-202004-1312 CVE-2017-18799 plural NETGEAR Input verification vulnerabilities on devices CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6200v2 before 1.0.3.14, R6250 before 1.0.4.8, R6300v2 before 1.0.4.8, R6700 before 1.1.1.20, R7000 before 1.0.7.10, R7000P/R6900P before 1.0.0.56, R7100LG before 1.0.0.30, R7900 before 1.0.1.14, R8000 before 1.0.3.22, R8500 before 1.0.2.74, and D8500 before 1.0.3.28. plural NETGEAR The device contains an input verification vulnerability.Information may be tampered with. NETGEAR D8500, etc. are all products of NETGEAR. NETGEAR D8500 is a wireless modem. NETGEAR R6250 is a wireless router. NETGEAR R6700 is a wireless router. No detailed vulnerability details are currently provided
VAR-202004-1582 CVE-2018-21146 plural NETGEAR Injection vulnerabilities in devices CVSS V2: 5.2
CVSS V3: 6.8
Severity: MEDIUM
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR4300v2 before 1.0.0.54, and WNDR4500v3 before 1.0.0.54. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7800, etc. are all products of NETGEAR. NETGEAR R7800 is a wireless router. NETGEAR D7800 is a wireless modem. NETGEAR WNDR4300 is a wireless router. Injection vulnerabilities exist in many NETGEAR products. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided
VAR-202004-1576 CVE-2018-21140 NETGEAR D3600 and D6000 Input verification vulnerabilities on devices CVSS V2: 3.3
CVSS V3: 6.5
Severity: MEDIUM
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.76 and D6000 before 1.0.0.76. NETGEAR D3600 and D6000 The device contains an input verification vulnerability.Information may be tampered with. Both NETGEAR D3600 and NETGEAR D6000 are wireless modems from NETGEAR. There are security vulnerabilities in NETGEAR D3600 versions before 1.0.0.76 and D6000 versions before 1.0.0.76. No detailed vulnerability details are currently provided