VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202004-1310 CVE-2017-18797 plural NETGEAR Information leakage vulnerabilities in devices CVSS V2: 2.1
CVSS V3: 6.2
Severity: MEDIUM
Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects R6400 before 1.0.1.24, R7900 before 1.0.1.18, R8000 before 1.0.3.54, and R8500 before 1.0.2.100. plural NETGEAR The device contains a vulnerability related to information leakage.Information may be obtained. NETGEAR R6400, etc. are all wireless routers from NETGEAR. There are security vulnerabilities in many NETGEAR products
VAR-202004-1311 CVE-2017-18798 plural NETGEAR Input verification vulnerabilities on devices CVSS V2: 2.1
CVSS V3: 6.2
Severity: MEDIUM
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, D7000 before 1.0.1.50, and D1500 before 1.0.0.25. plural NETGEAR The device contains an input verification vulnerability.Information may be tampered with. NETGEAR D7000, etc. are all products of NETGEAR. NETGEAR D7000 is a wireless modem. NETGEAR R6700v2 is a wireless router. NETGEAR R6800 is a wireless router. No detailed vulnerability details are currently provided
VAR-202004-1317 CVE-2017-18804 NETGEAR R7800 and R9000 Injection vulnerabilities in devices CVSS V2: 4.6
CVSS V3: 6.7
Severity: MEDIUM
Certain NETGEAR devices are affected by command injection. This affects R7800 before 1.0.2.16 and R9000 before 1.0.2.4. NETGEAR R7800 and R9000 A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Both NETGEAR R9000 and NETGEAR R7800 are wireless routers from NETGEAR. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided
VAR-202004-1305 CVE-2017-18792 NETGEAR D6100 Injection vulnerabilities in devices CVSS V2: 4.6
CVSS V3: 8.4
Severity: HIGH
NETGEAR D6100 devices before 1.0.0.50_0.0.50 are affected by command injection. NETGEAR D6100 A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D6100 is a wireless modem from NETGEAR. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided
VAR-202004-1315 CVE-2017-18802 plural NETGEAR Injection vulnerabilities in devices CVSS V2: 4.6
CVSS V3: 6.7
Severity: MEDIUM
Certain NETGEAR devices are affected by command injection. This affects R6100 before 1.0.1.14, R7500 before 1.0.0.110, R7500v2 before 1.0.3.16, R7800 before 1.0.2.32, EX6200v2 before 1.0.1.50, and D7800 before 1.0.1.22. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7800, etc. are all products of NETGEAR. NETGEAR R7800 is a wireless router. NETGEAR D7800 is a wireless modem. NETGEAR R7500 is a wireless router. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided
VAR-202004-1314 CVE-2017-18801 plural NETGEAR Injection vulnerabilities in devices CVSS V2: 4.6
CVSS V3: 6.7
Severity: MEDIUM
Certain NETGEAR devices are affected by command injection. This affects R6220 before 1.1.0.50, R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, WNDR3700v5 before 1.1.0.48, and D7000 before 1.0.1.50. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
VAR-202004-0541 CVE-2020-11968 Evenroute IQrouter log information disclosure vulnerability CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
In the web-panel in IQrouter through 3.3.1, remote attackers can read system logs because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”. IQrouter Exists in a vulnerability related to information leakage from log files.Information may be obtained. Evenroute IQrouter is an intelligent router of American Evenroute. Evenroute IQrouter 3.3.1 and previous versions have a security hole in the web panel
VAR-202004-1577 CVE-2018-21141 plural NETGEAR Input verification vulnerabilities on devices CVSS V2: 2.7
CVSS V3: 4.5
Severity: MEDIUM
Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64. plural NETGEAR The device contains an input verification vulnerability.Service operation interruption (DoS) It may be put into a state. NETGEAR R7800, etc. are all wireless routers from NETGEAR. There are security vulnerabilities in many NETGEAR products
VAR-202004-1306 CVE-2017-18793 NETGEAR R7800 Injection vulnerabilities in devices CVSS V2: 4.6
CVSS V3: 6.7
Severity: MEDIUM
NETGEAR R7800 devices before 1.0.2.36 are affected by command injection. NETGEAR R7800 A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7800 is a router of NETGEAR
VAR-202004-1584 CVE-2018-21148 plural NETGEAR Out-of-bounds write vulnerabilities in devices CVSS V2: 5.2
CVSS V3: 6.8
Severity: MEDIUM
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D7800, etc. are all products of NETGEAR. NETGEAR D7800 is a wireless modem. NETGEAR R7500 is a wireless router. NETGEAR WNDR4300 is a wireless router. The vulnerability stems from the fact that when the network system or product performs operations on the memory, it does not correctly verify the data boundary, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow
VAR-202004-1579 CVE-2018-21143 NETGEAR GS810EMX Information Disclosure Vulnerability CVSS V2: 3.3
CVSS V3: 6.5
Severity: MEDIUM
NETGEAR GS810EMX devices before 1.0.0.5 are affected by disclosure of sensitive information. NETGEAR GS810EMX is an Ethernet switch from NETGEAR. There are security vulnerabilities in NETGEAR GS810EMX versions before 1.0.0.5
VAR-202004-1309 CVE-2017-18796 plural NETGEAR Injection vulnerabilities in devices CVSS V2: 4.6
CVSS V3: 6.7
Severity: MEDIUM
Certain NETGEAR devices are affected by command injection. This affects R6400 before 1.0.1.24, R6700 before 1.0.1.26, R6900 before 1.0.1.28, R7000 before 1.0.9.10, R7000P before 1.0.1.16, R6900P before 1.0.1.16, and R7800 before 1.0.2.36. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
VAR-202004-1303 CVE-2017-18790 plural NETGEAR Information leakage vulnerabilities in devices CVSS V2: 2.1
CVSS V3: 6.2
Severity: MEDIUM
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects R6700 before 1.0.1.26, R7000 before 1.0.9.10, R7100LG before 1.0.0.32, R7900 before 1.0.1.18, R8000 before 1.0.3.54, and R8500 before 1.0.2.100. NETGEAR R6700, etc. are all wireless routers from NETGEAR. The vulnerability stems from a configuration error in the network system or product during operation
VAR-202004-1304 CVE-2017-18791 plural NETGEAR Cross-site request forgery vulnerability in device CVSS V2: 6.8
CVSS V3: 8.8
Severity: HIGH
plural NETGEAR A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D7000, etc. are all products of NETGEAR. NETGEAR D7000 is a wireless modem. NETGEAR WNR2020 is a wireless router. NETGEAR R6220 is a wireless router. The vulnerability stems from the fact that the WEB application does not fully verify whether the request comes from a trusted user. An attacker can use this vulnerability to send unexpected requests to the server through the affected client
VAR-202004-1308 CVE-2017-18795 NETGEAR D6220 and D6100 Injection vulnerabilities in devices CVSS V2: 4.6
CVSS V3: 6.7
Severity: MEDIUM
Certain NETGEAR devices are affected by command injection. This affects D6220 before 1.0.0.28 and D6100 before 1.0.0.50_0.0.50. NETGEAR D6220 and D6100 A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
VAR-202004-0539 CVE-2020-11966 IQrouter Vulnerability in requesting weak passwords in CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
In IQrouter through 3.3.1, the Lua function reset_password in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”. IQrouter There is a vulnerability in requesting a weak password.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Evenroute IQrouter is an intelligent router of American Evenroute. Evenroute IQrouter 3.3.1 and previous versions have a security vulnerability in the ‘reset_password’ function in the web panel
VAR-202004-0537 CVE-2020-11964 IQrouter Vulnerability regarding inadequate protection of credentials in CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
In IQrouter through 3.3.1, the Lua function diag_set_password in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”. IQrouter Exists in an inadequate protection of credentials.Information may be tampered with. Evenroute IQrouter is an intelligent router of American Evenroute. Evenroute IQrouter 3.3.1 and previous versions have a security hole in the ‘diag_set_password’ function in the web panel
VAR-202004-0540 CVE-2020-11967 IQrouter Vulnerability related to authority management in CVSS V2: 9.0
CVSS V3: 9.8
Severity: CRITICAL
In IQrouter through 3.3.1, remote attackers can control the device (restart network, reboot, upgrade, reset) because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”. IQrouter Exists in a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Evenroute IQrouter is an intelligent router of American Evenroute
VAR-202004-1316 CVE-2017-18803 NETGEAR R7800 Input verification vulnerabilities on devices CVSS V2: 2.1
CVSS V3: 6.2
Severity: MEDIUM
NETGEAR R7800 devices before 1.0.2.30 are affected by incorrect configuration of security settings. NETGEAR R7800 The device contains an input verification vulnerability.Information may be tampered with. NETGEAR R7800 is a wireless router of NETGEAR. There is a security vulnerability in NETGEAR R7800 before 1.0.2.30. Attackers can use this vulnerability to affect integrity
VAR-202004-0536 CVE-2020-11963 Evenroute IQrouter operating system command injection vulnerability CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
IQrouter through 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the web-panel because of Bash Shell Metacharacter Injection. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”. IQrouter To OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Evenroute IQrouter is an intelligent router of American Evenroute. Attackers can use this vulnerability to gain root permissions