VARIoT IoT vulnerabilities database
| VAR-202004-1310 | CVE-2017-18797 | plural NETGEAR Information leakage vulnerabilities in devices |
CVSS V2: 2.1 CVSS V3: 6.2 Severity: MEDIUM |
Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects R6400 before 1.0.1.24, R7900 before 1.0.1.18, R8000 before 1.0.3.54, and R8500 before 1.0.2.100. plural NETGEAR The device contains a vulnerability related to information leakage.Information may be obtained. NETGEAR R6400, etc. are all wireless routers from NETGEAR.
There are security vulnerabilities in many NETGEAR products
| VAR-202004-1311 | CVE-2017-18798 | plural NETGEAR Input verification vulnerabilities on devices |
CVSS V2: 2.1 CVSS V3: 6.2 Severity: MEDIUM |
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, D7000 before 1.0.1.50, and D1500 before 1.0.0.25. plural NETGEAR The device contains an input verification vulnerability.Information may be tampered with. NETGEAR D7000, etc. are all products of NETGEAR. NETGEAR D7000 is a wireless modem. NETGEAR R6700v2 is a wireless router. NETGEAR R6800 is a wireless router. No detailed vulnerability details are currently provided
| VAR-202004-1317 | CVE-2017-18804 | NETGEAR R7800 and R9000 Injection vulnerabilities in devices |
CVSS V2: 4.6 CVSS V3: 6.7 Severity: MEDIUM |
Certain NETGEAR devices are affected by command injection. This affects R7800 before 1.0.2.16 and R9000 before 1.0.2.4. NETGEAR R7800 and R9000 A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Both NETGEAR R9000 and NETGEAR R7800 are wireless routers from NETGEAR. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided
| VAR-202004-1305 | CVE-2017-18792 | NETGEAR D6100 Injection vulnerabilities in devices |
CVSS V2: 4.6 CVSS V3: 8.4 Severity: HIGH |
NETGEAR D6100 devices before 1.0.0.50_0.0.50 are affected by command injection. NETGEAR D6100 A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D6100 is a wireless modem from NETGEAR. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided
| VAR-202004-1315 | CVE-2017-18802 | plural NETGEAR Injection vulnerabilities in devices |
CVSS V2: 4.6 CVSS V3: 6.7 Severity: MEDIUM |
Certain NETGEAR devices are affected by command injection. This affects R6100 before 1.0.1.14, R7500 before 1.0.0.110, R7500v2 before 1.0.3.16, R7800 before 1.0.2.32, EX6200v2 before 1.0.1.50, and D7800 before 1.0.1.22. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7800, etc. are all products of NETGEAR. NETGEAR R7800 is a wireless router. NETGEAR D7800 is a wireless modem. NETGEAR R7500 is a wireless router. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided
| VAR-202004-1314 | CVE-2017-18801 | plural NETGEAR Injection vulnerabilities in devices |
CVSS V2: 4.6 CVSS V3: 6.7 Severity: MEDIUM |
Certain NETGEAR devices are affected by command injection. This affects R6220 before 1.1.0.50, R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, WNDR3700v5 before 1.1.0.48, and D7000 before 1.0.1.50. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
| VAR-202004-0541 | CVE-2020-11968 | Evenroute IQrouter log information disclosure vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
In the web-panel in IQrouter through 3.3.1, remote attackers can read system logs because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”. IQrouter Exists in a vulnerability related to information leakage from log files.Information may be obtained. Evenroute IQrouter is an intelligent router of American Evenroute.
Evenroute IQrouter 3.3.1 and previous versions have a security hole in the web panel
| VAR-202004-1577 | CVE-2018-21141 | plural NETGEAR Input verification vulnerabilities on devices |
CVSS V2: 2.7 CVSS V3: 4.5 Severity: MEDIUM |
Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64. plural NETGEAR The device contains an input verification vulnerability.Service operation interruption (DoS) It may be put into a state. NETGEAR R7800, etc. are all wireless routers from NETGEAR.
There are security vulnerabilities in many NETGEAR products
| VAR-202004-1306 | CVE-2017-18793 | NETGEAR R7800 Injection vulnerabilities in devices |
CVSS V2: 4.6 CVSS V3: 6.7 Severity: MEDIUM |
NETGEAR R7800 devices before 1.0.2.36 are affected by command injection. NETGEAR R7800 A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7800 is a router of NETGEAR
| VAR-202004-1584 | CVE-2018-21148 | plural NETGEAR Out-of-bounds write vulnerabilities in devices |
CVSS V2: 5.2 CVSS V3: 6.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D7800, etc. are all products of NETGEAR. NETGEAR D7800 is a wireless modem. NETGEAR R7500 is a wireless router. NETGEAR WNDR4300 is a wireless router. The vulnerability stems from the fact that when the network system or product performs operations on the memory, it does not correctly verify the data boundary, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow
| VAR-202004-1579 | CVE-2018-21143 | NETGEAR GS810EMX Information Disclosure Vulnerability |
CVSS V2: 3.3 CVSS V3: 6.5 Severity: MEDIUM |
NETGEAR GS810EMX devices before 1.0.0.5 are affected by disclosure of sensitive information. NETGEAR GS810EMX is an Ethernet switch from NETGEAR.
There are security vulnerabilities in NETGEAR GS810EMX versions before 1.0.0.5
| VAR-202004-1309 | CVE-2017-18796 | plural NETGEAR Injection vulnerabilities in devices |
CVSS V2: 4.6 CVSS V3: 6.7 Severity: MEDIUM |
Certain NETGEAR devices are affected by command injection. This affects R6400 before 1.0.1.24, R6700 before 1.0.1.26, R6900 before 1.0.1.28, R7000 before 1.0.9.10, R7000P before 1.0.1.16, R6900P before 1.0.1.16, and R7800 before 1.0.2.36. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
| VAR-202004-1303 | CVE-2017-18790 | plural NETGEAR Information leakage vulnerabilities in devices |
CVSS V2: 2.1 CVSS V3: 6.2 Severity: MEDIUM |
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects R6700 before 1.0.1.26, R7000 before 1.0.9.10, R7100LG before 1.0.0.32, R7900 before 1.0.1.18, R8000 before 1.0.3.54, and R8500 before 1.0.2.100. NETGEAR R6700, etc. are all wireless routers from NETGEAR. The vulnerability stems from a configuration error in the network system or product during operation
| VAR-202004-1304 | CVE-2017-18791 | plural NETGEAR Cross-site request forgery vulnerability in device |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
plural NETGEAR A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D7000, etc. are all products of NETGEAR. NETGEAR D7000 is a wireless modem. NETGEAR WNR2020 is a wireless router. NETGEAR R6220 is a wireless router. The vulnerability stems from the fact that the WEB application does not fully verify whether the request comes from a trusted user. An attacker can use this vulnerability to send unexpected requests to the server through the affected client
| VAR-202004-1308 | CVE-2017-18795 | NETGEAR D6220 and D6100 Injection vulnerabilities in devices |
CVSS V2: 4.6 CVSS V3: 6.7 Severity: MEDIUM |
Certain NETGEAR devices are affected by command injection. This affects D6220 before 1.0.0.28 and D6100 before 1.0.0.50_0.0.50. NETGEAR D6220 and D6100 A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
| VAR-202004-0539 | CVE-2020-11966 | IQrouter Vulnerability in requesting weak passwords in |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
In IQrouter through 3.3.1, the Lua function reset_password in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”. IQrouter There is a vulnerability in requesting a weak password.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Evenroute IQrouter is an intelligent router of American Evenroute.
Evenroute IQrouter 3.3.1 and previous versions have a security vulnerability in the ‘reset_password’ function in the web panel
| VAR-202004-0537 | CVE-2020-11964 | IQrouter Vulnerability regarding inadequate protection of credentials in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
In IQrouter through 3.3.1, the Lua function diag_set_password in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”. IQrouter Exists in an inadequate protection of credentials.Information may be tampered with. Evenroute IQrouter is an intelligent router of American Evenroute.
Evenroute IQrouter 3.3.1 and previous versions have a security hole in the ‘diag_set_password’ function in the web panel
| VAR-202004-0540 | CVE-2020-11967 | IQrouter Vulnerability related to authority management in |
CVSS V2: 9.0 CVSS V3: 9.8 Severity: CRITICAL |
In IQrouter through 3.3.1, remote attackers can control the device (restart network, reboot, upgrade, reset) because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”. IQrouter Exists in a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Evenroute IQrouter is an intelligent router of American Evenroute
| VAR-202004-1316 | CVE-2017-18803 | NETGEAR R7800 Input verification vulnerabilities on devices |
CVSS V2: 2.1 CVSS V3: 6.2 Severity: MEDIUM |
NETGEAR R7800 devices before 1.0.2.30 are affected by incorrect configuration of security settings. NETGEAR R7800 The device contains an input verification vulnerability.Information may be tampered with. NETGEAR R7800 is a wireless router of NETGEAR.
There is a security vulnerability in NETGEAR R7800 before 1.0.2.30. Attackers can use this vulnerability to affect integrity
| VAR-202004-0536 | CVE-2020-11963 | Evenroute IQrouter operating system command injection vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
IQrouter through 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the web-panel because of Bash Shell Metacharacter Injection. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”. IQrouter To OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Evenroute IQrouter is an intelligent router of American Evenroute. Attackers can use this vulnerability to gain root permissions