VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202004-1398 CVE-2017-18835 plural NETGEAR Cross-site scripting vulnerabilities in devices CVSS V2: 4.3
CVSS V3: 6.1
Severity: MEDIUM
Certain NETGEAR devices are affected by reflected XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with
VAR-202004-1404 CVE-2017-18841 plural NETGEAR Injection vulnerabilities in devices CVSS V2: 4.6
CVSS V3: 6.7
Severity: MEDIUM
Certain NETGEAR devices are affected by command injection. This affects R6220 before 1.1.0.46, R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, WNDR3700v5 before 1.1.0.46, and D7000 before 1.0.1.50. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D7000 etc. are all products of NETGEAR company. NETGEAR D7000 is a wireless modem. NETGEAR R6220 is a wireless router. NETGEAR R6800 is a wireless router. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special element is not filtered or correctly filtered, which causes the system or product to generate analysis or The explanation is wrong. No detailed vulnerability details are currently provided
VAR-202004-1872 CVE-2020-9277 D-Link DSL-2640B B2 Authentication vulnerabilities in devices CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. Authentication can be bypassed when accessing cgi modules. This allows one to perform administrative tasks (e.g., modify the admin password) with no authentication. D-Link DSL-2640B B2 There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DSL-2640B B2 is a wireless router from D-Link, Taiwan. There is a security vulnerability in the D-Link DSL-2640B B2 EU_4.01B version. An attacker can use the vulnerability by accessing the cgi module to bypass authentication and perform management operations (such as changing the administrator password)
VAR-202004-1324 CVE-2017-18852 plural NETGEAR Cross-site request forgery vulnerability in device CVSS V2: 6.8
CVSS V3: 8.8
Severity: HIGH
Certain NETGEAR devices are affected by CSRF and authentication bypass. This affects R7300DST before 1.0.0.54, R8300 before 1.0.2.100_1.0.82, R8500 before 1.0.2.100_1.0.82, and WNDR3400v3 before 1.0.1.14. plural NETGEAR A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
VAR-202004-1874 CVE-2020-9279 D-Link DSL-2640B B2 Trust Management Issue Vulnerability CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A hard-coded account allows management-interface login with high privileges. The logged-in user can perform critical tasks and take full control of the device. D-Link DSL-2640B B2 A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DSL-2640B B2 is a wireless router from D-Link, Taiwan. There is a security vulnerability in the D-Link DSL-2640B B2 EU_4.01B version, which has a hard-coded account in the router
VAR-202004-1386 CVE-2017-18823 plural NETGEAR Vulnerabilities in devices CVSS V2: 2.1
CVSS V3: 5.5
Severity: MEDIUM
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR An unspecified vulnerability exists in the device.Information may be tampered with
VAR-202004-1389 CVE-2017-18826 plural NETGEAR Device permission management vulnerabilities CVSS V2: 4.6
CVSS V3: 7.8
Severity: HIGH
Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A vulnerability exists in the device regarding permission management.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR. There are security vulnerabilities in many NETGEAR products. Attackers can use this vulnerability to elevate permissions
VAR-202004-1387 CVE-2017-18824 plural NETGEAR Path traversal vulnerabilities in devices CVSS V2: 2.1
CVSS V3: 3.3
Severity: LOW
Certain NETGEAR devices are affected by directory traversal. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A path traversal vulnerability exists in the device.Information may be obtained. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR. The vulnerability stems from the failure of network systems or products to properly filter resources or special elements in file paths. Attackers can use this vulnerability to access locations outside of the restricted directory
VAR-202004-1401 CVE-2017-18838 plural NETGEAR Device permission management vulnerabilities CVSS V2: 4.6
CVSS V3: 7.8
Severity: HIGH
Certain NETGEAR devices are affected by privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A vulnerability exists in the device regarding permission management.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR. There are security vulnerabilities in many NETGEAR products. Attackers can use this vulnerability to elevate permissions
VAR-202004-1408 CVE-2017-18845 NETGEAR R6700v2 and R6800 Inadequate protection of credentials on devices CVSS V2: 2.1
CVSS V3: 7.8
Severity: HIGH
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects R6700v2 before 1.1.0.38 and R6800 before 1.1.0.38. NETGEAR R6700v2 and R6800 Devices contain vulnerabilities in insufficient protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Both NETGEAR R6700v2 and NETGEAR R6800 are wireless routers from NETGEAR. There are security vulnerabilities in NETGEAR R6700v2 versions before 1.1.0.38 and R6800 versions before 1.1.0.38. Attackers can use this vulnerability to obtain management credentials
VAR-202004-1409 CVE-2017-18846 plural NETGEAR Out-of-bounds write vulnerabilities in devices CVSS V2: 4.6
CVSS V3: 6.7
Severity: MEDIUM
Certain NETGEAR devices are affected by a stack-based buffer overflow. This affects R6250 before 1.0.4.12, R6400v2 before 1.0.2.32, R7000P/R6900P before 1.0.0.56, R7900 before 1.0.1.18, R8300 before 1.0.2.100_1.0.82, R8500 before 1.0.2.100_1.0.82, and D8500 before 1.0.3.29. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D8500, etc. are all products of NETGEAR. NETGEAR D8500 is a wireless modem. NETGEAR R6250 is a wireless router. NETGEAR R8300 is a wireless router. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow
VAR-202004-1391 CVE-2017-18828 plural NETGEAR Cross-site scripting vulnerabilities in devices CVSS V2: 3.5
CVSS V3: 4.8
Severity: MEDIUM
Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR. The vulnerability stems from the lack of correct verification of client data in the WEB application. An attacker can use this vulnerability to execute client code
VAR-202004-1873 CVE-2020-9278 D-Link DSL-2640B B2 Input verification vulnerabilities on devices CVSS V2: 6.4
CVSS V3: 9.1
Severity: CRITICAL
An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The device can be reset to its default configuration by accessing an unauthenticated URL. D-Link DSL-2640B B2 The device contains an input verification vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. D-Link DSL-2640B B2 is a wireless router from D-Link, Taiwan. There is a security vulnerability in the D-Link DSL-2640B B2 EU_4.01B version
VAR-202004-1399 CVE-2017-18836 plural NETGEAR Vulnerabilities in devices CVSS V2: 2.1
CVSS V3: 6.2
Severity: MEDIUM
Certain NETGEAR devices are affected by denial of service. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR An unspecified vulnerability exists in the device.Service operation interruption (DoS) It may be put into a state. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR. There are security vulnerabilities in many NETGEAR products
VAR-202004-1388 CVE-2017-18825 plural NETGEAR Cross-site scripting vulnerabilities in devices CVSS V2: 3.5
CVSS V3: 4.8
Severity: MEDIUM
Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with
VAR-202004-1385 CVE-2017-18822 plural NETGEAR Device permission management vulnerabilities CVSS V2: 4.6
CVSS V3: 7.8
Severity: HIGH
Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A vulnerability exists in the device regarding permission management.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR. There are security vulnerabilities in many NETGEAR products. Attackers can use this vulnerability to elevate permissions
VAR-202004-1871 CVE-2020-9276 D-Link DSL-2640B B2 buffer error vulnerability CVSS V2: 9.0
CVSS V3: 8.8
Severity: HIGH
An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The function do_cgi(), which processes cgi requests supplied to the device's web servers, is vulnerable to a remotely exploitable stack-based buffer overflow. Unauthenticated exploitation is possible by combining this vulnerability with CVE-2020-9277. D-Link DSL-2640B B2 The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DSL-2640B B2 is a wireless router from D-Link, Taiwan. There is a buffer error vulnerability in the ‘do_cgi()’ function in the D-Link DSL-2640B B2 EU_4.01B version. An attacker can exploit this vulnerability by providing a malicious cgi module name in the URL to execute the code on the device with administrative rights
VAR-202004-2236 No CVE Denial of Service Vulnerability in NA-VIEW V2.0 (Special for 15-inch Touch Screen) of Nanda Auto Technology Jiangsu Co., Ltd. CVSS V2: 4.9
CVSS V3: -
Severity: MEDIUM
NA-VIEW is a touch screen configuration software. NA-VIEW V2.0 (only for 15-inch touch screen) of Nanda Auto Technology Jiangsu Co., Ltd. has a denial of service vulnerability. An attacker can use the vulnerability to construct a malformed prj file and cause the program to crash.
VAR-202004-2237 No CVE Denial of Service Vulnerability in NA-VIEW V1.02.4 CVSS V2: 4.9
CVSS V3: -
Severity: MEDIUM
NA-VIEW is a touch screen configuration software. NA-VIEW V1.02.4 has a denial of service vulnerability. An attacker can use the vulnerability to construct a malformed BMP image file and cause the program to crash.
VAR-202004-2213 No CVE Denial of Service Vulnerability in NA-VIEW V1.02.4 (CNVD-2020-21835) CVSS V2: 4.9
CVSS V3: -
Severity: MEDIUM
NA-VIEW is a touch screen configuration software. NA-VIEW V1.02.4 has a denial of service vulnerability. An attacker can use the vulnerability to construct a malformed HMI file and the program may crash.