VARIoT IoT vulnerabilities database
| VAR-202004-1398 | CVE-2017-18835 | plural NETGEAR Cross-site scripting vulnerabilities in devices |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
Certain NETGEAR devices are affected by reflected XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with
| VAR-202004-1404 | CVE-2017-18841 | plural NETGEAR Injection vulnerabilities in devices |
CVSS V2: 4.6 CVSS V3: 6.7 Severity: MEDIUM |
Certain NETGEAR devices are affected by command injection. This affects R6220 before 1.1.0.46, R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, WNDR3700v5 before 1.1.0.46, and D7000 before 1.0.1.50. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D7000 etc. are all products of NETGEAR company. NETGEAR D7000 is a wireless modem. NETGEAR R6220 is a wireless router. NETGEAR R6800 is a wireless router. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special element is not filtered or correctly filtered, which causes the system or product to generate analysis or The explanation is wrong. No detailed vulnerability details are currently provided
| VAR-202004-1872 | CVE-2020-9277 | D-Link DSL-2640B B2 Authentication vulnerabilities in devices |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. Authentication can be bypassed when accessing cgi modules. This allows one to perform administrative tasks (e.g., modify the admin password) with no authentication. D-Link DSL-2640B B2 There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DSL-2640B B2 is a wireless router from D-Link, Taiwan.
There is a security vulnerability in the D-Link DSL-2640B B2 EU_4.01B version. An attacker can use the vulnerability by accessing the cgi module to bypass authentication and perform management operations (such as changing the administrator password)
| VAR-202004-1324 | CVE-2017-18852 | plural NETGEAR Cross-site request forgery vulnerability in device |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
Certain NETGEAR devices are affected by CSRF and authentication bypass. This affects R7300DST before 1.0.0.54, R8300 before 1.0.2.100_1.0.82, R8500 before 1.0.2.100_1.0.82, and WNDR3400v3 before 1.0.1.14. plural NETGEAR A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
| VAR-202004-1874 | CVE-2020-9279 | D-Link DSL-2640B B2 Trust Management Issue Vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A hard-coded account allows management-interface login with high privileges. The logged-in user can perform critical tasks and take full control of the device. D-Link DSL-2640B B2 A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DSL-2640B B2 is a wireless router from D-Link, Taiwan.
There is a security vulnerability in the D-Link DSL-2640B B2 EU_4.01B version, which has a hard-coded account in the router
| VAR-202004-1386 | CVE-2017-18823 | plural NETGEAR Vulnerabilities in devices |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR An unspecified vulnerability exists in the device.Information may be tampered with
| VAR-202004-1389 | CVE-2017-18826 | plural NETGEAR Device permission management vulnerabilities |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A vulnerability exists in the device regarding permission management.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR.
There are security vulnerabilities in many NETGEAR products. Attackers can use this vulnerability to elevate permissions
| VAR-202004-1387 | CVE-2017-18824 | plural NETGEAR Path traversal vulnerabilities in devices |
CVSS V2: 2.1 CVSS V3: 3.3 Severity: LOW |
Certain NETGEAR devices are affected by directory traversal. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A path traversal vulnerability exists in the device.Information may be obtained. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR. The vulnerability stems from the failure of network systems or products to properly filter resources or special elements in file paths. Attackers can use this vulnerability to access locations outside of the restricted directory
| VAR-202004-1401 | CVE-2017-18838 | plural NETGEAR Device permission management vulnerabilities |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
Certain NETGEAR devices are affected by privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A vulnerability exists in the device regarding permission management.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR.
There are security vulnerabilities in many NETGEAR products. Attackers can use this vulnerability to elevate permissions
| VAR-202004-1408 | CVE-2017-18845 | NETGEAR R6700v2 and R6800 Inadequate protection of credentials on devices |
CVSS V2: 2.1 CVSS V3: 7.8 Severity: HIGH |
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects R6700v2 before 1.1.0.38 and R6800 before 1.1.0.38. NETGEAR R6700v2 and R6800 Devices contain vulnerabilities in insufficient protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Both NETGEAR R6700v2 and NETGEAR R6800 are wireless routers from NETGEAR.
There are security vulnerabilities in NETGEAR R6700v2 versions before 1.1.0.38 and R6800 versions before 1.1.0.38. Attackers can use this vulnerability to obtain management credentials
| VAR-202004-1409 | CVE-2017-18846 | plural NETGEAR Out-of-bounds write vulnerabilities in devices |
CVSS V2: 4.6 CVSS V3: 6.7 Severity: MEDIUM |
Certain NETGEAR devices are affected by a stack-based buffer overflow. This affects R6250 before 1.0.4.12, R6400v2 before 1.0.2.32, R7000P/R6900P before 1.0.0.56, R7900 before 1.0.1.18, R8300 before 1.0.2.100_1.0.82, R8500 before 1.0.2.100_1.0.82, and D8500 before 1.0.3.29. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D8500, etc. are all products of NETGEAR. NETGEAR D8500 is a wireless modem. NETGEAR R6250 is a wireless router. NETGEAR R8300 is a wireless router. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow
| VAR-202004-1391 | CVE-2017-18828 | plural NETGEAR Cross-site scripting vulnerabilities in devices |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR. The vulnerability stems from the lack of correct verification of client data in the WEB application. An attacker can use this vulnerability to execute client code
| VAR-202004-1873 | CVE-2020-9278 | D-Link DSL-2640B B2 Input verification vulnerabilities on devices |
CVSS V2: 6.4 CVSS V3: 9.1 Severity: CRITICAL |
An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The device can be reset to its default configuration by accessing an unauthenticated URL. D-Link DSL-2640B B2 The device contains an input verification vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. D-Link DSL-2640B B2 is a wireless router from D-Link, Taiwan.
There is a security vulnerability in the D-Link DSL-2640B B2 EU_4.01B version
| VAR-202004-1399 | CVE-2017-18836 | plural NETGEAR Vulnerabilities in devices |
CVSS V2: 2.1 CVSS V3: 6.2 Severity: MEDIUM |
Certain NETGEAR devices are affected by denial of service. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR An unspecified vulnerability exists in the device.Service operation interruption (DoS) It may be put into a state. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR.
There are security vulnerabilities in many NETGEAR products
| VAR-202004-1388 | CVE-2017-18825 | plural NETGEAR Cross-site scripting vulnerabilities in devices |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with
| VAR-202004-1385 | CVE-2017-18822 | plural NETGEAR Device permission management vulnerabilities |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A vulnerability exists in the device regarding permission management.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR.
There are security vulnerabilities in many NETGEAR products. Attackers can use this vulnerability to elevate permissions
| VAR-202004-1871 | CVE-2020-9276 | D-Link DSL-2640B B2 buffer error vulnerability |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The function do_cgi(), which processes cgi requests supplied to the device's web servers, is vulnerable to a remotely exploitable stack-based buffer overflow. Unauthenticated exploitation is possible by combining this vulnerability with CVE-2020-9277. D-Link DSL-2640B B2 The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DSL-2640B B2 is a wireless router from D-Link, Taiwan.
There is a buffer error vulnerability in the ‘do_cgi()’ function in the D-Link DSL-2640B B2 EU_4.01B version. An attacker can exploit this vulnerability by providing a malicious cgi module name in the URL to execute the code on the device with administrative rights
| VAR-202004-2236 | No CVE | Denial of Service Vulnerability in NA-VIEW V2.0 (Special for 15-inch Touch Screen) of Nanda Auto Technology Jiangsu Co., Ltd. |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
NA-VIEW is a touch screen configuration software.
NA-VIEW V2.0 (only for 15-inch touch screen) of Nanda Auto Technology Jiangsu Co., Ltd. has a denial of service vulnerability. An attacker can use the vulnerability to construct a malformed prj file and cause the program to crash.
| VAR-202004-2237 | No CVE | Denial of Service Vulnerability in NA-VIEW V1.02.4 |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
NA-VIEW is a touch screen configuration software.
NA-VIEW V1.02.4 has a denial of service vulnerability. An attacker can use the vulnerability to construct a malformed BMP image file and cause the program to crash.
| VAR-202004-2213 | No CVE | Denial of Service Vulnerability in NA-VIEW V1.02.4 (CNVD-2020-21835) |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
NA-VIEW is a touch screen configuration software.
NA-VIEW V1.02.4 has a denial of service vulnerability. An attacker can use the vulnerability to construct a malformed HMI file and the program may crash.