VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202004-2214 No CVE Nanda Auto Extension NAop401 has a denial of service vulnerability (CNVD-2020-21832) CVSS V2: 4.9
CVSS V3: -
Severity: MEDIUM
NAop401 is an OP series text screen design tool. There is a denial-of-service vulnerability in NAOP401 of Nanda Auto Technology. An attacker can exploit the vulnerability by constructing a malformed evp file to cause the program to crash.
VAR-202004-2210 No CVE Nanda Auto Technology NAop401 has a denial of service vulnerability CVSS V2: 4.9
CVSS V3: -
Severity: MEDIUM
NAop401 is an OP series text screen design tool. There is a denial-of-service vulnerability in NAOP401 of Nanda Auto Technology. An attacker can exploit the vulnerability by constructing a malformed evp file to cause the program to crash.
VAR-202004-2225 No CVE Denial of Service Vulnerability in NATouch Touch Screen Configuration Software CVSS V2: 4.9
CVSS V3: -
Severity: MEDIUM
Nanda Auto Technology Jiangsu Co., Ltd. is committed to independent R&D and production of cutting-edge industrial control products with reliable performance, excellent quality and advanced technology. There is a denial-of-service vulnerability in NATouch's NATouch touch screen configuration software. An attacker can exploit the vulnerability by constructing a malformed skm file to cause the program to crash.
VAR-202004-2235 No CVE Denial of Service Vulnerability in NA-VIEW V2.0 (Special for 15-inch Touch Screen) of Nanda Auto Technology Jiangsu Co., Ltd. (CNVD-2020-21838) CVSS V2: 4.9
CVSS V3: -
Severity: MEDIUM
NA-VIEW is a touch screen configuration software. NA-VIEW V2.0 (only for 15-inch touch screen) of Nanda Auto Technology Jiangsu Co., Ltd. has a denial of service vulnerability. An attacker can use the vulnerability to construct a malformed BMP image that can cause the program to crash.
VAR-202004-2272 No CVE Hangzhou Hang Seng Digital Equipment Technology Co., Ltd. SIP routing distribution server has a weak password vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The main function of the SIP routing distribution server is to route SIP signaling, including SIP proxy (stateful and stateless) services and SIP registration authentication services, providing location services and redirection services. Hangzhou Hang Seng Digital Equipment Technology Co., Ltd. SIP routing distribution server has a weak password vulnerability, and attackers can use the vulnerability to obtain server permissions.
VAR-202004-2275 No CVE Tenda router has buffer overflow vulnerability CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
Tenda AC6 is a 1200M 11ac dual-band wireless router specifically designed for home users with broadband upgrades and routing updates. Tenda AC15 is a 1900M wireless router. Tenda AC18 is a wireless router product. There is a buffer overflow vulnerability in the Tenda router. An attacker can use this vulnerability to cause a denial of service attack. The constructed payload can gain control of the device.
VAR-202004-0376 CVE-2020-10377 Mitel MiVoice Connect Client Cryptographic strength vulnerabilities in CVSS V2: 5.0
CVSS V3: 9.8
Severity: CRITICAL
A weak encryption vulnerability in Mitel MiVoice Connect Client before 214.100.1214.0 could allow an unauthenticated attacker to gain access to user credentials. A successful exploit could allow an attacker to access the system with compromised user credentials. (DoS) It may be put into a state
VAR-202004-0207 CVE-2020-10813 FTPDMIN Classic buffer overflow vulnerability in CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
A buffer overflow vulnerability in FTPDMIN 0.96 allows attackers to crash the server via a crafted packet. FTPDMIN Exists in a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be put into a state. FTPDMIN is an FTP (File Transfer Protocol) server based on the Windows platform
VAR-202004-0371 CVE-2020-10211 Mitel MiVoice Connect Input verification vulnerability in CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
A remote code execution vulnerability in UCB component of Mitel MiVoice Connect before 19.1 SP1 could allow an unauthenticated remote attacker to execute arbitrary scripts due to insufficient validation of URL parameters. A successful exploit could allow an attacker to gain access to sensitive information. Mitel MiVoice Connect There is an input verification vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
VAR-202004-0691 CVE-2019-6203 Vulnerabilities in multiple Apple products CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2. An attacker in a privileged network position may be able to intercept network traffic. apple's iOS , Apple Mac OS X , tvOS Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. A security vulnerability exists in the 802.1X component in Apple iOS versions prior to 12.2, macOS Mojave versions prior to 10.14.4, and tvOS versions prior to 12.2
VAR-202004-2247 No CVE Multiple D-Link routers have logic flaws CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
D-Link DIR-882, DIR-878, DIR-867, DIR-853 are all D-Link wireless router products. Many D-Link routers have a logic flaw vulnerability, which can be exploited by an attacker to log in as an administrator.
VAR-202004-2253 CVE-2020-9373 Netgear R6400 upnp stack overflow vulnerability CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
Netgear R6400 is Netgear's AC1750 wireless router. Netgear R6400 upnp has a stack overflow vulnerability that attackers can use to execute arbitrary code or cause denial of service.
VAR-202004-0764 CVE-2019-20702 plural NETGEAR On the device OS Command injection vulnerabilities CVSS V2: 5.2
CVSS V3: 8.0
Severity: HIGH
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32. NETGEAR D3600 , D6000 , XR500 On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D3600, etc. are all products of NETGEAR. NETGEAR D3600 is a wireless modem. NETGEAR D6000 is a wireless modem. NETGEAR XR500 is a wireless router. NETGEAR D3600 versions prior to 1.0.0.76, D6000 versions prior to 1.0.0.76 and XR500 versions prior to 2.3.2.32 have operating system command injection vulnerabilities. This vulnerability stems from the process of constructing operating system executable commands from external input data. By properly filtering the special characters and commands, the attacker can use the vulnerability to execute illegal operating system commands
VAR-202004-0756 CVE-2019-20736 plural NETGEAR Out-of-bounds write vulnerabilities in devices CVSS V2: 5.2
CVSS V3: 6.8
Severity: MEDIUM
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6000 before 1.0.0.72, D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R8900, etc. are all wireless routers from NETGEAR. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow, etc
VAR-202004-0765 CVE-2019-20703 plural NETGEAR On the device OS Command injection vulnerabilities CVSS V2: 5.2
CVSS V3: 8.0
Severity: HIGH
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32. NETGEAR D3600 , D6000 , XR500 On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D3600, etc. are all products of NETGEAR. NETGEAR D3600 is a wireless modem. NETGEAR D6000 is a wireless modem. NETGEAR XR500 is a wireless router. NETGEAR D3600 versions prior to 1.0.0.76, D6000 versions prior to 1.0.0.76 and XR500 versions prior to 2.3.2.32 have operating system command injection vulnerabilities. This vulnerability stems from the process of constructing operating system executable commands from external input data. By properly filtering the special characters and commands, the attacker can use the vulnerability to execute illegal operating system commands
VAR-202004-0755 CVE-2019-20735 plural NETGEAR Out-of-bounds write vulnerabilities in devices CVSS V2: 5.2
CVSS V3: 6.8
Severity: MEDIUM
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before V1.0.0.75, D6100 before V1.0.0.63, R7800 before v1.0.2.52, R8900 before v1.0.4.2, R9000 before v1.0.4.2, RBK50 before v2.3.0.32, RBR50 before v2.3.0.32, RBS50 before v2.3.0.32, WNDR3700v4 before V1.0.2.102, WNDR4300v1 before V1.0.2.104, WNDR4300v2 before v1.0.0.58, WNDR4500v3 before v1.0.0.58, WNR2000v5 before v1.0.0.68, and XR500 before V2.3.2.32. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R8900, etc. are all wireless routers from NETGEAR. The vulnerability stems from the fact that when the network system or product performs operations on the memory, it does not correctly verify the data boundary, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow, etc
VAR-202004-0775 CVE-2019-20713 plural NETGEAR Out-of-bounds write vulnerabilities in devices CVSS V2: 5.2
CVSS V3: 6.8
Severity: MEDIUM
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D8500 before 1.0.3.44, R6250 before 1.0.4.34, R6300v2 before 1.0.4.32, R6400 before 1.0.1.46, R6700 before 1.0.2.6, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R7000 before 1.0.9.42, R7000P before 1.3.1.64, R7100LG before 1.0.0.50, R7300DST before 1.0.0.70, R7900 before 1.0.3.8, R7900P before 1.4.1.30, R8000 before 1.0.4.28, R8000P before 1.4.1.30, R8300 before 1.0.2.128, and R8500 before 1.0.2.128. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D8500, etc. are all products of NETGEAR. NETGEAR D8500 is a wireless modem. NETGEAR R6250 is a wireless router. NETGEAR R6300 is a wireless router. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow
VAR-202004-0793 CVE-2019-20747 plural NETGEAR Out-of-bounds write vulnerabilities in devices CVSS V2: 5.2
CVSS V3: 6.8
Severity: MEDIUM
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.58, D7800 before 1.0.1.40, R7500v2 before 1.0.3.34, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.3.16, RAX120 before 1.0.0.74, RBK20 before 2.3.0.22, RBR20 before 2.3.0.22, RBS20 before 2.3.0.22, RBK50 before 2.3.0.22, RBR50 before 2.3.0.22, RBS50 before 2.3.0.22, RBK40 before 2.3.0.22, RBS40 before 2.3.0.22, SRK60 before 2.2.0.64, SRR60 before 2.2.0.64, SRS60 before 2.2.0.64, WNDR3700v4 before 1.0.2.102, WNDR4300 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, WNDR4500v3 before 1.0.0.56, and WNR2000v5 before 1.0.0.66. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R8900, etc. are all wireless routers from NETGEAR. The vulnerability stems from the fact that when the network system or product performs operations on the memory, it does not correctly verify the data boundary, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow
VAR-202004-0898 CVE-2019-20689 plural NETGEAR Injection vulnerabilities in devices CVSS V2: 5.2
CVSS V3: 6.8
Severity: MEDIUM
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6000 before 1.0.0.75, D6100 before 1.0.0.63, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7300 before 1.0.2.136, EX8000 before 1.0.1.180, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3100RPv2 before 1.0.0.60, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
VAR-202004-0784 CVE-2019-20722 plural NETGEAR Injection vulnerabilities in devices CVSS V2: 5.2
CVSS V3: 6.8
Severity: MEDIUM
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBS40 before 2.3.0.28, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D7800, etc. are all products of NETGEAR. NETGEAR D7800 is a wireless modem. NETGEAR R7500 is a wireless router. NETGEAR WNDR4300 is a wireless router. The vulnerability stems from the fact that the network system or product does not properly filter special elements in the process of constructing executable commands from external input data. Attackers can use this vulnerability to execute illegal commands