VARIoT IoT vulnerabilities database
| VAR-202004-2214 | No CVE | Nanda Auto Extension NAop401 has a denial of service vulnerability (CNVD-2020-21832) |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
NAop401 is an OP series text screen design tool.
There is a denial-of-service vulnerability in NAOP401 of Nanda Auto Technology. An attacker can exploit the vulnerability by constructing a malformed evp file to cause the program to crash.
| VAR-202004-2210 | No CVE | Nanda Auto Technology NAop401 has a denial of service vulnerability |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
NAop401 is an OP series text screen design tool.
There is a denial-of-service vulnerability in NAOP401 of Nanda Auto Technology. An attacker can exploit the vulnerability by constructing a malformed evp file to cause the program to crash.
| VAR-202004-2225 | No CVE | Denial of Service Vulnerability in NATouch Touch Screen Configuration Software |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
Nanda Auto Technology Jiangsu Co., Ltd. is committed to independent R&D and production of cutting-edge industrial control products with reliable performance, excellent quality and advanced technology.
There is a denial-of-service vulnerability in NATouch's NATouch touch screen configuration software. An attacker can exploit the vulnerability by constructing a malformed skm file to cause the program to crash.
| VAR-202004-2235 | No CVE | Denial of Service Vulnerability in NA-VIEW V2.0 (Special for 15-inch Touch Screen) of Nanda Auto Technology Jiangsu Co., Ltd. (CNVD-2020-21838) |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
NA-VIEW is a touch screen configuration software.
NA-VIEW V2.0 (only for 15-inch touch screen) of Nanda Auto Technology Jiangsu Co., Ltd. has a denial of service vulnerability. An attacker can use the vulnerability to construct a malformed BMP image that can cause the program to crash.
| VAR-202004-2272 | No CVE | Hangzhou Hang Seng Digital Equipment Technology Co., Ltd. SIP routing distribution server has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The main function of the SIP routing distribution server is to route SIP signaling, including SIP proxy (stateful and stateless) services and SIP registration authentication services, providing location services and redirection services.
Hangzhou Hang Seng Digital Equipment Technology Co., Ltd. SIP routing distribution server has a weak password vulnerability, and attackers can use the vulnerability to obtain server permissions.
| VAR-202004-2275 | No CVE | Tenda router has buffer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Tenda AC6 is a 1200M 11ac dual-band wireless router specifically designed for home users with broadband upgrades and routing updates. Tenda AC15 is a 1900M wireless router. Tenda AC18 is a wireless router product.
There is a buffer overflow vulnerability in the Tenda router. An attacker can use this vulnerability to cause a denial of service attack. The constructed payload can gain control of the device.
| VAR-202004-0376 | CVE-2020-10377 | Mitel MiVoice Connect Client Cryptographic strength vulnerabilities in |
CVSS V2: 5.0 CVSS V3: 9.8 Severity: CRITICAL |
A weak encryption vulnerability in Mitel MiVoice Connect Client before 214.100.1214.0 could allow an unauthenticated attacker to gain access to user credentials. A successful exploit could allow an attacker to access the system with compromised user credentials. (DoS) It may be put into a state
| VAR-202004-0207 | CVE-2020-10813 | FTPDMIN Classic buffer overflow vulnerability in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A buffer overflow vulnerability in FTPDMIN 0.96 allows attackers to crash the server via a crafted packet. FTPDMIN Exists in a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be put into a state. FTPDMIN is an FTP (File Transfer Protocol) server based on the Windows platform
| VAR-202004-0371 | CVE-2020-10211 | Mitel MiVoice Connect Input verification vulnerability in |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
A remote code execution vulnerability in UCB component of Mitel MiVoice Connect before 19.1 SP1 could allow an unauthenticated remote attacker to execute arbitrary scripts due to insufficient validation of URL parameters. A successful exploit could allow an attacker to gain access to sensitive information. Mitel MiVoice Connect There is an input verification vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
| VAR-202004-0691 | CVE-2019-6203 | Vulnerabilities in multiple Apple products |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2. An attacker in a privileged network position may be able to intercept network traffic. apple's iOS , Apple Mac OS X , tvOS Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. A security vulnerability exists in the 802.1X component in Apple iOS versions prior to 12.2, macOS Mojave versions prior to 10.14.4, and tvOS versions prior to 12.2
| VAR-202004-2247 | No CVE | Multiple D-Link routers have logic flaws |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
D-Link DIR-882, DIR-878, DIR-867, DIR-853 are all D-Link wireless router products.
Many D-Link routers have a logic flaw vulnerability, which can be exploited by an attacker to log in as an administrator.
| VAR-202004-2253 | CVE-2020-9373 | Netgear R6400 upnp stack overflow vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Netgear R6400 is Netgear's AC1750 wireless router.
Netgear R6400 upnp has a stack overflow vulnerability that attackers can use to execute arbitrary code or cause denial of service.
| VAR-202004-0764 | CVE-2019-20702 | plural NETGEAR On the device OS Command injection vulnerabilities |
CVSS V2: 5.2 CVSS V3: 8.0 Severity: HIGH |
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32. NETGEAR D3600 , D6000 , XR500 On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D3600, etc. are all products of NETGEAR. NETGEAR D3600 is a wireless modem. NETGEAR D6000 is a wireless modem. NETGEAR XR500 is a wireless router.
NETGEAR D3600 versions prior to 1.0.0.76, D6000 versions prior to 1.0.0.76 and XR500 versions prior to 2.3.2.32 have operating system command injection vulnerabilities. This vulnerability stems from the process of constructing operating system executable commands from external input data. By properly filtering the special characters and commands, the attacker can use the vulnerability to execute illegal operating system commands
| VAR-202004-0756 | CVE-2019-20736 | plural NETGEAR Out-of-bounds write vulnerabilities in devices |
CVSS V2: 5.2 CVSS V3: 6.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6000 before 1.0.0.72, D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R8900, etc. are all wireless routers from NETGEAR. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow, etc
| VAR-202004-0765 | CVE-2019-20703 | plural NETGEAR On the device OS Command injection vulnerabilities |
CVSS V2: 5.2 CVSS V3: 8.0 Severity: HIGH |
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32. NETGEAR D3600 , D6000 , XR500 On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D3600, etc. are all products of NETGEAR. NETGEAR D3600 is a wireless modem. NETGEAR D6000 is a wireless modem. NETGEAR XR500 is a wireless router.
NETGEAR D3600 versions prior to 1.0.0.76, D6000 versions prior to 1.0.0.76 and XR500 versions prior to 2.3.2.32 have operating system command injection vulnerabilities. This vulnerability stems from the process of constructing operating system executable commands from external input data. By properly filtering the special characters and commands, the attacker can use the vulnerability to execute illegal operating system commands
| VAR-202004-0755 | CVE-2019-20735 | plural NETGEAR Out-of-bounds write vulnerabilities in devices |
CVSS V2: 5.2 CVSS V3: 6.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before V1.0.0.75, D6100 before V1.0.0.63, R7800 before v1.0.2.52, R8900 before v1.0.4.2, R9000 before v1.0.4.2, RBK50 before v2.3.0.32, RBR50 before v2.3.0.32, RBS50 before v2.3.0.32, WNDR3700v4 before V1.0.2.102, WNDR4300v1 before V1.0.2.104, WNDR4300v2 before v1.0.0.58, WNDR4500v3 before v1.0.0.58, WNR2000v5 before v1.0.0.68, and XR500 before V2.3.2.32. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R8900, etc. are all wireless routers from NETGEAR. The vulnerability stems from the fact that when the network system or product performs operations on the memory, it does not correctly verify the data boundary, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow, etc
| VAR-202004-0775 | CVE-2019-20713 | plural NETGEAR Out-of-bounds write vulnerabilities in devices |
CVSS V2: 5.2 CVSS V3: 6.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D8500 before 1.0.3.44, R6250 before 1.0.4.34, R6300v2 before 1.0.4.32, R6400 before 1.0.1.46, R6700 before 1.0.2.6, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R7000 before 1.0.9.42, R7000P before 1.3.1.64, R7100LG before 1.0.0.50, R7300DST before 1.0.0.70, R7900 before 1.0.3.8, R7900P before 1.4.1.30, R8000 before 1.0.4.28, R8000P before 1.4.1.30, R8300 before 1.0.2.128, and R8500 before 1.0.2.128. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D8500, etc. are all products of NETGEAR. NETGEAR D8500 is a wireless modem. NETGEAR R6250 is a wireless router. NETGEAR R6300 is a wireless router. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow
| VAR-202004-0793 | CVE-2019-20747 | plural NETGEAR Out-of-bounds write vulnerabilities in devices |
CVSS V2: 5.2 CVSS V3: 6.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.58, D7800 before 1.0.1.40, R7500v2 before 1.0.3.34, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.3.16, RAX120 before 1.0.0.74, RBK20 before 2.3.0.22, RBR20 before 2.3.0.22, RBS20 before 2.3.0.22, RBK50 before 2.3.0.22, RBR50 before 2.3.0.22, RBS50 before 2.3.0.22, RBK40 before 2.3.0.22, RBS40 before 2.3.0.22, SRK60 before 2.2.0.64, SRR60 before 2.2.0.64, SRS60 before 2.2.0.64, WNDR3700v4 before 1.0.2.102, WNDR4300 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, WNDR4500v3 before 1.0.0.56, and WNR2000v5 before 1.0.0.66. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R8900, etc. are all wireless routers from NETGEAR. The vulnerability stems from the fact that when the network system or product performs operations on the memory, it does not correctly verify the data boundary, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow
| VAR-202004-0898 | CVE-2019-20689 | plural NETGEAR Injection vulnerabilities in devices |
CVSS V2: 5.2 CVSS V3: 6.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6000 before 1.0.0.75, D6100 before 1.0.0.63, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7300 before 1.0.2.136, EX8000 before 1.0.1.180, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3100RPv2 before 1.0.0.60, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
| VAR-202004-0784 | CVE-2019-20722 | plural NETGEAR Injection vulnerabilities in devices |
CVSS V2: 5.2 CVSS V3: 6.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBS40 before 2.3.0.28, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D7800, etc. are all products of NETGEAR. NETGEAR D7800 is a wireless modem. NETGEAR R7500 is a wireless router. NETGEAR WNDR4300 is a wireless router. The vulnerability stems from the fact that the network system or product does not properly filter special elements in the process of constructing executable commands from external input data. Attackers can use this vulnerability to execute illegal commands