VARIoT IoT vulnerabilities database
| VAR-202004-0938 | CVE-2019-20673 | plural NETGEAR Cross-site scripting vulnerabilities in devices |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR RBK50 is a wireless router of NETGEAR. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code
| VAR-202004-0915 | CVE-2019-20681 | plural NETGEAR Authentication vulnerabilities in devices |
CVSS V2: 6.5 CVSS V3: 8.8 Severity: HIGH |
Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.34, D7000 before 1.0.1.68, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6050 before 1.0.1.18, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.64, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, and R6900v2 before 1.2.0.36. plural NETGEAR There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D6200, etc. are all products of NETGEAR. NETGEAR D6200 is a wireless modem. NETGEAR JR6150 is a wireless router. NETGEAR PR2000 is a wireless router
| VAR-202004-0957 | CVE-2020-1803 | Huawei smartphone Honor V20 Vulnerability regarding information leakage in |
CVSS V2: 2.9 CVSS V3: 5.3 Severity: MEDIUM |
Huawei smartphones Honor V20 with versions earlier than 10.0.0.179(C636E3R4P3),versions earlier than 10.0.0.180(C185E3R3P3),versions earlier than 10.0.0.180(C432E10R3P4) have an information disclosure vulnerability. The device does not sufficiently validate the identity of smart wearable device in certain specific scenario, the attacker need to gain certain information in the victim's smartphone to launch the attack, successful exploit could cause information disclosure. Huawei Honor V20 is a smart phone of China's Huawei company
| VAR-202004-0887 | CVE-2019-20647 | NETGEAR RAX40 Vulnerabilities in devices |
CVSS V2: 2.7 CVSS V3: 5.7 Severity: MEDIUM |
NETGEAR RAX40 devices before 1.0.3.64 are affected by denial of service. NETGEAR RAX40 An unspecified vulnerability exists in the device.Service operation interruption (DoS) It may be put into a state. NETGEAR RAX40 is a wireless router of NETGEAR
| VAR-202004-0480 | CVE-2020-11771 | plural NETGEAR Cross-site scripting vulnerabilities in devices |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. This affects D7800 prior to 1.0.1.56, R7500v2 prior to 1.0.3.46, R7800 prior to 1.0.2.68, R8900 prior to 1.0.4.28, R9000 prior to 1.0.4.28, RAX120 prior to 1.0.0.78, XR500 prior to 2.3.2.56, and XR700 prior to 1.0.1.10
| VAR-202004-0093 | CVE-2020-0600 | Intel(R) NUC Vulnerability related to authority management in |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
Improper buffer restrictions in firmware for some Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) NUC Exists in a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Intel NUC Kit is a small desktop computer from Intel Corporation.
The firmware in Intel NUC has a buffer error vulnerability. Local attackers can use this vulnerability to elevate permissions
| VAR-202004-0889 | CVE-2019-20649 | NETGEAR MR1100 Information Disclosure Vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
NETGEAR MR1100 devices before 12.06.08.00 are affected by disclosure of sensitive information. NETGEAR MR1100 is a wireless router of NETGEAR.
There is a security vulnerability in NETGEAR MR1100 12.06.08.00
| VAR-202004-0925 | CVE-2019-20660 | plural NETGEAR Cross-site scripting vulnerabilities in devices |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR RBK20 is a wireless router of NETGEAR. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code
| VAR-202004-0941 | CVE-2019-20676 | plural NETGEAR Vulnerability in lack of authentication on device |
CVSS V2: 3.6 CVSS V3: 6.0 Severity: MEDIUM |
Certain NETGEAR devices are affected by lack of access control at the function level. This affects FS728TLP before 1.0.1.26, GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS108Ev3 before 2.06.08, GS108PEv3 before 2.06.08, GS110EMX before 1.0.1.4, GS116Ev2 before 2.6.0.35, GS408EPP before 1.0.0.15, GS724TPv2 before 1.1.1.29, GS808E before 1.7.0.7, GS810EMX before 1.7.1.1, GS908E before 1.7.0.3, GSS108E before 1.6.0.4, GSS108EPP before 1.0.0.15, GSS116E before 1.6.0.9, JGS516PE before 2.6.0.35, JGS524Ev2 before 2.6.0.35, JGS524PE before 2.6.0.35, XS512EM before 1.0.1.1, XS708Ev2 before 1.6.0.23, XS716E before 1.6.0.23, and XS724EM before 1.0.1.1. plural NETGEAR The device contains a vulnerability related to lack of authentication.Information may be obtained and tampered with. NETGEAR GS105E, etc. are all a kind of switchboard of NETGEAR. No detailed vulnerability details are currently available
| VAR-202004-0482 | CVE-2020-11773 | plural NETGEAR Cross-site scripting vulnerabilities in devices |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with
| VAR-202004-0363 | CVE-2020-0576 | Intel(R) Modular Server MFS2600KISPP Compute Classic buffer overflow vulnerability in module |
CVSS V2: 3.3 CVSS V3: 6.5 Severity: MEDIUM |
Buffer overflow in Intel(R) Modular Server MFS2600KISPP Compute Module may allow an unauthenticated user to potentially enable denial of service via adjacent access. Intel Modular Server MFS2600KISPP Compute Module is a computing module of American Intel Corporation. A remote attacker can exploit the vulnerability with a specially crafted request to cause a denial of service
| VAR-202004-0895 | CVE-2019-20655 | NETGEAR Injection vulnerabilities in devices |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects XR500 before 2.3.2.56 and XR700 before 1.0.1.20. NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR XR700 and NETGEAR XR500 are both wireless routers of NETGEAR.
NETGEAR XR500 versions prior to 2.3.2.56 and XR700 versions prior to 1.0.1.20 have injection vulnerabilities. Attackers can use the vulnerabilities to cause system or product parsing or interpretation errors. This affects XR500 prior to 2.3.2.56 and XR700 prior to 1.0.1.20
| VAR-202004-0939 | CVE-2019-20674 | plural NETGEAR Cross-site scripting vulnerabilities in devices |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR RBK50 is a wireless router of NETGEAR. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code
| VAR-202004-0453 | CVE-2020-11789 | plural NETGEAR Injection vulnerabilities in devices |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects R6400v2 before 1.0.4.84, R6700 before 1.0.2.8, R6700v3 before 1.0.4.84, R6900 before 1.0.2.8, and R7900 before 1.0.3.10. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R6400 is a wireless router of NETGEAR. The vulnerability stems from the operation process of the user inputting the construction command, data structure or record, the network system or product lacks the correct verification of the user input data, and the special elements are not filtered or properly filtered out. The attacker can use the vulnerability to cause the system Or the product has a wrong interpretation or interpretation method
| VAR-202004-0488 | CVE-2020-11779 | plural NETGEAR Cross-site scripting vulnerabilities in devices |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR D7800, etc. are all products of NETGEAR. NETGEAR D7800 is a wireless modem. NETGEAR R7500 is a wireless router. NETGEAR XR500 is a wireless router. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code
| VAR-202004-0089 | CVE-2020-10513 | iCatch DVR Privilege management vulnerability in firmware |
CVSS V2: 4.0 CVSS V3: 6.5 Severity: MEDIUM |
The file management interface of iCatch DVR firmware before 20200103 contains broken access control which allows the attacker to remotely manipulate arbitrary file. iCatch DVR There is a permission management vulnerability in the firmware.Information may be tampered with. iCATCH DVR is a digital video recorder (DVR) from China Desirable International (iCATCH). Attackers can use this vulnerability to manipulate arbitrary files
| VAR-202004-1235 | CVE-2020-3162 | Cisco IoT Field Network Director Input verification vulnerability in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A vulnerability in the Constrained Application Protocol (CoAP) implementation of Cisco IoT Field Network Director could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of incoming CoAP traffic. An attacker could exploit this vulnerability by sending a malformed CoAP packet to an affected device. A successful exploit could allow the attacker to force the CoAP server to stop, interrupting communication to the IoT endpoints. The system has the functions of equipment management, asset tracking and intelligent measurement
| VAR-202004-0886 | CVE-2019-20646 | NETGEAR RAX40 Inadequate protection of credentials on devices |
CVSS V2: 5.0 CVSS V3: 9.8 Severity: CRITICAL |
NETGEAR RAX40 devices before 1.0.3.64 are affected by disclosure of administrative credentials. NETGEAR RAX40 Devices contain vulnerabilities in insufficient protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR RAX40 is a wireless router of NETGEAR.
There is a security vulnerability in NETGEAR RAX40 prior to 1.0.3.64, which an attacker can use to obtain a management certificate
| VAR-202004-0484 | CVE-2020-11775 | plural NETGEAR Cross-site scripting vulnerabilities in devices |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, RBK50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with
| VAR-202004-0933 | CVE-2019-20668 | plural NETGEAR Cross-site scripting vulnerabilities in devices |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR RBK50 is a wireless router of NETGEAR. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code