VARIoT IoT exploits database

Affected products: vendor, model and version
Type can be e.g: Remote Code Execution or Denial of Service
Look up free text in title and description

VAR-E-201712-0558 No CVE Sony Playstation 4 4.05 FW Local Kernel Loader No EDB ID
In this project you will find a full implementation of the "namedobj" kernel exploit for the PlayStation 4 on 4.05. It will allow you to run arbitrary code as kernel in order to allow jailbreaking and kernel-level modifications to the system. This release does not contain any code related to defeating anti-piracy mechanisms or running homebrew. This exploit does include a loader that listens for payloads on port 9020 and will execute them.
VAR-E-201712-0269 No CVE Sony Playstation 4 (PS4) 4.05 - 'Jailbreak' WebKit / 'NamedObj ' Kernel Loader - Hardware local Exploit EDB ID: 43397
Sony Playstation 4 (PS4) 4.05 - 'Jailbreak' WebKit / 'NamedObj ' Kernel Loader.. local exploit for Hardware platform
VAR-E-201712-0098 CVE-2017-17215
Huawei Router HG532 - Arbitrary Command Execution - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201803-1048
EDB ID: 43414
Huawei Router HG532 - Arbitrary Command Execution. CVE-2017-17215 . webapps exploit for Hardware platform
VAR-E-201712-0345 CVE-2016-6914
Ubiquiti UniFi Video 3.7.3 - Local Privilege Escalation - Windows local Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201712-0026
EDB ID: 43390
Ubiquiti UniFi Video 3.7.3 - Local Privilege Escalation. CVE-2016-6914 . local exploit for Windows platform
VAR-E-201712-0016 No CVE Linksys WVBR0 - User-Agent Remote Command Injection Exploit No EDB ID
VAR-E-201712-0055 CVE-2017-17745
CVE-2017-17747
TP-Link TL-SG108E XSS / Weak Access Control

Related entries in the VARIoT vulnerabilities database: VAR-201712-0921, VAR-201712-0919
No EDB ID
TP-Link TL-SG108E with firmware 1.0.0 Build 20160722 Rel.50167 suffers from cross site scripting and weak access control vulnerabilities.
VAR-E-201712-0169 CVE-2017-17737
CVE-2017-17738
CVE-2017-17739
BrightSign Digital Signage - Multiple Vulnerablities - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201712-0913, VAR-201712-0914, VAR-201712-0915
EDB ID: 43364
BrightSign Digital Signage - Multiple Vulnerablities. CVE-2017-17739CVE-2017-17738CVE-2017-17737 . webapps exploit for Hardware platform
VAR-E-201712-0467 CVE-2017-17758
Multiple TP-Link Devices CVE-2017-17758 Arbitrary Command Execution Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-201712-0951
No EDB ID
Multiple TP-Link Devices are prone to a remote arbitrary command-execution vulnerability. An attacker can exploit this issue to execute arbitrary commands in context of the affected application.
VAR-E-201712-0126 CVE-2017-17411
Linksys WVBR0-25 - User-Agent Command Execution (Metasploit) - Hardware remote Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201712-0291
EDB ID: 43429
Linksys WVBR0-25 - User-Agent Command Execution (Metasploit). CVE-2017-17411 . remote exploit for Hardware platform
VAR-E-201712-0127 CVE-2017-17411
Linksys WVBR0 - 'User-Agent' Remote Command Injection - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201712-0291
EDB ID: 43363
Linksys WVBR0 - 'User-Agent' Remote Command Injection. CVE-2017-17411 . webapps exploit for Hardware platform
VAR-E-201712-0370 CVE-2017-14016
Advantech WebAccess 8.2-2017.03.31 - Webvrpcs Service Opcode 80061 Stack Buffer Overflow (Metasploit) - Windows webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201711-0409
EDB ID: 43340
Advantech WebAccess 8.2-2017.03.31 - Webvrpcs Service Opcode 80061 Stack Buffer Overflow (Metasploit). CVE-2017-14016 . webapps exploit for Windows platform
VAR-E-201712-0044 CVE-2017-17105
CVE-2017-171069
CVE-2017-17106
CVE-2017-17107
Zivif Camera 2.3.4.2103 iptest.cgi Blind Remote Command Execution

Related entries in the VARIoT vulnerabilities database: VAR-201712-0829, VAR-201712-0828, VAR-201712-0830
No EDB ID
This Metasploit module exploits a remote command execution vulnerability in Zivif webcams. This is known to impact versions prior to and including 2.3.4.2103.
VAR-E-201711-0104 No CVE CODESYS Runtime 'plclinux_rt' Multiple Authentication Bypass Vulnerabilities No EDB ID
CODESYS Runtime is prone to multiple authentication-bypass vulnerabilities. An attacker can exploit these issues to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks.
VAR-E-201711-0308 No CVE WIFICAM Wireless IP Camera (P2P) - Unauthenticated Remote Code Execution Exploit No EDB ID
VAR-E-201711-0254 No CVE DLink DIR-605L < 2.08 - Denial of Service Exploit No EDB ID
VAR-E-201711-0159 No CVE TP-Link TL-WR740N - Cross-Site Scripting Vulnerability No EDB ID
VAR-E-201711-0062 No CVE Icon Time Systems RTC-1000 Firmware 2.5.7458 - Cross-Site Scripting Vulnerability No EDB ID
VAR-E-201711-0332 No CVE Vonage VDV-23 - Denial of Service Exploit No EDB ID
VAR-E-201711-0245 CVE-2017-16902
Vonage VDV-23 - Denial of Service - Hardware dos Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201711-0521
EDB ID: 43164
Vonage VDV-23 - Denial of Service. CVE-2017-16902 . dos exploit for Hardware platform
VAR-E-201711-0293 No CVE WordPress amtyThumb 8.1.3 Cross Site Scripting No EDB ID
WordPress amtyThumb plugin version 8.1.3 suffers from a cross site scripting vulnerability.