Sign-up

VARIoT IoT exploits database

Affected products: vendor, model and version
Type can be e.g: Remote Code Execution or Denial of Service
Look up free text in title and description

VAR-E-201905-0044 CVE-2019-20499
CVE-2019-20500
CVE-2019-20501
 D-Link DWL-2600AP - Multiple OS Command Injection - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-202003-0962, VAR-202003-0963, VAR-202003-0964		 EDB ID: 46841
D-Link DWL-2600AP - Multiple OS Command Injection. CVE-2019-20499CVE-2019-20500CVE-2019-20501 . webapps exploit for Hardware platform
VAR-E-201905-0162 CVE-2018-7841
 Schneider Electric U.Motion Builder 1.3.4 - 'track_import_export.php object_id' Unauthenticated Command Injection - PHP webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201905-1044		 EDB ID: 46846
Schneider Electric U.Motion Builder 1.3.4 - 'track_import_export.php object_id' Unauthenticated Command Injection. CVE-2018-7841 . webapps exploit for PHP platform
VAR-E-201904-0103 CVE-2019-11415
 Intelbras IWR 3000N - Denial of Service (Remote Reboot) - Hardware dos Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201904-0919		 EDB ID: 46768
Intelbras IWR 3000N - Denial of Service (Remote Reboot). CVE-2019-11415 . dos exploit for Hardware platform
VAR-E-201904-0151 CVE-2019-11416
 Intelbras IWR 3000N 1.5.0 - Cross-Site Request Forgery - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201904-0920		 EDB ID: 46770
Intelbras IWR 3000N 1.5.0 - Cross-Site Request Forgery. CVE-2019-11416 . webapps exploit for Hardware platform
VAR-E-201904-0066 No CVE Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Set_Task.cgi Permission Assignment No EDB ID
An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a arbitrary setting writes, resulting in the unverified changes to any system setting. An attacker can make an authenticated HTTP request, or run the binary as any user, to trigger this vulnerability.
VAR-E-201904-0010 CVE-2018-4064
 Sierra Wireless AirLink ES450 ACEManager upload.cgi Unverified Password Change

Related entries in the VARIoT vulnerabilities database: VAR-201910-1514		 No EDB ID
An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unverified device configuration change, resulting in an unverified change of the user password on the device. An attacker can make an authenticated HTTP request to trigger this vulnerability.
VAR-E-201904-0009 CVE-2018-4067
CVE-2018-4065
CVE-2018-4063
CVE-2018-4069
CVE-2018-4062
CVE-2018-4066
CVE-2018-4061
 Sierra Wireless AirLink ES450 ACEManager Information Exposure

Related entries in the VARIoT vulnerabilities database: VAR-201905-0854, VAR-201905-0856, VAR-201905-0852, VAR-201905-0853, VAR-201905-0855, VAR-201905-0851, VAR-201905-0858		 No EDB ID
An information disclosure vulnerability exists in the ACEManager authentication functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The ACEManager authentication functionality is done in plaintext XML to the web server. An attacker can listen to network traffic upstream from the device to capitalize on this vulnerability.
VAR-E-201904-0015 CVE-2018-11492
 ASUS HG100 - Denial of Service - Hardware dos Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201808-0559		 EDB ID: 46720
ASUS HG100 - Denial of Service. CVE-2018-11492 . dos exploit for Hardware platform
VAR-E-201904-0187 CVE-2019-9955
 Zyxel ZyWall 310 / ZyWall 110 / USG1900 / ATP500 / USG40 - Login Page Cross-Site Scripting - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201904-0115		 EDB ID: 46706
Zyxel ZyWall 310 / ZyWall 110 / USG1900 / ATP500 / USG40 - Login Page Cross-Site Scripting. CVE-2019-9955 . webapps exploit for Hardware platform
VAR-E-201904-0029 CVE-2019-1663
 Cisco RV130W 1.0.3.44 - Remote Stack Overflow - Hardware remote Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201902-0427		 EDB ID: 46961
Cisco RV130W 1.0.3.44 - Remote Stack Overflow. CVE-2019-1663 . remote exploit for Hardware platform
VAR-E-201904-0091 CVE-2019-11017
 D-Link DI-524 V2.06RU - Multiple Cross-Site Scripting - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201904-1005		 EDB ID: 46687
D-Link DI-524 V2.06RU - Multiple Cross-Site Scripting. CVE-2019-11017 . webapps exploit for Hardware platform
VAR-E-201904-0213 CVE-2019-3915
 Verizon Fios Quantum Gateway CVE-2019-3915 Command Injection Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-201904-0314		 No EDB ID
Verizon Fios Quantum Gateway is prone to a command-injection vulnerability. An attacker can exploit this issue to execute arbitrary commands with root privileges ; this may aid in further attacks. Verizon Fios Quantum Gateway 02.01.00.05 is vulnerable; other versions may also be affected.
VAR-E-201904-0300 CVE-2018-1356
 Fortinet FortiSandbox CVE-2018-1356 Cross Site Scripting Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-201904-0616		 No EDB ID
Fortinet FortiSandbox is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to perform unauthorized actions such as reading, modifying, or deleting content on behalf of the victim on the SharePoint site.
VAR-E-201904-0181 CVE-2019-3941
CVE-2019-3940
 Advantech WebAccess Multiple Security Vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-201904-0333, VAR-201904-0334		 No EDB ID
Advantech WebAccess is prone to the following security vulnerabilities: 1. An arbitrary file-download vulnerability 2. An arbitrary file-upload vulnerability An attacker can exploit these issues to execute arbitrary code in the context of the application, modify and delete files and perform certain unauthorized actions. This may aid in further attacks. Advantech WebAccess 8.3.4 is vulnerable; other versions may also be affected.
VAR-E-201903-0075 CVE-2019-9556
 Fiberhome AN5506-04-F RP2669 - Persistent Cross-Site Scripting - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201912-0653		 EDB ID: 46498
Fiberhome AN5506-04-F RP2669 - Persistent Cross-Site Scripting. CVE-2019-9556 . webapps exploit for Hardware platform
VAR-E-201902-0321 CVE-2018-20219
CVE-2018-20220
CVE-2018-20218
 Teracue ENC-400 - Command Injection / Missing Authentication - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201903-1261, VAR-201903-1259, VAR-201903-1260		 EDB ID: 46451
Teracue ENC-400 - Command Injection / Missing Authentication. CVE-2018-20220CVE-2018-20219CVE-2018-20218 . webapps exploit for Hardware platform
VAR-E-201902-0457 CVE-2019-1681
 Cisco Network Convergence System 1000 Series CVE-2019-1681 Directory Traversal Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-201902-0449		 No EDB ID
Cisco Network Convergence System 1000 Series is prone to a directory-traversal vulnerability. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. This issue is tracked by Cisco Bug ID CSCvk32415.
VAR-E-201902-0117 CVE-2019-6543
CVE-2019-6545
 Indusoft Web Studio 8.1 SP2 - Remote Code Execution - Multiple remote Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201902-0132, VAR-201902-0131		 EDB ID: 46342
Indusoft Web Studio 8.1 SP2 - Remote Code Execution. CVE-2019-6545CVE-2019-6543 . remote exploit for Multiple platform
VAR-E-201902-0416 CVE-2019-7298
 Multiple D-Link Products CVE-2019-7298 Remote Command Injection Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-201902-0144		 No EDB ID
Multiple D-Link Products are prone to a command-injection vulnerability. Exploiting this issue could allow an attacker to execute arbitrary commands in the context of the affected device. Failed exploit attempts will likely result in denial-of-service conditions. D-Link DIR-823G devices with firmware through 1.02B03 are vulnerable.
VAR-E-201902-0270 CVE-2019-7390
 D-Link DIR-823G Router CVE-2019-7390 Remote Security Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-201902-0163		 No EDB ID
D-Link DIR-823G Router is prone to a remote security vulnerability. An attacker can leverage this issue to perform unauthorized actions. This may aid in further attacks. D-Link DIR-823G with firmware 1.02B03 version is vulnerable; other versions may also be affected.