Sign-up

VARIoT IoT exploits database

Affected products: vendor, model and version
Type can be e.g: Remote Code Execution or Denial of Service
Look up free text in title and description

VAR-E-201902-0416 CVE-2019-7298
 Multiple D-Link Products CVE-2019-7298 Remote Command Injection Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-201902-0144		 No EDB ID
Multiple D-Link Products are prone to a command-injection vulnerability. Exploiting this issue could allow an attacker to execute arbitrary commands in the context of the affected device. Failed exploit attempts will likely result in denial-of-service conditions. D-Link DIR-823G devices with firmware through 1.02B03 are vulnerable.
VAR-E-201901-0505 CVE-2019-7297
 Multiple D-Link Products CVE-2019-7297 Remote Command Injection Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-201901-0091		 No EDB ID
Multiple D-Link products are prone to a command-injection vulnerability. Exploiting this issue could allow an attacker to execute arbitrary commands in the context of the affected device. Failed exploit attempts will likely result in denial-of-service conditions. D-Link DIR-823G devices with firmware through 1.02B03 are vulnerable.
VAR-E-201901-0163 CVE-2019-6710
 Zyxel NBG-418N v2 Modem 1.00(AAXM.6)C0 - Cross-Site Request Forgery - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201903-0022		 EDB ID: 46240
Zyxel NBG-418N v2 Modem 1.00(AAXM.6)C0 - Cross-Site Request Forgery. CVE-2019-6710 . webapps exploit for Hardware platform
VAR-E-201901-0513 CVE-2019-1653
CVE-2019-1652
 Cisco RV320 Dual Gigabit WAN VPN Router 1.4.2.15 - Command Injection - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201901-0350, VAR-201901-0351		 EDB ID: 46243
Cisco RV320 Dual Gigabit WAN VPN Router 1.4.2.15 - Command Injection. CVE-2019-1652 . webapps exploit for Hardware platform
VAR-E-201901-0044 CVE-2019-1653
CVE-2019-1652
 Cisco RV300 / RV320 - Information Disclosure - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201901-0350, VAR-201901-0351		 EDB ID: 46262
Cisco RV300 / RV320 - Information Disclosure. CVE-2019-1653 . webapps exploit for Hardware platform
VAR-E-201904-0315 CVE-2019-1653
CVE-2019-1652
 Cisco RV320 and RV325 - Unauthenticated Remote Code Execution (Metasploit) - Hardware remote Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201901-0350, VAR-201901-0351		 EDB ID: 46655
Cisco RV320 and RV325 - Unauthenticated Remote Code Execution (Metasploit). CVE-2019-1653CVE-2019-1652 . remote exploit for Hardware platform
VAR-E-201901-0277 CVE-2018-13374
 FortiGate FortiOS < 6.0.3 - LDAP Credential Disclosure - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201901-0568		 EDB ID: 46171
FortiGate FortiOS < 6.0.3 - LDAP Credential Disclosure. CVE-2018-13374 . webapps exploit for Hardware platform
VAR-E-201901-0346 CVE-2018-0461
 Cisco VoIP Script Insertion / Weak Passwords / Undocumented Functionality

Related entries in the VARIoT vulnerabilities database: VAR-201901-0469		 No EDB ID
Cisco VoIP phone such as models 88XX suffer from script insertion, weak and hard-coded passwords, undocumented debug functionality, and various outdated components with known vulnerabilities.
VAR-E-201901-0338 CVE-2018-13798
 Siemens SICAM A8000 Series Denial Of Service

Related entries in the VARIoT vulnerabilities database: VAR-201903-1052		 No EDB ID
Siemens SICAM A8000 Series suffers from an XML injection denial of service vulnerability.
VAR-E-201901-0442 No CVE Vtiger CRM 7.1.0 Remote Code Execution No EDB ID
Vtiger CRM version 7.1.0 suffers from a remote code execution vulnerability.
VAR-E-201901-0369 CVE-2019-5009
 Vtiger CRM 7.1.0 - Remote Code Execution - PHP webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201901-0065		 EDB ID: 46065
Vtiger CRM 7.1.0 - Remote Code Execution. CVE-2019-5009 . webapps exploit for PHP platform
VAR-E-201812-0172 CVE-2018-20399
 Multiple Motorola Products CVE-2018-20399 Remote Information Disclosure Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-201812-0710		 No EDB ID
Multiple Motorola products are prone to an information-disclosure vulnerability. Attackers can exploit this issue to view sensitive information. Information obtained may lead to further attacks. The following versions of product are vulnerable: Motorola SBG901 SBG901-2.10.1.1-GA-00-581-NOSH Motorola SBG941 SBG941-2.11.0.0-GA-07-624-NOSH Motorola SVG1202 SVG1202-2.1.0.0-GA-14-LTSH
VAR-E-201812-0061 No CVE Cisco RV110W - Password Disclosure / Command Execution Exploit No EDB ID
VAR-E-201812-0528 No CVE Huawei B315s-22 - Information Leak Vulnerability No EDB ID
VAR-E-201812-0485 No CVE Rockwell Automation Allen-Bradley PowerMonitor 1000 - Cross-Site Scripting Vulnerability No EDB ID
VAR-E-201812-0070 No CVE Rockwell Automation Allen-Bradley PowerMonitor 1000 - Incorrect Access Control Authentication Bypass No EDB ID
VAR-E-201812-0034 CVE-2018-13134
 TP-Link wireless router Archer C1200 - Cross-Site Scripting - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201807-1062		 EDB ID: 45970
TP-Link wireless router Archer C1200 - Cross-Site Scripting. CVE-2018-13134 . webapps exploit for Hardware platform
VAR-E-201812-0237 CVE-2018-7357
CVE-2018-7358
 ZTE ZXHN H168N - Improper Access Restrictions - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201811-0983, VAR-201811-0984		 EDB ID: 45972
ZTE ZXHN H168N - Improper Access Restrictions. CVE-2018-7358CVE-2018-7357 . webapps exploit for Hardware platform
VAR-E-201812-0089 CVE-2018-7921
 Huawei B315s-22 - Information Leak - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201809-1111		 EDB ID: 45971
Huawei B315s-22 - Information Leak. CVE-2018-7921 . webapps exploit for Hardware platform
VAR-E-201812-0168 CVE-2018-14933
CVE-2018-15716
 NUUO NVRmini - upgrade_handle.php Remote Command Execution (Metasploit) - PHP remote Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201811-0051, VAR-201808-0424		 EDB ID: 46340
NUUO NVRmini - upgrade_handle.php Remote Command Execution (Metasploit). CVE-2018-14933 . remote exploit for PHP platform