Last active
October 26, 2017 17:54
-
-
Save NoDataFound/fefb0f2dfe7f02edb7786c2600d6d852 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
,____ | |
|IoT.\ | |
___ | ` | |
/ .-\ ./=) | |
| |"|_/\/| | |
; |-;| /_| | |
/ \_| |/ \ | | |
/ \/\( | | |
| / |` ) | | |
/ \ _/ | | |
/--._/ \ | | |
`/|) | / | |
/ | | | |
.' | | | |
/ \ | | |
(_.-.__.__./ / | |
#Originally sourced from: https://research.checkpoint.com/new-iot-botnet-storm-coming/ | |
#Added vulnerability reference information, dates and criticality | |
Vendor | Vulnerability Reference | Date Vuln Published | Severity | Protection Name | Used with IoT_Reaper? | |
----------|------------------------------------------------------|-----------------------|------------|----------------------------------------------------------------------------------|----------------------- | |
GoAhead | CVE-2017-8225 | 4/27/17 | Critical | Wireless IP Camera (P2P) WIFICAM Cameras Information Disclosure | Yes | |
| CPAI-2017-0333 | 4/26/17 | Critical | Wireless IP Camera (P2P) WIFICAM Cameras Remote Code Execution | Yes | |
D-Link | CPAI-2017-0847 | 10/18/17 | Critical | D-Link 850L Router Remote Code Execution | Yes | |
| CPAI-2017-0848 | 10/19/17 | Critical | D-Link DIR800 Series Router Remote Code Execution | Yes | |
| CPAI-2017-0849 | 10/20/17 | Critical | D-Link DIR800 Series Router Information Disclosure | Yes | |
| CPAI-2017-0850 | 10/17/17 | Critical | D-Link 850L Router Remote Unauthenticated Information Disclosure | Yes | |
| CVE-2016-5681 | 10/18/17 | Critical | D-Link 850L Router Cookie Overflow Remote Code Execution | Yes | |
| CVE-2013-1600 | 3/31/14 | High | Dlink IP Camera Video Stream Authentication Bypass – Ver2 | Yes | |
| CVE-2013-1601 | 12/28/14 | High | Dlink IP Camera Luminance Information Disclosure – Ver2 | Yes | |
| CPAI-2017-0852 | 10/19/17 | Critical | D-Link DIR-600/300 Router Unauthenticated Remote Command Execution | Yes | |
| CPAI-2015-0313 | 3/26/15 | High | Dlink IP Camera Authenticated Arbitrary Command Execution – Ver2 | No | |
TP-Link | CVE-2012-5687 | 10/15/13 | High | TP-Link Wireless Lite N Access Point Directory Traversal | No | |
| CVE-2013-2645 | 8/10/15 | Critical | TP-LINK WR1043N Multiple Cross-Site Request Forgery | No | |
NETGEAR | PSV-2017-2317 | 10/19/17 | Critical | Netgear DGN Unauthenticated Command Execution | Yes | |
| CVE-2017-6077 | 2/19/17 | Critical | Netgear ReadyNAS Remote Command Execution | Yes | |
| CVE-2017-6334 | 2/20/17 | Critical | Netgear DGN2200 dnslookup.cgi Command Injection | No | |
| CVE-2016-1524 | 12/5/16 | Critical | Netgear ProSAFE NMS300 fileUpload.do Arbitrary File Upload | No | |
| CVE-2017-5521 | 1/30/17 | Critical | NETGEAR Routers Authentication Bypass | No | |
| CVE-2013-2751 | 7/13/17 | Critical | NETGEAR ReadyNAS np_handler Code Execution | No | |
| CVE-2016- 6277 | 3/13/17 | Critical | Netgear R7000 and R6400 cgi-bin Command Injection | No | |
AVTECH | CPAI-2017-0226 | 3/15/17 | Critical | AVTECH Devices Multiple Vulnerabilities | Yes | |
MikroTik | CVE-2008-6976 | 9/5/08 | Critical | MikroTik RouterOS SNMP Security Bypass | No | |
| NA(hxxp://seclists.org/fulldisclosure/2015/Mar/49) | 2/23/08 | Critical | MikroTik RouterOS Admin Password Change | No | |
| CVE-2012-6050 | 12/26/16 | Critical | Mikrotik Router Remote Denial Of Service | No | |
Linksys | CPAI-2013-3493 | 11/6/13 | High | Belkin Linksys WRT110 Remote Command Execution – Ver2 | No | |
| CVE-2008-2636 | 5/18/15 | High | Linksys WRH54G HTTP Management Interface DoS Code Execution – Ver2 | No | |
| CVE-2013-3568 | 12/28/14 | High | Belkin Linksys WRT110 Remote Command Execution | No | |
| CPAI-2013-3493 | 11/18/13 | High | Belkin Linksys Multiple Products Directory Traversal | No | |
| NA(hxxp://www.securityfocus.com/bid/57760) | 2/6/13 | Critical | Belkin Linksys E1500/E2500 Remote Command Execution | Yes | |
| CVE-2012-0284 | 4/24/12 | Critical | Cisco Linksys PlayerPT ActiveX Control Buffer Overflow | No | |
| CVE-2012-0284 | 1/7/13 | Critical | Cisco Linksys PlayerPT ActiveX Control SetSource sURL Argument Buffer Overflow | No | |
Synology | CVE-2013-6955 | 5/7/14 | High | Synology DiskStation Manager SLICEUPLOAD Code Execution | No | |
Linux | CPAI-2014-1671 | 6/16/14 | High | Linux System Files Information Disclosure | Yes | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment