NoDataFound/IoT_Reaper Vulnerability list

## IoT_Reaper Vulnerability list
                      ,____
                      |IoT.\
              ___     |    `
             / .-\  ./=)
            |  |"|_/\/|
            ;  |-;| /_|
           / \_| |/ \ |
          /      \/\( |
          |   /  |` ) |
          /   \ _/    |
         /--._/  \    |
         `/|)    |    /
           /     |   |
         .'      |   |
        /         \  |
       (_.-.__.__./  /

#Originally sourced from: https://research.checkpoint.com/new-iot-botnet-storm-coming/
#Added vulnerability reference information, dates and criticality

Vendor    |  Vulnerability Reference                             |  Date Vuln Published  |  Severity  |  Protection Name                                                                 |  Used with IoT_Reaper?
----------|------------------------------------------------------|-----------------------|------------|----------------------------------------------------------------------------------|-----------------------
GoAhead   |  CVE-2017-8225                                       |  4/27/17              |  Critical  |  Wireless IP Camera (P2P) WIFICAM Cameras Information Disclosure                 |  Yes
          |  CPAI-2017-0333                                      |  4/26/17              |  Critical  |  Wireless IP Camera (P2P) WIFICAM Cameras Remote Code Execution                  |  Yes
D-Link    |  CPAI-2017-0847                                      |  10/18/17             |  Critical  |  D-Link 850L Router Remote Code Execution                                        |  Yes
          |  CPAI-2017-0848                                      |  10/19/17             |  Critical  |  D-Link DIR800 Series Router Remote Code Execution                               |  Yes
          |  CPAI-2017-0849                                      |  10/20/17             |  Critical  |  D-Link DIR800 Series Router Information Disclosure                              |  Yes
          |  CPAI-2017-0850                                      |  10/17/17             |  Critical  |  D-Link 850L Router Remote Unauthenticated Information Disclosure                |  Yes
          |  CVE-2016-5681                                       |  10/18/17             |  Critical  |  D-Link 850L Router Cookie Overflow Remote Code Execution                        |  Yes
          |  CVE-2013-1600                                       |  3/31/14              |  High      |  Dlink IP Camera Video Stream Authentication Bypass – Ver2                       |  Yes
          |  CVE-2013-1601                                       |  12/28/14             |  High      |  Dlink IP Camera Luminance Information Disclosure – Ver2                         |  Yes
          |  CPAI-2017-0852                                      |  10/19/17             |  Critical  |  D-Link DIR-600/300 Router Unauthenticated Remote Command Execution              |  Yes
          |  CPAI-2015-0313                                      |  3/26/15              |  High      |  Dlink IP Camera Authenticated Arbitrary Command Execution – Ver2                |  No
TP-Link   |  CVE-2012-5687                                       |  10/15/13             |  High      |  TP-Link Wireless Lite N Access Point Directory Traversal                        |  No
          |  CVE-2013-2645                                       |  8/10/15              |  Critical  |  TP-LINK WR1043N Multiple Cross-Site Request Forgery                             |  No
NETGEAR   |  PSV-2017-2317                                       |  10/19/17             |  Critical  |  Netgear DGN Unauthenticated Command Execution                                   |  Yes
          |  CVE-2017-6077                                       |  2/19/17              |  Critical  |  Netgear ReadyNAS Remote Command Execution                                       |  Yes
          |  CVE-2017-6334                                       |  2/20/17              |  Critical  |  Netgear DGN2200 dnslookup.cgi Command Injection                                 |  No
          |  CVE-2016-1524                                       |  12/5/16              |  Critical  |  Netgear ProSAFE NMS300 fileUpload.do Arbitrary File Upload                      |  No
          |  CVE-2017-5521                                       |  1/30/17              |  Critical  |  NETGEAR Routers Authentication Bypass                                           |  No
          |  CVE-2013-2751                                       |  7/13/17              |  Critical  |  NETGEAR ReadyNAS np_handler Code Execution                                      |  No
          |  CVE-2016- 6277                                      |  3/13/17              |  Critical  |  Netgear R7000 and R6400 cgi-bin Command Injection                               |  No
AVTECH    |  CPAI-2017-0226                                      |  3/15/17              |  Critical  |  AVTECH Devices Multiple Vulnerabilities                                         |  Yes
MikroTik  |  CVE-2008-6976                                       |  9/5/08               |  Critical  |  MikroTik RouterOS SNMP Security Bypass                                          |  No
          |  NA(hxxp://seclists.org/fulldisclosure/2015/Mar/49)  |  2/23/08              |  Critical  |  MikroTik RouterOS Admin Password Change                                         |  No
          |  CVE-2012-6050                                       |  12/26/16             |  Critical  |  Mikrotik Router Remote Denial Of Service                                        |  No
Linksys   |  CPAI-2013-3493                                      |  11/6/13              |  High      |  Belkin Linksys WRT110 Remote Command Execution – Ver2                           |  No
          |  CVE-2008-2636                                       |  5/18/15              |  High      |  Linksys WRH54G HTTP Management Interface DoS Code Execution – Ver2              |  No
          |  CVE-2013-3568                                       |  12/28/14             |  High      |  Belkin Linksys WRT110 Remote Command Execution                                  |  No
          |  CPAI-2013-3493                                      |  11/18/13             |  High      |  Belkin Linksys Multiple Products Directory Traversal                            |  No
          |  NA(hxxp://www.securityfocus.com/bid/57760)          |  2/6/13               |  Critical  |  Belkin Linksys E1500/E2500 Remote Command Execution                             |  Yes
          |  CVE-2012-0284                                       |  4/24/12              |  Critical  |  Cisco Linksys PlayerPT ActiveX Control Buffer Overflow                          |  No
          |  CVE-2012-0284                                       |  1/7/13               |  Critical  |  Cisco Linksys PlayerPT ActiveX Control SetSource sURL Argument Buffer Overflow  |  No
Synology  |  CVE-2013-6955                                       |  5/7/14               |  High      |  Synology DiskStation Manager SLICEUPLOAD Code Execution                         |  No
Linux     |  CPAI-2014-1671                                      |  6/16/14              |  High      |  Linux System Files Information Disclosure                                       |  Yes
	,____
	\|IoT.\
	___ \| `
	/ .-\ ./=)
	\| \|"\|_/\/\|
	; \|-;\| /_\|
	/ \_\| \|/ \ \|
	/ \/\( \|
	\| / \|` ) \|
	/ \ _/ \|
	/--._/ \ \|
	`/\|) \| /
	/ \| \|
	.' \| \|
	/ \ \|
	(_.-.__.__./ /

	#Originally sourced from: https://research.checkpoint.com/new-iot-botnet-storm-coming/
	#Added vulnerability reference information, dates and criticality

	Vendor \| Vulnerability Reference \| Date Vuln Published \| Severity \| Protection Name \| Used with IoT_Reaper?
	----------\|------------------------------------------------------\|-----------------------\|------------\|----------------------------------------------------------------------------------\|-----------------------
	GoAhead \| CVE-2017-8225 \| 4/27/17 \| Critical \| Wireless IP Camera (P2P) WIFICAM Cameras Information Disclosure \| Yes
	\| CPAI-2017-0333 \| 4/26/17 \| Critical \| Wireless IP Camera (P2P) WIFICAM Cameras Remote Code Execution \| Yes
	D-Link \| CPAI-2017-0847 \| 10/18/17 \| Critical \| D-Link 850L Router Remote Code Execution \| Yes
	\| CPAI-2017-0848 \| 10/19/17 \| Critical \| D-Link DIR800 Series Router Remote Code Execution \| Yes
	\| CPAI-2017-0849 \| 10/20/17 \| Critical \| D-Link DIR800 Series Router Information Disclosure \| Yes
	\| CPAI-2017-0850 \| 10/17/17 \| Critical \| D-Link 850L Router Remote Unauthenticated Information Disclosure \| Yes
	\| CVE-2016-5681 \| 10/18/17 \| Critical \| D-Link 850L Router Cookie Overflow Remote Code Execution \| Yes
	\| CVE-2013-1600 \| 3/31/14 \| High \| Dlink IP Camera Video Stream Authentication Bypass – Ver2 \| Yes
	\| CVE-2013-1601 \| 12/28/14 \| High \| Dlink IP Camera Luminance Information Disclosure – Ver2 \| Yes
	\| CPAI-2017-0852 \| 10/19/17 \| Critical \| D-Link DIR-600/300 Router Unauthenticated Remote Command Execution \| Yes
	\| CPAI-2015-0313 \| 3/26/15 \| High \| Dlink IP Camera Authenticated Arbitrary Command Execution – Ver2 \| No
	TP-Link \| CVE-2012-5687 \| 10/15/13 \| High \| TP-Link Wireless Lite N Access Point Directory Traversal \| No
	\| CVE-2013-2645 \| 8/10/15 \| Critical \| TP-LINK WR1043N Multiple Cross-Site Request Forgery \| No
	NETGEAR \| PSV-2017-2317 \| 10/19/17 \| Critical \| Netgear DGN Unauthenticated Command Execution \| Yes
	\| CVE-2017-6077 \| 2/19/17 \| Critical \| Netgear ReadyNAS Remote Command Execution \| Yes
	\| CVE-2017-6334 \| 2/20/17 \| Critical \| Netgear DGN2200 dnslookup.cgi Command Injection \| No
	\| CVE-2016-1524 \| 12/5/16 \| Critical \| Netgear ProSAFE NMS300 fileUpload.do Arbitrary File Upload \| No
	\| CVE-2017-5521 \| 1/30/17 \| Critical \| NETGEAR Routers Authentication Bypass \| No
	\| CVE-2013-2751 \| 7/13/17 \| Critical \| NETGEAR ReadyNAS np_handler Code Execution \| No
	\| CVE-2016- 6277 \| 3/13/17 \| Critical \| Netgear R7000 and R6400 cgi-bin Command Injection \| No
	AVTECH \| CPAI-2017-0226 \| 3/15/17 \| Critical \| AVTECH Devices Multiple Vulnerabilities \| Yes
	MikroTik \| CVE-2008-6976 \| 9/5/08 \| Critical \| MikroTik RouterOS SNMP Security Bypass \| No
	\| NA(hxxp://seclists.org/fulldisclosure/2015/Mar/49) \| 2/23/08 \| Critical \| MikroTik RouterOS Admin Password Change \| No
	\| CVE-2012-6050 \| 12/26/16 \| Critical \| Mikrotik Router Remote Denial Of Service \| No
	Linksys \| CPAI-2013-3493 \| 11/6/13 \| High \| Belkin Linksys WRT110 Remote Command Execution – Ver2 \| No
	\| CVE-2008-2636 \| 5/18/15 \| High \| Linksys WRH54G HTTP Management Interface DoS Code Execution – Ver2 \| No
	\| CVE-2013-3568 \| 12/28/14 \| High \| Belkin Linksys WRT110 Remote Command Execution \| No
	\| CPAI-2013-3493 \| 11/18/13 \| High \| Belkin Linksys Multiple Products Directory Traversal \| No
	\| NA(hxxp://www.securityfocus.com/bid/57760) \| 2/6/13 \| Critical \| Belkin Linksys E1500/E2500 Remote Command Execution \| Yes
	\| CVE-2012-0284 \| 4/24/12 \| Critical \| Cisco Linksys PlayerPT ActiveX Control Buffer Overflow \| No
	\| CVE-2012-0284 \| 1/7/13 \| Critical \| Cisco Linksys PlayerPT ActiveX Control SetSource sURL Argument Buffer Overflow \| No
	Synology \| CVE-2013-6955 \| 5/7/14 \| High \| Synology DiskStation Manager SLICEUPLOAD Code Execution \| No
	Linux \| CPAI-2014-1671 \| 6/16/14 \| High \| Linux System Files Information Disclosure \| Yes