IoT_vulnerabilities

This repo contains alls the vulnerabilities identified as a part of security research against IoT devices

Vera -- CVE-2017-9388, CVE-2017-9384,CVE-2017-9381, CVE-2017-9390, CVE-2017-9387, CVE-2017-9389, CVE-2017-9386, CVE-2017-9385, CVE-2017-9383, CVE-2017-9382, CVE-2017-9391, CVE-2017-9392

Starry -- CVE-2017-13718, CVE-2017-13717

Shekar -- CVE-2017-10721, CVE-2017-10719, CVE-2017-10718, CVE-2017-10723, CVE-2017-10724, CVE-2017-10722, CVE-2017-10720

Securifi -- CVE-2017-8336, CVE-2017-8335, CVE-2017-8329, CVE-2017-8333, CVE-2017-8331, CVE-2017-8328, CVE-2017-8334, CVE-2017-8332, CVE-2017-8330, CVE-2017-8337

Dlink -- CVE-2017-8408, CVE-2017-8411, CVE-2017-8404, CVE-2017-8407, CVE-2017-8406, CVE-2017-8409, CVE-2017-8405, CVE-2017-8410, CVE-2017-8414, CVE-2017-8417, CVE-2017-8412, CVE-2017-8415, CVE-2017-8413, CVE-2017-8416

Blipcare -- CVE-2017-11578, CVE-2017-11579, CVE-2017-11580

Amcrest -- CVE-2017-8229, CVE-2017-8226, CVE-2017-8226, CVE-2017-8227, CVE-2017-8228, CVE-2017-13719

Vendors for all the devices were contacted and given more than 90 days to fix all the issues.

The following vendors responded and have patches for the devices

1. Vera
2. Securifi
3. Blipcare
4. Amcrest

The following vendors did not respond to our requests

1. Starry
2. Shekar

The following vendors could not release patches as the product had reached end of lifetime

1. Dlink