Research Article
Discovering Vulnerabilities in COTS IoT Devices through Blackbox Fuzzing Web Management Interface
Table 2
Summary of discovered vulnerabilities.
| | Device | Vul-ID | Vulnerability | Remotely exploitable | CNVD-ID | Addition |
| | Phicomm K2-A6 | 001 | Command injection | True | CNVD-2017-25289 | Fixed | | 002 | Interface leak | True | CNVD-2017-20666 | Fixed |
| | JieXi AC836M | 003 | Crash | True | N-day | Fixed |
| | FeiYuXing VE602W+ | 004 | Interface leak | True | CNVD-2017-35720 | Fixed | | 005 | Command injection | True | Fixed |
| | RuiJie NBR1300G | 006 | Crash | False | Just-a-Dos | Fixed | | 007 | Command injection | True | CNVD-2018-22138 | Fixed |
| | RIWYTH RW-950S | 008 | Interface leak | True | CNVD-2017-37032 | Fixed |
| | NEO NIP-25SY | 009 | Crash | False | N-day | Fixed |
| | ZTE C520P | 010 | Interface leak | True | CNVD-2018-21990 | Fixed |
|
|
