Research Article
Discovering Vulnerabilities in COTS IoT Devices through Blackbox Fuzzing Web Management Interface
Table 2
Summary of discovered vulnerabilities.
| Device | Vul-ID | Vulnerability | Remotely exploitable | CNVD-ID | Addition |
| Phicomm K2-A6 | 001 | Command injection | True | CNVD-2017-25289 | Fixed | 002 | Interface leak | True | CNVD-2017-20666 | Fixed |
| JieXi AC836M | 003 | Crash | True | N-day | Fixed |
| FeiYuXing VE602W+ | 004 | Interface leak | True | CNVD-2017-35720 | Fixed | 005 | Command injection | True | Fixed |
| RuiJie NBR1300G | 006 | Crash | False | Just-a-Dos | Fixed | 007 | Command injection | True | CNVD-2018-22138 | Fixed |
| RIWYTH RW-950S | 008 | Interface leak | True | CNVD-2017-37032 | Fixed |
| NEO NIP-25SY | 009 | Crash | False | N-day | Fixed |
| ZTE C520P | 010 | Interface leak | True | CNVD-2018-21990 | Fixed |
|
|