VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202303-2025 CVE-2023-27042 Tenda Ax3 Buffer error vulnerability CVSS V2: -
CVSS V3: 8.8
Severity: HIGH
Tenda AX3 V16.03.12.11 is vulnerable to Buffer Overflow via /goform/SetFirewallCfg.
VAR-202303-1767 CVE-2023-27079 Tenda G103 Command Injection Vulnerability CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
Command Injection vulnerability found in Tenda G103 v.1.0.05 allows an attacker to obtain sensitive information via a crafted package. Tenda G103 is an enterprise-level Ap router from China Tenda Company
VAR-202303-2049 CVE-2023-27135 TOTOLINK A7100RU Command injection vulnerability CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the enabled parameter at /setting/setWanIeCfg
VAR-202303-1848 CVE-2023-28434 MinIO Security hole CVSS V2: -
CVSS V3: 8.8
Severity: HIGH
Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing `PostPolicyBucket`. To carry out this attack, the attacker requires credentials with `arn:aws:s3:::*` permission, as well as enabled Console API access. This issue has been patched in RELEASE.2023-03-20T20-16-18Z. As a workaround, enable browser API access and turn off `MINIO_BROWSER=off`
VAR-202303-1844 CVE-2023-28432 MinIO Information disclosure vulnerability CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z
VAR-202303-1729 CVE-2023-28433 MinIO Security hole CVSS V2: -
CVSS V3: 8.8
Severity: HIGH
Minio is a Multi-Cloud Object Storage framework. All users on Windows prior to version RELEASE.2023-03-20T20-16-18Z are impacted. MinIO fails to filter the `\` character, which allows for arbitrary object placement across buckets. As a result, a user with low privileges, such as an access key, service account, or STS credential, which only has permission to `PutObject` in a specific bucket, can create an admin user. This issue is patched in RELEASE.2023-03-20T20-16-18Z. There are no known workarounds
VAR-202303-1622 CVE-2022-43663 WellinTech KingHistorian Code problem vulnerability CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
An integer conversion vulnerability exists in the SORBAx64.dll RecvPacket functionality of WellinTech KingHistorian 35.01.00.05. A specially crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.
VAR-202303-1661 CVE-2022-45124 WellinTech KingHistorian Information disclosure vulnerability CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
An information disclosure vulnerability exists in the User authentication functionality of WellinTech KingHistorian 35.01.00.05. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can sniff network traffic to leverage this vulnerability.
VAR-202303-1502 CVE-2023-26806 Tenda W20E Buffer error vulnerability CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
Tenda W20E v15.11.0.6(US_W20EV4.0br_v15.11.0.6(1068_1546_841 is vulnerable to Buffer Overflow via function formSetSysTime,
VAR-202303-1668 CVE-2023-26805 Tenda W20E Buffer error vulnerability CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
Tenda W20E v15.11.0.6 (US_W20EV4.0br_v15.11.0.6(1068_1546_841)_CN_TDC) is vulnerable to Buffer Overflow via function formIPMacBindModify
VAR-202303-1689 CVE-2023-28116 Contiki-NG Buffer error vulnerability CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
Contiki-NG is an open-source, cross-platform operating system for internet of things (IoT) devices. In versions 4.8 and prior, an out-of-bounds write can occur in the BLE L2CAP module of the Contiki-NG operating system. The network stack of Contiki-NG uses a global buffer (packetbuf) for processing of packets, with the size of PACKETBUF_SIZE. In particular, when using the BLE L2CAP module with the default configuration, the PACKETBUF_SIZE value becomes larger then the actual size of the packetbuf. When large packets are processed by the L2CAP module, a buffer overflow can therefore occur when copying the packet data to the packetbuf. The vulnerability has been patched in the "develop" branch of Contiki-NG, and will be included in release 4.9. The problem can be worked around by applying the patch manually. There is a security vulnerability in Contiki-NG 4.8 and earlier versions
VAR-202303-1376 CVE-2023-21464 SAMSUNG Mobile Devices Security hole CVSS V2: -
CVSS V3: 3.3
Severity: LOW
Improper access control in Samsung Calendar prior to versions 12.4.02.9000 in Android 13 and 12.3.08.2000 in Android 12 allows local attacker to configure improper status
VAR-202303-1322 CVE-2023-21455 SAMSUNG Mobile Devices Security hole CVSS V2: -
CVSS V3: 9.1
Severity: CRITICAL
Improper authorization implementation in Exynos baseband prior to SMR Mar-2023 Release 1 allows incorrect handling of unencrypted message
VAR-202303-1196 CVE-2023-27240 Tenda AX3 Command Injection Vulnerability (CNVD-2023-21670) CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Tenda AX3 V16.03.12.11 was discovered to contain a command injection vulnerability via the lanip parameter at /goform/AdvSetLanip. Tenda Ax3 is an Ax1800 Gigabit port dual-band Wifi 6 wireless router from the Chinese company Tenda. The vulnerability stems from the fact that the lanip parameter of /goform/AdvSetLanip fails to properly filter special characters and commands in the construction command. Attackers can use this vulnerability to execute arbitrary commands
VAR-202303-1243 CVE-2023-27239 Tenda AX3 Buffer Overflow Vulnerability (CNVD-2023-21669) CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the shareSpeed parameter at /goform/WifiGuestSet. Tenda Ax3 is an Ax1800 Gigabit port dual-band Wifi 6 wireless router from the Chinese company Tenda. The vulnerability is caused by the fact that the shareSpeed parameter in /goform/WifiGuestSet fails to verify user input correctly. Attackers can exploit this vulnerability to cause remote code execution or denial of service
VAR-202303-1316 CVE-2023-0598 GE iFIX Code injection vulnerability CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and GE Digital Proficy iFIX v6.5 are vulnerable to code injection, which may allow an attacker to insert malicious configuration files in the expected web server execution path and gain full control of the HMI software
VAR-202303-1268 CVE-2023-1389 TP-Link Archer AX21 AX1800 Command Injection Vulnerability CVSS V2: 10.0
CVSS V3: 8.8
Severity: HIGH
TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request. TP-Link Archer AX21 AX1800 is a TP-Link WIFI6 router. There is a command injection vulnerability in TP-Link Archer AX21 AX1800. The vulnerability comes from not filtering user input. Attackers can use this vulnerability to construct malicious requests to execute arbitrary commands
VAR-202303-1193 CVE-2023-24229 DrayTek Vigor2960 Command injection vulnerability CVSS V2: -
CVSS V3: 7.8
Severity: HIGH
DrayTek Vigor2960 v1.5.1.4 was discovered to contain a command injection vulnerability via the mainfunction.cgi component.
VAR-202303-1259 CVE-2023-25282 D-Link DIR820LA1 Buffer error vulnerability CVSS V2: -
CVSS V3: 6.5
Severity: MEDIUM
A heap overflow vulnerability in D-Link DIR820LA1_FW106B02 allows attackers to cause a denial of service via the config.log_to_syslog and log_opt_dropPackets parameters to mydlink_api.ccp.
VAR-202303-0899 CVE-2023-27405 Siemens Tecnomatix Plant Simulation SPP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability CVSS V2: 7.2
CVSS V3: 7.8
Severity: HIGH
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20432). This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of SPP files. Siemens Tecnomatix Plant Simulation is an industrial control equipment of German Siemens (Siemens). Leverage the power of discrete event simulation for throughput analysis and optimization to improve manufacturing system performance