VARIoT IoT vulnerabilities database
| VAR-202301-2228 | CVE-2022-48072 | PHICOMM K2G A1 Security hole |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
Phicomm K2G v22.6.3.20 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function
| VAR-202301-1930 | CVE-2022-48073 | PHICOMM K2G A1 Security hole |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Phicomm K2 v22.6.534.263 was discovered to store the root and admin passwords in plaintext
| VAR-202301-2194 | CVE-2022-48071 | PHICOMM K2G A1 Security hole |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Phicomm K2 v22.6.534.263 was discovered to store the root and admin passwords in plaintext
| VAR-202301-2030 | CVE-2022-48070 | PHICOMM K2G A1 Security hole |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
Phicomm K2 v22.6.534.263 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function
| VAR-202301-1909 | CVE-2023-24164 | Tenda AC18 Buffer error vulnerability |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_000c2318
| VAR-202301-1836 | CVE-2023-24165 | Tenda AC18 Buffer error vulnerability |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/initIpAddrInfo
| VAR-202301-1835 | CVE-2023-24170 | Tenda AC18 Buffer error vulnerability |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/fromSetWirelessRepeat
| VAR-202301-1972 | CVE-2023-24167 | Tenda AC18 Buffer error vulnerability |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/add_white_node
| VAR-202301-2301 | CVE-2023-24169 | Tenda AC18 Buffer error vulnerability |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_0007343c
| VAR-202301-2255 | CVE-2023-24166 | Tenda AC18 Buffer error vulnerability |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/formWifiBasicSet
| VAR-202301-1689 | CVE-2022-48124 | TOTOLINK A7100RU Command injection vulnerability |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the FileName parameter in the setting/setOpenVpnCertGenerationCfg function
| VAR-202301-1657 | CVE-2022-48122 | TOTOLINK A7100RU Command injection vulnerability |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the dayvalid parameter in the setting/delStaticDhcpRules function
| VAR-202301-1624 | CVE-2022-48125 | TOTOlink A7100RU Command injection vulnerability |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the password parameter in the setting/setOpenVpnCertGenerationCfg function
| VAR-202301-1809 | CVE-2022-48126 | TOTOLINK A7100RU Command injection vulnerability |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the username parameter in the setting/setOpenVpnCertGenerationCfg function
| VAR-202301-1817 | CVE-2022-48121 | TOTOlink A7100RU Command injection vulnerability |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the rsabits parameter in the setting/delStaticDhcpRules function
| VAR-202301-1568 | CVE-2022-48123 | TOTOLINK A7100RU Command injection vulnerability |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the servername parameter in the setting/delStaticDhcpRules function
| VAR-202301-1405 | CVE-2021-37774 | Proclink Technology Co., Ltd. TL-WDR7660 httpProcDataSrv Arbitrary Code Execution Vulnerability |
CVSS V2: 7.7 CVSS V3: 8.0 Severity: HIGH |
An issue was discovered in function httpProcDataSrv in TL-WDR7660 2.0.30 that allows attackers to execute arbitrary code. TL-WDR7660 is a gigabit router manufactured by China TP-LINK.
Prolink Technology Co., Ltd
| VAR-202301-1523 | CVE-2022-46476 | D-Link DIR-859 Command Injection Vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
D-Link DIR-859 A1 1.05 was discovered to contain a command injection vulnerability via the service= variable in the soapcgi_main function. D-Link DIR-859 is a wireless router made by China D-Link Company.
There is a security vulnerability in D-Link DIR-859A1 1.05. No detailed vulnerability details are currently available
| VAR-202301-1424 | CVE-2022-3738 | WAGO Access control error vulnerability |
CVSS V2: - CVSS V3: 5.9 Severity: MEDIUM |
The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull
| VAR-202301-1403 | CVE-2023-0126 | SonicWALL SMA1000 series Path traversal vulnerability |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an unauthenticated attacker to access arbitrary files and directories stored outside the web root directory.