VARIoT IoT vulnerabilities database
VAR-202411-1660 | CVE-2024-11803 | Fuji Electric's Tellus Lite V-Simulator Out-of-bounds write vulnerability in |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24771. (DoS) It may be in a state
VAR-202411-1752 | CVE-2024-53334 | TOTOLINK A810R infostat.cgi buffer overflow vulnerability |
CVSS V2: 9.0 CVSS V3: - Severity: HIGH |
TOTOLINK A810R is a wireless dual-band router produced by China's TOTOLINK Electronics.
There is a buffer overflow vulnerability in TOTOLINK A810R infostat.cgi. A remote attacker can use this vulnerability to submit special requests, which can cause the service program to crash or execute arbitrary code in the application context.
VAR-202411-1649 | CVE-2024-11799 | Fuji Electric's Tellus Lite V-Simulator Out-of-bounds write vulnerability in |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24664. Fuji Electric's Tellus Lite V-Simulator Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202411-1725 | CVE-2024-11801 | Fuji Electric's Tellus Lite V-Simulator Out-of-bounds write vulnerability in |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24769. (DoS) It may be in a state
VAR-202411-1620 | CVE-2024-11802 | Fuji Electric's Tellus Lite V-Simulator Out-of-bounds write vulnerability in |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24770. Fuji Electric's Tellus Lite V-Simulator Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202411-1638 | CVE-2024-11800 | Fuji Electric's Tellus Lite V-Simulator Out-of-bounds write vulnerability in |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24768. Fuji Electric's Tellus Lite V-Simulator Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202411-1640 | CVE-2024-48286 | Linksys E3000 diag_ping_start Command Injection Vulnerability |
CVSS V2: 9.0 CVSS V3: - Severity: HIGH |
Linksys E3000 is a powerful dual-band Wireless-N router from Linksys, an American company.
There is a security vulnerability in diag_ping_start of Linksys E3000. A remote attacker can use this vulnerability to submit special requests and execute arbitrary commands in the context of the application.
VAR-202411-1370 | CVE-2024-52034 | mySCADA myPRO Manager Operating System Command Injection Vulnerability (CNVD-2024-46408) |
CVSS V2: 10.0 CVSS V3: 10.0 Severity: Critical |
An OS Command Injection vulnerability exists within myPRO Manager. A parameter within a command can be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands. mySCADA myPRO is a professional HMI/SCADA system designed primarily for visualization and control of industrial processes
VAR-202411-1373 | CVE-2024-50054 | mySCADA myPRO Manager Directory Traversal Vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: High |
The back-end does not sufficiently verify the user-controlled filename parameter which makes it possible for an attacker to perform a path traversal attack and retrieve arbitrary files from the file system. mySCADA myPRO is a professional HMI/SCADA system designed primarily for visualization and control of industrial processes.
mySCADA myPRO Manager has a directory traversal vulnerability that an attacker can exploit to submit special requests to view system file contents in the context of the application and obtain sensitive information
VAR-202411-1369 | CVE-2024-47407 | mySCADA myPRO Manager OS Command Injection Vulnerability |
CVSS V2: 10.0 CVSS V3: 10.0 Severity: Critical |
A parameter within a command does not properly validate input within myPRO Manager which could be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands. mySCADA myPRO is a professional HMI/SCADA system designed primarily for visualization and control of industrial processes
VAR-202411-1371 | CVE-2024-47138 | mySCADA myPRO Manager Access Control Error Vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: Critical |
The administrative interface listens by default on all interfaces on a TCP port and does not require authentication when being accessed. mySCADA myPRO is a professional HMI/SCADA system designed primarily for visualization and control of industrial processes.
mySCADA myPRO Manager has an access control error vulnerability that allows attackers to submit special requests and gain unauthorized access to resources
VAR-202411-1372 | CVE-2024-45369 | mySCADA myPRO Manager Authorization Issue Vulnerability |
CVSS V2: 7.6 CVSS V3: 8.1 Severity: Critical |
The web application uses a weak authentication mechanism to verify that a request is coming from an authenticated and authorized resource. mySCADA myPRO is a professional HMI/SCADA system designed for visualization and control of industrial processes.
mySCADA myPRO Manager has an authorization vulnerability that allows attackers to submit special requests and access resources without authorization
VAR-202411-1591 | CVE-2024-53333 | TOTOLINK EX200 SSD parameter command injection vulnerability |
CVSS V2: 7.5 CVSS V3: 6.3 Severity: MEDIUM |
TOTOLINK EX200 v4.0.3c.7646_B20201211 was found to contain a command insertion vulnerability in the setUssd function. This vulnerability allows an attacker to execute arbitrary commands via the "ussd" parameter. TOTOLINK EX200 is a 2.4G wireless N range extender from China's Jiweng Electronics (TOTOLINK) company
VAR-202411-1539 | CVE-2024-52755 | D-Link Systems, Inc. of di-8003 Out-of-bounds write vulnerability in firmware |
CVSS V2: 6.1 CVSS V3: 4.9 Severity: MEDIUM |
D-LINK DI-8003 v16.07.26A1 was discovered to contain a buffer overflow via the host_ip parameter in the ipsec_road_asp function. D-Link Systems, Inc. of di-8003 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. D-LINK DI-8003 is a router product produced by D-LINK. No detailed vulnerability details are currently provided
VAR-202411-1422 | CVE-2024-51151 | D-Link Systems, Inc. of di-8200 Command injection vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
D-Link DI-8200 16.07.26A1 is vulnerable to remote command execution in the msp_info_htm function via the flag parameter and cmd parameter. D-Link Systems, Inc. of di-8200 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DI-8200 is an enterprise-class router from D-Link, a Chinese company. No detailed vulnerability details are currently available
VAR-202411-1514 | CVE-2024-52765 | H3C of gr-1800ax Firmware vulnerabilities |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
H3C GR-1800AX MiniGRW1B0V100R007 is vulnerable to remote code execution (RCE) via the aspForm parameter. H3C of gr-1800ax There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. H3C GR-1800AX is an enterprise-class wireless router from H3C, a Chinese company. No detailed vulnerability details are currently available
VAR-202411-1476 | CVE-2024-48986 | ARM Ltd. of Mbed OS Classic buffer overflow vulnerability in |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
An issue was discovered in MBed OS 6.16.0. Its hci parsing software dynamically determines the length of certain hci packets by reading a byte from its header. Certain events cause a callback, the logic for which allocates a buffer (the length of which is determined by looking up the event type in a table). The subsequent write operation, however, copies the amount of data specified in the packet header, which may lead to a buffer overflow. This bug is trivial to exploit for a denial of service but is not certain to suffice to bring the system down and can generally not be exploited further because the exploitable buffer is dynamically allocated. ARM Ltd. of Mbed OS Exists in a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state
VAR-202411-1444 | CVE-2024-48982 | ARM Ltd. of Mbed OS Classic buffer overflow vulnerability in |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
An issue was discovered in MBed OS 6.16.0. Its hci parsing software dynamically determines the length of certain hci packets by reading a byte from its header. This value is assumed to be greater than or equal to 3, but the software doesn't ensure that this is the case. Supplying a length less than 3 leads to a buffer overflow in a buffer that is allocated later. It is simultaneously possible to cause another integer overflow by supplying large length values because the provided length value is increased by a few bytes to account for additional information that is supposed to be stored there. This bug is trivial to exploit for a denial of service but is not certain to suffice to bring the system down and can generally not be exploited further because the exploitable buffer is dynamically allocated. ARM Ltd. of Mbed OS Exists in a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state
VAR-202411-1441 | CVE-2024-52757 | D-Link Systems, Inc. of di-8003 Out-of-bounds write vulnerability in firmware |
CVSS V2: 6.1 CVSS V3: 4.9 Severity: MEDIUM |
D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the notify parameter in the arp_sys_asp function. D-Link Systems, Inc. of di-8003 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. D-Link DI-8400 is a wireless router from D-Link, a Chinese company.
D-Link DI-8400 arp_sys_asp has a buffer overflow vulnerability, which can be exploited by remote attackers to submit special requests, causing the service program to crash or execute arbitrary code in the context of the application
VAR-202411-1532 | CVE-2024-48985 | ARM Ltd. of Mbed OS Classic buffer overflow vulnerability in |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
An issue was discovered in MBed OS 6.16.0. During processing of HCI packets, the software dynamically determines the length of the packet data by reading 2 bytes from the packet data. A buffer is then allocated to contain the entire packet, the size of which is calculated as the length of the packet body determined earlier and the header length. If the allocate fails because the specified packet is too large, no exception handling occurs and hciTrSerialRxIncoming continues to write bytes into the 4-byte large temporary header buffer, leading to a buffer overflow. This can be leveraged into an arbitrary write by an attacker. It is possible to overwrite the pointer to the buffer that is supposed to receive the contents of the packet body but which couldn't be allocated. One can then overwrite the state variable used by the function to determine which step of the parsing process is currently being executed. This advances the function to the next state, where it proceeds to copy data to that arbitrary location. The packet body is then written wherever the corrupted data pointer is pointing. ARM Ltd. of Mbed OS Exists in a classic buffer overflow vulnerability.Information may be tampered with