VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202301-2228 CVE-2022-48072 PHICOMM K2G A1 Security hole CVSS V2: -
CVSS V3: 7.8
Severity: HIGH
Phicomm K2G v22.6.3.20 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function
VAR-202301-1930 CVE-2022-48073 PHICOMM K2G A1 Security hole CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
Phicomm K2 v22.6.534.263 was discovered to store the root and admin passwords in plaintext
VAR-202301-2194 CVE-2022-48071 PHICOMM K2G A1 Security hole CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
Phicomm K2 v22.6.534.263 was discovered to store the root and admin passwords in plaintext
VAR-202301-2030 CVE-2022-48070 PHICOMM K2G A1 Security hole CVSS V2: -
CVSS V3: 7.8
Severity: HIGH
Phicomm K2 v22.6.534.263 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function
VAR-202301-1909 CVE-2023-24164 Tenda AC18 Buffer error vulnerability CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_000c2318
VAR-202301-1836 CVE-2023-24165 Tenda AC18 Buffer error vulnerability CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/initIpAddrInfo
VAR-202301-1835 CVE-2023-24170 Tenda AC18 Buffer error vulnerability CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/fromSetWirelessRepeat
VAR-202301-1972 CVE-2023-24167 Tenda AC18 Buffer error vulnerability CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/add_white_node
VAR-202301-2301 CVE-2023-24169 Tenda AC18 Buffer error vulnerability CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_0007343c
VAR-202301-2255 CVE-2023-24166 Tenda AC18 Buffer error vulnerability CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/formWifiBasicSet
VAR-202301-1689 CVE-2022-48124 TOTOLINK A7100RU Command injection vulnerability CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the FileName parameter in the setting/setOpenVpnCertGenerationCfg function
VAR-202301-1657 CVE-2022-48122 TOTOLINK A7100RU Command injection vulnerability CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the dayvalid parameter in the setting/delStaticDhcpRules function
VAR-202301-1624 CVE-2022-48125 TOTOlink A7100RU Command injection vulnerability CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the password parameter in the setting/setOpenVpnCertGenerationCfg function
VAR-202301-1809 CVE-2022-48126 TOTOLINK A7100RU Command injection vulnerability CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the username parameter in the setting/setOpenVpnCertGenerationCfg function
VAR-202301-1817 CVE-2022-48121 TOTOlink A7100RU Command injection vulnerability CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the rsabits parameter in the setting/delStaticDhcpRules function
VAR-202301-1568 CVE-2022-48123 TOTOLINK A7100RU Command injection vulnerability CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the servername parameter in the setting/delStaticDhcpRules function
VAR-202301-1405 CVE-2021-37774 Proclink Technology Co., Ltd. TL-WDR7660 httpProcDataSrv Arbitrary Code Execution Vulnerability CVSS V2: 7.7
CVSS V3: 8.0
Severity: HIGH
An issue was discovered in function httpProcDataSrv in TL-WDR7660 2.0.30 that allows attackers to execute arbitrary code. TL-WDR7660 is a gigabit router manufactured by China TP-LINK. Prolink Technology Co., Ltd
VAR-202301-1523 CVE-2022-46476 D-Link DIR-859 Command Injection Vulnerability CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
D-Link DIR-859 A1 1.05 was discovered to contain a command injection vulnerability via the service= variable in the soapcgi_main function. D-Link DIR-859 is a wireless router made by China D-Link Company. There is a security vulnerability in D-Link DIR-859A1 1.05. No detailed vulnerability details are currently available
VAR-202301-1424 CVE-2022-3738 WAGO Access control error vulnerability CVSS V2: -
CVSS V3: 5.9
Severity: MEDIUM
The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull
VAR-202301-1403 CVE-2023-0126 SonicWALL SMA1000 series Path traversal vulnerability CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an unauthenticated attacker to access arbitrary files and directories stored outside the web root directory.