VARIoT IoT vulnerabilities database

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the rules parameter in the dns_forward_rule_store function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. The Tenda G3 is a QoS VPN router from the Chinese company Tenda. This vulnerability stems from the failure of the "rules" parameter in the dns_forward_rule_store function to properly validate the length of input data

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the pppoeServerWhiteMacIndex parameter in the formModifyPppAuthWhiteMac function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. The Tenda G3 is a QoS VPN router from the Chinese company Tenda

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the staticRouteGateway parameter in the formSetStaticRoute function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. The Tenda G3 is a QoS VPN router from the Chinese company Tenda

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the vpnUsers parameter in the formAddVpnUsers function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. The Tenda G3 is a QoS VPN router from the Chinese company Tenda. This vulnerability stems from the failure to properly validate the length of the input data in the vpnUsers parameter in the formAddVpnUsers function

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the portMappingIndex parameter in the formDelPortMapping function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. The Tenda G3 is a QoS VPN router from the Chinese company Tenda

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the delDhcpIndex parameter in the formDelDhcpRule function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. The Tenda G3 is a QoS VPN router from the Chinese company Tenda. This vulnerability stems from the fact that the delDhcpIndex parameter in the formDelDhcpRule function fails to properly validate the length of input data

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain multiple stack overflows in the formIPMacBindModify function via the ruleId, ip, mac, v6 and remark parameters. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. The Tenda G3 is a QoS VPN router from the Chinese company Tenda

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the dhcpIndex parameter in the addDhcpRule function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. The Tenda G3 is a QoS VPN router from the Chinese company Tenda. This vulnerability stems from the failure of the addDhcpRule function to properly validate the length of the input data in the dhcpIndex parameter

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain multiple stack overflows in the formSetDebugCfg function via the pEnable, pLevel, and pModule parameters. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. The Tenda G3 is a QoS VPN router from the Chinese company Tenda

A vulnerability was detected in Tenda AC20 up to 16.03.08.12. The impacted element is the function strcpy of the file /goform/GetParentControlInfo. The manipulation of the argument mac results in buffer overflow. The attack may be performed from remote. The exploit is now public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC20 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. An attacker could exploit this vulnerability by remotely sending specially crafted data to trigger the buffer overflow, thereby executing arbitrary code or causing the system to crash

A vulnerability was found in TOTOLINK X5000R 9.1.0cu.2415_B20250515. This affects the function sub_410C34 of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument pid results in command injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The TOTOLINK X5000R is a wireless router that supports Wi-Fi 6 technology, featuring a full-coverage mesh system and dual-band transmission capabilities, making it suitable for home and enterprise network environments. The TOTOLINK X5000R has a command injection vulnerability caused by the failure of the pid parameter in the /cgi-bin/cstecgi.cgi file to properly sanitize special characters and commands when constructing commands. Detailed vulnerability details are not available at this time

Tenda AC8 v16.03.34.06 is vulnerable to Buffer Overflow in the formWifiBasicSet function via the parameter security or security_5g. Shenzhen Tenda Technology Co.,Ltd. of AC8 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state

Improper Access Control vulnerability in Galaxy Store prior to version 4.5.53.6 allows local attacker to access protected data using exported service. Samsung's Galaxy Store Exists in unspecified vulnerabilities.Information may be obtained

Error in 3GPP specification implementation in Exynos baseband prior to SMR Apr-2023 Release 1 allows incorrect handling of unencrypted message. Samsung's Exynos There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A vulnerability was determined in Tenda CP6 11.10.00.243. The affected element is the function sub_2B7D04 of the component uhttp. Executing manipulation can lead to risky cryptographic algorithm. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is described as difficult. The exploit has been publicly disclosed and may be utilized. The Tenda CP6 is a smart camera from the Chinese company Tenda. This vulnerability stems from the use of a compromised encryption algorithm in the function sub_2B7D04 in the uhttp component. An attacker could exploit this vulnerability to compromise the device's integrity

A vulnerability was identified in Tenda CH22 1.0.0.1. This issue affects the function formSetSambaConf of the file /goform/SetSambaConf. The manipulation of the argument samba_userNameSda leads to buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. Shenzhen Tenda Technology Co.,Ltd. of ch22 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A vulnerability was determined in Tenda CH22 1.0.0.1. This vulnerability affects the function formexeCommand of the file /goform/exeCommand. Executing manipulation of the argument cmdinput can lead to buffer overflow. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.

A weakness has been identified in Tenda AC20 16.03.08.05. This vulnerability affects unknown code of the file /goform/fromAdvSetMacMtuWan. This manipulation of the argument wanMTU causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. Shenzhen Tenda Technology Co.,Ltd. of AC20 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability stems from the failure of the wanMTU parameter in the file /goform/fromAdvSetMacMtuWan to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability was determined in TOTOLINK A702R 4.0.0-B20211108.1423. This issue affects the function sub_418030 of the file /boafrm/formParentControl. Executing manipulation of the argument submit-url can lead to buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The TOTOLINK A702R is a wireless router manufactured by China's TOTOLINK Electronics, primarily used for home network connectivity and signal coverage. The TOTOLINK A702R suffers from a buffer overflow vulnerability caused by a failure to properly validate the length of input data in the submit-url parameter in the /boafrm/formParentControl file. This vulnerability could allow an attacker to execute arbitrary code on the system or cause a denial of service

A vulnerability was found in TOTOLINK A702R 4.0.0-B20211108.1423. This vulnerability affects the function sub_4466F8 of the file /boafrm/formOneKeyAccessButton. Performing manipulation of the argument submit-url results in buffer overflow. The attack may be initiated remotely. The exploit has been made public and could be used. The TOTOLINK A702R is a wireless router manufactured by China's TOTOLINK Electronics, primarily used for home network connectivity and signal coverage. The TOTOLINK A702R suffers from a buffer overflow vulnerability caused by a failure to properly validate the length of input data in the submit-url parameter in the file /boafrm/formOneKeyAccessButton. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service