VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202411-1660 CVE-2024-11803 Fuji Electric's  Tellus Lite V-Simulator  Out-of-bounds write vulnerability in CVSS V2: -
CVSS V3: 7.8
Severity: HIGH
Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24771. (DoS) It may be in a state
VAR-202411-1752 CVE-2024-53334 TOTOLINK A810R infostat.cgi buffer overflow vulnerability CVSS V2: 9.0
CVSS V3: -
Severity: HIGH
TOTOLINK A810R is a wireless dual-band router produced by China's TOTOLINK Electronics. There is a buffer overflow vulnerability in TOTOLINK A810R infostat.cgi. A remote attacker can use this vulnerability to submit special requests, which can cause the service program to crash or execute arbitrary code in the application context.
VAR-202411-1649 CVE-2024-11799 Fuji Electric's  Tellus Lite V-Simulator  Out-of-bounds write vulnerability in CVSS V2: -
CVSS V3: 7.8
Severity: HIGH
Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24664. Fuji Electric's Tellus Lite V-Simulator Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202411-1725 CVE-2024-11801 Fuji Electric's  Tellus Lite V-Simulator  Out-of-bounds write vulnerability in CVSS V2: -
CVSS V3: 7.8
Severity: HIGH
Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24769. (DoS) It may be in a state
VAR-202411-1620 CVE-2024-11802 Fuji Electric's  Tellus Lite V-Simulator  Out-of-bounds write vulnerability in CVSS V2: -
CVSS V3: 7.8
Severity: HIGH
Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24770. Fuji Electric's Tellus Lite V-Simulator Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202411-1638 CVE-2024-11800 Fuji Electric's  Tellus Lite V-Simulator  Out-of-bounds write vulnerability in CVSS V2: -
CVSS V3: 7.8
Severity: HIGH
Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24768. Fuji Electric's Tellus Lite V-Simulator Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202411-1640 CVE-2024-48286 Linksys E3000 diag_ping_start Command Injection Vulnerability CVSS V2: 9.0
CVSS V3: -
Severity: HIGH
Linksys E3000 is a powerful dual-band Wireless-N router from Linksys, an American company. There is a security vulnerability in diag_ping_start of Linksys E3000. A remote attacker can use this vulnerability to submit special requests and execute arbitrary commands in the context of the application.
VAR-202411-1370 CVE-2024-52034 mySCADA myPRO Manager Operating System Command Injection Vulnerability (CNVD-2024-46408) CVSS V2: 10.0
CVSS V3: 10.0
Severity: Critical
An OS Command Injection vulnerability exists within myPRO Manager. A parameter within a command can be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands. mySCADA myPRO is a professional HMI/SCADA system designed primarily for visualization and control of industrial processes
VAR-202411-1373 CVE-2024-50054 mySCADA myPRO Manager Directory Traversal Vulnerability CVSS V2: 7.8
CVSS V3: 7.5
Severity: High
The back-end does not sufficiently verify the user-controlled filename parameter which makes it possible for an attacker to perform a path traversal attack and retrieve arbitrary files from the file system. mySCADA myPRO is a professional HMI/SCADA system designed primarily for visualization and control of industrial processes. mySCADA myPRO Manager has a directory traversal vulnerability that an attacker can exploit to submit special requests to view system file contents in the context of the application and obtain sensitive information
VAR-202411-1369 CVE-2024-47407 mySCADA myPRO Manager OS Command Injection Vulnerability CVSS V2: 10.0
CVSS V3: 10.0
Severity: Critical
A parameter within a command does not properly validate input within myPRO Manager which could be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands. mySCADA myPRO is a professional HMI/SCADA system designed primarily for visualization and control of industrial processes
VAR-202411-1371 CVE-2024-47138 mySCADA myPRO Manager Access Control Error Vulnerability CVSS V2: 10.0
CVSS V3: 9.8
Severity: Critical
The administrative interface listens by default on all interfaces on a TCP port and does not require authentication when being accessed. mySCADA myPRO is a professional HMI/SCADA system designed primarily for visualization and control of industrial processes. mySCADA myPRO Manager has an access control error vulnerability that allows attackers to submit special requests and gain unauthorized access to resources
VAR-202411-1372 CVE-2024-45369 mySCADA myPRO Manager Authorization Issue Vulnerability CVSS V2: 7.6
CVSS V3: 8.1
Severity: Critical
The web application uses a weak authentication mechanism to verify that a request is coming from an authenticated and authorized resource. mySCADA myPRO is a professional HMI/SCADA system designed for visualization and control of industrial processes. mySCADA myPRO Manager has an authorization vulnerability that allows attackers to submit special requests and access resources without authorization
VAR-202411-1591 CVE-2024-53333 TOTOLINK EX200 SSD parameter command injection vulnerability CVSS V2: 7.5
CVSS V3: 6.3
Severity: MEDIUM
TOTOLINK EX200 v4.0.3c.7646_B20201211 was found to contain a command insertion vulnerability in the setUssd function. This vulnerability allows an attacker to execute arbitrary commands via the "ussd" parameter. TOTOLINK EX200 is a 2.4G wireless N range extender from China's Jiweng Electronics (TOTOLINK) company
VAR-202411-1539 CVE-2024-52755 D-Link Systems, Inc.  of  di-8003  Out-of-bounds write vulnerability in firmware CVSS V2: 6.1
CVSS V3: 4.9
Severity: MEDIUM
D-LINK DI-8003 v16.07.26A1 was discovered to contain a buffer overflow via the host_ip parameter in the ipsec_road_asp function. D-Link Systems, Inc. of di-8003 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. D-LINK DI-8003 is a router product produced by D-LINK. No detailed vulnerability details are currently provided
VAR-202411-1422 CVE-2024-51151 D-Link Systems, Inc.  of  di-8200  Command injection vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
D-Link DI-8200 16.07.26A1 is vulnerable to remote command execution in the msp_info_htm function via the flag parameter and cmd parameter. D-Link Systems, Inc. of di-8200 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DI-8200 is an enterprise-class router from D-Link, a Chinese company. No detailed vulnerability details are currently available
VAR-202411-1514 CVE-2024-52765 H3C  of  gr-1800ax  Firmware vulnerabilities CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
H3C GR-1800AX MiniGRW1B0V100R007 is vulnerable to remote code execution (RCE) via the aspForm parameter. H3C of gr-1800ax There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. H3C GR-1800AX is an enterprise-class wireless router from H3C, a Chinese company. No detailed vulnerability details are currently available
VAR-202411-1476 CVE-2024-48986 ARM Ltd.  of  Mbed OS  Classic buffer overflow vulnerability in CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
An issue was discovered in MBed OS 6.16.0. Its hci parsing software dynamically determines the length of certain hci packets by reading a byte from its header. Certain events cause a callback, the logic for which allocates a buffer (the length of which is determined by looking up the event type in a table). The subsequent write operation, however, copies the amount of data specified in the packet header, which may lead to a buffer overflow. This bug is trivial to exploit for a denial of service but is not certain to suffice to bring the system down and can generally not be exploited further because the exploitable buffer is dynamically allocated. ARM Ltd. of Mbed OS Exists in a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state
VAR-202411-1444 CVE-2024-48982 ARM Ltd.  of  Mbed OS  Classic buffer overflow vulnerability in CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
An issue was discovered in MBed OS 6.16.0. Its hci parsing software dynamically determines the length of certain hci packets by reading a byte from its header. This value is assumed to be greater than or equal to 3, but the software doesn't ensure that this is the case. Supplying a length less than 3 leads to a buffer overflow in a buffer that is allocated later. It is simultaneously possible to cause another integer overflow by supplying large length values because the provided length value is increased by a few bytes to account for additional information that is supposed to be stored there. This bug is trivial to exploit for a denial of service but is not certain to suffice to bring the system down and can generally not be exploited further because the exploitable buffer is dynamically allocated. ARM Ltd. of Mbed OS Exists in a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state
VAR-202411-1441 CVE-2024-52757 D-Link Systems, Inc.  of  di-8003  Out-of-bounds write vulnerability in firmware CVSS V2: 6.1
CVSS V3: 4.9
Severity: MEDIUM
D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the notify parameter in the arp_sys_asp function. D-Link Systems, Inc. of di-8003 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. D-Link DI-8400 is a wireless router from D-Link, a Chinese company. D-Link DI-8400 arp_sys_asp has a buffer overflow vulnerability, which can be exploited by remote attackers to submit special requests, causing the service program to crash or execute arbitrary code in the context of the application
VAR-202411-1532 CVE-2024-48985 ARM Ltd.  of  Mbed OS  Classic buffer overflow vulnerability in CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
An issue was discovered in MBed OS 6.16.0. During processing of HCI packets, the software dynamically determines the length of the packet data by reading 2 bytes from the packet data. A buffer is then allocated to contain the entire packet, the size of which is calculated as the length of the packet body determined earlier and the header length. If the allocate fails because the specified packet is too large, no exception handling occurs and hciTrSerialRxIncoming continues to write bytes into the 4-byte large temporary header buffer, leading to a buffer overflow. This can be leveraged into an arbitrary write by an attacker. It is possible to overwrite the pointer to the buffer that is supposed to receive the contents of the packet body but which couldn't be allocated. One can then overwrite the state variable used by the function to determine which step of the parsing process is currently being executed. This advances the function to the next state, where it proceeds to copy data to that arbitrary location. The packet body is then written wherever the corrupted data pointer is pointing. ARM Ltd. of Mbed OS Exists in a classic buffer overflow vulnerability.Information may be tampered with