VARIoT IoT vulnerabilities database

TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Command Injection in /bin/boa via bandstr. TOTOLINK of A3002R The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3002R is a wireless router from China's TOTOLINK Electronics. TOTOLINK A3002R has a command injection vulnerability, which is caused by the failure of bandstr to properly filter special characters and commands in constructing commands. Attackers can use this vulnerability to execute arbitrary commands

An issue in TOTOLINK A3100R V4.1.2cu.5247_B20211129 allows a remote attacker to execute arbitrary code via the setWebWlanIdx of the file /lib/cste_modules/wireless.so. TOTOLINK of A3100R The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3100R is a series of wireless routers from China's TOTOLINK Electronics. TOTOLINK A3100R has a code execution vulnerability, which is caused by setWebWlanIdx failing to properly filter special characters and commands in constructing commands

Tenda W6_S v1.0.0.4_510 has a Buffer Overflow vulnerability in the set_local_time function, which allows remote attackers to cause web server crash via parameter time passed to the binary through a POST request. Shenzhen Tenda Technology Co.,Ltd. of W6-S Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. Tenda W6_S has a buffer overflow vulnerability

Tenda W6_S v1.0.0.4_510 has a Buffer Overflow vulnerability in the setcfm function, which allows remote attackers to cause web server crash via parameter funcpara1 passed to the binary through a POST request. Shenzhen Tenda Technology Co.,Ltd. of W6-S Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. ‌Tenda W6-S is a 300Mbps wireless panel AP designed for large households such as homes, hotels, and villas. It can provide stable wireless network coverage and low-latency network experience‌‌. Tenda W6-S has a buffer overflow vulnerability. The vulnerability is caused by the setcfm function failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to cause a denial of service

Netgear DC112A V1.0.0.64 has an OS command injection vulnerability in the usb_adv.cgi, which allows remote attackers to execute arbitrary commands via parameter "deviceName" passed to the binary through a POST request. (DoS) It may be in a state. Netgear DC112A is a wireless router

An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiDDoS version 5.4.0, version 5.3.2 and below, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, version 4.6.0, version 4.5.0, version 4.4.2 and below, FortiDDoS-CM version 5.3.0, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, FortiVoice version 6.0.6 and below, FortiRecorder version 6.0.3 and below and FortiMail version 6.4.1 and below, version 6.2.4 and below, version 6.0.9 and below may allow a remote, unauthenticated attacker to obtain potentially sensitive software-version information by reading a JavaScript file. FortiMail , FortiDDoS , FortiVoice Unspecified vulnerabilities exist in multiple Fortinet products.Information may be obtained

The TOTOLINK A800R V4.1.2cu.5137_B20200730 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter. TOTOLINK of a800r The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A800R is a wireless router produced by TOTOLINK. Attackers can exploit this vulnerability to execute arbitrary commands and control the affected device

TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in downloadFile.cgi. TOTOLINK A810R is a wireless dual-band router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause a denial of service

Unauthorized stack overflow vulnerability in Telesquare TLR-2005KSH v.1.1.4 allows a remote attacker to obtain sensitive information via the systemutil.cgi component. Telesquare of TLR-2005KSH Firmware has a classic buffer overflow vulnerability.Information may be obtained

Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setUsernamePassword. Telesquare of TLR-2005KSH Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Telesquare TLR-2005KSH 1.1.4 allows unauthorized password modification when requesting the admin.cgi parameter with setUserNamePassword. Telesquare of TLR-2005KSH Firmware contains an access control vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Telesquare TLR-2005KSH 1.1.4 has an Information Disclosure vulnerability when requesting systemutilit.cgi

In Telesquare TLR-2005KSH 1.1.4, an unauthorized stack overflow vulnerability exists when requesting admin.cgi parameter with setSyncTimeHost. Telesquare of TLR-2005KSH Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability in the login interface when requesting systemtil.cgi. Telesquare of TLR-2005KSH Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setAutorest. Telesquare of TLR-2005KSH Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Telesquare TLR-2005KSH 1.1.4 is vulnerable to unauthorized stack overflow vulnerability when requesting admin.cgi parameter with setNtp. Telesquare of TLR-2005KSH Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Telesquare TLR-2005KSH 1.1.4 is vulnerable to unauthorized stack buffer overflow vulnerability when requesting admin.cgi parameter with setDdns. Telesquare of TLR-2005KSH Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized command execution vulnerability when requesting the admin.cgi parameter with setAutorest. Telesquare of TLR-2005KSH A code injection vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setSyncTimeHost. Telesquare of TLR-2005KSH Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Telesquare TLR-2005KSH 1.1.4 is vulnerable to Information Disclosure via the parameter getUserNamePassword