VARIoT IoT vulnerabilities database
| VAR-202411-2043 | CVE-2024-50997 | Classic buffer overflow vulnerability in multiple Netgear products |
CVSS V2: - CVSS V3: 5.7 Severity: MEDIUM |
Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. R8500 firmware, XR300 firmware, R7000P A classic buffer overflow vulnerability exists in multiple Netgear products, including firmware.Service operation interruption (DoS) It may be in a state
| VAR-202411-2594 | CVE-2024-50996 | Classic buffer overflow vulnerability in multiple Netgear products |
CVSS V2: - CVSS V3: 5.7 Severity: MEDIUM |
Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the bpa_server parameter at genie_bpa.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. R8500 firmware, XR300 firmware, R7000P A classic buffer overflow vulnerability exists in multiple Netgear products, including firmware.Service operation interruption (DoS) It may be in a state
| VAR-202411-0987 | CVE-2024-50995 | of netgear R8500 Classic buffer overflow vulnerability in firmware |
CVSS V2: 5.5 CVSS V3: 5.7 Severity: MEDIUM |
Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the share_name parameter at usb_remote_smb_conf.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. of netgear R8500 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. NETGEAR R8500 is a wireless router from NETGEAR. The vulnerability is caused by the share_name parameter in the usb_remote_smb_conf.cgi component failing to properly verify the length of the input data
| VAR-202411-0558 | CVE-2024-50994 | of netgear R8500 Classic buffer overflow vulnerability in firmware |
CVSS V2: 5.5 CVSS V3: 5.7 Severity: MEDIUM |
Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component ipv6_fix.cgi via the ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, and ipv6_lan_length parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted POST request. of netgear R8500 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. NETGEAR R8500 is a wireless router from NETGEAR. The vulnerability is caused by the failure of ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length and ipv6_lan_length parameters in the ipv6_fix.cgi component to properly verify the length of the input data
| VAR-202411-0328 | CVE-2024-50993 | of netgear R8500 in the firmware OS Command injection vulnerability |
CVSS V2: 7.7 CVSS V3: 8.0 Severity: HIGH |
Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the sysNewPasswd parameter at admin_account.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. (DoS) It may be in a state. NETGEAR R8500 is a wireless router from NETGEAR. The vulnerability is caused by the sysNewPasswd parameter in the admin_account.cgi component failing to properly filter special characters and commands in the constructed command
| VAR-202411-3462 | CVE-2024-45893 | DrayTek Corporation of Vigor3900 in the firmware OS Command injection vulnerability |
CVSS V2: - CVSS V3: 8.0 Severity: HIGH |
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `setSWMOption.`. DrayTek Corporation of Vigor3900 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202411-2434 | CVE-2024-45891 | DrayTek Corporation of Vigor3900 in the firmware OS Command injection vulnerability |
CVSS V2: - CVSS V3: 8.0 Severity: HIGH |
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `delete_wlan_profile.`. DrayTek Corporation of Vigor3900 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202411-3178 | CVE-2024-45890 | DrayTek Corporation of Vigor3900 in the firmware OS Command injection vulnerability |
CVSS V2: - CVSS V3: 8.0 Severity: HIGH |
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `download_ovpn.`. DrayTek Corporation of Vigor3900 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202411-2995 | CVE-2024-45889 | DrayTek Corporation of Vigor3900 in the firmware OS Command injection vulnerability |
CVSS V2: - CVSS V3: 8.0 Severity: HIGH |
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `commandTable.`. DrayTek Corporation of Vigor3900 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202411-1897 | CVE-2024-45888 | DrayTek Corporation of Vigor3900 in the firmware OS Command injection vulnerability |
CVSS V2: - CVSS V3: 8.0 Severity: HIGH |
DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `set_ap_map_config.'. DrayTek Corporation of Vigor3900 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202411-2625 | CVE-2024-45887 | DrayTek Corporation of Vigor3900 in the firmware OS Command injection vulnerability |
CVSS V2: - CVSS V3: 8.0 Severity: HIGH |
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `doOpenVPN.`. DrayTek Corporation of Vigor3900 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202411-1898 | CVE-2024-45885 | DrayTek Corporation of Vigor3900 in the firmware OS Command injection vulnerability |
CVSS V2: - CVSS V3: 8.0 Severity: HIGH |
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `autodiscovery_clear.`. DrayTek Corporation of Vigor3900 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202411-3527 | CVE-2024-45884 | DrayTek Corporation of Vigor3900 in the firmware OS Command injection vulnerability |
CVSS V2: - CVSS V3: 8.0 Severity: HIGH |
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `setSWMGroup.`. DrayTek Corporation of Vigor3900 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202411-2072 | CVE-2024-45882 | DrayTek Corporation of Vigor3900 in the firmware OS Command injection vulnerability |
CVSS V2: - CVSS V3: 8.0 Severity: HIGH |
DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `delete_map_profile.`. DrayTek Corporation of Vigor3900 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202411-2398 | CVE-2024-51253 | DrayTek Corporation of Vigor3900 in the firmware OS Command injection vulnerability |
CVSS V2: - CVSS V3: 8.0 Severity: HIGH |
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doL2TP function. DrayTek Corporation of Vigor3900 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202411-3380 | CVE-2024-51251 | DrayTek Corporation of Vigor3900 in the firmware OS Command injection vulnerability |
CVSS V2: - CVSS V3: 8.0 Severity: HIGH |
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the backup function. DrayTek Corporation of Vigor3900 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202411-3341 | CVE-2024-51249 | DrayTek Corporation of Vigor3900 in the firmware OS Command injection vulnerability |
CVSS V2: - CVSS V3: 8.0 Severity: HIGH |
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the reboot function. DrayTek Corporation of Vigor3900 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202411-3328 | CVE-2024-51246 | DrayTek Corporation of Vigor3900 in the firmware OS Command injection vulnerability |
CVSS V2: - CVSS V3: 8.0 Severity: HIGH |
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPTP function. DrayTek Corporation of Vigor3900 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202411-0381 | CVE-2024-38423 | Classic buffer overflow vulnerability in multiple Qualcomm products |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
Memory corruption while processing GPU page table switch. WSA8835 firmware, WSA8830 firmware, WSA8815 Multiple Qualcomm products such as firmware have a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202411-0380 | CVE-2024-38422 | Vulnerabilities in multiple Qualcomm products |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
Memory corruption while processing voice packet with arbitrary data received from ADSP. wsa8845h firmware, wsa8845 firmware, wsa8840 Unspecified vulnerabilities exist in multiple Qualcomm products, including firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state