VARIoT IoT vulnerabilities database

DocuCentre-V C2265 is a digital multifunction printer. There is a command execution vulnerability in DocuCentre-V C2265 of Fujifilm (China) Investment Co., Ltd. Attackers can use this vulnerability to execute printer commands, which may cause the printer to lose response, thus affecting the printing service.

Shenzhen Anjia Vision Information Technology Co., Ltd. MC-A37 300 is a 3-megapixel camera. MC-A37P 300 is a 3-megapixel camera. MC-A85 800 is an 8-megapixel camera. MC-A52 500 is a 5-megapixel camera. MC-J30 is a 4-megapixel camera. MC-J40 500 is a 5-megapixel full-color camera. MC-A42P 400 is a 4-megapixel camera. Shenzhen Anjia Vision Information Technology Co., Ltd. MC-A37 300, MC-A37P 300, MC-A85 800, MC-A52 500, MC-J30, MC-J40 500, MC-A42P 400 have unauthorized access vulnerabilities, which can be exploited by attackers to obtain sensitive information.

TP-LINK TL-R473 is an enterprise VPN router. TP-LINK TL-R473 has a weak SSH password vulnerability, which can be exploited by attackers to gain control of the server.

Shanghai Zhengxian Electronic Technology Co., Ltd. is one of the few specialized and innovative enterprises in China that specializes in the research and development, production and sales of smart city furniture. There is an arbitrary file reading vulnerability in the intelligent bus electronic stop sign integrated management service platform of Shanghai Zhengxian Electronic Technology Co., Ltd., which can be exploited by attackers to obtain sensitive information.

Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the apcli_wps_gen_pincode function in mtkwifi.lua. TOTOLINK of X5000R Firmware contains a command injection vulnerability.Information may be obtained and information may be tampered with. TOTOLINK X5000R is a router product of China's TOTOLINK Electronics. No detailed vulnerability details are currently provided

Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the vif_disable function in mtkwifi.lua. TOTOLINK of X5000R Firmware contains a command injection vulnerability.Information may be obtained and information may be tampered with. TOTOLINK X5000R is a router product of China's TOTOLINK Electronics. No detailed vulnerability details are currently provided

Tenda AC8 V16.03.34.06 is vulnerable to Buffer Overflow in the get_parentControl_list_Info function. Shenzhen Tenda Technology Co.,Ltd. of AC8 Firmware has a classic buffer overflow vulnerability.Information may be obtained and information may be tampered with. No detailed vulnerability details are currently provided

There is a RCE vulnerability in Tenda AC6 15.03.05.16_multi. In the formexeCommand function, the parameter cmdinput will cause remote command execution. of AC6 A code injection vulnerability exists in the firmware.Information may be obtained and information may be tampered with. Tenda AC6 has a code execution vulnerability, which is caused by the cmdinput parameter of the formexeCommand function failing to properly filter special elements in the constructed code segment. No detailed vulnerability details are currently available

Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the sub_452A4 function. Shenzhen Tenda Technology Co.,Ltd. of AC6 Firmware has a classic buffer overflow vulnerability.Information may be obtained and information may be tampered with. No detailed vulnerability details are currently provided

A vulnerability, which was classified as critical, has been found in D-Link DAP-1320 1.00. Affected by this issue is the function replace_special_char of the file /storagein.pd-XXXXXX. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DAP-1320 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DAP-1320 is a wireless signal extender from D-Link, a Chinese company. Attackers can exploit this vulnerability to cause the program to crash or even execute arbitrary code

A vulnerability classified as critical was found in D-Link DAP-1320 1.00. Affected by this vulnerability is the function set_ws_action of the file /dws/api/. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DAP-1320 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DAP-1320 is a wireless signal extender from D-Link, a Chinese company. Attackers can exploit this vulnerability to cause the program to crash or even execute arbitrary code

The MX-3070N is a commercial-grade color multifunction printer that is primarily designed to meet the office needs of medium to large companies. The Sharp Corporation MX-3070N has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information.

DS-A80624S is a 24-slot network storage device launched by Hikvision. Hangzhou Hikvision Digital Technology Co., Ltd. DS-A80624S has a logic defect vulnerability, which can be exploited by attackers to obtain sensitive information.

Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the funcpara1 parameter in the formSetCfm function. Shenzhen Tenda Technology Co.,Ltd. of I12 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda i12 is a high-power AP wireless access point for commercial use. Remote attackers can use this vulnerability to submit special requests, which can cause the application to crash and cause a denial of service attack

Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the list parameter in the formwrlSSIDset function. Shenzhen Tenda Technology Co.,Ltd. of I12 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda i12 is a high-power AP wireless access point for commercial use. Remote attackers can use this vulnerability to submit special requests, which can cause the application to crash and cause a denial of service attack

Tenda AC10 V1.0 V15.03.06.23 has a command injection vulnerablility located in the formexeCommand function. The str variable receives the cmdinput parameter from a POST request and is later assigned to the cmd_buf variable, which is directly used in the doSystemCmd function, causing an arbitrary command execution. Shenzhen Tenda Technology Co.,Ltd. of AC10 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. No detailed vulnerability details are currently provided

Tenda AC10 V1.0 V15.03.06.23 is vulnerable to Buffer Overflow in form_fast_setting_wifi_set via the parameter ssid. Shenzhen Tenda Technology Co.,Ltd. of AC10 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the sub_47D878 function. Shenzhen Tenda Technology Co.,Ltd. of AC8 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the urls parameter in the function get_parentControl_list_Info. Shenzhen Tenda Technology Co.,Ltd. of AC8 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Attackers can exploit this vulnerability to cause the program to crash or even execute arbitrary code

Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the sub_49E098 function. Shenzhen Tenda Technology Co.,Ltd. of AC8 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Attackers can exploit this vulnerability to corrupt memory and possibly cause the browser to crash