VARIoT IoT vulnerabilities database

Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. An attacker can send a specially crafted HTTP POST request to the setQuickCfgWifiAndLogin function, which allows unauthorized changes to WiFi configuration settings and administrative credentials. Shenzhen Tenda Technology Co.,Ltd. of w18e Firmware contains an access control vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Tenda W18E V16.01.0.8(1625) is vulnerable to Buffer Overflow. An attacker with access to the web management portal can exploit this vulnerability by sending specially crafted data to the delWewifiPic function. Shenzhen Tenda Technology Co.,Ltd. of w18e Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda W18E has a buffer overflow vulnerability, which is caused by the delWewifiPic function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. Unauthorized password change via the web management portal allows an unauthenticated remote attacker to change the administrator password by sending a specially crafted HTTP POST request to the setLoginPassword function, bypassing the authentication mechanism. Shenzhen Tenda Technology Co.,Ltd

A hardcoded credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using a default guest account with administrative privileges. Shenzhen Tenda Technology Co.,Ltd. of w18e A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Shenzhen Jixiang Tenda Technology Co., Ltd. (Tenda) is a high-tech enterprise specializing in the research and development, production, sales and service of network communication equipment. Shenzhen Jixiang Tenda Technology Co., Ltd. Tenda router AC8v4 has a binary vulnerability that can be exploited by attackers to cause denial of service.

HP China Ltd. is an enterprise mainly engaged in scientific research and technical services. HP China Ltd. HP officeJet Pro 9010 has an information leakage vulnerability, which can be exploited by attackers to obtain sensitive information.

Netis Technology Co., Ltd. is a high-tech enterprise focusing on the research, development, production and sales of data communication network equipment. Netis Technology Co., Ltd.'s Netis WF2411 router has a binary vulnerability that can be exploited by attackers to cause a denial of service.

TEW-639GR is a wireless router. Beijing Trendwell Network Technology Co., Ltd. TEW-639GR has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.

Mitsubishi Electric Automation (China) Co., Ltd. is a company mainly engaged in loading, unloading, handling and warehousing. Mitsubishi Electric Automation (China) Co., Ltd. PLC FX5U-64MR/ES has a denial of service vulnerability, which can be exploited by attackers to cause denial of service.

Hangzhou Hikvision Digital Technology Co., Ltd. (Hikvision) is a technology company focusing on technological innovation and intelligent IoT. Hangzhou Hikvision Digital Technology Co., Ltd. HIK-WiFi has an information leakage vulnerability, which can be exploited by attackers to obtain sensitive information.

Netis Technology Co., Ltd. is a high-tech enterprise focusing on the research, development, production and sales of data communication network equipment. Netis Technology Co., Ltd.'s Netis WF2210 router has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.

Shenzhen Jixiang Tengda Technology Co., Ltd. is a high-tech enterprise specializing in the research and development, production, sales and service of network communication equipment. Shenzhen Jixiang Tengda Technology Co., Ltd. Tenda AC10 router has a binary vulnerability that can be exploited by attackers to cause denial of service.

Netis Technology Co., Ltd. is a high-tech enterprise focusing on the research, development, production and sales of data communication network equipment. Netis Technology Co., Ltd.'s Netis WF2411 router has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

A vulnerability has been found in D-Link DHP-W310AV 1.04 and classified as critical. This vulnerability affects unknown code. The manipulation leads to authentication bypass by spoofing. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of dhp-w310av The firmware contains vulnerabilities related to authentication and vulnerabilities related to authentication evasion through spoofing.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DHP-W310AV is a popular router device

A vulnerability, which was classified as problematic, was found in D-Link DIR-823X 240126/240802. This affects the function set_wifi_blacklists of the file /goform/set_wifi_blacklists of the component HTTP POST Request Handler. The manipulation of the argument macList leads to null pointer dereference. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of DIR-823X The firmware has NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. D-Link DIR-823X is a wireless router of D-Link, a Chinese company. No detailed vulnerability details are currently provided

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics, INC. of cncsoft-g2 Exists in a heap-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2

Wuxi Xinjie Electric Co., Ltd. is a listed company that focuses on the research and development and application of industrial automation products. Wuxi Xinjie Electric Co., Ltd.'s Xinjie XSF5-A32 PLC has an industrial control equipment vulnerability that attackers can exploit to cause a denial of service.

Aficio SP 3500SF is a multi-function commercial all-in-one printer with printing, copying, scanning and faxing functions. Ricoh (China) Investment Co., Ltd. Aficio SP 3500SF has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

BL-X-PRO is a six-line six-signal high-power Gigabit wireless router. BL-X-PRO of Shenzhen Bilian Electronics Co., Ltd. has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.

Jiong Electronics (Shenzhen) Co., Ltd. is a high-tech foreign-invested enterprise specializing in the research and development, design, manufacturing and sales of various network products. Jiong Electronics (Shenzhen) Co., Ltd.'s TOTOLINK N200RE router has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.