VARIoT IoT vulnerabilities database

Samsung SmartThings Improper Verification of Cryptographic Signature Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Samsung SmartThings. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Hub Local API service, which listens on TCP port 8766 by default. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-25615. Samsung's SmartThings Exists in a digital signature verification vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

In wl_notify_gscan_event of wl_cfgscan.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Google Pixel Watch is a durable smartwatch from Google. There is a buffer overflow vulnerability in Google Pixel Watch. The vulnerability is caused by the lack of boundary check in wl_notify_gscan_event of wl_cfgscan.c

In dhd_process_full_gscan_result of dhd_pno.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Google of Android contains an improper permissions retention vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Google Pixel Watch is a durable smartwatch from Google

In ppcfw_deny_sec_dram_access of ppcfw.c, there is a possible arbitrary read from TEE memory due to a logic error in the code. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Google Pixel is a smartphone from Google, an American company

In closeChannel of secureelementimpl.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Google of Android Exists in an out-of-bounds read vulnerability.Information may be obtained and information may be tampered with. Google Pixel is a smartphone produced by Google in the United States. Google Pixel has a buffer overflow vulnerability. The vulnerability is caused by incorrect boundary checking in closeChannel of secureelementimpl.cpp

In ProtocolUnsolOnSSAdapter::GetServiceClass() of protocolcalladapter.cpp, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation. Google of Android Exists in an out-of-bounds read vulnerability.Information may be obtained and information may be tampered with. Google Pixel is a smartphone produced by Google in the United States. There is a buffer overflow vulnerability in Google Pixel. The vulnerability is caused by the lack of boundary check in ProtocolUnsolOnSSAdapter::GetServiceClass() in protocolcalladapter.cpp. Attackers can exploit this vulnerability to cause local information leakage

A vulnerability, which was classified as critical, has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This issue affects the function setRptWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument loginpass leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of ex1800t An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1800T is a Wi-Fi range extender from China's TOTOLINK Electronics. TOTOLINK EX1800T has a buffer overflow vulnerability, which is caused by the parameter loginpass failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability classified as critical was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This vulnerability affects the function setRebootScheCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument mode/week/minute/recHour leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of ex1800t The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1800T is a wireless repeater from China's TOTOLINK Electronics. No detailed vulnerability details are provided at present

A vulnerability classified as critical has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This affects the function setDmzCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of ex1800t The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1800T is a wireless repeater from China's TOTOLINK Electronics. No detailed vulnerability details are currently provided

A vulnerability was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. It has been rated as critical. Affected by this issue is the function setWiFiExtenderConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument apcliKey/key leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of ex1800t The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1800T is a wireless repeater from China's TOTOLINK Electronics. No detailed vulnerability details are currently provided

A vulnerability has been found in Tenda AC15 15.03.05.19 in the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument src leads to stack-based buffer overflow. Shenzhen Tenda Technology Co.,Ltd. No detailed vulnerability details are currently provided

Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet. Shenzhen Tenda Technology Co.,Ltd. of AC15 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the application's failure to properly filter special characters and commands in constructing commands. Attackers can exploit this vulnerability to cause arbitrary command execution

A security vulnerability was discovered in the local status page functionality of Cisco Meraki’s MX67 and MX68 security appliance models that may allow unauthenticated individuals to access and download logs containing sensitive, privileged device information. The vulnerability is due to improper access control to the files holding debugging and maintenance information, and is only exploitable when the local status page is enabled on the device. An attacker exploiting this vulnerability may obtain access to wireless pre-shared keys, Site-to-Site VPN key and other sensitive information. Under certain circumstances, this information may allow an attacker to obtain administrative-level access to the device. ‌Cisco Meraki MX67 and Cisco Meraki MX68 are cloud-managed routers in the Cisco Meraki series. Cisco Meraki MX67 and Cisco Meraki MX68 have an access verification error vulnerability. The vulnerability is caused by improper access control. Attackers can exploit this vulnerability to cause information leakage

A vulnerability has been found in Tenda TX3 16.03.13.11_multi and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of tx3 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. The vulnerability is caused by the parameter list of goform/setpptpuserlist failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to cause a denial of service

A vulnerability, which was classified as critical, was found in Tenda TX3 16.03.13.11_multi. Affected is an unknown function of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of tx3 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. The vulnerability is caused by the failure of the parameters schedStartTime/schedEndTime of goform/openschedwifi to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system and cause a denial of service

A vulnerability, which was classified as critical, has been found in Tenda TX3 16.03.13.11_multi. This issue affects some unknown processing of the file /goform/SetNetControlList. The manipulation of the argument list leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of tx3 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. The vulnerability is caused by the parameter list of goform /setNetControllist failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system and cause a denial of service

A vulnerability classified as critical was found in Tenda TX3 16.03.13.11_multi. This vulnerability affects unknown code of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of tx3 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. The vulnerability is caused by the parameter list of goform /setstaticRoutecfg failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code or cause a denial of service

A vulnerability classified as critical has been found in Tenda TX3 16.03.13.11_multi. This affects an unknown part of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of tx3 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. Tenda TX3 is a wireless router produced by Tenda Corporation, providing network connection services. There is a buffer overflow vulnerability in the 16.03.13.11_multi version of Tenda TX3 router, which is caused by improper processing of the deviceList parameter in the /goform/setMacFilterCfg file. No detailed vulnerability details are currently provided

A vulnerability, which was classified as critical, was found in D-Link DAP-1562 1.10. This affects the function pure_auth_check of the component HTTP POST Request Handler. The manipulation of the argument a1 leads to null pointer dereference. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DAP-1562 The firmware contains vulnerabilities related to improper shutdown and release of resources, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. D-Link DAP-1562 is a wireless bridge produced by D-Link of China. No detailed vulnerability details are provided at present

A vulnerability, which was classified as critical, has been found in D-Link DAP-1562 1.10. Affected by this issue is the function http_request_parse of the component HTTP Header Handler. The manipulation of the argument Authorization leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DAP-1562 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DAP-1562 is a wireless bridge produced by D-Link of China. The vulnerability is caused by a stack buffer overflow in the HTTP Header Handler, which may lead to remote attacks. Attackers can use this vulnerability to execute arbitrary code on the device, resulting in damage to the confidentiality, integrity and availability of the device