VARIoT IoT vulnerabilities database

A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-7 LTE (All versions < V3.5.20), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.5.20), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC WinCC Runtime Advanced (All versions), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.4.8). The web server of the affected devices do not properly handle certain requests, causing a timeout in the watchdog, which could lead to the clean up of pointers. This could allow a remote attacker to cause a denial of service condition in the system. SIMATIC CP 1242 and CP 1243 related processors connect SIMATIC S7-1200 controllers to wide area networks (WANs). They offer integrated security features such as firewalls, virtual private networks (VPNs) and support for other data encryption protocols. SIMATIC HMI Panels are used for operator control and monitoring of machines and plants. SIMATIC IPC DiagBase diagnostics software allows early identification of any potential faults on SIMATIC industrial computers and helps to avoid or reduce system downtime. SIMATIC IPC DiagMonitor monitors, reports, visualizes and logs the system status of SIMATIC IPCs. It communicates with other systems and reacts when events occur. Communication processor (CP) modules SIMATIC TIM 3V-IE and TIM 4R-IE are designed to enable Ethernet or telecontrol communication for SIMATIC S7-300/S7-400 CPUs. SIMATIC WinCC Runtime Advanced is a visualization runtime platform for operator control and monitoring of machines and plants. SIPLUS extreme products are designed for reliable operation under extreme conditions and are based on SIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE or other devices. SIPLUS devices use the same firmware as the products they are based on

D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the msp_info_htm function. D-Link Systems, Inc. of di-8300 A code injection vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DI-8300 is a wireless broadband router designed for small and medium-sized network environments by D-Link, a Chinese company. Attackers can exploit this vulnerability to cause arbitrary command execution

D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the upgrade_filter_asp function. D-Link Systems, Inc. of di-8300 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DI-8300 is a wireless broadband router designed for small and medium-sized network environments by D-Link, a Chinese company. Attackers can exploit this vulnerability to cause arbitrary command execution

A vulnerability classified as critical was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. This vulnerability affects unknown code of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of T8 A vulnerability exists in the firmware related to the use of hardcoded passwords.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK AC1200 is a dual-band Wi-Fi router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to bypass authentication

A vulnerability classified as critical has been found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. This affects the function setWiFiRepeaterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of T8 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK AC1200 is a dual-band Wi-Fi router from China's TOTOLINK Electronics. The vulnerability is caused by the password parameter in the setWiFiRepeaterCfg method of the /cgi-bin/cstecgi.cgi page failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. It has been rated as critical. Affected by this issue is the function setWiFiMeshName of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument device_name leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of T8 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK AC1200 T8 is a dual-band full Gigabit router. No detailed vulnerability details are currently provided

A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. It has been declared as critical. Affected by this vulnerability is the function setStaticDhcpRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of T8 firmware and t10 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK AC1200 is a dual-band Wi-Fi router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to corrupt memory and cause the browser to crash

A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. It has been classified as critical. Affected is the function setIpPortFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of T8 firmware and t10 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK AC1200 is a dual-band Wi-Fi router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to corrupt memory and cause the browser to crash

A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 and classified as critical. This issue affects the function setWiFiScheduleCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of T8 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK AC1200 is a dual-band Wi-Fi router from China's TOTOLINK Electronics. Attackers can use this vulnerability to execute code, control the target computer or crack its data

A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 and classified as critical. This vulnerability affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument slaveIpList leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of T8 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK AC1200 T8 is a wireless router that supports dual-band Wi-Fi at 1200Mbps and is suitable for home or small office scenarios. The slaveIpList parameter is not properly input validated. An attacker can exploit this vulnerability to completely control the router device

A vulnerability, which was classified as critical, was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. This affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc/week/sTime/eTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of T8 firmware and t10 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the desc parameter not being properly length-validated. An attacker can exploit this vulnerability to execute arbitrary code or cause the device to crash

DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the value parameter in the filter_string function. DrayTek Corporation of Vigor3900 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the name parameter in the run_command function. DrayTek Corporation of Vigor3900 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

D-Link DIR-823G v1.0.2B05_20181207 is vulnerable to Information Disclosure. The device allows unauthorized configuration file downloads, and the downloaded configuration files contain plaintext user passwords. D-Link Systems, Inc. of DIR-823G A lack of authentication vulnerability exists in the firmware.Information may be obtained

D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via msp_info.htm. D-Link Systems, Inc. of di-8100g Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DI-8100G is a broadband router designed for small and medium-sized network environments. It supports multi-line bandwidth aggregation, PPPoE/WEB authentication and billing, intelligent traffic control, and Internet behavior management. The D-Link DI-8100G suffers from a command injection vulnerability in the msp_info.htm file, allowing an attacker to submit specially crafted requests and execute arbitrary commands

D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via sub47A60C function in the upgrade_filter.asp file. D-Link Systems, Inc. of di-8100g Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DI-8100G is a broadband router designed for small and medium-sized network environments. It supports multi-line bandwidth stacking, PPPoE/WEB authentication and billing, intelligent traffic control, and Internet behavior management. An attacker could exploit this vulnerability to submit a specially crafted request and execute arbitrary commands

Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.24.3, 20.9.3, and 21.4.3 of Asterisk and versions 18.9-cert12 and 20.7-cert2 of certified-asterisk, if Asterisk attempts to send a SIP request to a URI whose host portion starts with `.1` or `[.1]`, and res_resolver_unbound is loaded, Asterisk will crash with a SEGV. To receive a patch, users should upgrade to one of the following versions: 18.24.3, 20.9.3, 21.4.3, certified-18.9-cert12, certified-20.7-cert2. Two workarounds are available. Disable res_resolver_unbound by setting `noload = res_resolver_unbound.so` in modules.conf, or set `rewrite_contact = yes` on all PJSIP endpoints. NOTE: This may not be appropriate for all Asterisk configurations. Sangoma of Asterisk and certified asterisk vulnerabilities related to unchecked return values, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state

A vulnerability, which was classified as problematic, was found in D-Link DNS-320 2.02b01. This affects an unknown part of the file /cgi-bin/discovery.cgi of the component Web Management Interface. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced. D-Link Systems, Inc. of D-Link DNS-320 There are unspecified vulnerabilities in the firmware.Information may be obtained. The D-Link DNS-320 is a dual-bay network-attached storage device (NAS) from D-Link, designed for home and small offices, supporting up to 4TB of storage. An attacker could exploit this vulnerability to obtain sensitive information

A vulnerability, which was classified as problematic, has been found in D-Link DNS-320 2.02b01. Affected by this issue is some unknown functionality of the file /cgi-bin/widget_api.cgi of the component Web Management Interface. The manipulation of the argument getHD/getSer/getSys leads to information disclosure. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced. D-Link Systems, Inc. of D-Link DNS-320 There are unspecified vulnerabilities in the firmware.Information may be obtained. The D-Link DNS-320 is a dual-bay network-attached storage device (NAS) from D-Link, designed for home and small offices, supporting up to 4TB of storage. Detailed vulnerability details are not available at this time

Beijing StarNet Ruijie Network Technology Co., Ltd. is an enterprise mainly engaged in software and information technology services. Beijing StarNet Ruijie Network Technology Co., Ltd. RG-UAC 6000-E50 has a command execution vulnerability, which can be exploited by attackers to gain control of the server.