VARIoT IoT vulnerabilities database

Incorrect access control in Tenda AC1200 Smart Dual-Band WiFi Router Model AC6 v2.0 Firmware v15.03.06.50 allows attackers to bypass authentication via a crafted web request. Shenzhen Tenda Technology Co.,Ltd. of AC6 A lack of authentication vulnerability exists in the firmware.Information may be obtained and information may be tampered with. Tenda AC1200 has an access control error vulnerability, which is caused by incorrect access control. No detailed vulnerability details are currently provided

Tenda AC18 V15.03.05.19 was discovered to contain a command injection vulnerability via the usbName parameter in the formSetSambaConf function. Shenzhen Tenda Technology Co.,Ltd. of AC18 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. An attacker can exploit this vulnerability to cause arbitrary command execution

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the startIP parameter in the formSetPPTPServer function. Shenzhen Tenda Technology Co.,Ltd. of AC18 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC18 has a buffer overflow vulnerability. The vulnerability is caused by the startIP parameter of the formSetPPTPServer function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function. Shenzhen Tenda Technology Co.,Ltd. of AC18 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC18 has a buffer overflow vulnerability. The vulnerability is caused by the firewallEn parameter of the formSetFirewallCfg function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function. Shenzhen Tenda Technology Co.,Ltd. of AC18 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC18 has a buffer overflow vulnerability. The vulnerability is caused by the devName parameter of the formSetDeviceName function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the limitSpeedUp parameter in the formSetClientState function. Shenzhen Tenda Technology Co.,Ltd. of AC18 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC18 has a buffer overflow vulnerability. The vulnerability is caused by the limitSpeedUp parameter of the formSetClientState function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the funcpara1 parameter in the formSetCfm function. Shenzhen Tenda Technology Co.,Ltd. of AC18 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. There is a buffer overflow vulnerability in the Tenda AC18 15.03.05.19 version. The vulnerability is caused by the fact that the funcpara1 parameter of the formSetCfm function fails to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code or cause a denial of service

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function. Shenzhen Tenda Technology Co.,Ltd. of AC18 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda AC18 has a buffer overflow vulnerability. The vulnerability is caused by the speed_dir parameter of the formSetSpeedWan function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function. Shenzhen Tenda Technology Co.,Ltd. of AC18 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC18 has a buffer overflow vulnerability. The vulnerability is caused by the ssid parameter of the form_fast_setting_wifi_set function failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

An access control issue in the component formDMZ.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the DMZ service of the device via a crafted POST request. D-Link Systems, Inc. of DIR-816 A firmware vulnerability related to improper default permissions exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-816A2 is a router from D-Link, a Chinese company. D-Link DIR-816A2 has an access control error vulnerability, which is caused by improper access control of the formDMZ.cgi component

An access control issue in the component websURLFilterAddDel of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the filter settings of the device via a crafted POST request. D-Link Systems, Inc. of DIR-816 An incorrect authentication vulnerability exists in firmware.Information may be obtained. D-Link DIR-816A2 is a router from D-Link, a Chinese company. D-Link DIR-816A2 has an access control error vulnerability, which is caused by improper access control of the websURLFilterAddDel component

An information disclosure vulnerability in the component d_status.asp of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to access sensitive information via a crafted POST request. D-Link Systems, Inc. of DIR-816 A lack of authentication vulnerability exists in the firmware.Information may be obtained. D-Link DIR-816A2 is a router from D-Link, a Chinese company. D-Link DIR-816A2 has an information leakage vulnerability

An access control issue in the component form2alg.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the agl service of the device via a crafted POST request. D-Link Systems, Inc. of DIR-816 An incorrect authentication vulnerability exists in firmware.Information may be obtained. D-Link DIR-816A2 is a router from D-Link, a Chinese company. D-Link DIR-816A2 has an access control error vulnerability, which is caused by improper access control of the form2alg.cgi component

An access control issue in the component form2PortriggerRule.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the port trigger of the device via a crafted POST request. D-Link Systems, Inc. of DIR-816 An incorrect authentication vulnerability exists in firmware.Information may be obtained. D-Link DIR-816A2 is a router from D-Link, a Chinese company. D-Link DIR-816A2 has an access control error vulnerability, which is caused by improper access control of the form2PortriggerRule.cgi component

An access control issue in the component form2RepeaterSetup.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G repeater service of the device via a crafted POST request. D-Link Systems, Inc. of DIR-816 An incorrect authentication vulnerability exists in firmware.Information may be obtained and information may be tampered with. D-Link DIR-816A2 is a router from D-Link, a Chinese company. D-Link DIR-816A2 has an access control error vulnerability, which is caused by improper access control of the form2RepeaterSetup.cgi component

An access control issue in the component form2WlAc.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G mac access control list of the device via a crafted POST request. D-Link Systems, Inc. of DIR-816 An incorrect authentication vulnerability exists in firmware.Information may be obtained and information may be tampered with. D-Link DIR-816A2 is a router from D-Link, a Chinese company. D-Link DIR-816A2 has an access control error vulnerability, which is caused by improper access control of the form2WlAc.cgi component

An access control issue in the component form2Wan.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the wan service of the device via a crafted POST request. D-Link Systems, Inc. of DIR-816 An incorrect authentication vulnerability exists in firmware.Information may be obtained and information may be tampered with. D-Link DIR-816A2 is a router from D-Link, a Chinese company. D-Link DIR-816A2 has an access control error vulnerability, which is caused by improper access control of the form2Wan.cgi component

An access control issue in the component form2WlanBasicSetup.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G wlan service of the device via a crafted POST request. D-Link Systems, Inc. of DIR-816 An incorrect authentication vulnerability exists in firmware.Information may be obtained and information may be tampered with. D-Link DIR-816A2 is a router from D-Link, a Chinese company. D-Link DIR-816A2 has an access control error vulnerability, which is caused by improper access control of the form2WlanBasicSetup.cgi component

A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiVoice 7.0.0 through 7.0.4, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0 all versions, FortiWeb 7.6.0, FortiWeb 7.4.0 through 7.4.4, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions, FortiWeb 6.4 all versions allows attacker to escalate privilege via specially crafted packets. FortiManager , FortiManager Cloud , FortiProxy There is a path traversal vulnerability in several Fortinet products, including:Information is tampered with and service operation is interrupted (DoS) It may be in a state

Netgear EX6120 WiFi Range Extender‌ is a dual-band 1200Mbps WiFi range extender. Netgear EX6120 WiFi Range Extender has a weak password vulnerability that can be exploited by attackers to obtain sensitive information.