VARIoT IoT vulnerabilities database

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for firewall dmz enable. TP-Link TL-WR886N The device contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. TP-LinkTL-WR886N is a wireless router product of China TP-LINK. There are security vulnerabilities in TP-LinkTL-WR886N6.02.3.4 and 7.01.1.0. A security vulnerability exists in TP-Link TL-WR886N 6.0 2.3.4 version and 7.0 1.1.0 version

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_host_2g power. TP-Link TL-WR886N The device contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. TP-LinkTL-WR886N is a wireless router product of China TP-LINK. There are security vulnerabilities in TP-LinkTL-WR886N6.02.3.4 and 7.01.1.0. A security vulnerability exists in TP-Link TL-WR886N 6.0 2.3.4 version and 7.0 1.1.0 version

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for hosts_info para sun. TP-Link TL-WR886N The device contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. TP-LinkTL-WR886N is a wireless router product of China TP-LINK. There are security vulnerabilities in TP-LinkTL-WR886N6.02.3.4 and 7.01.1.0. A security vulnerability exists in TP-Link TL-WR886N 6.0 2.3.4 version and 7.0 1.1.0 version

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wlan_access name. TP-Link TL-WR886N The device contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. TP-LinkTL-WR886N is a wireless router product of China TP-LINK. There are security vulnerabilities in TP-LinkTL-WR886N6.02.3.4 and 7.01.1.0. A security vulnerability exists in TP-Link TL-WR886N 6.0 2.3.4 version and 7.0 1.1.0 version

ASUS GT-AC5300 devices with firmware through 3.0.0.4.384_32738 allow remote attackers to cause a denial of service via a single "GET / HTTP/1.1\r\n" line. ASUS GT-AC5300 The device contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The ASUSGT-AC5300 is a wireless router from ASUS. A security vulnerability exists in ASUSGT-AC5300 using 3.0.0.4.384_32738 and previous firmware. An attacker could exploit the vulnerability by sending \342\200\230GET/HTTP/1.1\\r\\n\342\200\231 to cause a denial of service

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for ddns phddns username. TP-Link TL-WR886N The device contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. TP-LinkTL-WR886N is a wireless router product of China TP-LINK. There are security vulnerabilities in TP-LinkTL-WR886N6.02.3.4 and 7.01.1.0. A security vulnerability exists in TP-Link TL-WR886N 6.0 2.3.4 version and 7.0 1.1.0 version

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for dhcpd udhcpd enable. TP-Link TL-WR886N The device contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. TP-LinkTL-WR886N is a wireless router product of China TP-LINK. There are security vulnerabilities in TP-LinkTL-WR886N6.02.3.4 and 7.01.1.0. A security vulnerability exists in TP-Link TL-WR886N 6.0 2.3.4 version and 7.0 1.1.0 version

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for time_switch name. TP-Link TL-WR886N The device contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. TP-LinkTL-WR886N is a wireless router product of China TP-LINK. There are security vulnerabilities in TP-LinkTL-WR886N6.02.3.4 and 7.01.1.0. A security vulnerability exists in TP-Link TL-WR886N 6.0 2.3.4 version and 7.0 1.1.0 version

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for ip_mac_bind name. TP-Link TL-WR886N The device contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. TP-LinkTL-WR886N is a wireless router product of China TP-LINK. There are security vulnerabilities in TP-LinkTL-WR886N6.02.3.4 and 7.01.1.0. A security vulnerability exists in TP-Link TL-WR886N 6.0 2.3.4 version and 7.0 1.1.0 version

The NSG ™ 9000-6G high-density universal edgeQAM system is a highly integrated digital video solution for multiplexing on-demand video content over IP networks. NSG 9000-6G has an arbitrary file reading vulnerability, which can be used by an attacker to read sensitive files.

The NSG ™ 9000-6G high-density universal edgeQAM system is a highly integrated digital video solution for multiplexing on-demand video content over IP networks. There is an information disclosure vulnerability in NSG 9000-6G, which can be used by attackers to obtain system sensitive information.

Lenovo M7650DNF is a black and white laser all-in-one machine that is targeted at individual users, SOHO offices and small and medium-sized enterprises with copy / scan / fax requirements. The Lenovo M7650DNF printer has a command execution vulnerability that could allow an attacker to execute commands remotely.

Huawei smartphones Mate10 with versions earlier before ALP-AL00B 8.0.0.110(C00) have a Factory Reset Protection (FRP) bypass vulnerability. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to the computer and then perform some specific operations. Successful exploit could allow the attacker bypass the FRP protection to access the system setting page. Huawei smartphone Mate10 Contains vulnerabilities related to security features.Information may be tampered with. HuaweiMate10 is a smartphone product. HuaweiMate10 has an FRP bypass vulnerability

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for protocol wan wan_rate. TP-Link TL-WR886N The device contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. TP-LinkTL-WR886N is a wireless router product of China TP-LINK. There are security vulnerabilities in TP-LinkTL-WR886N6.02.3.4 and 7.01.1.0. A security vulnerability exists in TP-Link TL-WR886N 6.0 2.3.4 version and 7.0 1.1.0 version

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for reboot_timer name. TP-Link TL-WR886N The device contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. TP-LinkTL-WR886N is a wireless router product of China TP-LINK. There are security vulnerabilities in TP-LinkTL-WR886N6.02.3.4 and 7.01.1.0. A security vulnerability exists in TP-Link TL-WR886N 6.0 2.3.4 version and 7.0 1.1.0 version

On BIG-IP APM 11.6.0-11.6.3.1, 12.1.0-12.1.3.3, 13.0.0, and 13.1.0-13.1.0.3, APMD may core when processing SAML Assertion or response containing certain elements. BIG-IP APM Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5 BIG-IP APM is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. BIG-IP APM 14.0.0, 13.1.0, 13.0.0, 12.1.0 through 12.1.3, and 11.6.1 through 11.6.3 are vulnerable. F5 BIG-IP Access Policy Manager (APM) is a set of access and security solutions from F5 Corporation of the United States. The solution provides unified access to business-critical applications and networks. The following versions are affected: F5 BIG-IP APM version 11.6.0 to 11.6.3.1, 12.1.0 to 12.1.3.3, 13.0.0, 13.1.0 to 13.1.0.3

On F5 WebSafe Alert Server 1.0.0-4.2.6, a malicious, authenticated user can execute code on the alert server by using a maliciously crafted payload. F5 WebSafe Alert Server Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts may cause a denial-of-service condition. F5 WebSafe is a set of network fraud protection solutions from F5 Corporation of the United States. The solution provides malware and fraud detection, client mobile threat protection, and more

A vulnerability in BIG-IP APM portal access 11.5.1-11.5.7, 11.6.0-11.6.3, and 12.1.0-12.1.3 discloses the BIG-IP software version in rewritten pages. F5 BIG-IP Access Policy Manager (APM) is a set of access and security solutions from F5 Corporation of the United States. The solution provides unified access to business-critical applications and networks. portal access is one of the portal access components

LINK-NET LW-N605R devices with firmware 12.20.2.1486 allow Remote Code Execution via shell metacharacters in the HOST field of the ping feature at adm/systools.asp. Authentication is needed but the default password of admin for the admin account may be used in some cases. LINK-NET LW-N605R There is an input validation vulnerability in the device firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The LW-N605R is a network product launched by LINK-NET. A security vulnerability exists in LINK-NET LW-N605R using firmware version 12.20.2.1486

A vulnerability in Power Management Controller firmware in systems using specific Intel(R) Converged Security and Management Engine (CSME) before version 11.8.55, 11.11.55, 11.21.55, 12.0.6 or Intel(R) Server Platform Services firmware before version 4.x.04 may allow an attacker with administrative privileges to uncover certain platform secrets via local access or to potentially execute arbitrary code. Intel Atom Processor C3000 Series Platform and other products are processor products of Intel Corporation of the United States. The Intel Power Management Controller is one of the power management controllers. A security vulnerability exists in the Intel Power Management Controller. A local attacker could exploit this vulnerability to escalate permissions or reveal information