VARIoT IoT vulnerabilities database

An access control issue in the component form2Wan.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the wan service of the device via a crafted POST request. D-Link Systems, Inc. of DIR-816 An incorrect authentication vulnerability exists in firmware.Information may be obtained and information may be tampered with. D-Link DIR-816A2 is a router from D-Link, a Chinese company. D-Link DIR-816A2 has an access control error vulnerability, which is caused by improper access control of the form2Wan.cgi component

An access control issue in the component form2WlanBasicSetup.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G wlan service of the device via a crafted POST request. D-Link Systems, Inc. of DIR-816 An incorrect authentication vulnerability exists in firmware.Information may be obtained and information may be tampered with. D-Link DIR-816A2 is a router from D-Link, a Chinese company. D-Link DIR-816A2 has an access control error vulnerability, which is caused by improper access control of the form2WlanBasicSetup.cgi component

A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiVoice 7.0.0 through 7.0.4, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0 all versions, FortiWeb 7.6.0, FortiWeb 7.4.0 through 7.4.4, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions, FortiWeb 6.4 all versions allows attacker to escalate privilege via specially crafted packets. FortiManager , FortiManager Cloud , FortiProxy There is a path traversal vulnerability in several Fortinet products, including:Information is tampered with and service operation is interrupted (DoS) It may be in a state

Netgear EX6120 WiFi Range Extender‌ is a dual-band 1200Mbps WiFi range extender. Netgear EX6120 WiFi Range Extender has a weak password vulnerability that can be exploited by attackers to obtain sensitive information.

A vulnerability has been found in D-Link DIR-823X 240126/240802 and classified as critical. Affected by this vulnerability is the function FUN_00412244. The manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. D-Link Corporation of DIR-823X The firmware contains vulnerabilities related to improper shutdown and release of resources, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. D-Link DIR-823X is a wireless router from D-Link, a Chinese company. No detailed vulnerability details are currently available

A vulnerability classified as problematic has been found in D-Link DIR-878 1.03. Affected is an unknown function of the file /dllog.cgi of the component HTTP POST Request Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of DIR-878 The firmware contains vulnerabilities related to information leakage and access control.Information may be obtained. D-Link DIR-878 is a wireless router from D-Link, a Chinese company. Attackers can exploit this vulnerability to obtain sensitive information

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "desc" parameter in setWiFiScheduleCfg. (DoS) It may be in a state. TOTOLINK X5000R is a router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause arbitrary command execution

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "eMinute" parameter in setWiFiScheduleCfg. (DoS) It may be in a state. TOTOLINK X5000R is a router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause arbitrary command execution

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "week" parameter in setWiFiScheduleCfg. (DoS) It may be in a state. TOTOLINK X5000R is a router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause arbitrary command execution

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "sHour" parameter in setWiFiScheduleCfg. (DoS) It may be in a state. TOTOLINK X5000R is a router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause arbitrary command execution

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "eHour" parameter in setWiFiScheduleCfg. (DoS) It may be in a state. TOTOLINK X5000R is a router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause arbitrary command execution

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "sMinute" parameter in setWiFiScheduleCfg. (DoS) It may be in a state. TOTOLINK X5000R is a router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause arbitrary command execution

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "limit" parameter in setVpnAccountCfg. (DoS) It may be in a state. TOTOLINK X5000R is a router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause arbitrary command execution

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "desc" parameter in setVpnAccountCfg. (DoS) It may be in a state. TOTOLINK X5000R is a router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause arbitrary command execution

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "pass" parameter in setVpnAccountCfg. (DoS) It may be in a state. TOTOLINK X5000R is a router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause arbitrary command execution

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "user" parameter in setVpnAccountCfg. (DoS) It may be in a state. TOTOLINK X5000R is a router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause arbitrary command execution

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "hour" parameter in setScheduleCfg. (DoS) It may be in a state. TOTOLINK X5000R is a router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause arbitrary command execution

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "recHour" parameter in setScheduleCfg. (DoS) It may be in a state. TOTOLINK X5000R is a router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause arbitrary command execution

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "switch" parameter in setScheduleCfg. (DoS) It may be in a state. TOTOLINK X5000R is a router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause arbitrary command execution

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "week" parameter in setScheduleCfg. (DoS) It may be in a state. TOTOLINK X5000R is a router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause arbitrary command execution