VARIoT IoT vulnerabilities database
| VAR-202407-2672 | CVE-2024-41468 | Tenda of fh1201 in the firmware OS Command injection vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the cmdinput parameter at /goform/exeCommand. (DoS) It may be in a state. Tenda FH1201 is a wireless router from China's Tenda company. Attackers can exploit this vulnerability to execute arbitrary commands
| VAR-202407-2664 | CVE-2024-41466 | Tenda of fh1201 Out-of-bounds write vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/NatStaticSetting. Tenda of fh1201 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda FH1201 is a wireless router from China's Tenda company. No detailed vulnerability details are currently available
| VAR-202407-2623 | CVE-2024-41465 | Tenda of fh1201 Out-of-bounds write vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter at ip/goform/setcfm. Tenda of fh1201 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda FH1201 is a wireless router from China's Tenda company. No detailed vulnerability details are currently available
| VAR-202407-2676 | CVE-2024-41464 | Tenda of fh1201 Out-of-bounds write vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/RouteStatic. Tenda of fh1201 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda FH1201 is a wireless router from China's Tenda company. No detailed vulnerability details are currently provided
| VAR-202407-2530 | CVE-2024-41463 | Tenda of fh1201 Out-of-bounds write vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the entrys parameter at ip/goform/addressNat. Tenda of fh1201 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda FH1201 is a wireless router from China's Tenda company. No detailed vulnerability details are currently provided
| VAR-202407-2566 | CVE-2024-41462 | Tenda of fh1201 Out-of-bounds write vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/DhcpListClient. Tenda of fh1201 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda FH1201 is a wireless router from China's Tenda company. No detailed vulnerability details are currently provided
| VAR-202407-2595 | CVE-2024-41461 | Tenda of fh1201 Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the list1 parameter at ip/goform/DhcpListClient. Tenda of fh1201 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda FH1201 is a wireless router from China's Tenda company. No detailed vulnerability details are currently available
| VAR-202407-2550 | CVE-2024-41460 | Tenda of fh1201 Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the entrys parameter at ip/goform/RouteStatic. Tenda of fh1201 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda FH1201 is a wireless router from China's Tenda company. No detailed vulnerability details are currently provided
| VAR-202407-2507 | CVE-2024-41459 | Tenda of fh1201 Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the PPPOEPassword parameter at ip/goform/QuickIndex. Tenda of fh1201 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda FH1201 is a wireless router from China's Tenda company. No detailed vulnerability details are currently provided
| VAR-202407-2628 | CVE-2023-32466 | Dell's edge gateway 3200 Out-of-bounds write vulnerability in firmware |
CVSS V2: 4.0 CVSS V3: 5.7 Severity: MEDIUM |
Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some UEFI code, leading to arbitrary code execution or escalation of privilege. (DoS) It may be in a state. Dell Edge Gateway is a series of intelligent gateway devices from Dell in the United States. It is designed to aggregate, protect, analyze and relay data from various sensors and devices at the edge of the network. The vulnerability is caused by an out-of-bounds write vulnerability
| VAR-202407-2610 | CVE-2024-41319 | TOTOLINK of a6000r Command injection vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the cmd parameter in the webcmd function. TOTOLINK of a6000r Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. OTOLINK A6000R is a wireless router from China's TOTOLINK Electronics. No detailed vulnerability details are currently provided
| VAR-202407-1132 | CVE-2024-41320 | TOTOLINK of a6000r Command injection vulnerability in firmware |
CVSS V2: 8.3 CVSS V3: 8.8 Severity: HIGH |
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the get_apcli_conn_info function. TOTOLINK of a6000r Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A6000R is a wireless router from China's TOTOLINK Electronics. No detailed vulnerability details are currently provided
| VAR-202407-2213 | CVE-2024-41318 | TOTOLINK of a6000r Command injection vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function. TOTOLINK of a6000r Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A6000R is a wireless router from China's TOTOLINK Electronics. No detailed vulnerability details are currently provided
| VAR-202407-1769 | CVE-2024-41317 | TOTOLINK of a6000r in the firmware OS Command injection vulnerability |
CVSS V2: 7.7 CVSS V3: 8.0 Severity: HIGH |
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function. TOTOLINK of a6000r The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A6000R is a wireless router produced by China's TOTOLINK Electronics. An attacker can exploit this vulnerability to cause arbitrary command execution
| VAR-202407-0984 | CVE-2024-41316 | TOTOLINK of a6000r Command injection vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function. TOTOLINK of a6000r Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A6000R is a wireless router produced by China's TOTOLINK Electronics. An attacker can exploit this vulnerability to cause arbitrary command execution
| VAR-202407-1770 | CVE-2024-41315 | TOTOLINK of a6000r in the firmware OS Command injection vulnerability |
CVSS V2: 7.2 CVSS V3: 6.8 Severity: MEDIUM |
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function. TOTOLINK of a6000r The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A6000R is a wireless router produced by China's TOTOLINK Electronics. An attacker can exploit this vulnerability to cause arbitrary command execution
| VAR-202407-1133 | CVE-2024-41314 | TOTOLINK of a6000r in the firmware OS Command injection vulnerability |
CVSS V2: 7.2 CVSS V3: 6.8 Severity: MEDIUM |
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function. TOTOLINK of a6000r The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A6000R is a wireless router produced by China's TOTOLINK Electronics. An attacker can exploit this vulnerability to gain administrator privileges on the router and access or modify the router's configuration and data
| VAR-202407-0704 | CVE-2024-39601 | Multiple SICAM products lack authentication vulnerabilities for key functions |
CVSS V2: 6.8 CVSS V3: 6.5 Severity: High |
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base system (All versions < V1.4.0). Affected devices allow a remote authenticated user or an unauthenticated user with physical access to downgrade the firmware of the device. This could allow an attacker to downgrade the device to older versions with known vulnerabilities. SICAM 8 Power automation platform is a universal, all-in-one hardware and software-based solution for all applications in the power supply sector. SICAM A8000 RTUs are modular devices for remote control and automation applications in all energy supply sectors. SICAM EGS is the gateway for local substations in distribution networks
| VAR-202407-0705 | CVE-2024-37998 | Unauthenticated password reset vulnerability in multiple SICAM products |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: Critical |
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base system (All versions < V1.4.0). The password of administrative accounts of the affected applications can be reset without requiring the knowledge of the current password, given the auto login is enabled. This could allow an unauthorized attacker to obtain administrative access of the affected applications. SICAM 8 Power automation platform is a universal, all-in-one hardware and software-based solution for all applications in the power supply sector. SICAM A8000 RTUs are modular devices for remote control and automation applications in all energy supply sectors. SICAM EGS is a gateway for local substations in distribution networks
| VAR-202407-0795 | CVE-2024-6965 | Shenzhen Tenda Technology Co.,Ltd. of o3 firmware 1.0.0.10(2478) Out-of-bounds write vulnerability in |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability has been found in Tenda O3 1.0.0.10 and classified as critical. Affected by this vulnerability is the function fromVirtualSet. The manipulation of the argument ip/localPort/publicPort/app leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272119. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of o3 firmware 1.0.0.10(2478) Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda O3 is an outdoor wireless bridge of China's Tenda Company.
Tenda O3 has a security vulnerability, which is caused by the operation of the parameters ip/localPort/public Port/app in the fromVirtualSet function, which will cause a stack-based buffer overflow. No detailed vulnerability details are currently provided