VARIoT IoT vulnerabilities database
| VAR-202407-1740 | No CVE | Beijing Xingwang Ruijie Network Technology Co., Ltd. NBR6135-E has a command execution vulnerability |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
NBR6135-E is a router.
Beijing Xingwang Ruijie Network Technology Co., Ltd. NBR6135-E has a command execution vulnerability, and attackers can exploit the vulnerability to execute commands.
| VAR-202407-0376 | CVE-2024-6646 | NETGEAR WN604 Information Disclosure Vulnerability |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: Medium |
A vulnerability was found in Netgear WN604 up to 20240710. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /downloadFile.php of the component Web Interface. The manipulation of the argument file with the input config leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271052. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. The vulnerability is caused by the insufficient protection of sensitive information in the parameter file of the file/downloadFile.php. Attackers can exploit this vulnerability to obtain sensitive information
| VAR-202407-2073 | CVE-2024-40417 | Shenzhen Tenda Technology Co.,Ltd. of ax1806 Stack-based buffer overflow vulnerability in firmware |
CVSS V2: 6.1 CVSS V3: 6.5 Severity: MEDIUM |
A vulnerability was found in Tenda AX1806 1.0.0.1. Affected by this issue is the function formSetRebootTimer of the file /goform/SetIpMacBind. The manipulation of the argument list leads to stack-based buffer overflow.
Tenda AX1806 has a buffer overflow vulnerability, which is caused by a boundary error in the parameter list when processing untrusted input. An attacker can exploit this vulnerability to cause a denial of service
| VAR-202407-1619 | CVE-2024-40412 | Shenzhen Tenda Technology Co.,Ltd. of AX12 Stack-based buffer overflow vulnerability in firmware |
CVSS V2: 6.7 CVSS V3: 6.8 Severity: MEDIUM |
Tenda AX12 v1.0 v22.03.01.46 contains a stack overflow in the deviceList parameter of the sub_42E410 function. Shenzhen Tenda Technology Co.,Ltd. of AX12 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda AX12 is a dual-band Gigabit Wi-Fi 6 wireless router designed for home users. It supports dual-band concurrent transmission and achieves speeds of up to 2976 Mbps.
The Tenda AX12 suffers from a buffer overflow vulnerability caused by a bounds error when processing untrusted input in the deviceList parameter of the sub_42E410 function. An attacker could exploit this vulnerability to cause a denial of service
| VAR-202407-1822 | CVE-2024-38301 | Dell's Alienware Command Center Vulnerability in |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
Dell Alienware Command Center, version 5.7.3.0 and prior, contains an improper access control vulnerability. A low privileged attacker could potentially exploit this vulnerability, leading to denial of service on the local system and information disclosure. Dell's Alienware Command Center Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202407-1247 | CVE-2023-32472 | Dell's edge gateway 3200 firmware and edge gateway 5200 Out-of-bounds write vulnerability in firmware |
CVSS V2: 4.0 CVSS V3: 8.2 Severity: HIGH |
Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some code in System Management Mode, leading to arbitrary code execution or escalation of privilege. (DoS) It may be in a state. Dell Edge Gateway is a series of intelligent gateway devices from Dell in the United States. It is designed to aggregate, protect, analyze and relay data from various sensors and devices at the edge of the network. The vulnerability is caused by a boundary error when the application processes untrusted input
| VAR-202407-0943 | CVE-2023-32467 | Initialization vulnerability in multiple Dell products |
CVSS V2: - CVSS V3: 8.2 Severity: HIGH |
Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some UEFI code, leading to arbitrary code execution or escalation of privilege. (DoS) It may be in a state
| VAR-202407-0234 | CVE-2024-39883 | Delta Electronics CNCSoft-G2 DPAX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics, INC. of cncsoft-g2 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2
| VAR-202407-0235 | CVE-2024-39882 | Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics Provided by CNCSoft-G2 The following multiple vulnerabilities exist in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. Delta Electronics CNCSoft-G2 is a human-machine interface (HMI) software from Delta Electronics, a Chinese company
| VAR-202407-0232 | CVE-2024-39881 | Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a memory corruption condition. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics, INC. of cncsoft-g2 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2
| VAR-202407-0233 | CVE-2024-39880 | Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. Delta Electronics CNCSoft-G2 is a human-machine interface (HMI) software from Delta Electronics, a Chinese company
| VAR-202407-0359 | CVE-2024-38015 | Microsoft's Microsoft Windows Server Service operation interruption in (DoS) Vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
| VAR-202407-2006 | CVE-2024-23663 | fortinet's FortiExtender Firmware vulnerabilities |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request. fortinet's FortiExtender There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiExtender is a wireless WAN (Wide Area Network) extender device from Fortinet, an American company.
Fortinet FortiExtender has an access control error vulnerability, which is caused by improper access control
| VAR-202407-0139 | CVE-2024-39876 | Siemens' SINEMA Remote Connect Server Vulnerability in resource allocation without restrictions or throttling in |
CVSS V2: 2.1 CVSS V3: 4.0 Severity: MEDIUM |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected applications do not properly handle log rotation. This could allow an unauthenticated remote attacker to cause a denial of service condition through resource exhaustion on the device. The platform is mainly used for remote access, maintenance, control and diagnosis of underlying networks
| VAR-202407-0140 | CVE-2024-39875 | Siemens' SINEMA Remote Connect Server Vulnerability in improper permission assignment for critical resources in |
CVSS V2: 5.0 CVSS V3: 4.3 Severity: MEDIUM |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows authenticated, low privilege users with the 'Manage own remote connections' permission to retrieve details about other users and group memberships. The platform is mainly used for remote access, maintenance, control and diagnosis of underlying networks
| VAR-202407-0135 | CVE-2024-39874 | Siemens' SINEMA Remote Connect Server Vulnerability in improperly limiting excessive authentication attempts in |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly implement brute force protection against user credentials in its Client Communication component. This could allow an attacker to learn user credentials that are vulnerable to brute force attacks. The platform is mainly used for remote access, maintenance, control and diagnosis of underlying networks
| VAR-202407-0134 | CVE-2024-39873 | Siemens' SINEMA Remote Connect Server Vulnerability in improperly limiting excessive authentication attempts in |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly implement brute force protection against user credentials in its web API. This could allow an attacker to learn user credentials that are vulnerable to brute force attacks. The platform is mainly used for remote access, maintenance, control and diagnosis of underlying networks
| VAR-202407-0144 | CVE-2024-39872 | Siemens' SINEMA Remote Connect Server Vulnerability in |
CVSS V2: 8.5 CVSS V3: 9.9 Severity: CRITICAL |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly assign rights to temporary files created during its update process. This could allow an authenticated attacker with the 'Manage firmware updates' role to escalate their privileges on the underlying OS level. Siemens' SINEMA Remote Connect Server Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The platform is mainly used for remote access, maintenance, control and diagnosis of underlying networks. Attackers can exploit this vulnerability to escalate their permissions at the underlying operating system level
| VAR-202407-0142 | CVE-2024-39871 | Siemens' SINEMA Remote Connect Server Fraud related to unauthorized authentication in |
CVSS V2: 6.5 CVSS V3: 5.4 Severity: MEDIUM |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected applications do not properly separate the rights to edit device settings and to edit settings for communication relations. This could allow an authenticated attacker with the permission to manage devices to gain access to participant groups that the attacked does not belong to. The platform is mainly used for remote access, maintenance, control and diagnosis of underlying networks
| VAR-202407-0146 | CVE-2024-39870 | Siemens' SINEMA Remote Connect Server Vulnerability in |
CVSS V2: 6.5 CVSS V3: 7.8 Severity: HIGH |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected applications can be configured to allow users to manage own users. A local authenticated user with this privilege could use this modify users outside of their own scope as well as to escalate privileges. Siemens' SINEMA Remote Connect Server Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The platform is mainly used for remote access, maintenance, control and diagnosis of underlying networks