VARIoT IoT vulnerabilities database

Beijing StarNet Ruijie Network Technology Co., Ltd. NBR6210-E is a router product. Beijing StarNet Ruijie Network Technology Co., Ltd. NBR6210-E has a command execution vulnerability, which can be exploited by attackers to gain control of the server.

Sony XAV-AX5500 USB Configuration Descriptor Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the USB host driver. A crafted USB configuration descriptor can trigger an overflow of a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23185. Sony Corporation's xav-ax5500 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SONY XAV-AX5500 is a 7-inch in-vehicle central control device with multiple functions and advanced technical features

RG-UAC 6000-E20C is an Internet behavior management and auditing product. RG-UAC 6000-E20C of Beijing Xingwang Ruijie Network Technology Co., Ltd. has a command execution vulnerability, which can be exploited by attackers to obtain server permissions.

A command injection issue in TOTOLINK A6000R V1.0.1-B20201211.2000 firmware allows a remote attacker to execute arbitrary code via the iface parameter in the vif_enable function. TOTOLINK of a6000r The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A6000R is a wireless router from China's TOTOLINK Electronics. No detailed vulnerability details are currently available

A vulnerability was found in Tenda A301 15.13.08.12. It has been classified as critical. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269160. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Tenda of a301 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

There is an unauthorized access vulnerability in ZTE H388X. If H388X is caused by brute-force serial port cracking,attackers with common user permissions can use this vulnerability to obtain elevated permissions on the affected device by performing specific operations. ZTE of ZXHN H388X A vulnerability exists in the firmware related to improperly preserving permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ZTE ZXHN H388X is a router produced by ZTE

TP-LINK TL-7DR5130 v1.0.23 is vulnerable to forged ICMP redirect message attacks. An attacker in the same WLAN as the victim can hijack the traffic between the victim and any remote server by sending out forged ICMP redirect messages. TP-LINK Technologies of TL-7DR5130 The firmware contains a vulnerability related to violation of the same origin policy.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TP-Link TL-7DR5130 is a wireless router from China's TP-LINK company

A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the system. Rockwell Automation of FactoryTalk View Contains a vulnerability in improper permission assignment for critical resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Rockwell Automation FactoryTalk View SE is an industrial automation system view interface from Rockwell Automation of the United States

TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow vulnerability via the submit-url parameter at /formSysLog . TRENDnet of TEW-814DAP A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TRENDnet TEW-814DAP is a wireless access point from the US company TRENDnet. This vulnerability stems from the failure to properly validate the length of input data in the submit-url parameter at /formSysLog

TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow vulnerability via the submit-url parameter at /formPasswordAuth . TRENDnet of TEW-814DAP A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TRENDnet TEW-814DAP is a wireless access point from the US company TRENDnet. This vulnerability stems from the failure to properly validate the length of input data in the submit-url parameter at /formPasswordAuth

A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. Due to the lack of proper authentication, this action is allowed without proper authentication verification

A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. This action is allowed without proper authentication verification

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the function setWiFiEasyGuestCfg. TOTOLINK of a3700r A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3700R is a wireless router produced by China's TOTOLINK Electronics. TOTOLINK A3700R has a buffer overflow vulnerability. The vulnerability is caused by the failure of ssid5g to correctly verify the length of the input data in the setWiFiEasyGuestCfg function. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via eport in the function setIpPortFilterRules. TOTOLINK of a3700r A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3700R is a wireless router from China's TOTOLINK Electronics. There is a buffer overflow vulnerability in the TOTOLINK A3700R V9.1.2u.6165_20211012 version. The vulnerability is caused by the failure of eport to correctly verify the length of the input data in the function setIpPortFilterRules. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the function setWizardCfg. TOTOLINK of a3700r Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3700R is a wireless router produced by China's TOTOLINK Electronics. TOTOLINK A3700R has a buffer overflow vulnerability. The vulnerability is caused by the failure of ssid5g to correctly verify the length of the input data in the setWizardCfg function. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow via the submit-url parameter at /formNewSchedule. TRENDnet of TEW-814DAP A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TRENDnet TEW-814DAP is a wireless access point from the US company TRENDnet. This vulnerability stems from the failure to properly validate the length of input data in the submit-url parameter at /formNewSchedule. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiBasicCfg. TOTOLINK of a3700r Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3700R is a wireless router produced by China's TOTOLINK Electronics. TOTOLINK A3700R has a buffer overflow vulnerability. The vulnerability is caused by the ssid in the setWiFiBasicCfg function failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiEasyCfg. TOTOLINK of a3700r A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3700R is a wireless router produced by China's TOTOLINK Electronics. TOTOLINK A3700R has a buffer overflow vulnerability. The vulnerability is caused by the ssid in the setWiFiEasyCfg function failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiGuestCfg. TOTOLINK of a3700r A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3700R is a wireless router produced by China's TOTOLINK Electronics. TOTOLINK A3700R has a stack buffer overflow vulnerability. The vulnerability is caused by the ssid in the setWiFiGuestCfg function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the password parameter in function loginAuth . TOTOLINK of a3700r Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3700R is a wireless router produced by China's TOTOLINK Electronics. TOTOLINK A3700R has a buffer overflow vulnerability. The vulnerability is caused by the password parameter in the loginAuth function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service