VARIoT IoT vulnerabilities database

A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC20 The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability stems from the websFormDefine function in the /goform/telnet file failing to properly sanitize special characters and commands when constructing commands. An attacker could exploit this vulnerability to execute arbitrary commands

A vulnerability was determined in Tenda AC20 16.03.08.12. This issue affects the function sub_48E628 of the file /goform/SetIpMacBind. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC20 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability stems from the failure of the sub_48E628 function parameter list in the /goform/SetIpMacBind file to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service

A vulnerability was found in Tenda AC20 16.03.08.12. This vulnerability affects the function save_virtualser_data of the file /goform/formSetVirtualSer. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. of AC20 The firmware contains a buffer error vulnerability, a stack-based buffer overflow vulnerability, and an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability stems from a failure to properly validate the length of input data in the `save_virtualser_data` function parameter `list` in the `/goform/formSetVirtualSer` file. This vulnerability could allow an attacker to execute arbitrary code or cause a denial of service

A vulnerability has been found in Tenda AC20 16.03.08.12. This affects the function set_qosMib_list of the file /goform/SetNetControlList of the component SetNetControlList Endpoint. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. of AC20 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability stems from a failure to properly validate the length of input data in the set_qosMib_list function parameter list in the /goform/SetNetControlList file. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service

Ruisikangda Technology Development Co., Ltd. is an industry-leading provider of optical network products and system solutions. A command execution vulnerability exists in Ruisikangda Technology Development Co., Ltd.'s MSG2200, allowing an attacker to execute arbitrary commands.

A vulnerability was identified in Tenda AC20 16.03.08.12. This issue affects the function sub_46A2AC of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC20 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability stems from the failure of the deviceList parameter in the sub_46A2AC function in the /goform/setMacFilterCfg file to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service

A vulnerability was identified in D-Link DIR-860L 2.04.B04. This affects the function ssdpcgi_main of the file htdocs/cgibin of the component Simple Service Discovery Protocol. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A vulnerability has been found in Tenda AC7 and AC18 15.03.05.19/15.03.06.44. Affected is the function formSetSchedLed of the file /goform/SetLEDCfg. The manipulation of the argument Time leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. of AC7 firmware and AC18 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A vulnerability has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function formeditFileName of the file /goform/editFileName. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. of ch22 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability stems from the formeditFileName function in the file /goform/editFileName failing to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code

A vulnerability was identified in Tenda CH22 1.0.0.1. Affected by this vulnerability is the function formdelFileName of the file /goform/delFileName. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The Tenda CH22 is an enterprise-grade wireless router from the Tenda brand. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service

A vulnerability has been found in D-Link DIR-818LW 1.04. This vulnerability affects unknown code of the file /bsc_lan.php of the component DHCP Reserved Address Handler. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Corporation of DIR-818LW The firmware contains cross-site scripting and code injection vulnerabilities.Information may be obtained and information may be tampered with

A vulnerability has been found in Tenda G1 16.01.7.8(3660). Affected by this issue is the function check_upload_file of the component Firmware Update Handler. The manipulation leads to insufficient verification of data authenticity. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of G1 Firmware contains insufficient validation of data authenticity.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A vulnerability was identified in Tenda AC15 15.13.07.13. Affected by this vulnerability is the function check_fw_type/split_fireware/check_fw of the component Firmware Update Handler. The manipulation leads to insufficient verification of data authenticity. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC15 Firmware contains insufficient validation of data authenticity.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A vulnerability was determined in D-Link DIR-619L 6.02CN02. Affected is the function FirmwareUpgrade of the component boa. The manipulation leads to insufficient verification of data authenticity. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Corporation of DIR-619L Firmware contains insufficient validation of data authenticity.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DIR-619L is a home wireless router from D-Link, designed for home and small office environments. It utilizes the IEEE 802.11n wireless standard and boasts a maximum transmission rate of 300Mbps. Detailed vulnerability details are currently unavailable

A security issue exists due to improper handling of CIP Class 32’s request when a module is inhibited on the 5094-IF8 device. It causes the module to enter a fault state with the Module LED flashing red. Upon un-inhibiting, the module returns a connection fault (Code 16#0010), and the module cannot recover without a power cycle. The Rockwell Automation FLEX 5000 is a high-speed counter module from Rockwell Automation. The Rockwell Automation FLEX 5000 has a resource management error vulnerability. Detailed vulnerability details are not available at this time

A vulnerability was found in D-Link DIR‑818L up to 1.05B01. This issue affects the function getenv of the file /htdocs/cgibin of the component ssdpcgi. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The D-Link DIR-818L is a Wi-Fi router manufactured by D-Link, a Chinese company. The D-Link DIR-818L has an injection vulnerability due to incorrect operation of the /htdocs/cgibin file. An attacker can exploit this vulnerability by injecting malicious SQL statements, bypassing authentication and accessing restricted data

A vulnerability was identified in D-Link DIR-825 2.10. Affected by this vulnerability is the function get_ping_app_stat of the file ping_response.cgi of the component httpd. The manipulation of the argument ping_ipaddr leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-825 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DIR-825 is a router manufactured by D-Link, a Chinese company. An attacker could exploit this vulnerability to corrupt memory, causing a system crash and disrupting service operations

A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Affected by this vulnerability is the function strcpy of the file /goform/saveParentControlInfo. The manipulation of the argument Time leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The Tenda AC20 is a wireless router from the Chinese company Tenda. The Tenda AC20 suffers from a buffer overflow vulnerability caused by a failure to properly validate the length of input data in the "Time" parameter in the file /goform/saveParentControlInfo. This vulnerability could allow an attacker to execute arbitrary code or cause a denial of service (DoS)

A vulnerability has been found in TOTOLINK N350R 1.2.3-B20130826. This vulnerability affects unknown code of the file /boafrm/formSysCmd. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of N350R The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK N350R is a WiFi router manufactured by the Chinese company TOTOLINK. An attacker could exploit this vulnerability to inject malicious code, causing the application to crash or behave abnormally

The Desigo CC product family includes Desigo CC (an integrated building management platform for managing high-performance buildings), Desigo CC Compact (a solution tailored for small and medium-sized buildings), Desigo CC Connect (a software gateway based on the Desigo CC platform), and Cerberus DMS (a hazard management station that helps users manage fire safety and security incidents). SENTRON Powermanager power monitoring software analyzes energy consumption by displaying key characteristics of individual devices and the entire system in an easy-to-understand dashboard. A privilege escalation vulnerability exists in the SIEMENS Desigo CC family and SENTRON Powermanager, which could be exploited by an attacker to escalate privileges.