VARIoT IoT vulnerabilities database

Tenda G3 v15.01.0.5(2848_755)_EN was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root. Shenzhen Tenda Technology Co.,Ltd. of G3 A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda G3 is a QosVpn router from China's Tenda company

Mitsubishi PLC FX5UJ is a micro programmable controller. Mitsubishi Electric Mitsubishi PLC FX5UJ has a buffer overflow vulnerability. Attackers can exploit this vulnerability to modify the length field of the transmission control program data packet, causing the workstation to be unable to read the control program content.

The D-LINK DAR-7000-20 Internet Behavior Audit Gateway is a network behavior management and audit device for enterprise network environments. The D-LINK DAR-7000-20 Internet Behavior Audit Gateway of D-Link Electronics (Shanghai) Co., Ltd. has a command execution vulnerability, which can be exploited by attackers to obtain server permissions.

In TP-Link TL-WDR7660 v1.0, the guestRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. TP-LINK Technologies of TL-WDR7660 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. TP-LINK TL-WDR7660 is a Gigabit router from TP-LINK of China. TP-LINK TL-WDR7660 version 1.0 has a buffer overflow vulnerability. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

In TP-Link TL-WDR7660 1.0, the wacWhitelistJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. TP-LINK Technologies of TL-WDR7660 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. TP-LINK TL-WDR7660 is a Gigabit router from TP-LINK of China. TP-LINK TL-WDR7660 version 1.0 has a buffer overflow vulnerability. A remote attacker can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

In TP-Link TL-WDR7660 1.0, the rtRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. TP-LINK Technologies of TL-WDR7660 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. TP-LINK TL-WDR7660 is a Gigabit router from TP-LINK of China. TP-LINK TL-WDR7660 version 1.0 has a buffer overflow vulnerability. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used. MB CONNECT LINE of mbnet.mini Products from multiple vendors, such as firmware, have vulnerabilities related to encryption strength.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost. helmholz of myrex24 v2 virtual server Unspecified vulnerabilities exist in products from multiple vendors.Service operation interruption (DoS) It may be in a state

Netgear R7000 1.0.11.136 is vulnerable to Command Injection in RMT_invite.cgi via device_name2 parameter. of netgear R7000 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR R7000 is a wireless router from NETGEAR. Attackers can exploit this vulnerability to cause arbitrary command execution

Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28, and Netgear EX3700 v1.0.0.96 are vulnerable to command injection in operating_mode.cgi via the ap_mode parameter. of netgear EX3700 firmware, EX6100 firmware, EX6120 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Netgear EX6120 v1.0.0.68 is vulnerable to Command Injection in genie_fix2.cgi via the wan_dns1_pri parameter. of netgear EX6120 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR EX6120 is a wireless extender from NETGEAR. Attackers can exploit this vulnerability to cause arbitrary command execution

A stack overflow vulnerability exists in the sub_402280 function of the HNAP service of D-Link DCS-960L 1.09, allowing an attacker to execute arbitrary code. D-Link Systems, Inc. (DoS) It may be in a state. D-Link DCS-960L is a network camera product of China's D-Link company. D-Link DCS-960L version 1.09 has a buffer overflow vulnerability, which is caused by a boundary error in the sub_402280 function when processing untrusted input

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_subconfig function. DrayTek Corporation of Vigor3900 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the sub_451208 function. D-Link Systems, Inc. of DIR-820L The firmware contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-820L is a dual-band wireless router from D-Link, a Chinese company. D-Link DIR-820L version 1.05B03 has a buffer overflow vulnerability, which is caused by a boundary error in the sub_451208 function when processing untrusted input. A remote attacker can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

VULNERABILITY DETAILS Rockwell Automation used the latest versions of the CVSS scoring system to assess the following vulnerabilities. The following vulnerabilities were reported to us by Sharon Brizinov of Claroty Research - Team82. A feature in the affected products enables users to prepare a project file with an embedded VBA script and can be configured to run once the project file has been opened without user intervention. This feature can be abused to trick a legitimate user into executing malicious code upon opening an infected RSP/RSS project file. If exploited, a threat actor may be able to perform a remote code execution. Connected devices may also be impacted by exploitation of this vulnerability.

Vtiger CRM v8.2.0 has a HTML Injection vulnerability in the module parameter. Authenticated users can inject arbitrary HTML. Vtiger of Vtiger CRM Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

The affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code. MOXA Service is a hardware device basic service of China's MOXA company

A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. Affected by this vulnerability is the function formVirtualServ of the file /goform/formVirtualServ. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of DIR-619L Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-619L is a wireless router from D-Link of China. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability classified as critical has been found in D-Link DIR-619L B1 2.06. Affected is the function formSetWizardSelectMode of the file /goform/formSetWizardSelectMode. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of DIR-619L Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-619L B1 is a wireless router produced by D-Link. Attackers can use this vulnerability to launch targeted attacks on the target and endanger the security of the site system

A vulnerability was found in D-Link DIR-619L B1 2.06. It has been rated as critical. This issue affects the function formSetRoute of the file /goform/formSetRoute. The manipulation of the argument curTime leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of DIR-619L Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-619L is a wireless router from D-Link of China. The vulnerability is caused by the parameter curTime of the formSetRoute function in the file /goform/formSetRoute failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service