VARIoT IoT vulnerabilities database

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setMacFilterRules function. TOTOLINK CP450 is an outdoor wireless client terminal device produced by China's TOTOLINK Electronics Co., Ltd. It is mainly used to provide wireless broadband access services, especially for wireless network coverage in rural or remote areas. The vulnerability is caused by the setMacFilterRules method failing to properly verify the length of the input data. Attackers can exploit this vulnerability to cause a denial of service

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the getSaveConfig function. (DoS) It may be in a state. TOTOLINK CP450 is a wireless bridge produced by China's TOTOLINK Electronics. The vulnerability is caused by the getSaveConfig method failing to properly verify the length of the input data. Attackers can exploit this vulnerability to cause a denial of service

TOTOLINK CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpQosRules function. TOTOLINK of cp450 An out-of-bounds read vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK CPE CP450 is an outdoor wireless client terminal device of China's TOTOLINK Electronics Co., Ltd., mainly used to provide wireless broadband access services, especially for wireless network coverage in rural or remote areas. The vulnerability is caused by the setIpQosRules method failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formWlanSetup_Wizard allows remote authenticated users to trigger a denial of service (DoS) through the parameter "webpage.". D-Link Systems, Inc. of DIR-619L Firmware has a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state. The D-Link DIR-619L is a wireless router designed for home and small office environments. It implements the IEEE 802.11n standard and offers a maximum transmission rate of 300Mbps. The D-Link DIR-619L suffers from a buffer overflow vulnerability. This vulnerability stems from the failure of the formWlanSetup_Wizard parameter webpage to properly validate the length of input data. An attacker could exploit this vulnerability to cause a denial of service

A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formTcpipSetup allows remote authenticated users to trigger a denial of service (DoS) through the parameter "curTime.". D-Link Systems, Inc. The D-Link DIR-619L is a wireless router designed for home and small office environments. It implements the IEEE 802.11n standard and offers a maximum transmission rate of 300Mbps. This vulnerability stems from the failure of the curTime parameter in formTcpipSetup to properly validate the length of input data. An attacker could exploit this vulnerability to cause a denial of service

A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via goform/formWPS, allows remote authenticated users to trigger a denial of service (DoS) through the parameter "webpage.". D-Link Systems, Inc. of DIR-619L Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. The D-Link DIR-619L is a wireless router designed for home and small office environments. It implements the IEEE 802.11n standard and offers a maximum transmission rate of 300Mbps. The D-Link DIR-619L suffers from a buffer overflow vulnerability. This vulnerability stems from the failure of the goform/formWPS parameter webpage to properly validate the length of input data. An attacker could exploit this vulnerability to cause a denial of service

TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a hardcoded password for root at /etc/shadow.sample. TOTOLINK of EX200 A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX200 is a 2.4G wireless N range extender from China's TOTOLINK Electronics. It is designed to expand the coverage of existing Wi-Fi networks and eliminate "blind spots". Attackers can use this vulnerability to log in as the root account

Beijing Yakong Technology Development Co., Ltd., referred to as "Yakong Technology", is a high-tech enterprise of industrial automation and information software platform established in 1997. There is an information leakage vulnerability in the KingSuperSCADA operating system client of Beijing Yakong Technology Development Co., Ltd., which can be exploited by attackers to obtain sensitive information.

Hangzhou Hikvision Digital Technology Co., Ltd. is a technology company focusing on technological innovation. Hangzhou Hikvision Digital Technology Co., Ltd. Hikvision Integrated Security Management Platform has a command execution vulnerability, which can be exploited by attackers to execute commands.

Buffer Overflow vulnerability LINKSYS EA7500 3.0.1.207964 allows a remote attacker to execute arbitrary code via an HTTP request to the IGD UPnP. Linksys of EA7500 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Linksys EA7500 is a wireless router from Linksys, Inc. of the United States. The vulnerability is caused by a boundary error when the application processes untrusted input

Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.71.8 allows local attackers to write arbitrary files with the privilege of Galaxy Store. Samsung's Galaxy Store Exists in unspecified vulnerabilities.Information may be tampered with

DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN.

D-LINK DIR-845L <=v1.01KRb03 is vulnerable to Information disclosurey via bsc_sms_inbox.php. D-Link Systems, Inc. of dir-845l The firmware contains command injection and cross-site scripting vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Command injection via the hnap_main()func. D-Link Systems, Inc. D-Link DIR-845L is a wireless router from D-Link, a Chinese company. D-Link DIR-845L has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands on the system by sending specially crafted requests

D-Link DIR-845L router <=v1.01KRb03 is vulnerable to Cross Site Scripting (XSS) via /htdocs/webinc/js/bsc_sms_inbox.php. D-Link Systems, Inc. of dir-845l Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. D-Link DIR-845L is a wireless router from D-Link, a Chinese company. D-Link DIR-845L v1.01KRb03 and earlier versions have a cross-site scripting vulnerability, which can be exploited by attackers to execute scripts in the victim's web browser using specially crafted URLs

D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Permission Bypass via the getcfg.php component. D-Link Systems, Inc. of dir-845l An authentication vulnerability exists in firmware.Information may be obtained and information may be tampered with. The D-Link DIR-845L is a wireless router from D-Link, a Chinese company. D-Link DIR-845L versions v1.01KRb03 and earlier contain an authorization vulnerability. An attacker could exploit this vulnerability to cause unauthorized operations

Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected size. AR8035 firmware, c-v2x 9150 firmware, CSRB31024 Multiple Qualcomm products, such as firmware, contain an out-of-bounds read vulnerability.Information may be obtained

A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. When processing an 'ICS Restart!' message, CEBC.exe restarts the system. Delta Electronics, INC. of DIAEnergie Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state

An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field. Delta Electronics, INC. of DIAEnergie for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Delta Electronics DIAEnergie is an industrial energy management system from Delta Electronics, a Taiwanese company, used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency. Delta Electronics DIAEnergie v1.10.1.8610 and earlier versions have a SQL injection vulnerability

A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field. Delta Electronics, INC. of DIAEnergie for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. An attacker can use this vulnerability to view, add, modify, or delete information in the backend database