VARIoT IoT vulnerabilities database

A vulnerability was found in Tenda AC8 16.03.34.09. It has been declared as critical. This vulnerability affects the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-261790 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. of AC8 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. AC8 is a wireless router device that provides network connection and wireless management functions. The vulnerability is caused by improper processing of password parameters. Attackers can exploit this vulnerability to remotely control the device

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the page parameter in ip/goform/addressNat. Shenzhen Tenda Technology Co.,Ltd. No detailed vulnerability details are currently provided

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/addressNat. Shenzhen Tenda Technology Co.,Ltd. (DoS) It may be in a state. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the entrys parameter in ip/goform/RouteStatic. Shenzhen Tenda Technology Co.,Ltd. of fh1206 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. Attackers can exploit this vulnerability to cause a denial of service

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/RouteStatic. Shenzhen Tenda Technology Co.,Ltd. Attackers can exploit this vulnerability to cause a denial of service

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter in ip/goform/setcfm. Shenzhen Tenda Technology Co.,Ltd. (DoS) It may be in a state. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the PPPOEPassword parameter in ip/goform/QuickIndex. Shenzhen Tenda Technology Co.,Ltd. (DoS) It may be in a state. The vulnerability is caused by the PPPOEPassword parameter in ip/goform/QuickIndex failing to properly verify the length of the input data. Attackers can exploit this vulnerability to cause a denial of service

A vulnerability was found in Tenda FH1206 1.2.0.8(8155) and classified as critical. This issue affects the function fromAddressNat of the file /goform/addressNat. The manipulation of the argument entrys leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of fh1206 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. No detailed vulnerability details are provided at present

Buffer Overflow vulnerability in ARM mbed-os v.6.17.0 allows a remote attacker to execute arbitrary code via a crafted script to the hciTrSerialRxIncoming function. ARM Ltd. of Mbed OS Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Access Control under the Wireless Page. TOTOLINK of N300RT Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. The TOTOLINK N300RT is a wireless router designed primarily for home and small business users. An attacker could exploit this vulnerability by injecting a specially crafted payload to execute arbitrary web script or HTML

TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall Page. TOTOLINK of N300RT Firmware has a cross-site scripting vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK N300RT is a wireless router designed primarily for home and small business users. An attacker could exploit this vulnerability by injecting a specially crafted payload to execute arbitrary web script or HTML

TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall Page. TOTOLINK of N300RT Firmware has a cross-site scripting vulnerability.Service operation interruption (DoS) It may be in a state. The TOTOLINK N300RT is a wireless router designed primarily for home and small business users. Detailed vulnerability details are currently unavailable

TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Port Forwarding under the Firewall Page. TOTOLINK of N300RT Firmware has a cross-site scripting vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK N300RT is a wireless router designed primarily for home and small business users. The TOTOLINK N300RT suffers from a cross-site scripting vulnerability. An attacker could exploit this vulnerability by injecting a specially crafted payload to execute arbitrary web script or HTML

TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the key parameter in the setWiFiExtenderConfig function. TOTOLINK of EX200 Firmware has a cross-site scripting vulnerability.Information may be obtained. The TOTOLINK EX200 is a 2.4GHz wireless range extender from China's Jiong Electronics. It's primarily used to extend the coverage of existing Wi-Fi networks and resolve signal blind spots. Detailed vulnerability details are currently unavailable

TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the ssid parameter in the setWiFiExtenderConfig function. TOTOLINK of EX200 Firmware has a cross-site scripting vulnerability.Information may be obtained. The TOTOLINK EX200 is a 2.4GHz wireless N range extender released by China-based Jiong Electronics. It is primarily used to extend the coverage of existing Wi-Fi networks and resolve signal dead zones. This vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the ssid parameter of the setWiFiExtenderConfig method. Detailed vulnerability details are currently unavailable

Ruijie Networks, founded in 2003, is an industry-leading provider of network infrastructure and solutions. RG-UAC 6000-E50C of Beijing Xingwang Ruijie Network Technology Co., Ltd. has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.

Controller denial of service due to improper handling of a specially crafted message received by the controller. See Honeywell Security Notification for recommendations on upgrading and versioning. Honeywell Experion Server is a high-performance industrial control system server from Honeywell, USA, mainly used in the Experion Process Knowledge System (PKS) platform. Honeywell Experion Server has a denial of service vulnerability. Attackers can exploit this vulnerability to cause the controller to deny service

Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability via the timeZone parameter in the formSetTimeZone function. Shenzhen Tenda Technology Co.,Ltd. of ac500 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. Tenda AC500 is a wireless controller device designed for small and medium-sized enterprises, supporting cross-VLAN management of wireless networks. Attackers can exploit this vulnerability to cause a denial of service

Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability via the vlan parameter in the formSetVlanInfo function. Shenzhen Tenda Technology Co.,Ltd. of ac500 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC500 is a wireless controller device designed for small and medium-sized enterprises, supporting cross-VLAN management of wireless networks. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Tenda AC10 v4.0 V16.03.10.13 and V16.03.10.20 firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting function. Shenzhen Tenda Technology Co.,Ltd. of AC10 A stack-based buffer overflow vulnerability exists in the firmware.Information may be obtained and information may be tampered with. Tenda A18 is a dual-band Gigabit wireless router, mainly for 200M and above fiber users. Tenda AC10 has a buffer overflow vulnerability, which is caused by the adslPwd parameter of the formWanParameterSetting method failing to correctly verify the length of the input data. No detailed vulnerability details are currently provided