VARIoT IoT vulnerabilities database

There is a security vulnerability in the web management interface of tenda A32 wireless router. By modifying cookies to specific values, the user name and password authentication can be bypassed to directly obtain administrator operation permissions and manage the router.

A reflected cross-site scripting (XSS) vulnerability in the tag parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. Vtiger of Vtiger CRM Exists in a cross-site scripting vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ------------------------------------------ [Additional Information] PoC: https://demo7.vtexperts.com/vtigercrm7demo/index.php?module=Invoice&view=List&app=INVENTORY&parent=%22-alert()-%22 ------------------------------------------ [Vulnerability Type]:Cross Site Scripting (XSS) ------------------------------------------ [Vendor of Product]:vTiger ------------------------------------------ [Affected Product Code Base]:vTiger CRM - 7.4.0. ------------------------------------------ [Additional Information]: PoC: https://demo7.vtexperts.com/vtigercrm7demo/index.php?module=Accounts&view=List&viewname=95ddd'+onpointerdown=alert()+alt= ------------------------------------------ [Vulnerability Type] Cross Site Scripting (XSS) ------------------------------------------ [Vendor of Product]:vTiger ------------------------------------------ [Affected Product Code Base]:vTiger CRM - 7.4.0. ------------------------------------------ [Affected Component]:The "viewname" parameter of vTiger CRM 7.4.0 Index page . ------------------------------------------ [Additional Information] PoC: https://demo7.vtexperts.com/vtigercrm7demo/index.php?module=Invoice&view=List&app=INVENTORY&tag=);alert();%22+alt=%22 ------------------------------------------ [Vulnerability Type]:Cross Site Scripting (XSS) ------------------------------------------ [Vendor of Product]:vTiger ------------------------------------------ [Affected Product Code Base]:vTiger CRM - 7.4.0

A reflected cross-site scripting (XSS) vulnerability in the parent parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. Vtiger of Vtiger CRM Exists in a cross-site scripting vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ------------------------------------------ [Additional Information] PoC: https://demo7.vtexperts.com/vtigercrm7demo/index.php?module=Invoice&view=List&app=INVENTORY&parent=%22-alert()-%22 ------------------------------------------ [Vulnerability Type]:Cross Site Scripting (XSS) ------------------------------------------ [Vendor of Product]:vTiger ------------------------------------------ [Affected Product Code Base]:vTiger CRM - 7.4.0. ------------------------------------------ [Additional Information]: PoC: https://demo7.vtexperts.com/vtigercrm7demo/index.php?module=Accounts&view=List&viewname=95ddd'+onpointerdown=alert()+alt= ------------------------------------------ [Vulnerability Type] Cross Site Scripting (XSS) ------------------------------------------ [Vendor of Product]:vTiger ------------------------------------------ [Affected Product Code Base]:vTiger CRM - 7.4.0. ------------------------------------------ [Affected Component]:The "viewname" parameter of vTiger CRM 7.4.0 Index page . ------------------------------------------ [Additional Information] PoC: https://demo7.vtexperts.com/vtigercrm7demo/index.php?module=Invoice&view=List&app=INVENTORY&tag=);alert();%22+alt=%22 ------------------------------------------ [Vulnerability Type]:Cross Site Scripting (XSS) ------------------------------------------ [Vendor of Product]:vTiger ------------------------------------------ [Affected Product Code Base]:vTiger CRM - 7.4.0

A reflected cross-site scripting (XSS) vulnerability in the viewname parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. Vtiger of Vtiger CRM Exists in a cross-site scripting vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ------------------------------------------ [Additional Information] PoC: https://demo7.vtexperts.com/vtigercrm7demo/index.php?module=Invoice&view=List&app=INVENTORY&parent=%22-alert()-%22 ------------------------------------------ [Vulnerability Type]:Cross Site Scripting (XSS) ------------------------------------------ [Vendor of Product]:vTiger ------------------------------------------ [Affected Product Code Base]:vTiger CRM - 7.4.0. ------------------------------------------ [Additional Information]: PoC: https://demo7.vtexperts.com/vtigercrm7demo/index.php?module=Accounts&view=List&viewname=95ddd'+onpointerdown=alert()+alt= ------------------------------------------ [Vulnerability Type] Cross Site Scripting (XSS) ------------------------------------------ [Vendor of Product]:vTiger ------------------------------------------ [Affected Product Code Base]:vTiger CRM - 7.4.0. ------------------------------------------ [Affected Component]:The "viewname" parameter of vTiger CRM 7.4.0 Index page . ------------------------------------------ [Additional Information] PoC: https://demo7.vtexperts.com/vtigercrm7demo/index.php?module=Invoice&view=List&app=INVENTORY&tag=);alert();%22+alt=%22 ------------------------------------------ [Vulnerability Type]:Cross Site Scripting (XSS) ------------------------------------------ [Vendor of Product]:vTiger ------------------------------------------ [Affected Product Code Base]:vTiger CRM - 7.4.0

An Open Redirect vulnerability in the page parameter of vTiger CRM v7.4.0 allows attackers to redirect users to a malicious site via a crafted URL. Vtiger of Vtiger CRM Exists in an open redirect vulnerability.Information may be obtained and information may be tampered with. ------------------------------------------ [VulnerabilityType Other]:Open Redirect ------------------------------------------ [Vendor of Product]:vTiger ------------------------------------------ [Affected Product Code Base] vTiger CRM - 7.4.0. ------------------------------------------ [Affected Component]:Index of vTiger CRM ------------------------------------------ [Attack Type]:Remote ------------------------------------------ [Impact Information Disclosure]:true ------------------------------------------ [CVE Impact Other]:Redirect a victim to a malicious site ------------------------------------------ [Attack Vectors]:Crafted URL ----------------------------------------- [Has vendor confirmed or acknowledged the vulnerability?]:true ------------------------------------------ [Discoverer]:Marco Nappi ------------------------------------------ [Reference]:http://vtiger.com ------------------------------------------

TOTOLINK AC1200 Wireless Router A3002R Firmware V1.1.1-B20200824 is vulnerable to Buffer Overflow. In the boa server program's CGI handling function formWlEncrypt, there is a lack of length restriction on the wlan_ssid field. This oversight leads to potential buffer overflow under specific circumstances. For instance, by invoking the formWlanRedirect function with specific parameters to alter wlan_idx's value and subsequently invoking the formWlEncrypt function, an attacker can trigger buffer overflow, enabling arbitrary command execution or denial of service attacks. TOTOLINK of A3002R An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK AC1200 is a dual-band Wi-Fi router from China's TOTOLINK Electronics. TOTOLINK AC1200 has a buffer overflow vulnerability, which is caused by the parameter wlan_idx of the formWlanRedirect function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

TOTOLINK AC1200 Wireless Router A3002RU V2.1.1-B20230720.1011 is vulnerable to Buffer Overflow. The formWlEncrypt CGI handler in the boa program fails to limit the length of the wlan_ssid field from user input. This allows attackers to craft malicious HTTP requests by supplying an excessively long value for the wlan_ssid field, leading to a stack overflow. This can be further exploited to execute arbitrary commands or launch denial-of-service attacks. TOTOLINK of A3002RU Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK AC1200 is a dual-band Wi-Fi router from China's TOTOLINK Electronics

A vulnerability classified as critical has been found in Tenda O6 1.0.0.7(2054). Affected is the function fromVirtualSet of the file /goform/setPortForward. The manipulation of the argument ip/localPort/publicPort/app leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of o6 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the parameter ip/localPort/publicPort/app of the fromVirtualSet function of the file/goform/setPortForward failing to correctly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

A vulnerability was found in Tenda O6 1.0.0.7(2054). It has been rated as critical. This issue affects the function fromSafeSetMacFilter of the file /goform/setMacFilterList. The manipulation of the argument remark/type/time leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of o6 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the parameter remark/type/time of the fromSafeSetMacFilter function in the file/goform/setMacFilterList failing to correctly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

A vulnerability was found in Tenda O6 1.0.0.7(2054). It has been declared as critical. This vulnerability affects the function frommacFilterModify of the file /goform/operateMacFilter. The manipulation of the argument mac leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of o6 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the parameter mac of the frommacFilterModify function in the file /goform/operateMacFilter failing to correctly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

A vulnerability was found in Tenda O5 1.0.0.8(5017). It has been classified as critical. This affects the function fromSafeSetMacFilter of the file /goform/setMacFilterList. The manipulation of the argument remark/type/time leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. of o5 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda O5 is a wireless bridge designed by China's Tenda Company for long-distance data transmission and video surveillance, such as mining area video backhaul, network household communication, and mountain long-distance bridging. The vulnerability is caused by the stack buffer overflow when the fromSafeSetMacFilter function in the /goform/setMacFilterList file processes the remark/type/time parameters. A remote attacker can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

A vulnerability was found in Tenda O1 1.0.0.7(10648) and classified as critical. Affected by this issue is the function fromDhcpSetSer of the file /goform/DhcpSetSer. The manipulation of the argument dhcpStartIp/dhcpEndIp/dhcpGw/dhcpMask/dhcpLeaseTime/dhcpDns1/dhcpDns2 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of o1 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda O1 is a dedicated bridge for elevator monitoring of China's Tenda Company. The vulnerability is caused by the dhcpDns2 parameter of the fromDhcpSetSer function in the /goform/DhcpSetSer file failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability has been found in Tenda O1 1.0.0.7(10648) and classified as critical. Affected by this vulnerability is the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of o1 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda O1 is a dedicated bridge for elevator monitoring of China's Tenda Company. The vulnerability is caused by the fact that the funcpara1 parameter of the formSetCfm function in the /goform/setcfm file fails to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability, which was classified as critical, was found in Tenda G3 15.11.0.20. Affected is the function formSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument sysTimePolicy leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of G3 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda G3 is a Qos VPN router from China's Tenda Company. The vulnerability is caused by the sysTimePolicy parameter of the formSetSysTime function in the /goform/SetSysTimeCfg file failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability, which was classified as critical, has been found in Tenda G3 15.11.0.20. This issue affects the function formSetDebugCfg of the file /goform/setDebugCfg. The manipulation of the argument enable/level/module leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of G3 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda G3 is a Qos VPN router from China's Tenda company. The vulnerability is caused by the enable/level/module parameter of the formSetDebugCfg function in the /goform/setDebugCfg file failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause the application to crash

A vulnerability classified as critical was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. Affected by this vulnerability is the function cgi_FMT_Std2R5_2nd_DiskMGR of the file /cgi-bin/hd_config.cgi. The manipulation of the argument f_source_dev leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced. dns-315l firmware, D-Link DNS-320LW firmware, dns-1550-04 firmware etc. D-Link Systems, Inc. The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A vulnerability classified as critical has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. Affected is the function cgi_FMT_R12R5_1st_DiskMGR of the file /cgi-bin/hd_config.cgi. The manipulation of the argument f_source_dev leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced. dns-315l firmware, D-Link DNS-320LW firmware, dns-1550-04 firmware etc. D-Link Systems, Inc. The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been rated as critical. This issue affects the function cgi_FMT_R12R5_2nd_DiskMGR of the file /cgi-bin/hd_config.cgi. The manipulation of the argument f_source_dev leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced. dns-315l firmware, D-Link DNS-320LW firmware, dns-1550-04 firmware etc. D-Link Systems, Inc. The product contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been declared as critical. This vulnerability affects the function cgi_FMT_Std2R1_DiskMGR of the file /cgi-bin/hd_config.cgi. The manipulation of the argument f_newly_dev leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced. dns-315l firmware, D-Link DNS-320LW firmware, dns-1550-04 firmware etc. D-Link Systems, Inc. The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been classified as critical. This affects the function sprintf of the file /cgi-bin/hd_config.cgi. The manipulation of the argument f_mount leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced. dns-315l firmware, D-Link DNS-320LW firmware, dns-1550-04 firmware etc. D-Link Systems, Inc. The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state