VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202411-0606 CVE-2024-50998 of netgear  R8500  Classic buffer overflow vulnerability in firmware CVSS V2: 5.5
CVSS V3: 5.7
Severity: MEDIUM
Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component openvpn.cgi via the openvpn_service_port and openvpn_service_port_tun parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted POST request. of netgear R8500 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. NETGEAR R8500 is a wireless router from NETGEAR. The vulnerability is caused by the openvpn_service_port and openvpn_service_port_tun parameters in the openvpn.cgi component failing to properly verify the length of the input data
VAR-202411-2043 CVE-2024-50997 Classic buffer overflow vulnerability in multiple Netgear products CVSS V2: -
CVSS V3: 5.7
Severity: MEDIUM
Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. R8500 firmware, XR300 firmware, R7000P A classic buffer overflow vulnerability exists in multiple Netgear products, including firmware.Service operation interruption (DoS) It may be in a state
VAR-202411-2594 CVE-2024-50996 Classic buffer overflow vulnerability in multiple Netgear products CVSS V2: -
CVSS V3: 5.7
Severity: MEDIUM
Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the bpa_server parameter at genie_bpa.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. R8500 firmware, XR300 firmware, R7000P A classic buffer overflow vulnerability exists in multiple Netgear products, including firmware.Service operation interruption (DoS) It may be in a state
VAR-202411-0987 CVE-2024-50995 of netgear  R8500  Classic buffer overflow vulnerability in firmware CVSS V2: 5.5
CVSS V3: 5.7
Severity: MEDIUM
Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the share_name parameter at usb_remote_smb_conf.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. of netgear R8500 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. NETGEAR R8500 is a wireless router from NETGEAR. The vulnerability is caused by the share_name parameter in the usb_remote_smb_conf.cgi component failing to properly verify the length of the input data
VAR-202411-0558 CVE-2024-50994 of netgear  R8500  Classic buffer overflow vulnerability in firmware CVSS V2: 5.5
CVSS V3: 5.7
Severity: MEDIUM
Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component ipv6_fix.cgi via the ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, and ipv6_lan_length parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted POST request. of netgear R8500 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. NETGEAR R8500 is a wireless router from NETGEAR. The vulnerability is caused by the failure of ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length and ipv6_lan_length parameters in the ipv6_fix.cgi component to properly verify the length of the input data
VAR-202411-0328 CVE-2024-50993 of netgear  R8500  in the firmware  OS  Command injection vulnerability CVSS V2: 7.7
CVSS V3: 8.0
Severity: HIGH
Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the sysNewPasswd parameter at admin_account.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. (DoS) It may be in a state. NETGEAR R8500 is a wireless router from NETGEAR. The vulnerability is caused by the sysNewPasswd parameter in the admin_account.cgi component failing to properly filter special characters and commands in the constructed command
VAR-202411-3462 CVE-2024-45893 DrayTek Corporation  of  Vigor3900  in the firmware  OS  Command injection vulnerability CVSS V2: -
CVSS V3: 8.0
Severity: HIGH
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `setSWMOption.`. DrayTek Corporation of Vigor3900 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202411-2434 CVE-2024-45891 DrayTek Corporation  of  Vigor3900  in the firmware  OS  Command injection vulnerability CVSS V2: -
CVSS V3: 8.0
Severity: HIGH
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `delete_wlan_profile.`. DrayTek Corporation of Vigor3900 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202411-3178 CVE-2024-45890 DrayTek Corporation  of  Vigor3900  in the firmware  OS  Command injection vulnerability CVSS V2: -
CVSS V3: 8.0
Severity: HIGH
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `download_ovpn.`. DrayTek Corporation of Vigor3900 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202411-2995 CVE-2024-45889 DrayTek Corporation  of  Vigor3900  in the firmware  OS  Command injection vulnerability CVSS V2: -
CVSS V3: 8.0
Severity: HIGH
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `commandTable.`. DrayTek Corporation of Vigor3900 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202411-1897 CVE-2024-45888 DrayTek Corporation  of  Vigor3900  in the firmware  OS  Command injection vulnerability CVSS V2: -
CVSS V3: 8.0
Severity: HIGH
DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `set_ap_map_config.'. DrayTek Corporation of Vigor3900 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202411-2625 CVE-2024-45887 DrayTek Corporation  of  Vigor3900  in the firmware  OS  Command injection vulnerability CVSS V2: -
CVSS V3: 8.0
Severity: HIGH
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `doOpenVPN.`. DrayTek Corporation of Vigor3900 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202411-1898 CVE-2024-45885 DrayTek Corporation  of  Vigor3900  in the firmware  OS  Command injection vulnerability CVSS V2: -
CVSS V3: 8.0
Severity: HIGH
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `autodiscovery_clear.`. DrayTek Corporation of Vigor3900 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202411-3527 CVE-2024-45884 DrayTek Corporation  of  Vigor3900  in the firmware  OS  Command injection vulnerability CVSS V2: -
CVSS V3: 8.0
Severity: HIGH
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `setSWMGroup.`. DrayTek Corporation of Vigor3900 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202411-2072 CVE-2024-45882 DrayTek Corporation  of  Vigor3900  in the firmware  OS  Command injection vulnerability CVSS V2: -
CVSS V3: 8.0
Severity: HIGH
DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `delete_map_profile.`. DrayTek Corporation of Vigor3900 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202411-2398 CVE-2024-51253 DrayTek Corporation  of  Vigor3900  in the firmware  OS  Command injection vulnerability CVSS V2: -
CVSS V3: 8.0
Severity: HIGH
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doL2TP function. DrayTek Corporation of Vigor3900 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202411-3380 CVE-2024-51251 DrayTek Corporation  of  Vigor3900  in the firmware  OS  Command injection vulnerability CVSS V2: -
CVSS V3: 8.0
Severity: HIGH
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the backup function. DrayTek Corporation of Vigor3900 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202411-3341 CVE-2024-51249 DrayTek Corporation  of  Vigor3900  in the firmware  OS  Command injection vulnerability CVSS V2: -
CVSS V3: 8.0
Severity: HIGH
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the reboot function. DrayTek Corporation of Vigor3900 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202411-3328 CVE-2024-51246 DrayTek Corporation  of  Vigor3900  in the firmware  OS  Command injection vulnerability CVSS V2: -
CVSS V3: 8.0
Severity: HIGH
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPTP function. DrayTek Corporation of Vigor3900 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202411-0381 CVE-2024-38423 Classic buffer overflow vulnerability in multiple Qualcomm products CVSS V2: -
CVSS V3: 7.8
Severity: HIGH
Memory corruption while processing GPU page table switch. WSA8835 firmware, WSA8830 firmware, WSA8815 Multiple Qualcomm products such as firmware have a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state