VARIoT IoT vulnerabilities database

A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. To exploit this vulnerability and a threat actor must abuse the ThinServer™ service by creating a junction and use it to upload arbitrary files. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the ThinServer service which listens on TCP port 2031 by default. The issue results from the lack of proper access controls set on resources used by the service. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, USA

A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. This vulnerability exists due to the lack of proper data input validation, which allows files to be overwritten. Authentication is not required to exploit this vulnerability.The specific flaw exists within the ThinServer service. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, USA

A vulnerability exists in the Rockwell Automation ThinManager® ThinServer that allows a threat actor to disclose sensitive information. A threat actor can exploit this vulnerability by abusing the ThinServer™ service to read arbitrary files by creating a junction that points to the target directory. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the ThinServer service which listens on TCP port 8443 by default. The issue results from the lack of proper access controls set on resources used by the service. An attacker can leverage this vulnerability to read files in the context of the SYSTEM. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, USA

DrayTek Vigor 3900 before v1.5.1.5_Beta, DrayTek Vigor 2960 before v1.5.1.5_Beta and DrayTek Vigor 300B before v1.5.1.5_Beta were discovered to contain a command injection vulnerability via the action parameter at cgi-bin/mainfunction.cgi. DrayTek Corporation of Vigor300b firmware, Vigor2960 firmware, Vigor3900 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

In the TP-Link RE365 V1_180213, there is a buffer overflow vulnerability due to the lack of length verification for the USER_AGENT field in /usr/bin/httpd. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands. TP-LINK Technologies of RE365 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. RE365 is a WiFi range extender from TP-LINK, a Chinese company. TP-LINK Technology Co., Ltd

In TRENDnet TEW-752DRU FW1.03B01, there is a buffer overflow vulnerability due to the lack of length verification for the service field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands. TRENDnet of TEW-752DRU Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

In D-Link DIR-860L v2.03, there is a buffer overflow vulnerability due to the lack of length verification for the SID field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands. D-Link Systems, Inc. of DIR-860L Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DIR-860L is a wireless router from China's D-Link Corporation. It supports Wi-Fi 5 and offers dual-band (2.4GHz and 5GHz) network connectivity with a maximum transfer speed of 1200Mbps. The device has a built-in antenna, one USB 3.0 port, and four Gigabit wired ports

A Command Injection vulnerability exists in the do_upgrade_post function of the httpd binary in Linksys E1500 v1.0.06.001. As a result, an authenticated attacker can execute OS commands with root privileges. Cisco Systems (Linksys) of e1500 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Linksys E1500 is a wireless router from Linksys, an American company

A vulnerability has been found in TOTOLINK EX1200L 9.3.5u.6146_B20201023 and classified as critical. Affected by this vulnerability is the function setLanguageCfg of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of ex1200l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200L is a wireless repeater from China's TOTOLINK Electronics. No detailed vulnerability details are currently provided

A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. Affected is the function setDefResponse of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument IpAddress leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of ex1200l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200L is a wireless repeater from China's TOTOLINK Electronics. An attacker can exploit this vulnerability to corrupt memory and possibly cause the browser to crash

A vulnerability, which was classified as critical, has been found in TOTOLINK X6000R 9.4.0cu.852_20230719. This issue affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument rtLogServer leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of x6000r Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK X6000R is a wireless router from China's TOTOLINK Electronics. Attackers can use this vulnerability to execute arbitrary system terminal commands and obtain system control permissions

VTiger CRM <= 8.1.0 does not correctly check user privileges. A low-privileged user can interact directly with the "Migration" administrative module to disable arbitrary modules. Vtiger of Vtiger CRM Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

VTiger CRM <= 8.1.0 does not properly sanitize user input before using it in a SQL statement, leading to a SQL Injection in the "CompanyDetails" operation of the "MailManager" module. (DoS) It may be in a state

A Command Injection vulnerability exists in formWriteFacMac of the httpd binary in Tenda AC9 v15.03.06.42. As a result, attacker can execute OS commands with root privileges. Shenzhen Tenda Technology Co.,Ltd. of AC9 A code injection vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC9 has a security vulnerability caused by an unauthorized access flaw in the device firmware. Attackers can exploit this vulnerability to bypass authentication and gain management privileges on the device

Ruijie Networks, founded in 2003, is an industry-leading ICT infrastructure and solution provider. Beijing Xingwang Ruijie Network Technology Co., Ltd. NBR6120-E router control engine has a command execution vulnerability, which can be exploited by attackers to obtain server permissions.

Tenda FH1206 v02.03.01.35 was discovered to contain a stack-based buffer overflow vulnerability in the fromPptpUserAdd function. The vulnerability can be triggered via the modino, username, newpwd, or pptpdnetseg parameters, all of which are passed via HTTP POST and used in unsafe sprintf calls without proper length validation. A remote attacker can exploit this flaw through a crafted POST request, which may cause a Denial of Service (DoS). In certain scenarios, this issue could potentially be leveraged to achieve remote code execution. Shenzhen Tenda Technology Co.,Ltd. of fh1206 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda FH1206 is a dual-band wireless router launched by Tenda, designed for large fiber-optic households

Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the PPPOEPassword parameter in the fromAdvSetWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Shenzhen Tenda Technology Co.,Ltd. of fh1206 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda FH1206 is a dual-band wireless router launched by Tenda Corporation, designed for large fiber-optic households

Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromNatlimit function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Shenzhen Tenda Technology Co.,Ltd. of fh1206 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda FH1206 is a dual-band wireless router launched by Tenda Corporation, designed for large fiber-optic households

Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromP2pListFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Shenzhen Tenda Technology Co.,Ltd. of fh1206 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda FH1206 is a dual-band wireless router launched by Tenda, designed for large fiber-optic households

Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the pptpPPW parameter in the fromAdvSetWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Shenzhen Tenda Technology Co.,Ltd. of fh1206 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda FH1206 is a dual-band wireless router launched by Tenda Corporation, designed for large fiber-optic households