VARIoT IoT vulnerabilities database

SQL injection vulnerability exists in GetDIAE_usListParameters. Delta Electronics, INC. of DIAEnergie for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Delta Electronics DIAEnergie GetDIAE_usList has a SQL injection vulnerability, which can be exploited by attackers to view, add, modify or delete information in the backend database

Memory corruption when there is failed unmap operation in GPU. 315 5g iot modem firmware, 9206 lte modem firmware, APQ8017 Multiple Qualcomm products, such as firmware, contain vulnerabilities related to use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Memory corruption while processing finish_sign command to pass a rsp buffer. 315 5g iot firmware, APQ8017 firmware, APQ8037 Multiple Qualcomm products such as firmware have a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Memory corruption in SPS Application while requesting for public key in sorter TA. 315 5g iot firmware, 9205 lte firmware, APQ8017 Several Qualcomm products, such as firmware, contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

In modem protocol, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01240012; Issue ID: MSV-1215. LR12A , LR13 , NR15 A number of MediaTek products, including the following, contain out-of-bounds write vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. IBM X-Force ID: 281607

Tenda AC15V1.0 V15.03.20_multi has a command injection vulnerability via the deviceName parameter. Shenzhen Tenda Technology Co.,Ltd. of AC15 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Dlink Dir-3040us A1 1.20b03a hotfix is vulnerable to Buffer Overflow. Any user having read/write access to ftp server can write directly to ram causing buffer overflow if file or files uploaded are greater than available ram. Ftp server allows change of directory to root which is one level up than root of usb flash directory. During upload ram is getting filled and causing system resource exhaustion (no free memory) which causes system to crash and reboot. D-Link Dir-3040us is a router. D-Link Dir-3040us has a denial of service vulnerability that can be exploited by an attacker to cause the system to crash and reboot

Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability in the page parameter of fromAddressNat function. Shenzhen Tenda Technology Co.,Ltd. of F1202 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state

Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the entrys parameter in the fromAddressNat function. Shenzhen Tenda Technology Co.,Ltd. of F1202 A stack-based buffer overflow vulnerability exists in the firmware.Information may be tampered with. The Tenda F1202 is an enterprise-grade dual-band wireless router that supports both 2.4GHz and 5GHz bands, with a maximum transmission rate of 1200Mbps. It is equipped with four 5dBi antennas for enhanced signal coverage. This vulnerability stems from the failure of the entries parameter of the fromAddressNat method to properly validate the length of the input data. Detailed vulnerability details are currently unavailable

Tenda F1202 v1.2.0.20(408) has a command injection vulnerablility in the formWriteFacMac function in the mac parameter. Shenzhen Tenda Technology Co.,Ltd. of F1202 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the PPPOEPassword parameter in the formQuickIndex function. Shenzhen Tenda Technology Co.,Ltd. of F1202 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda F1202 is an enterprise-grade dual-band wireless router that supports both 2.4GHz and 5GHz bands, boasting a maximum transmission rate of 1200Mbps. It is equipped with four 5dBi antennas for enhanced signal coverage. This vulnerability stems from the PPPOEPassword parameter in the formQuickIndex method failing to properly validate the length of the input data. An attacker could exploit this vulnerability to cause a denial of service

Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability located in the funcpara1 parameter in the formSetCfm function. Shenzhen Tenda Technology Co.,Ltd. of F1202 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda F1202 is an enterprise-grade dual-band wireless router that supports both 2.4GHz and 5GHz bands, boasting a maximum transmission rate of 1200Mbps. It is equipped with four 5dBi antennas for enhanced signal coverage. This vulnerability stems from the failure of the funcpara1 parameter in the formSetCfm method to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the mitInterface parameter in the fromAddressNat function. Shenzhen Tenda Technology Co.,Ltd. of F1202 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the security parameter from the formWifiBasicSet function. Shenzhen Tenda Technology Co.,Ltd. of fh1205 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda FH1205 is a dual-band wireless router for home users. It supports the IEEE 802.11ac standard, offers wireless speeds up to 1200 Mbps, and operates in both the 2.4 GHz and 5 GHz frequency bands. This vulnerability stems from the fact that the security parameter of the formWifiBasicSet method fails to properly validate the length of input data. An attacker could exploit this vulnerability to cause a denial of service

Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the security_5g parameter from formWifiBasicSet function. Shenzhen Tenda Technology Co.,Ltd. of fh1205 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda FH1205 is a dual-band wireless router for home users. It supports the IEEE 802.11ac standard, offers wireless speeds up to 1200 Mbps, and operates in both the 2.4 GHz and 5 GHz frequency bands. This vulnerability stems from the security_5g parameter in the formWifiBasicSet method failing to properly validate the length of input data. An attacker could exploit this vulnerability to cause a denial of service

Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the list1 parameter from fromDhcpListClient function. Shenzhen Tenda Technology Co.,Ltd. of fh1205 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. This vulnerability stems from the failure of the list1 parameter in the fromDhcpListClient method to properly validate the length of the input data. An attacker could exploit this vulnerability to cause a denial of service

Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the page parameter from fromAddressNat function. Shenzhen Tenda Technology Co.,Ltd. of fh1205 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability stems from the page parameter in the fromAddressNat method failing to properly validate the length of the input data. An attacker could exploit this vulnerability to execute arbitrary code on the system

Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the entrys parameter from fromAddressNat function. Shenzhen Tenda Technology Co.,Ltd. of fh1205 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability stems from the failure of the entries parameter of the fromAddressNat method to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system

Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the page parameter from fromDhcpListClient function. Shenzhen Tenda Technology Co.,Ltd. of fh1205 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. This vulnerability stems from the failure of the page parameter in the fromDhcpListClient method to properly validate the length of the input data. An attacker could exploit this vulnerability to cause a denial of service