VARIoT IoT vulnerabilities database

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the AControlIp1 parameter at acontrol.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. DrayTek Corporation of vigor3910 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. DrayTek Vigor 3910 is a high-performance router for enterprise networks from DrayTek, a Chinese company. The vulnerability is caused by the AControlIp1 parameter of the acontrol.cgi page failing to properly verify the length of the input data

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the extRadSrv2 parameter at cgiapp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. DrayTek Corporation of vigor3910 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. DrayTek Vigor 3910 is a high-performance router for enterprise networks from DrayTek, a Chinese company. The vulnerability is caused by the extRadSrv2 parameter of the cgiapp.cgi page failing to properly verify the length of the input data

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPPPSrvNm parameter at fwuser.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. DrayTek Corporation of vigor3910 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. DrayTek Vigor 3910 is a high-performance router for enterprise networks from DrayTek, a Chinese company. The vulnerability is caused by the sPPPSrvNm parameter of the fwuser.cgi page failing to properly verify the length of the input data

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at fextobj.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. DrayTek Corporation of vigor3910 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. DrayTek Vigor 3910 is a high-performance router for enterprise networks from DrayTek, a Chinese company. The vulnerability is caused by the sProfileName parameter of the fextobj.cgi page failing to properly verify the length of the input data

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sBPA_UsrNme parameter at inet15.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. DrayTek Corporation of vigor3910 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. DrayTek Vigor 3910 is a high-performance router for enterprise networks from DrayTek, a Chinese company. The vulnerability is caused by the sBPA_UsrNme parameter of the inet15.cgi page failing to properly verify the length of the input data

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sBPA_Pwd parameter at inet15.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. DrayTek Corporation of vigor3910 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. DrayTek Vigor 3910 is a high-performance router for enterprise networks from DrayTek, a Chinese company. The vulnerability is caused by the sBPA_Pwd parameter of the inet15.cgi page failing to properly verify the length of the input data

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the CGIbyFieldName parameter at chglog.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. DrayTek Corporation of vigor3910 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. DrayTek Vigor 3910 is a high-performance router for enterprise networks from DrayTek, a Chinese company. The vulnerability is caused by the CGIbyFieldName parameter of the chglog.cgi page failing to properly verify the length of the input data

Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/IP request can lead to denial of service. An attacker can send a series of EtherNet/IP requests to trigger these vulnerabilities.This instance of the vulnerability occurs within the `Protected_Logical_Write_Reply` function. OpenPLC Project of OpenPLC_v3 The firmware contains a vulnerability related to invalid type conversion.Service operation interruption (DoS) It may be in a state

Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/IP request can lead to denial of service. An attacker can send a series of EtherNet/IP requests to trigger these vulnerabilities.This instance of the vulnerability occurs within the `Protected_Logical_Read_Reply` function. OpenPLC Project of OpenPLC_v3 The firmware contains a vulnerability related to invalid type conversion.Service operation interruption (DoS) It may be in a state

An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted network request can lead to denial of service. An attacker can send a series of EtherNet/IP requests to trigger this vulnerability.This is the final instance of the incorrect comparison

An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted network request can lead to denial of service. An attacker can send a series of EtherNet/IP requests to trigger this vulnerability.This is the first instance of the incorrect comparison

A stack-based buffer overflow vulnerability exists in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC _v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted EtherNet/IP request can lead to remote code execution. An attacker can send a series of EtherNet/IP requests to trigger this vulnerability. OpenPLC Project of OpenPLC_v3 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWizardCfg function via the ssid5g parameter. TOTOLINK of T8 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK AC1200 is a dual-band Wi-Fi router from China's TOTOLINK Electronics. The vulnerability is caused by the failure to correctly verify the length of the input data in the ssid5g parameter of the setWizardCfg function. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWiFiAclRules function via the desc parameter. TOTOLINK of T8 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK AC1200 T8 is a dual-band full-gigabit router from China's TOTOLINK Electronics. The vulnerability is caused by the desc parameter of the setWiFiAclRules function failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the UploadCustomModule function, which allows attackers to cause a Denial of Service (DoS) via the File parameter. TOTOLINK AC1200 is a dual-band Wi-Fi router from China's TOTOLINK Electronics. There is a buffer overflow vulnerability in the UploadCustomModule function of TOTOLINK AC1200. The vulnerability is caused by the File parameter of the UploadCustomModule function failing to correctly verify the length of the input data

Certain models of D-Link wireless routers do not properly validate user input in the telnet service, allowing unauthenticated remote attackers to use hard-coded credentials to log into telnet and inject arbitrary OS commands, which can then be executed on the device. D-Link Systems, Inc. of dir-x4860 A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. Unauthorized remote attackers can log in and execute OS commands using hard-coded credentials. D-Link Systems, Inc. of dir-x4860 The firmware contains a vulnerability related to an undisclosed function.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. DIR-X4860 is a wireless router of D-Link, a Chinese company. D-Link Electronics (Shanghai) Co., Ltd

The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device. D-Link Systems, Inc. of dir-x4860 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. DIR-X4860 is a wireless router of D-Link, a Chinese company. DIR-X4860 of D-Link Electronics (Shanghai) Co., Ltd. has a buffer overflow vulnerability. The vulnerability is caused by a stack-based buffer overflow vulnerability

A vulnerability classified as critical has been found in TOTOLINK A720R 4.1.5. Affected is the function exportOvpn. The manipulation leads to os command injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of A720R The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A720R is a wireless router. No detailed vulnerability details are currently provided

Siemens SIMATIC S7-200 SMART is a programmable logic controller (PLC) used in small and medium-sized automation systems of Siemens, Germany. Siemens SIMATIC S7-200 SMART has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.