VARIoT IoT vulnerabilities database
| VAR-202410-3668 | No CVE | Shenzhen Inovance Technology Co., Ltd. AM401-CPU1608TP has a denial of service vulnerability |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
AM401-CPU1608TP is an economical medium-sized PLC developed by Suzhou Inovance Technology Co., Ltd., which supports Ethernet communication.
AM401-CPU1608TP of Shenzhen Inovance Technology Co., Ltd. has a denial of service vulnerability. Attackers can exploit this vulnerability to cause a denial of service at the PLC application layer, and the PLC needs to be manually restarted to return to normal.
| VAR-202410-3649 | No CVE | ARRIS VAP3402E has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
ARRIS VAP3402E is a wireless access device product.
ARRIS VAP3402E has a weak password vulnerability, which can be exploited by attackers to log in to the backend and obtain sensitive information.
| VAR-202410-1736 | CVE-2024-48638 | D-Link Systems, Inc. of DIR-882 firmware and DIR-878 in the firmware OS Command injection vulnerability |
CVSS V2: 7.7 CVSS V3: 8.0 Severity: HIGH |
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the SubnetMask parameter in the SetGuestZoneRouterSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. D-Link Systems, Inc. of DIR-882 firmware and DIR-878 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-878 is a wireless router. D-Link DIR-882 is a dual-band wireless router
| VAR-202410-1779 | CVE-2024-48637 | D-Link Systems, Inc. of DIR-882 firmware and DIR-878 in the firmware OS Command injection vulnerability |
CVSS V2: 7.7 CVSS V3: 8.0 Severity: HIGH |
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:1/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. D-Link Systems, Inc. of DIR-882 firmware and DIR-878 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-878 is a wireless router. D-Link DIR-882 is a dual-band wireless router
| VAR-202410-1655 | CVE-2024-48636 | D-Link Systems, Inc. of DIR-882 firmware and DIR-878 in the firmware OS Command injection vulnerability |
CVSS V2: 7.7 CVSS V3: 8.0 Severity: HIGH |
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:0/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. D-Link Systems, Inc. of DIR-882 firmware and DIR-878 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-878 is a wireless router. D-Link DIR-882 is a dual-band wireless router
| VAR-202410-1831 | CVE-2024-48635 | D-Link Systems, Inc. of DIR-882 firmware and DIR-878 in the firmware OS Command injection vulnerability |
CVSS V2: 7.7 CVSS V3: 8.0 Severity: HIGH |
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:2/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. D-Link Systems, Inc. of DIR-882 firmware and DIR-878 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-878 is a wireless router. D-Link DIR-882 is a dual-band wireless router
| VAR-202410-1795 | CVE-2024-48634 | D-Link Systems, Inc. of DIR-882 firmware and DIR-878 in the firmware OS Command injection vulnerability |
CVSS V2: 7.7 CVSS V3: 8.0 Severity: HIGH |
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the key parameter in the SetWLanRadioSecurity function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. D-Link Systems, Inc. of DIR-882 firmware and DIR-878 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-878 is a wireless router. D-Link DIR-882 is a dual-band wireless router
| VAR-202410-1794 | CVE-2024-48633 | D-Link Systems, Inc. of DIR-882 firmware and DIR-878 in the firmware OS Command injection vulnerability |
CVSS V2: 7.7 CVSS V3: 8.0 Severity: HIGH |
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the ExternalPort, InternalPort, ProtocolNumber, and LocalIPAddress parameters in the SetVirtualServerSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. D-Link Systems, Inc. of DIR-882 firmware and DIR-878 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-878 is a wireless router. D-Link DIR-882 is a dual-band wireless router
| VAR-202410-1687 | CVE-2024-48632 | D-Link Systems, Inc. of DIR-882 firmware and DIR-878 in the firmware OS Command injection vulnerability |
CVSS V2: 7.7 CVSS V3: 8.0 Severity: HIGH |
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the LocalIPAddress, TCPPorts, and UDPPorts parameters in the SetPortForwardingSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. D-Link Systems, Inc. of DIR-882 firmware and DIR-878 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-878 is a wireless router. D-Link DIR-882 is a dual-band wireless router
| VAR-202410-1718 | CVE-2024-48631 | D-Link Systems, Inc. of DIR-882 firmware and DIR-878 in the firmware OS Command injection vulnerability |
CVSS V2: 7.7 CVSS V3: 8.0 Severity: HIGH |
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the SSID parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. D-Link Systems, Inc. of DIR-882 firmware and DIR-878 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-878 is a wireless router. D-Link DIR-882 is a dual-band wireless router
| VAR-202410-1717 | CVE-2024-48630 | D-Link Systems, Inc. of DIR-882 firmware and DIR-878 in the firmware OS Command injection vulnerability |
CVSS V2: 7.7 CVSS V3: 8.0 Severity: HIGH |
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the MacAddress parameter in the SetMACFilters2 function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. D-Link Systems, Inc. of DIR-882 firmware and DIR-878 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-878 is a wireless router. D-Link DIR-882 is a dual-band wireless router
| VAR-202410-1735 | CVE-2024-48629 | D-Link Systems, Inc. of DIR-882 firmware and DIR-878 in the firmware OS Command injection vulnerability |
CVSS V2: 7.7 CVSS V3: 8.0 Severity: HIGH |
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the IPAddress parameter in the SetGuestZoneRouterSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. D-Link Systems, Inc. of DIR-882 firmware and DIR-878 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-878 is a wireless router. D-Link DIR-882 is a dual-band wireless router
| VAR-202410-1445 | CVE-2024-49399 | Elvaco M-Bus Metering Gateway CMe3100 Access Control Error Vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: High |
The affected product is vulnerable to an attacker being able to use commands without providing a password which may allow an attacker to leak information. Elvaco M-Bus Metering Gateway CMe3100 is an M-Bus metering gateway for fixed networks from Elvaco.
There is an access control error vulnerability in the 1.12.1 version of Elvaco M-Bus Metering Gateway CMe3100
| VAR-202410-1442 | CVE-2024-49398 | Elvaco M-Bus Metering Gateway CMe3100 File Upload Vulnerability |
CVSS V2: 9.4 CVSS V3: - Severity: High |
The affected product is vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute code. Elvaco M-Bus Metering Gateway CMe3100 is an M-Bus metering gateway for fixed networks from Elvaco
| VAR-202410-1444 | CVE-2024-49397 | Elvaco M-Bus Metering Gateway CMe3100 Cross-Site Scripting Vulnerability |
CVSS V2: 7.6 CVSS V3: - Severity: Critical |
The affected product is vulnerable to a cross-site scripting attack which may allow an attacker to bypass authentication and takeover admin accounts. Elvaco M-Bus Metering Gateway CMe3100 is an M-Bus metering gateway for fixed networks from Elvaco
| VAR-202410-1443 | CVE-2024-49396 | Elvaco M-Bus Metering Gateway CMe3100 has an unspecified vulnerability |
CVSS V2: 9.4 CVSS V3: - Severity: High |
The affected product is vulnerable due to insufficiently protected credentials, which may allow an attacker to impersonate Elvaco and send false information. Elvaco M-Bus Metering Gateway CMe3100 is an M-Bus metering gateway for fixed networks from Elvaco.
There is a security vulnerability in the 1.12.1 version of Elvaco M-Bus Metering Gateway CMe3100. The vulnerability is caused by insufficient credential protection
| VAR-202410-3371 | CVE-2024-48192 | Shenzhen Tenda Technology Co.,Ltd. of G3 Vulnerability related to use of hardcoded credentials in firmware |
CVSS V2: 7.7 CVSS V3: 8.0 Severity: HIGH |
Tenda G3 v15.01.0.5(2848_755)_EN was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root. Shenzhen Tenda Technology Co.,Ltd. of G3 A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda G3 is a QosVpn router from China's Tenda company
| VAR-202410-3650 | No CVE | Mitsubishi Electric Mitsubishi PLC FX5UJ has a buffer overflow vulnerability |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
Mitsubishi PLC FX5UJ is a micro programmable controller.
Mitsubishi Electric Mitsubishi PLC FX5UJ has a buffer overflow vulnerability. Attackers can exploit this vulnerability to modify the length field of the transmission control program data packet, causing the workstation to be unable to read the control program content.
| VAR-202410-3656 | No CVE | D-LINK DAR-7000-20 Internet Behavior Audit Gateway of D-Link Electronic Equipment (Shanghai) Co., Ltd. has a command execution vulnerability |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
The D-LINK DAR-7000-20 Internet Behavior Audit Gateway is a network behavior management and audit device for enterprise network environments.
The D-LINK DAR-7000-20 Internet Behavior Audit Gateway of D-Link Electronics (Shanghai) Co., Ltd. has a command execution vulnerability, which can be exploited by attackers to obtain server permissions.
| VAR-202410-3364 | CVE-2024-48714 | TP-LINK Technologies of TL-WDR7660 Classic buffer overflow vulnerability in firmware |
CVSS V2: 6.1 CVSS V3: 6.5 Severity: MEDIUM |
In TP-Link TL-WDR7660 v1.0, the guestRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. TP-LINK Technologies of TL-WDR7660 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. TP-LINK TL-WDR7660 is a Gigabit router from TP-LINK of China.
TP-LINK TL-WDR7660 version 1.0 has a buffer overflow vulnerability. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service