VARIoT IoT vulnerabilities database

A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical. This issue affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument comment leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272597 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of a3600r Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3600R is a 6-antenna 1200M wireless router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause arbitrary code execution, device control, or even device crash or malfunction

A vulnerability has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ipDoamin leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272596. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of a3600r The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3600R is a 6-antenna 1200M wireless router produced by China's Jiweng Electronics (TOTOLINK) company. Attackers can exploit this vulnerability to cause serious consequences such as device failure or use for other malicious activities

A vulnerability, which was classified as critical, was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. This affects the function setdeviceName of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument deviceMac/deviceName leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272595. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of a3600r Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3600R is a wireless router. Attackers can exploit this vulnerability to execute arbitrary code and gain control of the device

A vulnerability, which was classified as critical, has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Affected by this issue is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password/http_host leads to buffer overflow. The attack may be launched remotely. VDB-272594 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of a3600r Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3600R is a 6-antenna 1200M wireless router launched by China Jiong Electronics. TOTOLINK A3600R has a buffer overflow vulnerability, which is located in the loginauth function in the /cgi-bin/cstecgi.cgi file and is caused by improper processing of password and http_host parameters. Attackers can exploit this vulnerability to cause arbitrary code execution, device control, and even device crash or malfunction

A vulnerability classified as critical was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Affected by this vulnerability is the function getSaveConfig of the file /cgi-bin/cstecgi.cgi?action=save&setting. The manipulation of the argument http_host leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272593 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of a3600r Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3600R is a 6-antenna 1200M wireless router launched by China Jiong Electronics. TOTOLINK A3600R has a buffer overflow vulnerability, which is located in the /cgi-bin/cstecgi.cgi?action=save&setting file and is caused by improper handling of the http_host parameter. Attackers can exploit this vulnerability to cause arbitrary code execution, device control, and even device crash or malfunction

A vulnerability classified as critical has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Affected is the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostTime leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272592. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of a3600r The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3600R is a 6-antenna 1200M wireless router launched by China Jiong Electronics. It is caused by improper processing of the hostTime parameter. Attackers can exploit this vulnerability to cause the device to fail

A vulnerability was found in TOTOLINK A3000RU 5.9c.5185. It has been rated as problematic. This issue affects some unknown processing of the file /web_cste/cgi-bin/product.ini. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272591. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of A3000RU A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3000RU is a home wireless router. Attackers can exploit this vulnerability to access the device's management interface or other sensitive functions by using hard-coded passwords

A vulnerability classified as critical has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Affected is the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of a3700r Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK A3700R is a wireless router produced by TOTOLINK (China Jiong Electronics), a Taiwanese network equipment manufacturer. This vulnerability could lead to serious consequences, such as gaining control of the device, causing device failure, or causing it to be used for other malicious activities

A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been rated as critical. This issue affects some unknown processing of the file /web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier VDB-272573 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of a3600r A vulnerability exists in the firmware related to the use of hardcoded passwords.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3600R is a wireless router. Attackers can exploit this vulnerability to cause device configuration tampering, sensitive data leakage, or use for further attack activities

A vulnerability was found in TOTOLINK A3100R 4.1.2cu.5050_B20200504. It has been declared as critical. This vulnerability affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument telnet_enabled leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272572. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of A3100R Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3100R is a wireless router. Attackers can exploit this vulnerability to obtain sensitive information

A vulnerability was found in TOTOLINK A3100R 4.1.2cu.5050_B20200504. It has been classified as critical. This affects the function getSaveConfig of the file /cgi-bin/cstecgi.cgi?action=save&setting. The manipulation of the argument http_host leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272571. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of A3100R Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3100R is a series of wireless routers from China's TOTOLINK Electronics. The vulnerability is caused by the http_host of the getSaveConfig function of /cgi-bin/cstecgi.cgi?action=save&setting failing to correctly verify the length of the input data. A remote attacker can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/ExportSettings.sh of the component apmib Configuration Handler. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272570 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of a3700r There are unspecified vulnerabilities in the firmware.Information may be obtained. TOTOLINK A3700R is a wireless router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to obtain sensitive information

A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-272569 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of a3300r A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information may be obtained. TOTOLINK A3300R is a wireless router produced by China's Jiweng Electronics (TOTOLINK) company. No detailed vulnerability details are currently provided

A vulnerability, which was classified as problematic, was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Affected is an unknown function of the file /wizard.html of the component Password Reset Handler. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272568. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of a3700r Firmware has a lack of authentication vulnerability for critical functionality.Information may be tampered with. TOTOLINK A3700R is a wireless router produced by China's TOTOLINK Electronics. Attackers can exploit this vulnerability to modify sensitive information

A vulnerability classified as problematic has been found in Netgear WN604 up to 20240719. Affected is an unknown function of the file siteSurvey.php. The manipulation leads to direct request. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272556. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. NETGEAR WN604 is a small wireless router from NETGEAR. Attackers can use this vulnerability to access the siteSurvey.php page and obtain sensitive information such as the SSID, security type, encryption method, and channel of the wireless network

A vulnerability was found in Tenda O3 1.0.0.10(2478). It has been rated as critical. This issue affects the function fromSafeSetMacFilter of the file /goform/setMacFilterList. The manipulation of the argument time leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272555. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of o3 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda O3 has a buffer overflow vulnerability, which is caused by the parameter time failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability was found in Tenda O3 1.0.0.10(2478). It has been declared as critical. This vulnerability affects the function fromMacFilterSet of the file /goform/setMacFilter. The manipulation of the argument remark leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-272554 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of o3 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda O3 has a buffer overflow vulnerability, which is caused by the parameter remark failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to presence of root terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the root shell on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary commands with root privileges on the targeted system. SyroTech SY-GPON-1110-WDONT is a wireless router from SyroTech

An issue was discovered in Luvion Grand Elite 3 Connect through 2020-02-25. Clients can authenticate themselves to the device using a username and password. These credentials can be obtained through an unauthenticated web request, e.g., for a JavaScript file. Also, the disclosed information includes the SSID and WPA2 key for the Wi-Fi network the device is connected to. ------------------------------------------ [Additional Information] The disclosed information can be functionally used by an attacker to remotely gain access to normal camera functionality. (e.g. watch in someone's room over the internet) ------------------------------------------ [Vulnerability Type] Incorrect Access Control ------------------------------------------ [Vendor of Product] Luvion ------------------------------------------ [Affected Product Code Base] Luvion Grand elite 3 connect - Cannot be determined ------------------------------------------ [Affected Component] Webserver running on the device. ------------------------------------------ [Attack Type] Remote ------------------------------------------ [CVE Impact Other] Authentication bypass ------------------------------------------ [Attack Vectors] An attacker can simply browse to the device and retrieve the passwords. ------------------------------------------ [Has vendor confirmed or acknowledged the vulnerability?] true ------------------------------------------ [Discoverer] Willem Westerhof, Jasper Nota, Jim Blankendaal, Martijn Baalman from Qbit in assignment of the Consumentenbond ------------------------------------------ [Reference] N/A Use CVE-2020-11926

An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. There is no CSRF protection. Svakom of Siime Eye A cross-site request forgery vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ------------------------------------------ [Additional Information] The default settings make this attack theoretical rather than practical. A lot of interaction takes place between the application and the end user. For correct functioning, it is important to verify that requests coming from the user actually represent the user's intention. The application must therefore be able to distinguish forged requests from legitimate ones. Currently no measures against Cross-Site Request Forgery have been implemented and therefore users can be tricked into submitting requests without their knowledge or consent. From the application's point of view, these requests are legitimate requests from the user and they will be processed as such. This can result in the creation of additional (administrative) user accounts, without the user’s knowledge or consent. In order to execute a CSRF attack, a user must be tricked into visiting an attacker controlled page, using the same browser that is authenticated to the Siime Eye. As mostly the Hotspot from Siime Eye will be used, users are unlikely to (be able to) access such pages simultaneously. ------------------------------------------ [Vulnerability Type] Cross Site Request Forgery (CSRF) ------------------------------------------ [Vendor of Product] Svakom ------------------------------------------ [Affected Product Code Base] Siime Eye - 14.1.00000001.3.330.0.0.3.14 ------------------------------------------ [Affected Component] Siime Eye, web interface ------------------------------------------ [Attack Type] Context-dependent ------------------------------------------ [Impact Escalation of Privileges] true ------------------------------------------ [CVE Impact Other] Full device compromise. ------------------------------------------ [Reference] N/A ------------------------------------------ [Has vendor confirmed or acknowledged the vulnerability?] true ------------------------------------------ [Discoverer] Willem Westerhof, Jasper Nota, Edwin Gozeling from Qbit in assignment of the Consumentenbond. Use CVE-2020-11919