VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202410-0337 CVE-2024-9908 D-Link Systems, Inc.  of  DIR-619L  Classic buffer overflow vulnerability in firmware CVSS V2: 5.2
CVSS V3: 5.5
Severity: Medium
A vulnerability, which was classified as critical, was found in D-Link DIR-619L B1 2.06. Affected is the function formSetMACFilter of the file /goform/formSetMACFilter. The manipulation of the argument curTime leads to buffer overflow. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of DIR-619L Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The DIR-619L B1 is a home network router that provides high-speed Wi-Fi connectivity, is easy to set up, and has multiple ports. An attacker can exploit this vulnerability to modify the state of the program, such as overwriting the return instruction pointer to execute malicious code
VAR-202410-1480 CVE-2024-35522 of netgear  EX3700  Command injection vulnerability in firmware CVSS V2: 7.2
CVSS V3: 8.4
Severity: HIGH
Netgear EX3700 ' AC750 WiFi Range Extender Essentials Edition before 1.0.0.98 contains an authenticated command injection in operating_mode.cgi via the ap_mode parameter with ap_24g_manual set to 1 and ap_24g_manual_sec set to NotNone. (DoS) It may be in a state. NETGEAR EX3700 is a wireless network signal extender from NETGEAR. No detailed vulnerability details are available at this time
VAR-202410-0615 CVE-2024-35517 of netgear  XR1000  Command injection vulnerability in firmware CVSS V2: 7.2
CVSS V3: 8.4
Severity: HIGH
Netgear XR1000 v1.0.0.64 is vulnerable to command injection in usb_remote_smb_conf.cgi via the share_name parameter. of netgear XR1000 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR XR1000 is a dual-band Wi-Fi 6 router designed for gaming by NETGEAR. No detailed vulnerability details are currently available
VAR-202410-0981 CVE-2024-44415 D-Link DI_8200 Buffer Overflow Vulnerability CVSS V2: 6.1
CVSS V3: 6.5
Severity: MEDIUM
A vulnerability was discovered in DI_8200-16.07.26A1, There is a buffer overflow in the dbsrv_asp function; The strcpy function is executed without checking the length of the string, leading to a buffer overflow. D-Link DI_8200 is an enterprise-level router from D-Link, a Chinese company. No detailed vulnerability details are currently provided
VAR-202410-0730 CVE-2024-44413 D-Link DI_8200 Command Injection Vulnerability CVSS V2: 8.3
CVSS V3: 8.8
Severity: HIGH
A vulnerability was discovered in DI_8200-16.07.26A1, which has been classified as critical. This issue affects the upgrade_filter_asp function in the upgrade_filter.asp file. Manipulation of the path parameter can lead to command injection. D-Link DI_8200 is an enterprise-class router from D-Link of China. No detailed vulnerability details are provided at present
VAR-202410-0261 CVE-2024-47966 Delta Electronics, INC.  of  cncsoft-g2  Vulnerability in using uninitialized resources in CVSS V2: 7.2
CVSS V3: 7.8
Severity: HIGH
Delta Electronics CNCSoft-G2 lacks proper initialization of memory prior to accessing it. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. Delta Electronics, INC. of cncsoft-g2 Exists in the use of uninitialized resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2
VAR-202410-0263 CVE-2024-47965 Delta Electronics, INC.  of  cncsoft-g2  Out-of-bounds read vulnerability in CVSS V2: 7.2
CVSS V3: 7.8
Severity: HIGH
Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. Delta Electronics, INC. of cncsoft-g2 Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2
VAR-202410-0262 CVE-2024-47964 Delta Electronics CNCSoft-G2 DPAX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability CVSS V2: 7.2
CVSS V3: 7.8
Severity: HIGH
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. Delta Electronics, INC. of cncsoft-g2 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2
VAR-202410-0259 CVE-2024-47963 Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability CVSS V2: 7.2
CVSS V3: 7.8
Severity: HIGH
Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. Delta Electronics, INC. of cncsoft-g2 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2
VAR-202410-0260 CVE-2024-47962 Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability CVSS V2: 7.2
CVSS V3: 7.8
Severity: HIGH
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can manipulate an insider to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. Delta Electronics, INC. of cncsoft-g2 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2
VAR-202410-0264 CVE-2024-9793 Shenzhen Tenda Technology Co.,Ltd.  of  ac1206  in the firmware  OS  Command injection vulnerability CVSS V2: 6.5
CVSS V3: 6.3
Severity: Medium
A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. This vulnerability affects the function ate_iwpriv_set/ate_ifconfig_set of the file /goform/ate. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of ac1206 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. No detailed vulnerability details are currently provided
VAR-202410-0330 CVE-2024-9792 D-Link Systems, Inc.  of  DSL-2750U  Cross-site scripting vulnerability in firmware CVSS V2: 3.3
CVSS V3: 2.4
Severity: Medium
A vulnerability classified as problematic has been found in D-Link DSL-2750U R5B017. This affects an unknown part of the component Port Forwarding Page. The manipulation of the argument PortMappingDescription leads to cross site scripting. It is possible to initiate the attack remotely. D-Link Systems, Inc. of DSL-2750U Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. D-Link DSL-2750U is a wireless router from D-Link, a Chinese company. D-Link DSL-2750U R5B017 has a cross-site scripting vulnerability. The vulnerability is caused by the lack of effective filtering and escaping of user-supplied data in the parameter PortMappingDescription. Attackers can exploit this vulnerability to execute arbitrary web scripts or HTML by injecting carefully crafted payloads
VAR-202410-0223 CVE-2024-9786 D-Link Systems, Inc.  of  DIR-619L  Classic buffer overflow vulnerability in firmware CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability, which was classified as critical, has been found in D-Link DIR-619L B1 2.06. Affected by this issue is the function formSetLog of the file /goform/formSetLog. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of DIR-619L Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-619L is a wireless router from D-Link of China. The vulnerability is caused by the parameter curTime of the file /goform/formSetLog failing to correctly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack
VAR-202410-0191 CVE-2024-9785 D-Link Systems, Inc.  of  DIR-619L  Classic buffer overflow vulnerability in firmware CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. Affected by this vulnerability is the function formSetDDNS of the file /goform/formSetDDNS. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of DIR-619L Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-619L is a wireless router of D-Link, a Chinese company. The vulnerability is caused by the parameter curTime of the file /goform/formSetDDNS failing to correctly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack
VAR-202410-0344 CVE-2024-9784 D-Link Systems, Inc.  of  DIR-619L  Classic buffer overflow vulnerability in firmware CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability classified as critical has been found in D-Link DIR-619L B1 2.06. Affected is the function formResetStatistic of the file /goform/formResetStatistic. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of DIR-619L Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-619L is a wireless router from D-Link, a Chinese company. D-Link DIR-619L B1_2.06 version has a buffer overflow vulnerability, which can be exploited by attackers to execute arbitrary code on the system or cause a denial of service
VAR-202410-0266 CVE-2024-9783 D-Link Systems, Inc.  of  DIR-619L  Classic buffer overflow vulnerability in firmware CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability was found in D-Link DIR-619L B1 2.06. It has been rated as critical. This issue affects the function formLogDnsquery of the file /goform/formLogDnsquery. The manipulation of the argument curTime leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of DIR-619L Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-619L is a wireless router from D-Link, a Chinese company. D-Link DIR-619L B1_2.06 version has a buffer overflow vulnerability, which can be exploited by attackers to execute arbitrary code on the system or cause a denial of service
VAR-202410-0366 CVE-2024-9782 D-Link Systems, Inc.  of  DIR-619L  Classic buffer overflow vulnerability in firmware CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability was found in D-Link DIR-619L B1 2.06. It has been declared as critical. This vulnerability affects the function formEasySetupWWConfig of the file /goform/formEasySetupWWConfig. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of DIR-619L Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-619L is a wireless router
VAR-202410-1229 CVE-2024-22068 plural  ZTE  Weak Password Requirements Vulnerability in Products CVSS V2: -
CVSS V3: 6.0
Severity: MEDIUM
Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.This issue affects ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series: V4.00.10 and earlier. ZXR10 1800-2S firmware, zxr10 2800-4 firmware, zxr10 3800-8 firmware etc. ZTE The product contains a weak password requirement vulnerability.Information may be obtained
VAR-202410-3381 CVE-2024-46316 DrayTek Corporation  of  Vigor3900  in the firmware  OS  Command injection vulnerability CVSS V2: -
CVSS V3: 8.0
Severity: HIGH
DrayTek Vigor3900 v1.5.1.6 was discovered to contain a command injection vulnerability via the sub_2C920 function at /cgi-bin/mainfunction.cgi. This vulnerability allows attackers to execute arbitrary commands via supplying a crafted HTTP message. DrayTek Corporation of Vigor3900 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202410-1174 CVE-2024-47660 Linux  of  Linux Kernel  Race condition vulnerabilities in CVSS V2: 7.2
CVSS V3: 4.7
Severity: MEDIUM
In the Linux kernel, the following vulnerability has been resolved: fsnotify: clear PARENT_WATCHED flags lazily In some setups directories can have many (usually negative) dentries. Hence __fsnotify_update_child_dentry_flags() function can take a significant amount of time. Since the bulk of this function happens under inode->i_lock this causes a significant contention on the lock when we remove the watch from the directory as the __fsnotify_update_child_dentry_flags() call from fsnotify_recalc_mask() races with __fsnotify_update_child_dentry_flags() calls from __fsnotify_parent() happening on children. This can lead upto softlockup reports reported by users. Fix the problem by calling fsnotify_update_children_dentry_flags() to set PARENT_WATCHED flags only when parent starts watching children. When parent stops watching children, clear false positive PARENT_WATCHED flags lazily in __fsnotify_parent() for each accessed child. Linux of Linux Kernel There is a race condition vulnerability in.Service operation interruption (DoS) It may be in a state. The RUGGEDCOM RST2428P is a Layer 2 Ethernet switch based on SINEC OS with up to 28 non-blocking interfaces. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) and human-machine interfaces (HMIs). Multiple vulnerabilities exist in third-party components prior to SIEMENS SINEC OS V3.2. These vulnerabilities could be exploited to corrupt values, leading to undefined behavior or security issues