VARIoT IoT vulnerabilities database
| VAR-202410-0337 | CVE-2024-9908 | D-Link Systems, Inc. of DIR-619L Classic buffer overflow vulnerability in firmware |
CVSS V2: 5.2 CVSS V3: 5.5 Severity: Medium |
A vulnerability, which was classified as critical, was found in D-Link DIR-619L B1 2.06. Affected is the function formSetMACFilter of the file /goform/formSetMACFilter. The manipulation of the argument curTime leads to buffer overflow. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of DIR-619L Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The DIR-619L B1 is a home network router that provides high-speed Wi-Fi connectivity, is easy to set up, and has multiple ports. An attacker can exploit this vulnerability to modify the state of the program, such as overwriting the return instruction pointer to execute malicious code
| VAR-202410-1480 | CVE-2024-35522 | of netgear EX3700 Command injection vulnerability in firmware |
CVSS V2: 7.2 CVSS V3: 8.4 Severity: HIGH |
Netgear EX3700 ' AC750 WiFi Range Extender Essentials Edition before 1.0.0.98 contains an authenticated command injection in operating_mode.cgi via the ap_mode parameter with ap_24g_manual set to 1 and ap_24g_manual_sec set to NotNone. (DoS) It may be in a state. NETGEAR EX3700 is a wireless network signal extender from NETGEAR. No detailed vulnerability details are available at this time
| VAR-202410-0615 | CVE-2024-35517 | of netgear XR1000 Command injection vulnerability in firmware |
CVSS V2: 7.2 CVSS V3: 8.4 Severity: HIGH |
Netgear XR1000 v1.0.0.64 is vulnerable to command injection in usb_remote_smb_conf.cgi via the share_name parameter. of netgear XR1000 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR XR1000 is a dual-band Wi-Fi 6 router designed for gaming by NETGEAR. No detailed vulnerability details are currently available
| VAR-202410-0981 | CVE-2024-44415 | D-Link DI_8200 Buffer Overflow Vulnerability |
CVSS V2: 6.1 CVSS V3: 6.5 Severity: MEDIUM |
A vulnerability was discovered in DI_8200-16.07.26A1, There is a buffer overflow in the dbsrv_asp function; The strcpy function is executed without checking the length of the string, leading to a buffer overflow. D-Link DI_8200 is an enterprise-level router from D-Link, a Chinese company. No detailed vulnerability details are currently provided
| VAR-202410-0730 | CVE-2024-44413 | D-Link DI_8200 Command Injection Vulnerability |
CVSS V2: 8.3 CVSS V3: 8.8 Severity: HIGH |
A vulnerability was discovered in DI_8200-16.07.26A1, which has been classified as critical. This issue affects the upgrade_filter_asp function in the upgrade_filter.asp file. Manipulation of the path parameter can lead to command injection. D-Link DI_8200 is an enterprise-class router from D-Link of China. No detailed vulnerability details are provided at present
| VAR-202410-0261 | CVE-2024-47966 | Delta Electronics, INC. of cncsoft-g2 Vulnerability in using uninitialized resources in |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Delta Electronics CNCSoft-G2 lacks proper initialization of memory prior to accessing it. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. Delta Electronics, INC. of cncsoft-g2 Exists in the use of uninitialized resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2
| VAR-202410-0263 | CVE-2024-47965 | Delta Electronics, INC. of cncsoft-g2 Out-of-bounds read vulnerability in |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. Delta Electronics, INC. of cncsoft-g2 Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2
| VAR-202410-0262 | CVE-2024-47964 | Delta Electronics CNCSoft-G2 DPAX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. Delta Electronics, INC. of cncsoft-g2 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2
| VAR-202410-0259 | CVE-2024-47963 | Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. Delta Electronics, INC. of cncsoft-g2 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2
| VAR-202410-0260 | CVE-2024-47962 | Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can manipulate an insider to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. Delta Electronics, INC. of cncsoft-g2 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2
| VAR-202410-0264 | CVE-2024-9793 | Shenzhen Tenda Technology Co.,Ltd. of ac1206 in the firmware OS Command injection vulnerability |
CVSS V2: 6.5 CVSS V3: 6.3 Severity: Medium |
A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. This vulnerability affects the function ate_iwpriv_set/ate_ifconfig_set of the file /goform/ate. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of ac1206 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. No detailed vulnerability details are currently provided
| VAR-202410-0330 | CVE-2024-9792 | D-Link Systems, Inc. of DSL-2750U Cross-site scripting vulnerability in firmware |
CVSS V2: 3.3 CVSS V3: 2.4 Severity: Medium |
A vulnerability classified as problematic has been found in D-Link DSL-2750U R5B017. This affects an unknown part of the component Port Forwarding Page. The manipulation of the argument PortMappingDescription leads to cross site scripting. It is possible to initiate the attack remotely. D-Link Systems, Inc. of DSL-2750U Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. D-Link DSL-2750U is a wireless router from D-Link, a Chinese company.
D-Link DSL-2750U R5B017 has a cross-site scripting vulnerability. The vulnerability is caused by the lack of effective filtering and escaping of user-supplied data in the parameter PortMappingDescription. Attackers can exploit this vulnerability to execute arbitrary web scripts or HTML by injecting carefully crafted payloads
| VAR-202410-0223 | CVE-2024-9786 | D-Link Systems, Inc. of DIR-619L Classic buffer overflow vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability, which was classified as critical, has been found in D-Link DIR-619L B1 2.06. Affected by this issue is the function formSetLog of the file /goform/formSetLog. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of DIR-619L Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-619L is a wireless router from D-Link of China. The vulnerability is caused by the parameter curTime of the file /goform/formSetLog failing to correctly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack
| VAR-202410-0191 | CVE-2024-9785 | D-Link Systems, Inc. of DIR-619L Classic buffer overflow vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. Affected by this vulnerability is the function formSetDDNS of the file /goform/formSetDDNS. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of DIR-619L Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-619L is a wireless router of D-Link, a Chinese company. The vulnerability is caused by the parameter curTime of the file /goform/formSetDDNS failing to correctly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack
| VAR-202410-0344 | CVE-2024-9784 | D-Link Systems, Inc. of DIR-619L Classic buffer overflow vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability classified as critical has been found in D-Link DIR-619L B1 2.06. Affected is the function formResetStatistic of the file /goform/formResetStatistic. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of DIR-619L Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-619L is a wireless router from D-Link, a Chinese company.
D-Link DIR-619L B1_2.06 version has a buffer overflow vulnerability, which can be exploited by attackers to execute arbitrary code on the system or cause a denial of service
| VAR-202410-0266 | CVE-2024-9783 | D-Link Systems, Inc. of DIR-619L Classic buffer overflow vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was found in D-Link DIR-619L B1 2.06. It has been rated as critical. This issue affects the function formLogDnsquery of the file /goform/formLogDnsquery. The manipulation of the argument curTime leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of DIR-619L Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-619L is a wireless router from D-Link, a Chinese company.
D-Link DIR-619L B1_2.06 version has a buffer overflow vulnerability, which can be exploited by attackers to execute arbitrary code on the system or cause a denial of service
| VAR-202410-0366 | CVE-2024-9782 | D-Link Systems, Inc. of DIR-619L Classic buffer overflow vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was found in D-Link DIR-619L B1 2.06. It has been declared as critical. This vulnerability affects the function formEasySetupWWConfig of the file /goform/formEasySetupWWConfig. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of DIR-619L Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-619L is a wireless router
| VAR-202410-1229 | CVE-2024-22068 | plural ZTE Weak Password Requirements Vulnerability in Products |
CVSS V2: - CVSS V3: 6.0 Severity: MEDIUM |
Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.This issue affects ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series: V4.00.10 and earlier. ZXR10 1800-2S firmware, zxr10 2800-4 firmware, zxr10 3800-8 firmware etc. ZTE The product contains a weak password requirement vulnerability.Information may be obtained
| VAR-202410-3381 | CVE-2024-46316 | DrayTek Corporation of Vigor3900 in the firmware OS Command injection vulnerability |
CVSS V2: - CVSS V3: 8.0 Severity: HIGH |
DrayTek Vigor3900 v1.5.1.6 was discovered to contain a command injection vulnerability via the sub_2C920 function at /cgi-bin/mainfunction.cgi. This vulnerability allows attackers to execute arbitrary commands via supplying a crafted HTTP message. DrayTek Corporation of Vigor3900 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202410-1174 | CVE-2024-47660 | Linux of Linux Kernel Race condition vulnerabilities in |
CVSS V2: 7.2 CVSS V3: 4.7 Severity: MEDIUM |
In the Linux kernel, the following vulnerability has been resolved:
fsnotify: clear PARENT_WATCHED flags lazily
In some setups directories can have many (usually negative) dentries.
Hence __fsnotify_update_child_dentry_flags() function can take a
significant amount of time. Since the bulk of this function happens
under inode->i_lock this causes a significant contention on the lock
when we remove the watch from the directory as the
__fsnotify_update_child_dentry_flags() call from fsnotify_recalc_mask()
races with __fsnotify_update_child_dentry_flags() calls from
__fsnotify_parent() happening on children. This can lead upto softlockup
reports reported by users.
Fix the problem by calling fsnotify_update_children_dentry_flags() to
set PARENT_WATCHED flags only when parent starts watching children.
When parent stops watching children, clear false positive PARENT_WATCHED
flags lazily in __fsnotify_parent() for each accessed child. Linux of Linux Kernel There is a race condition vulnerability in.Service operation interruption (DoS) It may be in a state. The RUGGEDCOM RST2428P is a Layer 2 Ethernet switch based on SINEC OS with up to 28 non-blocking interfaces. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) and human-machine interfaces (HMIs).
Multiple vulnerabilities exist in third-party components prior to SIEMENS SINEC OS V3.2. These vulnerabilities could be exploited to corrupt values, leading to undefined behavior or security issues