VARIoT IoT vulnerabilities database

An issue in NETGEAR-DGND4000 v.1.1.00.15_1.00.15 allows a remote attacker to escalate privileges via the next_file parameter to the /setup.cgi component. of netgear DGND4000 Firmware contains a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ‌ NETGEAR DGND4000 is a wireless router with modem functionality. No detailed vulnerability details are available at this time

In TP-Link Omada er605 1.0.1 through (v2.6) 2.2.3, a cloud-brd binary is susceptible to an integer overflow that leads to a heap-based buffer overflow. After heap shaping, an attacker can achieve code execution in the context of the cloud-brd binary that runs at the root level. This is fixed in ER605(UN)_v2_2.2.4 Build 020240119. TP-LINK Omada ER605 is a VPN router from TP-LINK of China. TP-LINK Omada ER605 versions 1.0.1 to 2.2.3 have a buffer overflow vulnerability, which is caused by a boundary error when the application processes untrusted input. A remote attacker can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

Tenda AX12 v1.0 v22.03.01.16 was discovered to contain a stack overflow via the ssid parameter in the sub_431CF0 function. Shenzhen Tenda Technology Co.,Ltd. of AX12 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda AX12 is a dual-band Gigabit Wi-Fi 6 wireless router designed for home users. It supports dual-band concurrent transmission and achieves speeds of up to 2976 Mbps. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Insufficient session timeout vulnerability in the FAST3686 V2 Vodafone router from Sagemcom. This vulnerability could allow a local attacker to access the administration panel without requiring login credentials. This vulnerability is possible because the 'Login.asp and logout.asp' files do not handle session details correctly. Sagemcom of F@st 3686 A session expiration vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

An information leak in the currentsetting.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required. NETGEAR CBR40/CBK40/CBM43 are all routers from NETGEAR. Hardware devices that connect two or more networks and act as gateways between networks. The vulnerability stems from the currentsetting.htm component's insufficient protection of sensitive information

An information leak in the debuginfo.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required. NETGEAR CBR40/CBK40/CBM43 are all routers from NETGEAR. Hardware devices that connect two or more networks and act as gateways between networks

A login bypass in TOTOLINK A8000RU V7.1cu.643_B20200521 allows attackers to login to Administrator accounts via providing a crafted session cookie. TOTOLINK of a8000ru Firmware contains an access control vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A8000RU is a wireless router from China's TOTOLINK Electronics

Windows Kernel Information Disclosure Vulnerability. RTU500 is a series of industrial control components of Hitachi, Japan, mainly used in industrial control systems. Hitachi Energy RTU500 series CMU Firmware has a security vulnerability that can be exploited by attackers to bypass security updates

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets. fortinet's FortiClient EMS for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the entrys parameter fromAddressNat function. Shenzhen Tenda Technology Co.,Ltd. of AC18 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the mitInterface parameter of fromAddressNat function. Shenzhen Tenda Technology Co.,Ltd. of AC18 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A vulnerability has been identified in SENTRON 3KC ATC6 Expansion Module Ethernet (3KC9000-8TL75) (All versions). Affected devices expose an unused, unstable http service at port 80/tcp on the Modbus-TCP Ethernet. This could allow an attacker on the same Modbus network to create a denial of service condition that forces the device to reboot. Siemens SENTRON 3KC ATC6 Expansion Module is a power distribution protection device from Germany's Siemens, used to monitor and protect power systems

A vulnerability has been identified in SENTRON 7KM PAC3120 AC/DC (7KM3120-0BA01-1DA0) (All versions >= V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3120 DC (7KM3120-1BA01-1EA0) (All versions >= V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3220 AC/DC (7KM3220-0BA01-1DA0) (All versions >= V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3220 DC (7KM3220-1BA01-1EA0) (All versions >= V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)). The read out protection of the internal flash of affected devices was not properly set at the end of the manufacturing process. An attacker with physical access to the device could read out the data. SENTRON PAC Meter products are power measuring devices for precise energy management and transparent information collection

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to resources and potentially lead to code execution. Siemens' SINEMA Remote Connect Server contains an access control vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The platform is mainly used for remote access, maintenance, control and diagnosis of underlying networks

Under certain conditions, Support Web Pages of SAP NetWeaver Process Integration (PI) - versions 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application. SAP of SAP NetWeaver Process Integration Contains a vulnerability in improper permission assignment for critical resources.Information may be obtained

Under certain conditions SAP NetWeaver WSRM - version 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application. SAP of SAP NetWeaver Exists in unspecified vulnerabilities.Information may be obtained

A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.852_20230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256313 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of x6000r The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK X6000R is a wireless router made by China Zeon Electronics (TOTOLINK) Company. TOTOLINK X6000R version 9.4.0cu.852_20230719 has an operating system command injection vulnerability. This vulnerability originates from a security issue in the setDiagnosisCfg function in /cgi-bin/cstecgi.cgi in the component shttpd, which causes operating system command injection by changing the parameter ip. No detailed vulnerability details are currently available

A stack-based buffer overflow vulnerability exists in the JSON Parsing getblockschedule() functionality of Netgear RAX30 1.0.11.96 and 1.0.7.78. A specially crafted HTTP request can lead to code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. of netgear RAX30 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR RAX30 is a WiFi 6 router launched by NETGEAR. It supports dual bands (2.4GHz and 5GHz), has a maximum transmission rate of 2400Mbps, uses three external antennas, is equipped with a 1.5GHz triple-core processor, and can connect 20 devices at the same time. Attackers can use this vulnerability to submit special requests to crash the application or execute arbitrary code in the application context

A vulnerability in the web-based user interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform buffer overflow attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid administrative credentials for the device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. Cisco WAP121 firmware, Cisco WAP125 firmware, Cisco WAP131 Multiple Cisco Systems products, including firmware, contain a stack-based buffer overflow vulnerability.Information may be obtained and information may be tampered with. Cisco Small Business is a switch of Cisco

A stack-based buffer overflow in the built-in web server in Moxa NPort W2150A/W2250A Series firmware version 2.3 and prior allows a remote attacker to exploit the vulnerability by sending crafted payload to the web service. Successful exploitation of the vulnerability could result in denial of service. NPort W2150A firmware, NPort W2250A firmware, NPort W2150A-T firmware etc. Moxa Inc. The product contains a vulnerability related to out-of-bounds writes.Service operation interruption (DoS) It may be in a state. MOXA NPort W2150A/W2250A is a series of wireless device networking servers from China's MOXA company