VARIoT IoT vulnerabilities database

Cross-Site Scripting (XSS) vulnerability stored in TP-Link Archer AX50 affecting firmware version 1.0.11 build 2022052. This vulnerability could allow an unauthenticated attacker to create a port mapping rule via a SOAP request and store a malicious JavaScript payload within that rule, which could result in an execution of the JavaScript payload when the rule is loaded. TP-LINK AX50 is a router device produced by China Pulian (TP-LINK) Company. This vulnerability stems from the application's lack of effective filtering and escaping of user-provided data

A Cross-site scripting (XSS) vulnerability in dlapn.cgi, dldongle.cgi, dlcfg.cgi, fwup.cgi and seama.cgi in D-Link GORTAC750_A1_FW_v101b03 allows remote attackers to inject arbitrary web script or HTML via the url parameter. D-Link Systems, Inc. of go-rt-ac750 Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. D-Link GO-RT-AC750 is a wireless dual-band simple router from China D-Link. D-Link GO-RT-AC750 has a cross-site scripting vulnerability. This vulnerability stems from the lack of effective filtering and escaping of user-provided data in components such as dlapn.cgi and dldongle.cgi

Dell Digital Delivery, versions prior to 5.2.0.0, contain a Buffer Overflow Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to arbitrary code execution and/or privilege escalation. (DoS) It may be in a state. Dell Digital Delivery is an application developed by the American Dell Company specifically for Dell computer equipment and used to purchase computer pre-installed software online. This vulnerability is caused by the program's failure to correctly verify the length of input data

Memory corruption in Audio while processing RT proxy port register driver. 315 5g iot modem firmware, 9205 lte modem firmware, 9206 lte modem Several Qualcomm products, such as firmware, contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

EG3210 is a multi-service security gateway. There is a command execution vulnerability in the EG3210 of Beijing StarNet Ruijie Network Technology Co., Ltd. An attacker can use this vulnerability to gain control of the server.

Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file. Linksys of e2000 Firmware contains an access control vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in the Filters page. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. Dell Secure Connect Gateway is a secure connection gateway from the American company Dell. No detailed vulnerability details are currently available

Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. No detailed vulnerability details are currently provided

Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. No detailed vulnerability details are currently provided

Dell Secure Connect Gateway (SCG) Policy Manager, version 5.10+, contain a weak password recovery mechanism for forgotten passwords. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the compromised account. The attacker could retrieve the reset password token without authorization and then perform the password change. (DoS) It may be in a state

Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in Policy page. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. Dell Secure Connect Gateway is a secure connection gateway of Dell (Dell) in the United States. No detailed vulnerability details are currently provided

Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain an improper authorization vulnerability. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized devices added to policies. Exploitation may lead to information disclosure and unauthorized access to the system. Dell's secure connect gateway Exists in unspecified vulnerabilities.Information may be obtained and information may be tampered with. No detailed vulnerability details are currently provided

Dell Secure Connect Gateway, 5.18, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext. No detailed vulnerability details are currently available

Dell Secure Connect Gateway 5.20 contains an improper authentication vulnerability during the SRS to SCG update path. A remote low privileged attacker could potentially exploit this vulnerability, leading to impersonation of the server through presenting a fake self-signed certificate and communicating with the remote server. Dell's secure connect gateway Exists in spoofing authentication evasion vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Delta Electronics CNCSoft-B versions 1.0.0.4 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of DPA files in the DOPSoft executable. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics CNCSoft-B is a CNC machine tool simulation system software from Delta Electronics, Taiwan, China. The vulnerability is caused by the program failing to correctly verify the length of the input data

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a Null-pointer dereferences in sub_4110f4(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. D-Link Systems, Inc. of DIR-823G A firmware vulnerability exists regarding the handling of exceptional conditions.Service operation interruption (DoS) It may be in a state

D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. D-Link Systems, Inc. of DIR-823G The firmware has NullPointerException Catch It was used NULL A pointer dereference detection vulnerability exists.Service operation interruption (DoS) It may be in a state

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a Null-pointer dereferences in sub_41C488(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. D-Link Systems, Inc. of DIR-823G The firmware has NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state

D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_42AF30(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. D-Link Systems, Inc. of DIR-823G The firmware has NullPointerException Catch It was used NULL A pointer dereference detection vulnerability exists.Service operation interruption (DoS) It may be in a state

D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. D-Link Systems, Inc. of DIR-823G The firmware has NullPointerException Catch It was used NULL A pointer dereference detection vulnerability exists.Service operation interruption (DoS) It may be in a state