VARIoT IoT vulnerabilities database

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function. TOTOLINK of a6000r The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A6000R is a wireless router produced by China's TOTOLINK Electronics. An attacker can exploit this vulnerability to gain administrator privileges on the router and access or modify the router's configuration and data

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base system (All versions < V1.4.0). Affected devices allow a remote authenticated user or an unauthenticated user with physical access to downgrade the firmware of the device. This could allow an attacker to downgrade the device to older versions with known vulnerabilities. SICAM 8 Power automation platform is a universal, all-in-one hardware and software-based solution for all applications in the power supply sector. SICAM A8000 RTUs are modular devices for remote control and automation applications in all energy supply sectors. SICAM EGS is the gateway for local substations in distribution networks

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base system (All versions < V1.4.0). The password of administrative accounts of the affected applications can be reset without requiring the knowledge of the current password, given the auto login is enabled. This could allow an unauthorized attacker to obtain administrative access of the affected applications. SICAM 8 Power automation platform is a universal, all-in-one hardware and software-based solution for all applications in the power supply sector. SICAM A8000 RTUs are modular devices for remote control and automation applications in all energy supply sectors. SICAM EGS is a gateway for local substations in distribution networks

A vulnerability has been found in Tenda O3 1.0.0.10 and classified as critical. Affected by this vulnerability is the function fromVirtualSet. The manipulation of the argument ip/localPort/publicPort/app leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272119. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of o3 firmware 1.0.0.10(2478) Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda O3 is an outdoor wireless bridge of China's Tenda Company. Tenda O3 has a security vulnerability, which is caused by the operation of the parameters ip/localPort/public Port/app in the fromVirtualSet function, which will cause a stack-based buffer overflow. No detailed vulnerability details are currently provided

A vulnerability, which was classified as critical, has been found in Tenda O3 1.0.0.10. This issue affects the function formexeCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272117 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of o3 firmware 1.0.0.10(2478) Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda O3 is an outdoor wireless bridge from China's Tenda company. No detailed vulnerability details are currently provided

A vulnerability classified as critical was found in Tenda O3 1.0.0.10. This vulnerability affects the function formQosSet. The manipulation of the argument remark/ipRange/upSpeed/downSpeed/enable leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272116. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of o3 firmware 1.0.0.10(2478) Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda O3 is a wireless bridge device, mainly used to extend and enhance wireless network signals, suitable for home and small business network environments. Attackers can exploit this vulnerability to cause arbitrary code execution, device control, and even cause the device to crash or fail to work properly

A stack overflow in Tenda AX1806 v1.0.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input. Shenzhen Tenda Technology Co.,Ltd. of ax1806 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The vulnerability is caused by the program failing to properly verify the length of the input data

Linksys WRT54G v4.21.5 has a stack overflow vulnerability in get_merge_mac function. Belkin International, Inc. of wrt54g A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Linksys WRT54G is a router from Linksys, an American company. A remote attacker can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX9 V22.03.01.46 and AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX12 V1.0 V22.03.01.46 were discovered to contain an authenticated remote command execution (RCE) vulnerability via the macFilterType parameter at /goform/setMacFilterCfg. Shenzhen Tenda Technology Co.,Ltd. of ax9 firmware and AX12 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router v21_D240126 was discovered to contain a remote code execution (RCE) vulnerability in the ntp_zone_val parameter at /goform/set_ntp. This vulnerability is exploited via a crafted HTTP request. D-Link Systems, Inc. of DIR-823X A code injection vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-823X is a wireless router from D-Link of China. Attackers can exploit this vulnerability to cause arbitrary code execution

D-Link DI-8100 v16.07.26A1 has a stack overflow vulnerability in the dbsrv_asp function. D-Link Systems, Inc. of di-8100 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. D-Link DI-8100 is a wireless broadband router designed for small and medium-sized network environments by D-Link. The vulnerability is caused by the failure to properly verify the length of the input data in the dbsrv_asp function. Remote attackers can use this vulnerability to execute arbitrary code on the system or cause a denial of service attack

An issue in SHENZHEN TENDA TECHNOLOGY CO.,LTD Tenda AX2pro V16.03.29.48_cn allows a remote attacker to execute arbitrary code via the Routing functionality. Shenzhen Tenda Technology Co.,Ltd. of AX2 Pro The firmware contains a vulnerability related to improper validation of the origin of the communication channel.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AX2 Pro is an entry-level Gigabit Wi-Fi 6 router designed for home users by China's Tenda

An issue in Tenda AX12 v.16.03.49.18_cn+ allows a remote attacker to cause a denial of service via the Routing functionality and ICMP packet handling. Shenzhen Tenda Technology Co.,Ltd. of AX12 The firmware contains a vulnerability related to improper validation of the origin of the communication channel.Service operation interruption (DoS) It may be in a state. The Tenda AX12 is a dual-band Gigabit Wi-Fi 6 wireless router designed for home users. It supports dual-band concurrent transmission and achieves speeds of up to 2976 Mbps

Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceMac parameter at ip/goform/addWifiMacFilter. Shenzhen Tenda Technology Co.,Ltd. (DoS) It may be in a state. in July 2016, primarily for villa and large-sized home users. Detailed vulnerability details are currently unavailable

An input validation vulnerability exists in the Rockwell Automation 5015 - AENFTXT when a manipulated PTP packet is sent, causing the secondary adapter to result in a major nonrecoverable fault. If exploited, a power cycle is required to recover the product. Rockwell Automation of 5015-aenftxt There are unspecified vulnerabilities in the firmware.Service operation interruption (DoS) It may be in a state. Rockwell Automation 5015-AENFTXT is a technical data in the specification of a FLEXHA 5000 I/O system of Rockwell Automation, USA

Tenda i29V1.0 V1.0.0.5 was discovered to contain a hardcoded password for root. Tenda of i29 A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda i29 is a wireless router from China's Tenda company. Attackers can exploit this vulnerability to bypass authentication

Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/addWifiMacFilter. Tenda of AC18 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC18 is a router from China's Tenda company. No detailed vulnerability details are provided at present

Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/saveParentControlInfo. Tenda of AC18 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tengda Technology Co., Ltd. in July 2016, primarily for villas and large homes. This vulnerability stems from the failure to properly validate the length of the input data in the deviceId parameter of the ip/goform/saveParentControlInfo function. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

The vulnerability could be remotely exploited to bypass authentication. hewlett packard enterprise HPE 3PAR Service Processor There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A privilege escalation vulnerability exists in the affected products which could allow a malicious user with basic privileges to access functions which should only be available to users with administrative level privileges. If exploited, an attacker could read sensitive data, and create users. For example, a malicious user with basic privileges could perform critical functions such as creating a user with elevated privileges and reading sensitive information in the “views” section. Rockwell Automation Pavilion8 is a model prediction console of Rockwell Automation