VARIoT IoT vulnerabilities database
| VAR-202409-1843 | CVE-2024-38269 | plural ZyXEL Product vulnerabilities |
CVSS V2: 6.1 CVSS V3: 4.9 Severity: MEDIUM |
An improper restriction of operations within the bounds of a memory buffer in the USB file-sharing handler of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device. wx5600-t0 firmware, wx3401-b0 firmware, wx3100-t0 firmware etc. ZyXEL There are unspecified vulnerabilities in the product.Service operation interruption (DoS) It may be in a state. Zyxel VMG8825-T50K is an Internet access device from China's Zyxel Corporation.
Zyxel VMG8825-T50K has a buffer overflow vulnerability, which stems from the USB file sharing handler improperly restricting operations within the memory buffer range
| VAR-202409-0992 | CVE-2024-45836 | Multiple vulnerabilities in Planex network equipment |
CVSS V2: - CVSS V3: 6.1 Severity: MEDIUM |
Cross-site scripting vulnerability exists in the web management page of PLANEX COMMUNICATIONS network cameras. If a logged-in user accesses a specific file, an arbitrary script may be executed on the web browser of the user. None
| VAR-202409-0991 | CVE-2024-45372 | Multiple vulnerabilities in Planex network equipment |
CVSS V2: - CVSS V3: 6.5 Severity: MEDIUM |
MZK-DP300N firmware versions 1.04 and earlier contains a cross-site request forger vulnerability. Viewing a malicious page while logging in to the web management page of the affected product may lead the user to perform unintended operations such as changing the login password, etc. None
| VAR-202409-2088 | No CVE | Multiple products of Beijing Hollysys Industrial Software Co., Ltd. have arbitrary file download vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Beijing Hollysys Industrial Software Co., Ltd. is a major global supplier of intelligent system solutions.
Beijing Hollysys Industrial Software Co., Ltd. has a number of products that have arbitrary file download vulnerabilities, which attackers can exploit to obtain sensitive information.
| VAR-202409-1597 | CVE-2024-47221 | Rapid SCADA Vulnerability in requesting weak passwords in |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
CheckUser in ScadaServerEngine/MainLogic.cs in Rapid SCADA through 5.8.4 allows an empty password
| VAR-202409-2618 | No CVE | RPi-Jukebox-RFID has a command execution vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
RPi-Jukebox-RFID is a contactless jukebox for Raspberry Pi.
RPi-Jukebox-RFID has a command execution vulnerability that can be exploited by attackers to execute arbitrary commands.
| VAR-202409-1458 | CVE-2024-46652 | Shenzhen Tenda Technology Co.,Ltd. of AC8 Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability in the fromAdvSetMacMtuWan function. Shenzhen Tenda Technology Co.,Ltd. of AC8 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. A remote attacker can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack
| VAR-202409-0785 | CVE-2024-9004 | D-Link Systems, Inc. of dar-7000 in the firmware OS Command injection vulnerability |
CVSS V2: 6.5 CVSS V3: 6.3 Severity: Medium |
A vulnerability classified as critical has been found in D-Link DAR-7000 up to 20240912. Affected is an unknown function of the file /view/DBManage/Backup_Server_commit.php. The manipulation of the argument host leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of dar-7000 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DAR-7000 is an Internet behavior audit gateway of D-Link, a Chinese company.
D-Link DAR-7000 20240912 and earlier versions have an operating system command injection vulnerability. No detailed vulnerability details are currently provided
| VAR-202409-0812 | CVE-2024-9001 | TOTOLINK of t10 in the firmware OS Command injection vulnerability |
CVSS V2: 6.5 CVSS V3: 6.3 Severity: Medium |
A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of t10 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK T10 is a wireless network system router produced by China's TOTOLINK Electronics. No detailed vulnerability details are provided at present
| VAR-202409-1305 | CVE-2024-44589 | D-Link Systems, Inc. of DCS-960L Stack-based buffer overflow vulnerability in firmware |
CVSS V2: 8.3 CVSS V3: 8.8 Severity: HIGH |
Stack overflow vulnerability in the Login function in the HNAP service in D-Link DCS-960L with firmware 1.09 allows attackers to execute of arbitrary code. D-Link Systems, Inc. of DCS-960L A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DCS-960L is a network camera product of D-Link, a Chinese company.
There is a security vulnerability in the D-Link DCS-960L version 1.09
| VAR-202409-1248 | CVE-2024-46598 | DrayTek Corporation of vigor3910 Classic buffer overflow vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the iprofileidx parameter at dialin.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. DrayTek Corporation of vigor3910 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. DrayTek Vigor 3910 is a high-performance router for enterprise networks from DrayTek, a Chinese company. The vulnerability is caused by the iprofileidx parameter of the dialin.cgi page failing to properly verify the length of the input data
| VAR-202409-1117 | CVE-2024-46597 | DrayTek Corporation of vigor3910 Classic buffer overflow vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPubKey parameter at dialin.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. DrayTek Corporation of vigor3910 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. DrayTek Vigor 3910 is a high-performance router for enterprise networks from DrayTek, a Chinese company. The vulnerability is caused by the sPubKey parameter of the dialin.cgi page failing to correctly verify the length of the input data
| VAR-202409-1196 | CVE-2024-46593 | DrayTek Corporation of vigor3910 Classic buffer overflow vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the trapcomm parameter at cgiswm.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. DrayTek Corporation of vigor3910 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. DrayTek Vigor 3910 is a high-performance router for enterprise networks from DrayTek, a Chinese company. The vulnerability is caused by the trapcomm parameter of the cgiswm.cgi page failing to properly verify the length of the input data
| VAR-202409-1236 | CVE-2024-46584 | DrayTek Corporation of vigor3910 Classic buffer overflow vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the AControlIp1 parameter at acontrol.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. DrayTek Corporation of vigor3910 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. DrayTek Vigor 3910 is a high-performance router for enterprise networks from DrayTek, a Chinese company. The vulnerability is caused by the AControlIp1 parameter of the acontrol.cgi page failing to properly verify the length of the input data
| VAR-202409-1193 | CVE-2024-46583 | DrayTek Corporation of vigor3910 Classic buffer overflow vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the extRadSrv2 parameter at cgiapp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. DrayTek Corporation of vigor3910 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. DrayTek Vigor 3910 is a high-performance router for enterprise networks from DrayTek, a Chinese company. The vulnerability is caused by the extRadSrv2 parameter of the cgiapp.cgi page failing to properly verify the length of the input data
| VAR-202409-1232 | CVE-2024-46571 | DrayTek Corporation of vigor3910 Classic buffer overflow vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPPPSrvNm parameter at fwuser.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. DrayTek Corporation of vigor3910 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. DrayTek Vigor 3910 is a high-performance router for enterprise networks from DrayTek, a Chinese company. The vulnerability is caused by the sPPPSrvNm parameter of the fwuser.cgi page failing to properly verify the length of the input data
| VAR-202409-1093 | CVE-2024-46564 | DrayTek Corporation of vigor3910 Classic buffer overflow vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at fextobj.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. DrayTek Corporation of vigor3910 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. DrayTek Vigor 3910 is a high-performance router for enterprise networks from DrayTek, a Chinese company. The vulnerability is caused by the sProfileName parameter of the fextobj.cgi page failing to properly verify the length of the input data
| VAR-202409-1055 | CVE-2024-46559 | DrayTek Corporation of vigor3910 Classic buffer overflow vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sBPA_UsrNme parameter at inet15.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. DrayTek Corporation of vigor3910 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. DrayTek Vigor 3910 is a high-performance router for enterprise networks from DrayTek, a Chinese company. The vulnerability is caused by the sBPA_UsrNme parameter of the inet15.cgi page failing to properly verify the length of the input data
| VAR-202409-1092 | CVE-2024-46551 | DrayTek Corporation of vigor3910 Classic buffer overflow vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sBPA_Pwd parameter at inet15.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. DrayTek Corporation of vigor3910 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. DrayTek Vigor 3910 is a high-performance router for enterprise networks from DrayTek, a Chinese company. The vulnerability is caused by the sBPA_Pwd parameter of the inet15.cgi page failing to properly verify the length of the input data
| VAR-202409-1080 | CVE-2024-46550 | DrayTek Corporation of vigor3910 Classic buffer overflow vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the CGIbyFieldName parameter at chglog.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. DrayTek Corporation of vigor3910 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. DrayTek Vigor 3910 is a high-performance router for enterprise networks from DrayTek, a Chinese company. The vulnerability is caused by the CGIbyFieldName parameter of the chglog.cgi page failing to properly verify the length of the input data