VARIoT IoT vulnerabilities database

Chung-Chi Technology Co., Ltd., founded in 1986, offers a series of industry-leading DOCSIS (Domain-Oriented Broadband Access Network) equipment and related network products. A weak password vulnerability exists in Chung-Chi Technology Co., Ltd.'s NUX-6374R device, which attackers could exploit to obtain sensitive information.

A security vulnerability has been detected in TOTOLINK N600R up to 4.3.0cu.7866_B20220506. This impacts the function setWiFiBasicConfig of the file /cgi-bin/cstecgi.cgi of the component HTTP Request Handler. Such manipulation of the argument wepkey leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. TOTOLINK of n600r The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK N600R is a dual-band wireless router released by the Korean brand TOTOLINK in 2013. It supports concurrent operation in the 2.4GHz and 5GHz bands and offers a maximum wireless transmission rate of 300Mbps. The TOTOLINK N600R suffers from a buffer overflow vulnerability caused by the wepkey parameter in the /cgi-bin/cstecgi.cgi file failing to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability was found in Tenda CH22 1.0.0.1. This affects the function formSafeEmailFilter of the file /goform/SafeEmailFilter. Performing manipulation of the argument page results in memory corruption. The attack is possible to be carried out remotely. The exploit has been made public and could be used. of ch22 A buffer error vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability stems from the failure of the formSafeEmailFilter function in the file /goform/SafeEmailFilter to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service

A security vulnerability has been detected in Tenda CH22 up to 1.0.0.1. This issue affects the function formWrlsafeset of the file /goform/AdvSetWrlsafeset of the component HTTP Request Handler. The manipulation of the argument mit_ssid_index leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. Shenzhen Tenda Technology Co.,Ltd. of ch22 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability stems from the failure of the mit_ssid_index parameter of the formWrlsafeset function in the file /goform/AdvSetWrlsafeset to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A security vulnerability has been detected in D-Link DI-7001 MINI 24.04.18B1. The affected element is an unknown function of the file /dbsrv.asp. Such manipulation of the argument str leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. D-Link Corporation of DI-7001MINI-8G The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DI-7001 MINI is a multi-function smart gateway from D-Link, a Chinese company. The D-Link DI-7001 MINI suffers from a buffer overflow vulnerability caused by improper bounds checking in the /dbsrv.asp file. An attacker could exploit this vulnerability to execute arbitrary code or cause the application to crash

A weakness has been identified in D-Link DI-7001 MINI 24.04.18B1. Impacted is an unknown function of the file /upgrade_filter.asp. This manipulation of the argument path causes os command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. D-Link Corporation of DI-7001MINI-8G The firmware contains a command injection vulnerability. OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DI-7001 MINI is a multi-function smart gateway from D-Link, a Chinese company. The D-Link DI-7001 MINI suffers from an operating system command injection vulnerability that could allow an attacker to execute arbitrary code on the system

A security flaw has been discovered in Tenda AC15 15.03.05.18. Affected is an unknown function of the file /goform/saveAutoQos. Performing manipulation of the argument enable results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. Shenzhen Tenda Technology Co.,Ltd. of AC15 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability stems from the failure of the enable parameter in the file /goform/saveAutoQos to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability was identified in Tenda AC15 15.03.05.18. This impacts an unknown function of the file /goform/setNotUpgrade. Such manipulation of the argument newVersion leads to stack-based buffer overflow. The attack may be launched remotely. The exploit is publicly available and might be used. The Tenda AC15 is a dual-band wireless router launched by Shenzhen Jixiang Tengda Technology Co., Ltd. in October 2015. It supports the 802.11ac protocol and is designed primarily for home networking environments. This vulnerability stems from the failure of the parameter "newVersion" in the file "/goform/setNotUpgrade" to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability was determined in Tenda AC15 15.03.05.18. This affects an unknown function of the file /goform/fast_setting_pppoe_set. This manipulation of the argument Password causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. Shenzhen Tenda Technology Co.,Ltd. of AC15 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability could allow an attacker to execute arbitrary code or cause a denial of service

A vulnerability was found in Tenda AC15 15.03.05.18. The impacted element is an unknown function of the file /goform/SetDDNSCfg of the component POST Parameter Handler. The manipulation of the argument ddnsEn results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used. of AC15 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. in October 2015. It supports the 802.11ac protocol and is designed primarily for home networking environments. This vulnerability stems from the failure of the parameter ddnsEn in the file /goform/SetDDNSCfg to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability has been found in Tenda AC20 up to 16.03.08.12. The affected element is the function sscanf of the file /goform/fast_setting_wifi_set. The manipulation of the argument timeZone leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. of AC20 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Detailed vulnerability details are currently unavailable

A vulnerability was found in Tenda AC23 up to 16.03.07.52. Affected by this issue is the function sscanf of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used. of ac23 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. It offers dual-band concurrent transmission rates up to 2033 Mbps, with the 5 GHz band reaching up to 1733 Mbps. It is suitable for high-bandwidth applications such as 4K video and online live streaming. This vulnerability stems from the failure of the sscanf function in the file /goform/SetStaticRouteCfg to properly validate the length of the input data in the parameter list. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability has been found in D-Link DI-7100G C1 up to 20250928. This issue affects the function sub_4BD4F8 of the file /webchat/hi_block.asp of the component jhttpd. The manipulation of the argument popupId leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. D-Link Corporation of DI-7100G C1 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DI-7100G C1 is an enterprise-class router designed primarily for small and medium-sized businesses. This vulnerability stems from the failure of the popupId parameter in the /webchat/hi_block.asp file to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service

A flaw has been found in D-Link DI-7100G C1 up to 20250928. This vulnerability affects the function sub_4C0990 of the file /webchat/login.cgi of the component jhttpd. Executing manipulation of the argument openid can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used. The D-Link DI-7100G C1 is an enterprise-class router designed primarily for small and medium-sized businesses. The D-Link DI-7100G C1 suffers from a buffer overflow vulnerability. This vulnerability stems from a failure to properly validate the length of input data in the openid parameter in the /webchat/login.cgi file. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service

A weakness has been identified in D-Link DI-7100G C1 up to 20250928. Affected by this vulnerability is the function sub_46409C of the file /msp_info.htm?flag=qos of the component jhttpd. This manipulation of the argument iface causes command injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited. D-Link Corporation of DI-7100G C1 The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DI-7100G C1 is an enterprise-class router designed primarily for small and medium-sized businesses. The D-Link DI-7100G C1 suffers from a command injection vulnerability caused by the iface parameter in the file /msp_info.htm?flag=qos failing to properly sanitize special characters and commands when constructing commands. Detailed vulnerability details are currently unavailable

A vulnerability was detected in Tenda AC18 15.03.05.19(6318). This issue affects some unknown processing of the file /goform/SetDDNSCfg. The manipulation of the argument ddnsEn results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used. The Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tengda Technology Co., Ltd. in July 2016, primarily for villa and large-sized home users. This vulnerability stems from the failure of the ddnsEn parameter in the /goform/SetDDNSCfg file to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A security vulnerability has been detected in Tenda AC18 15.03.05.19(6318). This vulnerability affects unknown code of the file /goform/SetUpnpCfg. The manipulation of the argument upnpEn leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tengda Technology Co., Ltd. in July 2016, primarily for villa and large-sized home users. This vulnerability stems from the failure of the upnpEn parameter in the /goform/SetUpnpCfg file to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A weakness has been identified in Tenda AC18 15.03.05.19(6318). This affects an unknown part of the file /goform/WifiMacFilterSet. Executing manipulation of the argument wifi_chkHz can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be exploited. Shenzhen Tenda Technology Co.,Ltd. of AC18 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. in July 2016, primarily for villa and large-sized home users. The Tenda AC18 suffers from a stack buffer overflow vulnerability. This vulnerability stems from the failure of the wifi_chkHz parameter in the file /goform/WifiMacFilterSet to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A security flaw has been discovered in Tenda AC18 15.03.05.19(6318). Affected by this issue is some unknown functionality of the file /goform/fast_setting_pppoe_set. Performing manipulation of the argument Username results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited. The Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tengda Technology Co., Ltd. in July 2016, primarily for villa and large-sized home users. The Tenda AC18 suffers from a stack buffer overflow vulnerability. This vulnerability stems from a failure to properly validate the length of the input data in the parameter Username in the file /goform/fast_setting_pppoe_set. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability was identified in Tenda AC18 15.03.05.19(6318). Affected by this vulnerability is an unknown functionality of the file /goform/setNotUpgrade. Such manipulation of the argument newVersion leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. Shenzhen Tenda Technology Co.,Ltd. of AC18 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. in July 2016, primarily for villa and large-sized home users. This vulnerability stems from the failure of the parameter newVersion in the file /goform/setNotUpgrade to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service