VARIoT IoT vulnerabilities database

A vulnerability was found in Arris VAP2500 08.50. It has been rated as critical. Affected by this issue is some unknown functionality of the file /diag_s.php. The manipulation of the argument customer_info leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265832. ARRIS Group of ARRIS VAP2500 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A vulnerability was found in Arris VAP2500 08.50. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /assoc_table.php. The manipulation of the argument id leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-265831.

EG2000CE is an intelligent router. EG2000CE of Beijing Xingwang Ruijie Network Technology Co., Ltd. has a command execution vulnerability, which can be exploited by attackers to obtain server permissions.

Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formSetIptv. Shenzhen Tenda Technology Co.,Ltd. of ax1806 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AX1806 is a home wireless router device. Attackers can exploit this vulnerability to crash the application or execute arbitrary code in the application context

Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formSetIptv. Shenzhen Tenda Technology Co.,Ltd. of ax1806 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AX1806 is a home wireless router device. No detailed vulnerability details are currently provided

Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formSetIptv. Shenzhen Tenda Technology Co.,Ltd. of ax1806 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AX1806 is a home wireless router device. Attackers can exploit this vulnerability to execute arbitrary code

Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formSetIptv. Shenzhen Tenda Technology Co.,Ltd. of ax1806 A stack-based buffer overflow vulnerability exists in the firmware.Information may be obtained and information may be tampered with. Tenda AX1806 is a home wireless router device. No detailed vulnerability details are currently provided

Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv. Shenzhen Tenda Technology Co.,Ltd. of ax1806 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AX1806 is a home wireless router device. Attackers can exploit this vulnerability to execute arbitrary code

ER5100G2 is a new generation enterprise-class Gigabit wired router. H3C ER5100G2 system management has a command execution vulnerability, which can be exploited by attackers to obtain server permissions.

EG3210 is a multi-service security gateway. Beijing Xingwang Ruijie Network Technology Co., Ltd. EG3210 has a command execution vulnerability, which can be exploited by attackers to gain control of the server.

Shenzhen Tongwei Digital Technology Co., Ltd. is an international provider of video security products and system solutions integrating R&D, production, sales and services. Shenzhen Tongwei Digital Technology Co., Ltd. InVid Tech has a weak password vulnerability, which attackers use to log in to the system backend and obtain sensitive information.

Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server. This vulnerability is fixed in 18.23.1, 20.8.1, and 21.3.1. Sangoma of Asterisk contains vulnerabilities related to improper implementation of authentication algorithms, vulnerabilities related to the use of operators, and vulnerabilities related to improper implementation of control flow.Information may be obtained

Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution. Dell Edge Gateway 5000 firmware, precision 5820 tower firmware, Dell Edge Gateway 3000 Unspecified vulnerabilities exist in multiple Dell products, including firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

The Yakong Giant SCADA Monitoring Platform is a high-end industrial automation full-configuration monitoring software suitable for "all-trusted" industrial control systems. It supports the joint use of all mainstream trusted CPUs, operating systems, PLC devices, and databases. The Yakong Giant SCADA Monitoring Platform of Beijing Yakong Technology Development Co., Ltd. has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in information exposure, revealing sensitive information. Additionally, a threat actor could potentially modify and delete the data in a remote database. An attack would only affect the HMI design time, not runtime. Rockwell Automation FactoryTalk View SE is an industrial automation system view interface from Rockwell Automation of the United States

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000-40 V31R02B1413C and classified as critical. This issue affects some unknown processing of the file /useratte/resmanage.php. The manipulation of the argument load leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264533 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. D-Link Systems, Inc. of dar-7000 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. DAR-7000-40 is a network device suitable for government, finance, insurance, hotel, small and medium-sized enterprises, education and other fields. It provides professional traffic management capabilities, powerful content auditing, advanced Internet behavior management and efficient firewall and other practical functions. It can provide users with a visual network management experience by identifying and managing the network data flow application layer. Attackers can exploit this vulnerability to cause operating system command injection

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-7000-40 V31R02B1413C and classified as critical. This vulnerability affects unknown code of the file /firewall/urlblist.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264532. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. D-Link Systems, Inc. of dar-7000 Firmware has an unrestricted upload of dangerous file types vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DAR-7000-40 V31R02B1413C. This affects an unknown part of the file /url/url.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264531. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. D-Link Systems, Inc. of dar-7000 Firmware has an unrestricted upload of dangerous file types vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-7000-40 V31R02B1413C. Affected by this issue is some unknown functionality of the file /useratte/resmanage.php. The manipulation of the argument file leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-264530 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. D-Link Systems, Inc. of dar-7000 Firmware has an unrestricted upload of dangerous file types vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in D-Link DAR-7000-40 V31R02B1413C. Affected by this vulnerability is an unknown functionality of the file /user/onlineuser.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264529 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. D-Link Systems, Inc. of dar-7000 Firmware has an unrestricted upload of dangerous file types vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state