VARIoT IoT vulnerabilities database

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formSetIptv. Tenda AX1803 is a dual-band Gigabit WIFI6 router from China's Tenda Company. This vulnerability is caused by the iptv.city.vlan parameter of the formSetIptv method failing to correctly verify the length of the input data. An attacker can use this vulnerability to execute arbitrary code on the system or Lead to denial of service attacks

Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formSetIptv. Tenda AX1803 is a dual-band Gigabit WIFI6 router from China's Tenda Company. This vulnerability is caused by the adv.iptv.stballvlans parameter of the formSetIptv method failing to correctly verify the length of the input data. An attacker can use this vulnerability to execute arbitrary code on the system or Lead to denial of service attacks

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formSetIptv. Tenda AX1803 is a dual-band Gigabit WIFI6 router from China's Tenda Company. This vulnerability is caused by the iptv.stb.port parameter of the formSetIptv method failing to correctly verify the length of the input data. A remote attacker can use this vulnerability to execute arbitrary code on the system or cause a denial of service attack

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv. Tenda AX1803 is a dual-band Gigabit WIFI6 router from China's Tenda Company. An attacker can exploit this vulnerability to execute arbitrary code on the system by sending a specially crafted HTTP request using the iptv.stb.mode parameter

Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formSetIptv. Tenda AX1803 is a dual-band Gigabit WIFI6 router from China's Tenda Company. This vulnerability is caused by the adv.iptv.stbpvid parameter of the formSetIptv method failing to correctly verify the length of the input data. An attacker can use this vulnerability to execute arbitrary code on the system or Lead to denial of service attacks

Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function setIptvInfo.

Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formGetIptv. Tenda AX1803 is a dual-band Gigabit WIFI6 router from China's Tenda Company. This vulnerability is caused by the adv.iptv.stballvlans parameter of the formGetIptv method failing to correctly verify the length of the input data. An attacker can use this vulnerability to execute arbitrary code on the system or Lead to denial of service attacks

Tenda AX1803 v1.0.0.1 was discovered to contain a command injection vulnerability via the function fromAdvSetLanIp. Tenda AX1803 is a dual-band Gigabit WIFI6 router from China's Tenda Company. The vulnerability is caused by the fromAdvSetLanIp method failing to correctly filter special characters, commands, etc. in the constructed command. An attacker could exploit this vulnerability to cause arbitrary command execution

Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function getIptvInfo. Tenda AX1803 is a dual-band Gigabit WIFI6 router from China's Tenda Company. This vulnerability is caused by the adv.iptv.stbpvid parameter of the getIptvInfo method failing to correctly verify the length of the input data. A remote attacker can use this vulnerability to execute arbitrary code on the system. or result in a denial of service attack

Buffer Overflow vulnerability in Tenda AX12 V22.03.01.46, allows remote attackers to cause a denial of service (DoS) via list parameter in SetNetControlList function. Tenda AX12 is a dual-band Gigabit Wifi 6 wireless router from China's Tenda Company. Tenda AX12 V22.03.01.46 version has a buffer overflow vulnerability. The vulnerability results from a bounds error when the application handles untrusted input

D-Link R15 before v1.08.02 was discovered to contain no firewall restrictions for IPv6 traffic. This allows attackers to arbitrarily access any services running on the device that may be inadvertently listening via IPv6. D-Link R15 is a wireless router made by China D-Link Company. D-Link R15 v1.08.02 has a code issue vulnerability

Totolink N200RE_V5 V9.3.5u.6255_B20211224 is vulnerable to Incorrect Access Control. The device allows remote attackers to obtain Wi-Fi system information, such as Wi-Fi SSID and Wi-Fi password, without logging into the management page. TOTOLINK N200RE is a wireless broadband router that uses 11N wireless technology

A vulnerability classified as problematic has been found in Totolink T6 4.1.9cu.5241_B20210923. This affects an unknown part of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input showSyslog leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249867. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK T6 is a wireless dual-band router made by China Zeon Electronics (TOTOLINK) Company. TOTOLINK T6 version 4.1.9cu.5241_B20210923 has an access control error vulnerability. The vulnerability is caused by an access control error in the file /cgi-bin/cstecgi.cgi. An attacker could exploit this vulnerability to obtain sensitive information

A vulnerability was found in Totolink X2000R 1.0.0-B20221212.1452. It has been declared as critical. This vulnerability affects the function formTmultiAP of the file /bin/boa of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249856. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of x2000r An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK X2000R is a wireless router from China's TOTOLINK Electronics. Totolink X2000R has a buffer overflow vulnerability, which is caused by the function formTmultiAP in the file /bin/boa failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability was found in Totolink T6 4.1.9cu.5241_B20210923. It has been classified as critical. This affects the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument v41 leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249855. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of t6 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK T6 is a wireless dual-band router made by China's Zeon Electronics (TOTOLINK) company. Remote attackers can exploit this vulnerability. Execute arbitrary code on the system or cause a denial of service attack

A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain a stack overflow vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process. Siemens' JT2Go and Teamcenter Visualization Exists in a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain a stack overflow vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process. Siemens' JT2Go and Teamcenter Visualization Exists in a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. Siemens' JT2Go and Teamcenter Visualization for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state

A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process. Siemens' JT2Go and Teamcenter Visualization Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC847E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows). In default installations of maxView Storage Manager where Redfish® server is configured for remote system management, a vulnerability has been identified that can provide unauthorized access. SIMATIC IPC (Industrial PC) is a PC-based automation hardware platform from Siemens