VARIoT IoT vulnerabilities database

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the list1 parameter at ip/goform/DhcpListClient. Shenzhen Tenda Technology Co.,Ltd. (DoS) It may be in a state. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/NatStaticSetting. Shenzhen Tenda Technology Co.,Ltd. (DoS) It may be in a state. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter at ip/goform/exeCommand. Shenzhen Tenda Technology Co.,Ltd. (DoS) It may be in a state. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

TOTOLINK X5000R v9.1.0cu.2350_B20230313 was discovered to contain a command injection via the disconnectVPN function. TOTOLINK of X5000R The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK X5000R is a router of China's TOTOLINK Electronics. The vulnerability is caused by the pid parameter of /cgi-bin/cstecgi.cgi failing to properly filter special characters and commands in the constructed command. Attackers can exploit this vulnerability to cause arbitrary command execution

TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the function urldecode. TOTOLINK of lr350 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK LR350 is a 4G LTE router released by China's TOTOLINK Electronics. It converts 4G signals into wired signals and is suitable for home and office use. The TOTOLINK LR350 suffers from a buffer overflow vulnerability. This vulnerability stems from the failure of the password parameter in the urldecode function to properly validate the length of the input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. TOTOLINK of cp450 Firmware contains a command injection vulnerability.Information may be obtained and information may be tampered with. TOTOLINK CPE CP450 is an outdoor wireless client terminal device of China's Jiweng Electronics (TOTOLINK) Company. It is mainly used to provide wireless broadband access services, especially for wireless network coverage in rural or remote areas. The vulnerability is caused by the hostTime parameter of the NTPSyncWithHost method failing to properly filter special characters and commands in the constructed command. No detailed vulnerability details are currently provided

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the addWlProfileClientMode function. (DoS) It may be in a state. TOTOLINK CP450 is a wireless bridge produced by China's TOTOLINK Electronics. The vulnerability is caused by the addWlProfileClientMode method failing to properly verify the length of the input data. No detailed vulnerability details are currently available

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the CloudACMunualUpdate function. (DoS) It may be in a state. TOTOLINK CP450 is a wireless bridge produced by China's TOTOLINK Electronics. The vulnerability is caused by the CloudACMunualUpdate method failing to properly verify the length of the input data. Attackers can exploit this vulnerability to cause a denial of service

TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the CloudACMunualUpdate function via the FileName parameter. TOTOLINK of cp450 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK CPE CP450 is an outdoor wireless client terminal device of China's Jiweng Electronics (TOTOLINK) Company. It is mainly used to provide wireless broadband access services, especially for wireless network coverage in rural or remote areas. No detailed vulnerability details are currently provided

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpPortFilterRules function. (DoS) It may be in a state. TOTOLINK CP450 is a wireless bridge produced by China's TOTOLINK Electronics. The vulnerability is caused by the setIpPortFilterRules method failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the download_firmware function. TOTOLINK of cp450 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK CP450 is a wireless bridge produced by China's TOTOLINK Electronics. TOTOLINK CP450 has a command injection vulnerability, which is caused by the download_firmware method failing to properly filter special characters and commands in constructing commands. No detailed vulnerability details are currently available

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setLanguageCfg function. TOTOLINK CP450 is an outdoor wireless client terminal device produced by China Jiweng Electronics Co., Ltd., mainly used for wireless broadband access services in rural and remote areas. The vulnerability is caused by the setLanguageCfg method failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to cause a denial of service

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setMacFilterRules function. TOTOLINK CP450 is an outdoor wireless client terminal device produced by China's TOTOLINK Electronics Co., Ltd. It is mainly used to provide wireless broadband access services, especially for wireless network coverage in rural or remote areas. The vulnerability is caused by the setMacFilterRules method failing to properly verify the length of the input data. Attackers can exploit this vulnerability to cause a denial of service

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the getSaveConfig function. (DoS) It may be in a state. TOTOLINK CP450 is a wireless bridge produced by China's TOTOLINK Electronics. The vulnerability is caused by the getSaveConfig method failing to properly verify the length of the input data. Attackers can exploit this vulnerability to cause a denial of service

TOTOLINK CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpQosRules function. TOTOLINK of cp450 An out-of-bounds read vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK CPE CP450 is an outdoor wireless client terminal device of China's TOTOLINK Electronics Co., Ltd., mainly used to provide wireless broadband access services, especially for wireless network coverage in rural or remote areas. The vulnerability is caused by the setIpQosRules method failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formWlanSetup_Wizard allows remote authenticated users to trigger a denial of service (DoS) through the parameter "webpage.". D-Link Systems, Inc. of DIR-619L Firmware has a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state. The D-Link DIR-619L is a wireless router designed for home and small office environments. It implements the IEEE 802.11n standard and offers a maximum transmission rate of 300Mbps. The D-Link DIR-619L suffers from a buffer overflow vulnerability. This vulnerability stems from the failure of the formWlanSetup_Wizard parameter webpage to properly validate the length of input data. An attacker could exploit this vulnerability to cause a denial of service

A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formTcpipSetup allows remote authenticated users to trigger a denial of service (DoS) through the parameter "curTime.". D-Link Systems, Inc. The D-Link DIR-619L is a wireless router designed for home and small office environments. It implements the IEEE 802.11n standard and offers a maximum transmission rate of 300Mbps. This vulnerability stems from the failure of the curTime parameter in formTcpipSetup to properly validate the length of input data. An attacker could exploit this vulnerability to cause a denial of service

A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via goform/formWPS, allows remote authenticated users to trigger a denial of service (DoS) through the parameter "webpage.". D-Link Systems, Inc. of DIR-619L Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. The D-Link DIR-619L is a wireless router designed for home and small office environments. It implements the IEEE 802.11n standard and offers a maximum transmission rate of 300Mbps. The D-Link DIR-619L suffers from a buffer overflow vulnerability. This vulnerability stems from the failure of the goform/formWPS parameter webpage to properly validate the length of input data. An attacker could exploit this vulnerability to cause a denial of service

Cross Site Scripting vulnerability in TOTOLINK X2000R before v1.0.0-B20231213.1013 allows a remote attacker to execute arbitrary code via the Guest Access Control parameter in the Wireless Page. TOTOLINK of x2000r The firmware contains a vulnerability related to improper parameter handling.Information may be obtained and information may be tampered with. The TOTOLINK X2000R is a WiFi 6 wireless router launched by TOTOLINK, a Chinese electronics company. It supports gigabit networks and EasyMesh functionality, and features multi-device connectivity and wireless extension capabilities. The TOTOLINK X2000R contains a cross-site scripting (XSS) vulnerability. This vulnerability stems from the application's lack of effective filtering and escaping of user-provided data. Attackers can exploit this vulnerability to inject a carefully crafted payload to execute arbitrary web scripts or HTML

TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a hardcoded password for root at /etc/shadow.sample. TOTOLINK of EX200 A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX200 is a 2.4G wireless N range extender from China's TOTOLINK Electronics. It is designed to expand the coverage of existing Wi-Fi networks and eliminate "blind spots". Attackers can use this vulnerability to log in as the root account