VARIoT IoT vulnerabilities database

The Netis E3 is a Gigabit dual-band wireless router that supports MU-MIMO and Beamforming, providing high-speed Wi-Fi coverage for homes and small, medium-sized offices (SOHOs). The Netis E3, manufactured by Netis Systems Co., Ltd., contains a command execution vulnerability that could allow an attacker to gain server privileges.

The HP 2530-48G Switch (J9775A) is a 48-port Gigabit Layer 3 switch that supports PoE+, ACLs, and IPv6, providing highly reliable networks for enterprise access layers. HP Development Company, L.P. The HP 2530-48G Switch (J9775A) has an unauthorized access vulnerability that could allow an attacker to obtain sensitive information.

The Canon MF745C/746C is a color laser multifunction printer that supports printing, copying, scanning, and faxing. Canon (China) Co., Ltd.'s Canon MF745C/746C printers contain a weak password vulnerability that attackers could exploit to obtain sensitive information.

The RG-MA3063 is a home router. The RG-MA3063 router, manufactured by Beijing Star-Net Ruijie Networks Technology Co., Ltd., contains a logical flaw vulnerability that attackers could exploit to obtain sensitive information.

The Brother DCP-T536DW is a full-featured color inkjet multifunction printer. The Brother (China) Commercial Co., Ltd.'s Brother DCP-T536DW contains an unauthorized access vulnerability that could be exploited by attackers to obtain sensitive information.

The Brother (China) Commercial Co., Ltd. DCP-T730DW is a color inkjet multifunction printer that integrates printing, copying, and scanning functions. The Brother (China) Commercial Co., Ltd. DCP-T730DW contains an unauthorized access vulnerability that could be exploited by attackers to obtain sensitive information.

The MFC-T930DW is a color inkjet multifunction printer. Brother (China) Commercial Co., Ltd.'s MFC-T930DW printer contains an unauthorized access vulnerability that could be exploited by attackers to obtain sensitive information.

The DCME-720 is a next-generation high-performance internet egress gateway. The DCME-720 developed by Beijing Digital China Cloud Technology Co., Ltd. contains a command execution vulnerability, which attackers could exploit to execute arbitrary commands.

Delta Electronics DIAScreen lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics, INC. of DIAScreen Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of DPA files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure

Delta Electronics DIAScreen lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DPA files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. Delta Electronics DIAScreen is a smart machine building software developed by Delta Electronics, a Chinese company

Delta Electronics DIAScreen lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics, INC. of DIAScreen Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DPA files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure

Delta Electronics DIAScreen lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics, INC. of DIAScreen Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DPA files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the wanMTU parameter in the fromAdvSetMacMtuWan function. The Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tengda Technology Co., Ltd. in July 2016, primarily for villa and large-sized home users. This vulnerability stems from the failure of the fromAdvSetMacMtuWan function to properly validate the length of the input data in the wanMTU parameter. An attacker could exploit this vulnerability to cause a denial of service

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the cloneType parameter in the fromAdvSetMacMtuWan function. The Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tengda Technology Co., Ltd. in July 2016, primarily for villas and large homes. This vulnerability stems from the failure of the cloneType parameter in the fromAdvSetMacMtuWan function to properly validate the length of input data. An attacker could exploit this vulnerability to cause a denial of service

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the wanSpeed parameter in the fromAdvSetMacMtuWan function. Shenzhen Tenda Technology Co.,Ltd. of AC18 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. in July 2016, primarily for villa and large-sized home users. This vulnerability stems from the failure to properly validate the length of the input data for the wanSpeed parameter in the fromAdvSetMacMtuWan function. An attacker could exploit this vulnerability to cause a denial of service

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the mac parameter in the fromAdvSetMacMtuWan function. The Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tengda Technology Co., Ltd. in July 2016, primarily for villa and large-sized home users. This vulnerability stems from the failure to properly validate the length of the input data in the mac parameter in the fromAdvSetMacMtuWan function. An attacker could exploit this vulnerability to cause a denial of service

TOTOLINK X18 V9.1.0cu.2053_B20230309 was discovered to contain a command injection vulnerability via the mac parameter in the setEasyMeshAgentCfg function. TOTOLINK of x18 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK X18 is a mesh WiFi 6 router system launched by Taiwan's TOTOLINK. It supports WiFi 6 technology and optimizes home network coverage through its mesh functionality. An attacker could exploit this vulnerability to execute arbitrary commands

TOTOLINK X18 V9.1.0cu.2053_B20230309 was discovered to contain a command injection vulnerability via the agentName parameter in the setEasyMeshAgentCfg function. The TOTOLINK X18 is a mesh WiFi 6 router system launched by Taiwan's TOTOLINK. It supports WiFi 6 technology and optimizes home network coverage through its mesh functionality. An attacker could exploit this vulnerability to execute arbitrary commands

A flaw has been found in Tenda AC18 15.03.05.19. This impacts an unknown function of the file /goform/saveAutoQos. This manipulation of the argument enable causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC18 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A vulnerability was detected in Tenda AC18 15.03.05.19. This affects an unknown function of the file /goform/WizardHandle. The manipulation of the argument WANT/mtuvalue results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC18 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. in July 2016, primarily for villas and large homes. The Tenda AC18 suffers from a buffer overflow vulnerability caused by a failure to perform a valid bounds check on the WANT/mtuvalue parameter in the /goform/WizardHandle file. This vulnerability could allow an attacker to execute arbitrary code or cause the system to crash