VARIoT IoT vulnerabilities database
| VAR-202312-2638 | CVE-2023-51133 | TOTOLINK of x2000r Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRoute. TOTOLINK of x2000r An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK X2000R is a wireless router produced by China's TOTOLINK Electronics.
TOTOLINK X2000R has a buffer overflow vulnerability. The vulnerability is caused by the function formRoute failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202312-2498 | CVE-2023-6998 | CoolKit Technology multiple of OS for eWeLink Vulnerability in |
CVSS V2: - CVSS V3: 7.7 Severity: HIGH |
Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass.This issue affects eWeLink before 5.2.0. CoolKit Technology multiple of OS for eWeLink Exists in unspecified vulnerabilities.Information may be obtained and information may be tampered with
| VAR-202312-2583 | CVE-2023-34829 | TP-LINK Technologies of tapo Vulnerability in plaintext transmission of important information in |
CVSS V2: - CVSS V3: 6.5 Severity: MEDIUM |
Incorrect access control in TP-Link Tapo before v3.1.315 allows attackers to access user credentials in plaintext. TP-LINK Technologies of tapo Contains a vulnerability in the transmission of important information in clear text.Information may be obtained
| VAR-202312-2736 | No CVE | Ruijie EG2000UE has an information leakage vulnerability (CNVD-2023-97847) |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Beijing Xingwang Ruijie Network Technology Co., Ltd. is a professional network manufacturer with a full range of network equipment product lines and solutions including switches, routers, software, security firewalls, wireless products, storage, etc.
Ruijie EG2000UE has an information leakage vulnerability that allows attackers to obtain sensitive server information.
| VAR-202312-2782 | CVE-2023-40038 |
CVSS V2: - CVSS V3: 8.8 Severity: HIGH |
Arris DG860A and DG1670A devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. (They use the first 6 characters of the SSID and the last 6 characters of the BSSID, decrementing the last digit.)
| VAR-202312-1260 | CVE-2023-51102 |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formWifiMacFilterSet.
| VAR-202312-2313 | CVE-2023-51101 | Tenda W9 formSetUplinkInfo method buffer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formSetUplinkInfo. Tenda W9 is a wireless in-wall access point from China's Tenda Company. This vulnerability is caused by the formSetUplinkInfo method failing to correctly verify the length of the input data. A remote attacker can use this vulnerability to execute arbitrary code on the system or cause a denial of Service attacks
| VAR-202312-1437 | CVE-2023-51100 |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formGetDiagnoseInfo .
| VAR-202312-1106 | CVE-2023-51099 |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formexeCommand .
| VAR-202312-1773 | CVE-2023-51098 |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formSetDiagnoseInfo .
| VAR-202312-2145 | CVE-2023-51097 |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formSetAutoPing.
| VAR-202312-1774 | CVE-2023-51094 | Tenda M3 TendaTelnet method command execution vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda M3 V1.0.0.12(4856) was discovered to contain a Command Execution vulnerability via the function TendaTelnet. Tenda M3 is an access control controller produced by China Tenda Company. This vulnerability is caused by the failure of the TendaTelnet method to correctly filter special characters and commands in constructed commands
| VAR-202312-1592 | CVE-2023-51093 |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function fromSetLocalVlanInfo.
| VAR-202312-0938 | CVE-2023-51092 | Tenda M3 upgrade method buffer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function upgrade. Tenda M3 is an access control controller produced by China Tenda Company. This vulnerability is caused by the upgrade method failing to correctly verify the length of the input data. A remote attacker can use this vulnerability to execute arbitrary code on the system or cause a denial of service. attack
| VAR-202312-1107 | CVE-2023-51091 |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function R7WebsSecurityHandler.
| VAR-202312-1775 | CVE-2023-51090 |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function formGetWeiXinConfig.
| VAR-202312-1438 | CVE-2023-51095 | Tenda M3 formDelWlRfPolicy method buffer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function formDelWlRfPolicy. Tenda M3 is an access control controller produced by China Tenda Company. This vulnerability is caused by the formDelWlRfPolicy method failing to correctly verify the length of the input data. A remote attacker can use this vulnerability to execute arbitrary code on the system or cause a denial of service. attack
| VAR-202312-0781 | CVE-2023-49954 |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address.
| VAR-202312-0729 | CVE-2023-7095 | TOTOLINK of A7100RU Classic buffer overflow vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
A vulnerability, which was classified as critical, has been found in Totolink A7100RU 7.4cu.2313_B20191024. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248942 is the identifier assigned to this vulnerability. TOTOLINK of A7100RU Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A7100RU is a wireless router made by China Zeon Electronics (TOTOLINK) Company. The vulnerability is caused by the failure of the parameter flag in the file /cgi-bin/cstecgi.cgi?action=login to correctly verify the length of the input data. A remote attacker can exploit this vulnerability. The vulnerability could execute arbitrary code on the system or lead to a denial of service attack
| VAR-202312-1968 | CVE-2023-5962 | plural Moxa Inc. Vulnerabilities in the use of cryptographic algorithms in products |
CVSS V2: 6.8 CVSS V3: 6.5 Severity: MEDIUM |
A weak cryptographic algorithm vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. This vulnerability can help an attacker compromise the confidentiality of sensitive data. This vulnerability may lead an attacker to get unexpected authorization. ioLogik e1210 firmware, ioLogik e1211 firmware, ioLogik e1212 firmware etc. Moxa Inc. The product contains vulnerabilities in the use of cryptographic algorithms.Information may be obtained. MOXA ioLogik E1200 Series is a series of general-purpose controllers and I/O devices from China's MOXA company.
MOXA ioLogik E1200 Series has an encryption vulnerability that can be exploited by attackers to obtain sensitive information