VARIoT IoT vulnerabilities database

A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. This action is allowed without proper authentication verification

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the function setWiFiEasyGuestCfg. TOTOLINK of a3700r A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3700R is a wireless router produced by China's TOTOLINK Electronics. TOTOLINK A3700R has a buffer overflow vulnerability. The vulnerability is caused by the failure of ssid5g to correctly verify the length of the input data in the setWiFiEasyGuestCfg function. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via eport in the function setIpPortFilterRules. TOTOLINK of a3700r A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3700R is a wireless router from China's TOTOLINK Electronics. There is a buffer overflow vulnerability in the TOTOLINK A3700R V9.1.2u.6165_20211012 version. The vulnerability is caused by the failure of eport to correctly verify the length of the input data in the function setIpPortFilterRules. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the function setWizardCfg. TOTOLINK of a3700r Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3700R is a wireless router produced by China's TOTOLINK Electronics. TOTOLINK A3700R has a buffer overflow vulnerability. The vulnerability is caused by the failure of ssid5g to correctly verify the length of the input data in the setWizardCfg function. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow via the submit-url parameter at /formNewSchedule. TRENDnet of TEW-814DAP A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TRENDnet TEW-814DAP is a wireless access point from the US company TRENDnet. This vulnerability stems from the failure to properly validate the length of input data in the submit-url parameter at /formNewSchedule. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiBasicCfg. TOTOLINK of a3700r Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3700R is a wireless router produced by China's TOTOLINK Electronics. TOTOLINK A3700R has a buffer overflow vulnerability. The vulnerability is caused by the ssid in the setWiFiBasicCfg function failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiEasyCfg. TOTOLINK of a3700r A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3700R is a wireless router produced by China's TOTOLINK Electronics. TOTOLINK A3700R has a buffer overflow vulnerability. The vulnerability is caused by the ssid in the setWiFiEasyCfg function failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiGuestCfg. TOTOLINK of a3700r A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3700R is a wireless router produced by China's TOTOLINK Electronics. TOTOLINK A3700R has a stack buffer overflow vulnerability. The vulnerability is caused by the ssid in the setWiFiGuestCfg function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the password parameter in function loginAuth . TOTOLINK of a3700r Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3700R is a wireless router produced by China's TOTOLINK Electronics. TOTOLINK A3700R has a buffer overflow vulnerability. The vulnerability is caused by the password parameter in the loginAuth function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the File parameter in function UploadCustomModule. TOTOLINK of a3700r A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3700R is a wireless router produced by China's TOTOLINK Electronics. TOTOLINK A3700R has a buffer overflow vulnerability. The vulnerability is caused by the File parameter in the UploadCustomModule function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

D-Link DIR-605L v2.13B01 was discovered to contain a hardcoded password vulnerability in /etc/passwd, which allows attackers to log in as root. D-Link Systems, Inc. of DIR-605L A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-605L is a wireless router from D-Link, a Chinese company

Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal audit REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing potential unauthorized access and modification of application data. Dell's secure connect gateway for, SQL There is an injection vulnerability.Information may be obtained and information may be tampered with

Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal assets REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing potential unauthorized access and modification of application data. Dell's secure connect gateway for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources. Dell's secure connect gateway Exists in unspecified vulnerabilities.Information may be obtained

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for internal email and collection settings REST APIs (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state. Dell's secure connect gateway Exists in unspecified vulnerabilities.Information may be obtained and information may be tampered with

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal maintenance REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state. Dell's secure connect gateway Exists in unspecified vulnerabilities.Information may be obtained and information may be tampered with

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state. Dell's secure connect gateway Exists in unspecified vulnerabilities.Information may be obtained and information may be tampered with

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal enable REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain Internal APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state. Dell's secure connect gateway Exists in unspecified vulnerabilities.Information may be obtained and information may be tampered with

Fuji Electric Tellus Lite V-Simulator is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code. (DoS) It may be in a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of V9 files by the V-Simulator 6 module. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process

Fuji Electric Tellus Lite V-Simulator is vulnerable to an out-of-bounds write, which could allow an attacker to manipulate memory, resulting in execution of arbitrary code. (DoS) It may be in a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of X1 files by the V-Simulator 6 module. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process