VARIoT IoT vulnerabilities database

A vulnerability was found in Tenda TX9 22.03.02.10. It has been rated as critical. Affected by this issue is the function sub_42BD7C of the file /goform/SetLEDCfg. The manipulation of the argument time leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-261854 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. of tx9 pro An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the time parameter of the sub_42BD7C method of the /goform/SetLEDCfg file failing to correctly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

A vulnerability was found in Tenda W15E 15.11.0.14. It has been rated as critical. This issue affects the function formIPMacBindModify of the file /goform/modifyIpMacBind. The manipulation of the argument IPMacBindRuleId/IPMacBindRuleIp/IPMacBindRuleMac/IPMacBindRuleRemark leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261863. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. of W15E An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the IPMacBindRuleId/IPMacBindRuleIp/IPMacBindRuleMac/IPMacBindRuleRemark parameters of the formIPMacBindModify method of the /goform/modifyIpMacBind file failing to correctly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

A vulnerability classified as critical has been found in Tenda AC8 16.03.34.09. Affected is the function fromAdvSetMacMtuWan of the file /goform/AdvSetMacMtuWan. The manipulation of the argument wanMTU/wanSpeed/cloneType/mac/serviceName/serverName leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261792. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of AC8 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC8 is a router device that provides network connection and data transmission functions. No detailed vulnerability details are provided at present

A vulnerability was found in Tenda AC8 16.03.34.09. It has been rated as critical. This issue affects the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261791. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. of AC8 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC8 is a router product, mainly used for home and small office network connections. There is a stack buffer overflow vulnerability in the formSetRebootTimer function of the /goform/SetRebootTimer file in Tenda AC8 version 16.03.34.09. An attacker can exploit this vulnerability to remotely manipulate the rebootTime parameter and execute arbitrary code

A vulnerability was found in Tenda AC8 16.03.34.09. It has been declared as critical. This vulnerability affects the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-261790 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. of AC8 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. AC8 is a wireless router device that provides network connection and wireless management functions. The vulnerability is caused by improper processing of password parameters. Attackers can exploit this vulnerability to remotely control the device

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the page parameter in ip/goform/addressNat. Shenzhen Tenda Technology Co.,Ltd. No detailed vulnerability details are currently provided

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/addressNat. Shenzhen Tenda Technology Co.,Ltd. (DoS) It may be in a state. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the entrys parameter in ip/goform/RouteStatic. Shenzhen Tenda Technology Co.,Ltd. of fh1206 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. Attackers can exploit this vulnerability to cause a denial of service

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/RouteStatic. Shenzhen Tenda Technology Co.,Ltd. Attackers can exploit this vulnerability to cause a denial of service

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter in ip/goform/setcfm. Shenzhen Tenda Technology Co.,Ltd. (DoS) It may be in a state. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the PPPOEPassword parameter in ip/goform/QuickIndex. Shenzhen Tenda Technology Co.,Ltd. (DoS) It may be in a state. The vulnerability is caused by the PPPOEPassword parameter in ip/goform/QuickIndex failing to properly verify the length of the input data. Attackers can exploit this vulnerability to cause a denial of service

A vulnerability was found in Tenda FH1206 1.2.0.8(8155) and classified as critical. This issue affects the function fromAddressNat of the file /goform/addressNat. The manipulation of the argument entrys leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of fh1206 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. No detailed vulnerability details are provided at present

Buffer Overflow vulnerability in ARM mbed-os v.6.17.0 allows a remote attacker to execute arbitrary code via a crafted script to the hciTrSerialRxIncoming function. ARM Ltd. of Mbed OS Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Access Control under the Wireless Page. TOTOLINK of N300RT Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. The TOTOLINK N300RT is a wireless router designed primarily for home and small business users. An attacker could exploit this vulnerability by injecting a specially crafted payload to execute arbitrary web script or HTML

TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall Page. TOTOLINK of N300RT Firmware has a cross-site scripting vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK N300RT is a wireless router designed primarily for home and small business users. An attacker could exploit this vulnerability by injecting a specially crafted payload to execute arbitrary web script or HTML

TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall Page. TOTOLINK of N300RT Firmware has a cross-site scripting vulnerability.Service operation interruption (DoS) It may be in a state. The TOTOLINK N300RT is a wireless router designed primarily for home and small business users. Detailed vulnerability details are currently unavailable

TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Port Forwarding under the Firewall Page. TOTOLINK of N300RT Firmware has a cross-site scripting vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK N300RT is a wireless router designed primarily for home and small business users. The TOTOLINK N300RT suffers from a cross-site scripting vulnerability. An attacker could exploit this vulnerability by injecting a specially crafted payload to execute arbitrary web script or HTML

TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the key parameter in the setWiFiExtenderConfig function. TOTOLINK of EX200 Firmware has a cross-site scripting vulnerability.Information may be obtained. The TOTOLINK EX200 is a 2.4GHz wireless range extender from China's Jiong Electronics. It's primarily used to extend the coverage of existing Wi-Fi networks and resolve signal blind spots. Detailed vulnerability details are currently unavailable

TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the ssid parameter in the setWiFiExtenderConfig function. TOTOLINK of EX200 Firmware has a cross-site scripting vulnerability.Information may be obtained. The TOTOLINK EX200 is a 2.4GHz wireless N range extender released by China-based Jiong Electronics. It is primarily used to extend the coverage of existing Wi-Fi networks and resolve signal dead zones. This vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the ssid parameter of the setWiFiExtenderConfig method. Detailed vulnerability details are currently unavailable

Ruijie Networks, founded in 2003, is an industry-leading provider of network infrastructure and solutions. RG-UAC 6000-E50C of Beijing Xingwang Ruijie Network Technology Co., Ltd. has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.