VARIoT IoT vulnerabilities database

Controller denial of service due to improper handling of a specially crafted message received by the controller. See Honeywell Security Notification for recommendations on upgrading and versioning. Honeywell Experion Server is a high-performance industrial control system server from Honeywell, USA, mainly used in the Experion Process Knowledge System (PKS) platform. Honeywell Experion Server has a denial of service vulnerability. Attackers can exploit this vulnerability to cause the controller to deny service

Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability via the timeZone parameter in the formSetTimeZone function. Shenzhen Tenda Technology Co.,Ltd. of ac500 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. Tenda AC500 is a wireless controller device designed for small and medium-sized enterprises, supporting cross-VLAN management of wireless networks. Attackers can exploit this vulnerability to cause a denial of service

Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability via the vlan parameter in the formSetVlanInfo function. Shenzhen Tenda Technology Co.,Ltd. of ac500 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC500 is a wireless controller device designed for small and medium-sized enterprises, supporting cross-VLAN management of wireless networks. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Tenda AC10 v4.0 V16.03.10.13 and V16.03.10.20 firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting function. Shenzhen Tenda Technology Co.,Ltd. of AC10 A stack-based buffer overflow vulnerability exists in the firmware.Information may be obtained and information may be tampered with. Tenda A18 is a dual-band Gigabit wireless router, mainly for 200M and above fiber users. Tenda AC10 has a buffer overflow vulnerability, which is caused by the adslPwd parameter of the formWanParameterSetting method failing to correctly verify the length of the input data. No detailed vulnerability details are currently provided

Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability in the fromDhcpListClient function. Shenzhen Tenda Technology Co.,Ltd. of ac500 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. Tenda AC500 is a wireless controller device designed for small and medium-sized enterprises, supporting cross-VLAN management of wireless networks. Tenda AC500 has a buffer overflow vulnerability, which stems from the failure of the list1 parameter of the fromDhcpListClient method to properly verify the length of the input data. Attackers can exploit this vulnerability to cause a denial of service

Tenda AC500 V2.0.1.9(1307) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter. Shenzhen Tenda Technology Co.,Ltd. Tenda AC500 is a wireless controller device designed for small and medium-sized enterprises, supporting cross-VLAN management of wireless networks. No detailed vulnerability details are currently available

Tenda A18 v15.03.05.05 firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function. Shenzhen Tenda Technology Co.,Ltd. of A18 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda A18 is a dual-band wireless signal extender designed for duplexes, villas and large apartments over 120 square meters. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Tenda AC15 v15.03.20_multi, v15.03.05.19, and v15.03.05.18 firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function. Shenzhen Tenda Technology Co.,Ltd. of AC15 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A Buffer Overflow vulnerability in Tenda AC500 v.2.0.1.9 allows a remote attacker to cause a denial of service via the port parameter at the goform/setVlanInfo component. Shenzhen Tenda Technology Co.,Ltd. of ac500 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. Tenda AC500 is a wireless controller device designed for small and medium-sized enterprises, supporting cross-VLAN management of wireless networks

Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting function. Shenzhen Tenda Technology Co.,Ltd. of FH1202 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda FH1202 is a dual-band wireless router launched by Tenda, supporting 2.4GHz and 5GHz bands, with a total transmission rate of 1200Mbps. Tenda FH1202 has a buffer overflow vulnerability, which stems from the fact that the adslPwd parameter of the formWanParameterSetting method fails to correctly verify the length of the input data. Attackers can exploit this vulnerability to cause a denial of service

Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting function. Shenzhen Tenda Technology Co.,Ltd. of fh1203 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda FH1203 is a dual-band wireless router released by China's Tenda Corporation, primarily used for home network coverage. This vulnerability stems from the adslPwd parameter in the formWanParameterSetting method failing to properly validate the length of input data. An attacker could exploit this vulnerability to cause a denial of service

Tenda AC10U v1.0 Firmware v15.03.06.49 has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function. Shenzhen Tenda Technology Co.,Ltd. of ac10u A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda AC10U is a dual-band gigabit wireless router from Tenda Technology, designed for fiber optic homes with speeds of 200 Mbps and above. It supports 802.11ac dual-band technology (2.4GHz and 5GHz), with a theoretical WiFi speed of up to 867Mbps. This vulnerability stems from the fact that the PPW parameter of the `fromWizardHandle` method fails to properly validate the length of the input data. An attacker could exploit this vulnerability to cause a denial-of-service attack

Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability via the PPW parameter in the fromWizardHandle function. Shenzhen Tenda Technology Co.,Ltd. of FH1202 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda FH1202 is a dual-band wireless router launched by Tenda, supporting 2.4GHz and 5GHz bands, with a total transmission rate of 1200Mbps. Attackers can exploit this vulnerability to cause a denial of service

Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability via the PPW parameter in the fromWizardHandle function. Shenzhen Tenda Technology Co.,Ltd. of fh1203 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda FH1203 is a dual-band wireless router released by China's Tenda, primarily used for home network coverage. This vulnerability stems from the failure of the PPW parameter in the fromWizardHandle method to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service

Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in the fromDhcpListClient function. Shenzhen Tenda Technology Co.,Ltd. of w30e A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda W30E is an enterprise-grade wireless router designed for SOHO, small and micro-enterprise offices, and small shops, supporting Wi-Fi 6 technology. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Tenda W30E v1.0 V1.0.1.25(633) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter. Shenzhen Tenda Technology Co.,Ltd. (DoS) It may be in a state. The Tenda W30E is an enterprise-grade wireless router designed for SOHO, small and micro-enterprise offices, and small shops, supporting Wi-Fi 6 technology. The Tenda W30E suffers from a command injection vulnerability caused by the cmdinput parameter of the formexeCommand method failing to properly filter special characters and commands when constructing commands. An attacker could exploit this vulnerability to execute arbitrary commands

Tenda W30E v1.0 firmware v1.0.1.25(633) has a stack overflow vulnerability via the page parameter in the fromNatlimit function. Shenzhen Tenda Technology Co.,Ltd. of w30e A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda W30E is an enterprise-grade wireless router designed for SOHO, small and micro-enterprise offices, and small shops, supporting Wi-Fi 6 technology. An attacker could exploit this vulnerability to cause a denial of service

Tenda W30E v1.0 v1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in the fromAddressNat function. Shenzhen Tenda Technology Co.,Ltd. of w30e A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda W30E is an enterprise-grade wireless router designed for SOHO, small and micro-enterprise offices, and small shops, supporting Wi-Fi 6 technology. Detailed vulnerability details are currently unavailable

Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page parameter in the fromwebExcptypemanFilter function. Shenzhen Tenda Technology Co.,Ltd. of w30e A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda W30E is an enterprise-grade wireless router designed for SOHO, small and micro-enterprise offices, and small shops, supporting Wi-Fi 6 technology. An attacker could exploit this vulnerability to cause a denial of service

Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the qos parameter in the fromqossetting function. Shenzhen Tenda Technology Co.,Ltd. of w30e A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda W30E is an enterprise-grade wireless router designed for SOHO, small and micro-enterprise offices, and small shops, supporting Wi-Fi 6 technology. An attacker could exploit this vulnerability to cause a denial of service