VARIoT IoT vulnerabilities database

Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setFixTools. Shenzhen Tenda Technology Co.,Ltd. of w30e An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the failure of the setFixTools function to correctly filter special characters, commands, etc. in the constructed command. An attacker could exploit this vulnerability to cause arbitrary command execution

Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function localMsg. Shenzhen Tenda Technology Co.,Ltd. of w30e An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability is caused by the failure of the function localMsg to correctly verify the length of the input data. A remote attacker can use this vulnerability to execute arbitrary code on the system or cause a denial of service. attack

Tenda AX9 V22.03.01.46 is vulnerable to command injection. Shenzhen Tenda Technology Co.,Ltd. of ax9 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the failure of the list parameter of /goform/SetNetControlList to correctly filter special characters, commands, etc. in the constructed command. An attacker could exploit this vulnerability to cause arbitrary command execution

Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetNetControlList. Shenzhen Tenda Technology Co.,Ltd. of ax9 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability is caused by the "list" parameter of /goform/SetNetControlList failing to correctly verify the length of the input data. A remote attacker can use this vulnerability to execute arbitrary code on the system. or result in a denial of service attack

Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetVirtualServerCfg. Shenzhen Tenda Technology Co.,Ltd. of ax9 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the "list" parameter of /goform/SetVirtualServerCfg failing to correctly verify the length of the input data. A remote attacker can use this vulnerability to execute arbitrary code on the system. or result in a denial of service attack

Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'deviceList' parameter at /goform/setMacFilterCfg. Shenzhen Tenda Technology Co.,Ltd. of ax9 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability is caused by the "deviceList" parameter of /goform/setMacFilterCfg failing to correctly verify the length of the input data. A remote attacker can use this vulnerability to execute arbitrary code on the system. or result in a denial of service attack

Tenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /goform/SetOnlineDevName. Shenzhen Tenda Technology Co.,Ltd. of ax9 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. in the constructed command. An attacker could exploit this vulnerability to cause arbitrary command execution

Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetStaticRouteCfg. Shenzhen Tenda Technology Co.,Ltd. of ax9 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the "list" parameter of /goform/SetStaticRouteCfg failing to correctly verify the length of the input data. A remote attacker can use this vulnerability to execute arbitrary code on the system. or result in a denial of service attack

Tenda AX9 V22.03.01.46 was discovered to contain a SQL command injection vulnerability in the 'setDeviceInfo' feature through the 'mac' parameter at /goform/setModules. Shenzhen Tenda Technology Co.,Ltd. of ax9 The firmware has SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. There is a command execution vulnerability in Tenda AX9 V22.03.01.46. in the constructed command. An attacker could exploit this vulnerability to cause arbitrary command execution

Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList. Shenzhen Tenda Technology Co.,Ltd. of AX12 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AX12 is a dual-band Gigabit Wifi 6 wireless router from China's Tenda Company. in the constructed command. An attacker could exploit this vulnerability to cause arbitrary command execution

Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /goform/SetOnlineDevName. Shenzhen Tenda Technology Co.,Ltd. of AX12 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AX12 is a dual-band Gigabit Wifi 6 wireless router from China's Tenda Company. in the constructed command. An attacker could exploit this vulnerability to cause arbitrary command execution

Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetStaticRouteCfg. Shenzhen Tenda Technology Co.,Ltd. of AX12 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda AX12 is a dual-band Gigabit Wi-Fi 6 wireless router designed for home users. It supports dual-band concurrent transmission and achieves speeds of up to 2976 Mbps. The Tenda AX12 suffers from a buffer overflow vulnerability caused by a failure to properly validate the length of input data in the list parameter of /goform/SetStaticRouteCfg. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg . Shenzhen Tenda Technology Co.,Ltd. of AX12 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda AX12 is a dual-band Gigabit Wi-Fi 6 wireless router designed for home users. It supports dual-band concurrent transmission and achieves speeds of up to 2976 Mbps. The Tenda AX12 suffers from a buffer overflow vulnerability caused by a failure to properly validate the length of input data in the deviceList parameter at /goform/setMacFilterCfg. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg. Shenzhen Tenda Technology Co.,Ltd. of AX12 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda AX12 is a dual-band Gigabit Wi-Fi 6 wireless router designed for home users. It supports dual-band concurrent transmission and achieves speeds of up to 2976 Mbps. The Tenda AX12 suffers from a buffer overflow vulnerability caused by a failure to properly validate the length of input data in the list parameter at /goform/SetVirtualServerCfg. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

TOTOLINK A3002RU version 2.0.0-B20190902.1958 has a post-authentication RCE due to incorrect access control, allows attackers to bypass front-end security restrictions and execute arbitrary code. TOTOLINK of A3002RU An incorrect authentication vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK A3002RU is a wireless router manufactured by China's TOTOLINK Electronics. It supports a variety of network functions and services

Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass. SMA200 firmware, SMA210 firmware, SMA400 firmware etc. SonicWALL The product contains authentication vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability. SMA200 firmware, SMA210 firmware, SMA400 firmware etc. SonicWALL The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Dell OS10 Networking Switches running 10.5.2.x and above contain an Uncontrolled Resource Consumption (Denial of Service) vulnerability, when switches are configured with VLT and VRRP. A remote unauthenticated user can cause the network to be flooded leading to Denial of Service for actual network users. This is a high severity vulnerability as it allows an attacker to cause an outage of network. Dell recommends customers to upgrade at the earliest opportunity. Dell's Dell Networking OS10 Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Dell Networking OS10 is a switch made by the American company Dell

Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data. Samsung's Galaxy Store Exists in unspecified vulnerabilities.Information may be obtained. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S23 smartphones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the implementation of the samsungapps URI scheme. The issue results from a logical error when checking the safety of URIs. An attacker can leverage this vulnerability to execute code in the context of the current user

Improper URL validation from MCSLaunch deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to install APK from Galaxy Store. Samsung's Galaxy Store Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S23 smartphones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the InstantPlaysUrlUtil class. The issue results from a logical error when checking the safety of URIs. An attacker can leverage this vulnerability to execute code in the context of the current user