VARIoT IoT vulnerabilities database

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.3, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted requests.. fortinet's FortiSandbox for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `action` parameter at offset `0x422448` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115. TP-LINK Technologies of EAP225 firmware and EAP115 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TP-LINK AC1350 is a router from China's TP-LINK company

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `action` parameter at offset `0x0045ab38` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225. TP-LINK Technologies of EAP225 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TP-LINK AC1350 is a router from China's TP-LINK company

A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP115(V4) 5.0.4 Build 20220216 of the N300 Wireless Gigabit Access Point. TP-LINK Technologies of EAP225 firmware and EAP115 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TP-LINK AC1350/N300 is a router from TP-LINK of China

A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP225(V3) 5.1.0 Build 20220926 of the AC1350 Wireless MU-MIMO Gigabit Access Point. TP-LINK Technologies of EAP225 firmware and EAP115 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TP-LINK AC1350/N300 is a router from TP-LINK of China. TP-LINK AC1350 and TP-LINK N300 have a command injection vulnerability. The vulnerability is caused by the tddpd enable_test_mode function failing to properly filter special characters and commands in constructing commands

A denial of service vulnerability exists in the TDDP functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of network requests can lead to reset to factory settings. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability. TP-LINK Technologies of EAP225 There are unspecified vulnerabilities in the firmware.Service operation interruption (DoS) It may be in a state. TP-LINK AC1350 is a router from China's TP-LINK company

A memory corruption vulnerability exists in the web interface functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted HTTP POST request can lead to denial of service of the device's web interface. An attacker can send an unauthenticated HTTP POST request to trigger this vulnerability. TP-LINK Technologies of EAP225 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. TP-LINK AC1350 is a router from China's TP-LINK company

An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.2, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions, FortiSandbox 2.5 all versions, FortiSandbox 2.4 all versions, FortiSandbox 2.3 all versions, FortiSandbox 2.2 all versions, FortiSandbox 2.1 all versions, FortiSandbox 2.0 all versions allows attacker to execute unauthorized code or commands via CLI. fortinet's FortiSandbox Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.2, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.0.5 through 3.0.7 allows attacker to execute unauthorized code or commands via CLI. fortinet's FortiSandbox for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiSandbox is an APT (Advanced Persistent Threat) protection device from Fortinet. The device provides dual sandbox technology, dynamic threat intelligence system, real-time control panel and reporting. Fortinet FortiSandbox has an operating system command injection vulnerability, which is caused by an operating system command injection vulnerability

A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC04), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 1), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 16), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products do not properly validate the input provided in the login dialog box. An attacker could leverage this vulnerability to cause a persistent denial of service condition. SIMATIC PCS 7 is a process control system. SIMATIC WinCC is an automated supervisory control and data acquisition (SCADA) system. SIMATIC WinCC Runtime Professional is a visualization runtime platform for operators to control and monitor machines and equipment

SAP NetWeaver application, due to insufficient input validation, allows an attacker to send a crafted request from a vulnerable web application targeting internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability. Thus, having a low impact on confidentiality. SAP of SAP NetWeaver Contains a server-side request forgery vulnerability.Information may be obtained

In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getSysStatusCfg. TOTOLINK of EX200 Firmware has an information disclosure vulnerability.Information may be obtained. The TOTOLINK EX200 is a wireless N range extender developed by China's TOTOLINK Electronics. It is primarily used to extend the coverage of existing Wi-Fi networks and resolve signal dead zones. The TOTOLINK EX200 has an information leakage vulnerability due to improper device permission management

In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getEasyWizardCfg. TOTOLINK of EX200 Firmware has an information disclosure vulnerability.Information may be obtained. The TOTOLINK EX200 is a 2.4GHz wireless N range extender released by China-based Jiong Electronics. It is primarily used to extend the coverage of existing Wi-Fi networks and resolve signal blind spots

In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the configuration file without authorization through /cgi-bin/ExportSettings.sh. TOTOLINK of EX200 An authentication bypass vulnerability exists in firmware with user-controlled keys.Information may be obtained and information may be tampered with. The TOTOLINK EX200 is a wireless N range extender developed by China's TOTOLINK Electronics. It is primarily used to extend the coverage of existing Wi-Fi networks and resolve signal dead zones. The TOTOLINK EX200 has a security vulnerability caused by improper interface permission management

TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to bypass login through the Form_Login function. TOTOLINK of EX200 The firmware contains an authentication bypass vulnerability using alternate paths or channels.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK EX200 is a wireless N range extender developed by China's TOTOLINK Electronics. It's primarily used to extend the coverage of existing Wi-Fi networks and resolve signal dead zones. Detailed vulnerability details are currently unavailable

TOTOLINK EX200 V4.0.3c.7646_B20201211 does not contain an authentication mechanism by default. TOTOLINK of EX200 A lack of authentication vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK EX200 is a wireless N range extender manufactured by China's TOTOLINK Electronics. It's primarily used to extend the coverage of existing Wi-Fi networks and resolve signal dead zones. Detailed vulnerability details are currently unavailable

In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getWiFiExtenderConfig. TOTOLINK of EX200 The firmware contains a special element sanitization vulnerability.Information may be obtained. The TOTOLINK EX200 is a wireless N range extender developed by China's TOTOLINK Electronics. It is primarily used to extend the coverage of existing Wi-Fi networks and resolve signal dead zones. The TOTOLINK EX200 has an information leakage vulnerability due to improper permission management

TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the langType parameter in the setLanguageCfg function. TOTOLINK of EX200 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK EX200 is a wireless N range extender developed by China's TOTOLINK Electronics. It is primarily used to extend the coverage of existing Wi-Fi networks and resolve signal dead zones. An attacker could exploit this vulnerability to execute arbitrary code

TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the FileName parameter in the setUpgradeFW function. TOTOLINK of EX200 The firmware contains a special element sanitization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK EX200 is a wireless N range extender developed by China's TOTOLINK Electronics. It is primarily used to extend the coverage of existing Wi-Fi networks and resolve signal dead zones. An attacker could exploit this vulnerability to execute arbitrary code

TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the webWlanIdx parameter in the setWebWlanIdx function. TOTOLINK of EX200 The firmware contains a vulnerability related to improper parameter handling.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK EX200 is a wireless N range extender developed by China's TOTOLINK Electronics. It is primarily used to extend the coverage of existing Wi-Fi networks and resolve signal dead zones. An attacker could exploit this vulnerability to execute arbitrary code