VARIoT IoT vulnerabilities database

An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the IP parameter of the setDiagnosisCfg component. TOTOLINK of x6000r Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK X6000R is a wireless router made by China Zeon Electronics (TOTOLINK) Company. TOTOLINK X6000R has a command execution vulnerability. The vulnerability stems from the failure of the IP parameter of the setDiagnosisCfg component to correctly filter special characters, commands, etc. in the constructed command. An attacker could exploit this vulnerability to cause arbitrary command execution

In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. TOTOLINK X6000R is a wireless router launched by China Jiong Electronics. It supports WiFi 6 technology and has high concurrent connection and dual-band transmission functions. TOTOLINK X6000R has a command execution vulnerability. The vulnerability is caused by the failure of the url parameter of the sub_4119A0 function to properly filter the special characters and commands of the constructed command. Attackers can exploit this vulnerability to execute arbitrary commands

In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. TOTOLINK of x6000r The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK X6000R is a wireless router launched by China Jiong Electronics. It supports WiFi 6 technology and has high concurrent connection and dual-band transmission functions. TOTOLINK X6000R has a command execution vulnerability. The vulnerability is caused by the interval parameter of the sub_4119A0 function failing to properly filter special characters and commands in the constructed command. Attackers can exploit this vulnerability to execute arbitrary commands

Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/WifiMacFilterSet. Shenzhen Tenda Technology Co.,Ltd. of i6 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda i6 is a wireless access point from the Chinese company Tenda. The vulnerability is caused by a boundary error in the component /goform/WifiMacFilterSet when processing untrusted input. A remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. TOTOLINK X6000R is a wireless router made by China Zeon Electronics (TOTOLINK) Company. TOTOLINK X6000R V9.4.0cu.852_B20230719 version has a command execution vulnerability. The vulnerability is caused by the informEnable parameter of the sub_4119A0 function failing to correctly filter special characters, commands, etc. in the constructed command. An attacker could exploit this vulnerability to cause arbitrary command execution

Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the function is running. Mitsubishi Electric's GX Works2 There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Mitsubishi Electric GX Works2 is a programmable controller from Mitsubishi Electric of Japan

In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. TOTOLINK X6000R is a wireless router made by China Zeon Electronics (TOTOLINK) Company. TOTOLINK X6000R V9.4.0cu.852_B20230719 version has a command execution vulnerability. The vulnerability is caused by the failure of the user parameter of the sub_4119A0 function to correctly filter special characters, commands, etc. in the constructed command. An attacker could exploit this vulnerability to cause arbitrary command execution

In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. TOTOLINK X6000R is a wireless router launched by China Jiong Electronics. It supports WiFi 6 technology and has high concurrent connection and dual-band transmission functions. TOTOLINK X6000R has a command execution vulnerability. The vulnerability is caused by the stun_user parameter of the sub_4119A0 function failing to properly filter special characters and commands in the constructed command. Attackers can exploit this vulnerability to execute arbitrary commands

Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/wifiSSIDget. Shenzhen Tenda Technology Co.,Ltd. of i6 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda i6 is a wireless access point from the Chinese company Tenda. The vulnerability is caused by a boundary error in the component /goform/wifiSSIDget when processing untrusted input. A remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. TOTOLINK X6000R is a wireless router launched by China Jiong Electronics. It supports WiFi 6 technology and has high concurrent connection and dual-band transmission functions. TOTOLINK X6000R has a command execution vulnerability. The vulnerability is caused by the requestUser parameter of the sub_4119A0 function failing to properly filter special characters and commands in the constructed command. Attackers can exploit this vulnerability to execute arbitrary commands

In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function that when passed to the CsteSystem function creates a command execution vulnerability. TOTOLINK X6000R is a wireless router made by China Zeon Electronics (TOTOLINK) Company. There is a security vulnerability in TOTOLINK X6000R shttpd sub_4119A0. A remote attacker can use this vulnerability to submit special requests and execute arbitrary commands in the application context

In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function that when passed to the CsteSystem function creates a command execution vulnerability. X6000R is a wireless router made by China's TOTOLINK company. Zeon Electronics (Shenzhen) Co., Ltd. X6000R shttpd CsteSystem has a security vulnerability. Remote attackers can use this vulnerability to submit special requests and execute arbitrary commands in the application context

Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the function is running. Mitsubishi Electric's GX Works2 There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Mitsubishi Electric GX Works2 is a programmable controller of Mitsubishi Electric Corporation of Japan

In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. TOTOLINK X6000R is a wireless router made by China Zeon Electronics (TOTOLINK) Company. TOTOLINK X6000R V9.4.0cu.852_B20230719 version has a command execution vulnerability. The vulnerability is caused by the enable parameter of the sub_4119A0 function failing to correctly filter special characters, commands, etc. in the constructed command. An attacker could exploit this vulnerability to cause arbitrary command execution

In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. TOTOLINK of x6000r The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK X6000R is a wireless router launched by China Jiong Electronics. It supports WiFi 6 technology and has high concurrent connection and dual-band transmission functions. TOTOLINK X6000R has a command execution vulnerability. The vulnerability is caused by the pass parameter of the sub_4119A0 function failing to properly filter special characters and commands in the constructed command. Attackers can exploit this vulnerability to execute arbitrary commands

Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGuestBasic. Tenda AC10 is a wireless router made by China Tenda Company. Tenda AC10 has a buffer overflow vulnerability. This vulnerability is caused by the failure of the shareSpeed ​​parameter of the fromSetWifiGuestBasic function to correctly verify the length of the input data. A remote attacker can use this vulnerability to execute arbitrary code on the system or cause a denial of service attack

Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the time parameter in the function compare_parentcontrol_time. Tenda AC10 is a wireless router made by China Tenda Company. This vulnerability is caused by the time parameter of the compare_parentcontrol_time function failing to correctly verify the length of the input data. A remote attacker can use this vulnerability to execute arbitrary code on the system or cause Denial of service attack

Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the urls parameter in the function get_parentControl_list_Info.

Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the firewallEn parameter in the function SetFirewallCfg. Tenda AC10 is a wireless router made by China Tenda Company. Tenda AC10 has a buffer overflow vulnerability. This vulnerability is caused by the failure of the firewallEn parameter of the SetFirewallCfg function to correctly verify the length of the input data. A remote attacker can use this vulnerability to execute arbitrary code on the system or cause a denial of service attack

Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the src parameter in the function sub_47D878. Tenda AC10 is a wireless router made by China Tenda Company. Tenda AC10 has a buffer overflow vulnerability. This vulnerability is caused by the failure of the src parameter of the sub_47D878 function to correctly verify the length of the input data. A remote attacker can use this vulnerability to execute arbitrary code on the system or cause a denial of service attack