VARIoT IoT vulnerabilities database

HP LaserJet Pro MFP M126nw is a black and white laser all-in-one printer. HP LaserJet Pro MFP M126nw of HP Trading (Shanghai) Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to log in to the system and obtain sensitive information.

A vulnerability has been found in HDF5 up to 1.14.6 and classified as critical. This vulnerability affects the function H5F_addr_decode_len of the file /hdf5/src/H5Fint.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The HDF Group of HDF5 contains a buffer error vulnerability, a heap-based buffer overflow vulnerability, and an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. HDF5 is an open-source library for HDF. An attacker could exploit this vulnerability to cause a denial of service

A vulnerability classified as critical has been found in Netgear EX6150 1.0.0.46_1.0.76. This affects the function sub_410090. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. of netgear EX6150 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR EX6100 is a dual-band wireless extender, mainly used to enhance the coverage of existing WiFi networks, especially suitable for large rooms or signal blind spots. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability was found in Netgear EX6100 1.0.2.28_1.1.138. It has been rated as critical. Affected by this issue is the function sub_415EF8. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. of netgear EX6100 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the sub_415EF8 function failing to properly verify the length of the input data. A remote attacker can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

FH451 is a 450Mbps home wireless router launched by Tenda. Shenzhen Jixiang Tenda Technology Co., Ltd. FH451 has a binary vulnerability that can be exploited by attackers to cause a denial of service.

H3C NX54 is a Gigabit dual-band router that supports Wi-Fi 6 (802.11ax) protocol. H3C NX54 of H3C Technologies Co., Ltd. has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

HP Color LaserJet MFP M476dw is a color laser multifunction printer. HP Color LaserJet MFP M476dw of HP Trading (Shanghai) Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to log in to the system and obtain sensitive information.

HP Color LaserJet M254nw is a color laser printer. HP Color LaserJet M254nw of HP Trading (Shanghai) Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to log in to the system and obtain sensitive information.

H3C NX54 is a Gigabit dual-band router that supports Wi-Fi 6 (802.11ax) protocol. H3C NX54 of H3C Technologies Co., Ltd. has a command execution vulnerability, which can be exploited by attackers to execute commands.

L6490 is a series of printer products. Epson (China) Co., Ltd. L6490 has a logic defect vulnerability, which can be exploited by attackers to reset the password.

PX4 is an open source autopilot. PX4 has a logic flaw vulnerability that can be exploited by attackers to cause an oscillation loop, causing the device to repeatedly collide with obstacles, resulting in a denial of service.

H3C N12 is a wireless router of H3C, a Chinese company. H3C N12 of H3C Technologies Co., Ltd. has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been rated as critical. This issue affects the function formRoute of the file /boafrm/formRoute. The manipulation of the argument subnet leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of A3002R The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3002R is a wireless router produced by China's TOTOLINK Electronics Company. TOTOLINK A3002R has a stack buffer overflow vulnerability. The vulnerability is caused by the failure of the parameter subnet in the file /boafrm/formRoute to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been declared as critical. This vulnerability affects the function formWlanMultipleAP of the file /boafrm/formWlanMultipleAP. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of A3002R The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3002R is a wireless router produced by China's TOTOLINK Electronics. The vulnerability is caused by the parameter submit-url in the file /boafrm/formWlanMultipleAP failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been classified as critical. This affects the function formWlSiteSurvey of the file /boafrm/formWlSiteSurvey. The manipulation of the argument wlanif leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3002R is a wireless router from China's TOTOLINK Electronics. TOTOLINK A3002R has a command injection vulnerability, which is caused by the parameter wlanif in the file /boafrm/formWlSiteSurvey failing to properly filter special characters and commands in the constructed command. No detailed vulnerability details are currently available

Quanxun Huiju Network Technology (Beijing) Co., Ltd. was established in 2013. iKuai is the company's product brand, and iKuic is the company's overseas product brand. iKuai of Quanxun Huiju Network Technology (Beijing) Co., Ltd. has an arbitrary file read vulnerability, and attackers can exploit the vulnerability to obtain sensitive information.

H3C NX15 is a home wireless router. H3C NX15 of H3C Technologies Co., Ltd. has a command execution vulnerability, and attackers can exploit the vulnerability to execute commands.

H3C NX15 is a home wireless router. H3C NX15 of H3C Technologies Co., Ltd. has an unauthorized access vulnerability. Attackers can use this vulnerability to log in to telnet and obtain system permissions.

H3C NX15 is a home wireless router. H3C NX15 of H3C Technologies Co., Ltd. has a command execution vulnerability, and attackers can exploit the vulnerability to execute commands.

DI-8200 is an enterprise-level router from China's D-Link. D-Link DI-8200 has a command injection vulnerability that can be exploited by attackers to execute arbitrary commands.