VARIoT IoT vulnerabilities database

A security vulnerability has been detected in Tenda AC18 15.03.05.19. The impacted element is an unknown function of the file /goform/AdvSetLanip. The manipulation of the argument lanIp leads to command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC18 The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. in July 2016, primarily for villas and large homes. The Tenda AC18 suffers from a command injection vulnerability caused by improper handling of the lanIp parameter by an unknown function in the /goform/AdvSetLanip file. Detailed vulnerability details are currently unavailable

A weakness has been identified in Tenda AC8 16.03.34.06. The affected element is the function formSetServerConfig of the file /goform/SetServerConfig. Executing manipulation can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited. Shenzhen Tenda Technology Co.,Ltd. of AC18 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda AC8 is a dual-gigabit wireless router designed for fiber-optic homes with speeds up to 1000 Mbps. It supports IPv6 and features intelligent network management. The Tenda AC8 suffers from a buffer overflow vulnerability caused by a failure to perform bounds checks on input data in the formSetServerConfig function in the /goform/SetServerConfig file. This vulnerability could allow an attacker to execute arbitrary code or cause the system to crash

A vulnerability was determined in Tenda CH22 1.0.0.1. This vulnerability affects the function formWrlExtraGet of the file /goform/GstDhcpSetSer. This manipulation of the argument dips causes buffer overflow. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. Shenzhen Tenda Technology Co.,Ltd. of ch22 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability could allow an attacker to execute arbitrary code or cause service interruption

A vulnerability was identified in D-Link DIR-823X 250416. This affects the function uci_set of the file /goform/set_wifi_blacklists. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used. D-Link Corporation of DIR-823X The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DIR-823X is a wireless router manufactured by D-Link, a Chinese company. The D-Link DIR-823X suffers from a command injection vulnerability that could allow an attacker to remotely execute commands

A vulnerability was determined in D-Link DIR-823X 250416. The impacted element is the function uci_del of the file /goform/delete_prohibiting. This manipulation of the argument delvalue causes command injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. D-Link Corporation of DIR-823X The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DIR-823X is a wireless router from D-Link, a Chinese company. The D-Link DIR-823X suffers from a command injection vulnerability caused by incorrect operation of the parameter delvalue in the uci_del function in the file /goform/delete_prohibiting

A vulnerability was found in D-Link DIR-823X 250416. The affected element is an unknown function of the file /goform/set_wifi_blacklists. The manipulation of the argument macList results in command injection. The attack may be performed from remote. The exploit has been made public and could be used. D-Link Corporation of DIR-823X The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DIR-823X is a wireless router from D-Link, a Chinese company. The D-Link DIR-823X suffers from a command injection vulnerability caused by incorrect operation of the macList parameter in the file /goform/set_wifi_blacklists. This vulnerability can be exploited by an attacker to cause remote command injection

A vulnerability has been found in D-Link DIR-823X 250416. Impacted is an unknown function of the file /goform/set_device_name. The manipulation of the argument mac leads to command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. D-Link Corporation of DIR-823X The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DIR-823X is a wireless router from D-Link, a Chinese company. This vulnerability could allow an attacker to remotely inject commands

A flaw has been found in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/diag_traceroute. Executing manipulation of the argument target_addr can lead to command injection. The attack can be executed remotely. The exploit has been published and may be used. D-Link Corporation of DIR-823X The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DIR-823X is a wireless router from D-Link, a Chinese company. This vulnerability could allow an attacker to remotely inject commands

A vulnerability was detected in D-Link DIR-823X 250416. This vulnerability affects unknown code of the file /goform/delete_offline_device. Performing manipulation of the argument delvalue results in command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. D-Link Corporation of DIR-823X The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DIR-823X is a wireless router from D-Link, a Chinese company

A weakness has been identified in D-Link DIR-823X 250416. Affected by this issue is the function sub_412E7C of the file /goform/set_switch_settings. This manipulation of the argument port causes command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. D-Link Corporation of DIR-823X The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DIR-823X is a wireless router manufactured by D-Link, a Chinese company

A security flaw has been discovered in Tenda AC21 up to 16.03.08.16. Affected by this vulnerability is the function sscanf of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be exploited. Shenzhen Tenda Technology Co.,Ltd. of ac21 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

An issue was discovered in DIR-823 firmware 20250416. There is an RCE vulnerability in the set_cassword settings interface, as the http_casswd parameter is not filtered by '&'to allow injection of reverse connection commands. D-Link Corporation of DIR-823X Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DIR-823X is a wireless router from D-Link, a Chinese company. An attacker could exploit this vulnerability to cause code execution

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1458_B20250708. TOTOLINK of x6000r The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK X6000R is a wireless router from TOTOLINK. TOTOLINK X6000R V9.4.0cu.1458_B20250708 and earlier versions contain an operating system command injection vulnerability. This vulnerability stems from a failure to properly sanitize special elements in user input. An attacker could exploit this vulnerability to execute arbitrary operating system commands

A NULL pointer dereference in TOTOLINK N600R firmware v4.3.0cu.7866_B2022506 allows attackers to cause a Denial of Service. The TOTOLINK N600R is a dual-band wireless router released by the Korean brand TOTOLINK in 2013. It supports concurrent operation on the 2.4GHz and 5GHz bands and offers a maximum wireless transmission rate of 300Mbps

The MOXA NPort 5230 is an industrial-grade serial communication server, belonging to the category of electronic and industrial equipment. A vulnerability exists in the MOXA NPort 5230 developed by MOXA Technology (Shanghai) Co., Ltd., allowing attackers to obtain sensitive information.

Improper Input Validation vulnerability in TOTOLINK X6000R allows Command Injection, File Manipulation.This issue affects X6000R: through V9.4.0cu.1360_B20241207. (DoS) It may be in a state. The TOTOLINK X6000R, a wireless router released by China's TOTOLINK Electronics, supports Wi-Fi 6 technology, offering high concurrent connections and dual-band transmission capabilities

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1360_B20241207. TOTOLINK of x6000r The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK X6000R, a wireless router released by China's TOTOLINK Electronics, supports Wi-Fi 6 technology, offering high concurrent connections and dual-band transmission capabilities. Detailed vulnerability details are currently unavailable

A vulnerability in the access control list (ACL) processing of IPv4 packets of Cisco SD-WAN vEdge Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to the improper enforcement of the implicit deny all at the end of a configured ACL. An attacker could exploit this vulnerability by attempting to send unauthorized traffic to an interface on an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device. Cisco SD-WAN vEdge is a router manufactured by Cisco Systems, Inc

Information disclosure when UE receives the RTP packet from the network, while decoding and reassembling the fragments from RTP packet. sm8750 firmware, sm8750p firmware, SM8850 A buffer over-read vulnerability exists in firmware and other parts of multiple Qualcomm products.Information is obtained and service operation is interrupted (DoS) It may be in a state

Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics, INC. of cncsoft-g2 Exists in a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DPAX files in the DOPSoft component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. Delta Electronics CNCSoft-G2 suffers from a stack buffer overflow vulnerability due to improper memory buffer manipulation restrictions