VARIoT IoT vulnerabilities database

An information leak in debuginfo.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required. of netgear R6850 Firmware has an information disclosure vulnerability.Information may be tampered with. Netgear R6850 is a wireless router from NETGEAR

An information leak in currentsetting.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required. Netgear R6850 is a wireless router from NETGEAR

Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the c4-IPAddr parameter. of netgear R6850 A code injection vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR R6850 is a wireless router from NETGEAR. Attackers can exploit this vulnerability to cause arbitrary command execution

Tenda AX1803 v1.0.0.1 contains a stack overflow via the serverName parameter in the function fromAdvSetMacMtuWan. Shenzhen Tenda Technology Co.,Ltd. of ax1803 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Tenda AX1803 v1.0.0.1 contains a stack overflow via the serviceName parameter in the function fromAdvSetMacMtuWan. Shenzhen Tenda Technology Co.,Ltd. of ax1803 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the failure of the serviceName parameter in the function fromAdvSetMacMtuWan to correctly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

Improper verification of intent by broadcast receiver vulnerability in SmartThings prior to version 1.8.13.22 allows local attackers to access testing configuration. Samsung's SmartThings Exists in unspecified vulnerabilities.Information may be tampered with

SQL injection vulnerability exists in GetDIAE_usListParameters. Delta Electronics, INC. of DIAEnergie for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Delta Electronics DIAEnergie GetDIAE_usList has a SQL injection vulnerability, which can be exploited by attackers to view, add, modify or delete information in the backend database

Memory corruption when there is failed unmap operation in GPU. 315 5g iot modem firmware, 9206 lte modem firmware, APQ8017 Multiple Qualcomm products, such as firmware, contain vulnerabilities related to use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Memory corruption while processing finish_sign command to pass a rsp buffer. 315 5g iot firmware, APQ8017 firmware, APQ8037 Multiple Qualcomm products such as firmware have a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Memory corruption in SPS Application while requesting for public key in sorter TA. 315 5g iot firmware, 9205 lte firmware, APQ8017 Several Qualcomm products, such as firmware, contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

In modem protocol, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01240012; Issue ID: MSV-1215. LR12A , LR13 , NR15 A number of MediaTek products, including the following, contain out-of-bounds write vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. IBM X-Force ID: 281607

Tenda AC15V1.0 V15.03.20_multi has a command injection vulnerability via the deviceName parameter. Shenzhen Tenda Technology Co.,Ltd. of AC15 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Dlink Dir-3040us A1 1.20b03a hotfix is vulnerable to Buffer Overflow. Any user having read/write access to ftp server can write directly to ram causing buffer overflow if file or files uploaded are greater than available ram. Ftp server allows change of directory to root which is one level up than root of usb flash directory. During upload ram is getting filled and causing system resource exhaustion (no free memory) which causes system to crash and reboot. D-Link Dir-3040us is a router. D-Link Dir-3040us has a denial of service vulnerability that can be exploited by an attacker to cause the system to crash and reboot

Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability in the page parameter of fromAddressNat function. Shenzhen Tenda Technology Co.,Ltd. of F1202 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda F1202 is an enterprise-grade dual-band wireless router that supports both 2.4GHz and 5GHz bands, with a maximum transmission rate of 1200Mbps. This vulnerability stems from the fact that the `page` parameter of the `fromAddressNat` method fails to properly validate the length of the input data. An attacker could exploit this vulnerability to cause a denial-of-service attack

Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the entrys parameter in the fromAddressNat function. Shenzhen Tenda Technology Co.,Ltd. of F1202 A stack-based buffer overflow vulnerability exists in the firmware.Information may be tampered with. The Tenda F1202 is an enterprise-grade dual-band wireless router that supports both 2.4GHz and 5GHz bands, with a maximum transmission rate of 1200Mbps. It is equipped with four 5dBi antennas for enhanced signal coverage. This vulnerability stems from the failure of the entries parameter of the fromAddressNat method to properly validate the length of the input data. Detailed vulnerability details are currently unavailable

Tenda F1202 v1.2.0.20(408) has a command injection vulnerablility in the formWriteFacMac function in the mac parameter. Shenzhen Tenda Technology Co.,Ltd. of F1202 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda F1202 is an enterprise-grade dual-band wireless router that supports both 2.4GHz and 5GHz bands, with a maximum transmission rate of 1200Mbps. Detailed vulnerability information is not currently available

Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the PPPOEPassword parameter in the formQuickIndex function. Shenzhen Tenda Technology Co.,Ltd. of F1202 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda F1202 is an enterprise-grade dual-band wireless router that supports both 2.4GHz and 5GHz bands, boasting a maximum transmission rate of 1200Mbps. It is equipped with four 5dBi antennas for enhanced signal coverage. This vulnerability stems from the PPPOEPassword parameter in the formQuickIndex method failing to properly validate the length of the input data. An attacker could exploit this vulnerability to cause a denial of service

Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability located in the funcpara1 parameter in the formSetCfm function. Shenzhen Tenda Technology Co.,Ltd. of F1202 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda F1202 is an enterprise-grade dual-band wireless router that supports both 2.4GHz and 5GHz bands, boasting a maximum transmission rate of 1200Mbps. It is equipped with four 5dBi antennas for enhanced signal coverage. This vulnerability stems from the failure of the funcpara1 parameter in the formSetCfm method to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the mitInterface parameter in the fromAddressNat function. Shenzhen Tenda Technology Co.,Ltd. of F1202 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda F1202 is an enterprise-grade dual-band wireless router that supports both 2.4GHz and 5GHz bands, with a maximum transmission rate of 1200Mbps. This vulnerability stems from the fact that the `mitInterface` parameter of the `fromAddressNat` method fails to properly validate the length of the input data. Attackers could exploit this vulnerability to execute arbitrary code on the system or cause a denial-of-service attack