VARIoT IoT vulnerabilities database

TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Port Forwarding under the Firewall Page. TOTOLINK of N300RT Firmware has a cross-site scripting vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK N300RT is a wireless router designed primarily for home and small business users. The TOTOLINK N300RT suffers from a cross-site scripting vulnerability. An attacker could exploit this vulnerability by injecting a specially crafted payload to execute arbitrary web script or HTML

TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the key parameter in the setWiFiExtenderConfig function. TOTOLINK of EX200 Firmware has a cross-site scripting vulnerability.Information may be obtained. The TOTOLINK EX200 is a 2.4GHz wireless range extender from China's Jiong Electronics. It's primarily used to extend the coverage of existing Wi-Fi networks and resolve signal blind spots. Detailed vulnerability details are currently unavailable

TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the ssid parameter in the setWiFiExtenderConfig function. TOTOLINK of EX200 Firmware has a cross-site scripting vulnerability.Information may be obtained. The TOTOLINK EX200 is a 2.4GHz wireless N range extender released by China-based Jiong Electronics. It is primarily used to extend the coverage of existing Wi-Fi networks and resolve signal dead zones. This vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the ssid parameter of the setWiFiExtenderConfig method. Detailed vulnerability details are currently unavailable

Ruijie Networks, founded in 2003, is an industry-leading provider of network infrastructure and solutions. RG-UAC 6000-E50C of Beijing Xingwang Ruijie Network Technology Co., Ltd. has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.

Controller denial of service due to improper handling of a specially crafted message received by the controller. See Honeywell Security Notification for recommendations on upgrading and versioning. Honeywell Experion Server is a high-performance industrial control system server from Honeywell, USA, mainly used in the Experion Process Knowledge System (PKS) platform. Honeywell Experion Server has a denial of service vulnerability. Attackers can exploit this vulnerability to cause the controller to deny service

Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability via the timeZone parameter in the formSetTimeZone function. Shenzhen Tenda Technology Co.,Ltd. of ac500 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. Tenda AC500 is a wireless controller device designed for small and medium-sized enterprises, supporting cross-VLAN management of wireless networks. Attackers can exploit this vulnerability to cause a denial of service

Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability via the vlan parameter in the formSetVlanInfo function. Shenzhen Tenda Technology Co.,Ltd. of ac500 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC500 is a wireless controller device designed for small and medium-sized enterprises, supporting cross-VLAN management of wireless networks. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Tenda AC10 v4.0 V16.03.10.13 and V16.03.10.20 firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting function. Shenzhen Tenda Technology Co.,Ltd. of AC10 A stack-based buffer overflow vulnerability exists in the firmware.Information may be obtained and information may be tampered with. Tenda A18 is a dual-band Gigabit wireless router, mainly for 200M and above fiber users. Tenda AC10 has a buffer overflow vulnerability, which is caused by the adslPwd parameter of the formWanParameterSetting method failing to correctly verify the length of the input data. No detailed vulnerability details are currently provided

Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability in the fromDhcpListClient function. Shenzhen Tenda Technology Co.,Ltd. of ac500 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. Tenda AC500 is a wireless controller device designed for small and medium-sized enterprises, supporting cross-VLAN management of wireless networks. Tenda AC500 has a buffer overflow vulnerability, which stems from the failure of the list1 parameter of the fromDhcpListClient method to properly verify the length of the input data. Attackers can exploit this vulnerability to cause a denial of service

Tenda AC500 V2.0.1.9(1307) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter. Shenzhen Tenda Technology Co.,Ltd. Tenda AC500 is a wireless controller device designed for small and medium-sized enterprises, supporting cross-VLAN management of wireless networks. No detailed vulnerability details are currently available

Tenda A18 v15.03.05.05 firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function. Shenzhen Tenda Technology Co.,Ltd. of A18 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda A18 is a dual-band wireless signal extender designed for duplexes, villas and large apartments over 120 square meters. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Tenda AC15 v15.03.20_multi, v15.03.05.19, and v15.03.05.18 firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function. Shenzhen Tenda Technology Co.,Ltd. of AC15 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A Buffer Overflow vulnerability in Tenda AC500 v.2.0.1.9 allows a remote attacker to cause a denial of service via the port parameter at the goform/setVlanInfo component. Shenzhen Tenda Technology Co.,Ltd. of ac500 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. Tenda AC500 is a wireless controller device designed for small and medium-sized enterprises, supporting cross-VLAN management of wireless networks

Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting function. Shenzhen Tenda Technology Co.,Ltd. of FH1202 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda FH1202 is a dual-band wireless router launched by Tenda, supporting 2.4GHz and 5GHz bands, with a total transmission rate of 1200Mbps. Tenda FH1202 has a buffer overflow vulnerability, which stems from the fact that the adslPwd parameter of the formWanParameterSetting method fails to correctly verify the length of the input data. Attackers can exploit this vulnerability to cause a denial of service

Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting function. Shenzhen Tenda Technology Co.,Ltd. of fh1203 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda FH1203 is a dual-band wireless router released by China's Tenda Corporation, primarily used for home network coverage. This vulnerability stems from the adslPwd parameter in the formWanParameterSetting method failing to properly validate the length of input data. An attacker could exploit this vulnerability to cause a denial of service

Tenda AC10U v1.0 Firmware v15.03.06.49 has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function. Shenzhen Tenda Technology Co.,Ltd. of ac10u A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda AC10U is a dual-band gigabit wireless router from Tenda Technology, designed for fiber optic homes with speeds of 200 Mbps and above. It supports 802.11ac dual-band technology (2.4GHz and 5GHz), with a theoretical WiFi speed of up to 867Mbps. This vulnerability stems from the fact that the PPW parameter of the `fromWizardHandle` method fails to properly validate the length of the input data. An attacker could exploit this vulnerability to cause a denial-of-service attack

Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability via the PPW parameter in the fromWizardHandle function. Shenzhen Tenda Technology Co.,Ltd. of FH1202 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda FH1202 is a dual-band wireless router launched by Tenda, supporting 2.4GHz and 5GHz bands, with a total transmission rate of 1200Mbps. Attackers can exploit this vulnerability to cause a denial of service

Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability via the PPW parameter in the fromWizardHandle function. Shenzhen Tenda Technology Co.,Ltd. of fh1203 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda FH1203 is a dual-band wireless router released by China's Tenda, primarily used for home network coverage. This vulnerability stems from the failure of the PPW parameter in the fromWizardHandle method to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service

Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in the fromDhcpListClient function. Shenzhen Tenda Technology Co.,Ltd. of w30e A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda W30E is an enterprise-grade wireless router designed for SOHO, small and micro-enterprise offices, and small shops, supporting Wi-Fi 6 technology. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Tenda W30E v1.0 V1.0.1.25(633) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter. Shenzhen Tenda Technology Co.,Ltd. (DoS) It may be in a state. The Tenda W30E is an enterprise-grade wireless router designed for SOHO, small and micro-enterprise offices, and small shops, supporting Wi-Fi 6 technology. The Tenda W30E suffers from a command injection vulnerability caused by the cmdinput parameter of the formexeCommand method failing to properly filter special characters and commands when constructing commands. An attacker could exploit this vulnerability to execute arbitrary commands