VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202403-0846 CVE-2024-2547 Tenda AC18 R7WebsSecurityHandler function buffer overflow vulnerability CVSS V2: 9.0
CVSS V3: 8.8
Severity: HIGH
A vulnerability was found in Tenda AC18 15.03.05.05 and classified as critical. Affected by this issue is the function R7WebsSecurityHandler. The manipulation of the argument password leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257000. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Tenda AC18 is a router made by the Chinese company Tenda. This vulnerability is caused by the password parameter of the R7WebsSecurityHandler function failing to correctly verify the length of the input data. A remote attacker can use this vulnerability to execute arbitrary code on the system or cause a denial of service
VAR-202403-0755 CVE-2024-2546 Tenda AC18 fromSetWirelessRepeat function buffer overflow vulnerability CVSS V2: 9.0
CVSS V3: 8.8
Severity: HIGH
A vulnerability has been found in Tenda AC18 15.13.07.09 and classified as critical. Affected by this vulnerability is the function fromSetWirelessRepeat. The manipulation of the argument wpapsk_crypto5g leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256999. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Tenda AC18 is a router made by the Chinese company Tenda. This vulnerability is caused by the failure of the wpapsk_crypto5g parameter of the fromSetWirelessRepeat function to correctly verify the length of the input data. A remote attacker can use this vulnerability to execute arbitrary code on the system or cause a denial of service attack
VAR-202403-0709 CVE-2024-2490 Tenda AC18 setSchedWifi function buffer overflow vulnerability CVSS V2: 9.0
CVSS V3: 8.8
Severity: HIGH
A vulnerability classified as critical was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256897 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Tenda AC18 is a router made by the Chinese company Tenda. A remote attacker can exploit this vulnerability to execute on the system. Arbitrary code or lead to denial of service attacks
VAR-202403-0689 CVE-2024-22044 Siemens SENTRON 3KC ATC6 Ethernet Module hidden function vulnerability CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
A vulnerability has been identified in SENTRON 3KC ATC6 Expansion Module Ethernet (3KC9000-8TL75) (All versions). Affected devices expose an unused, unstable http service at port 80/tcp on the Modbus-TCP Ethernet. This could allow an attacker on the same Modbus network to create a denial of service condition that forces the device to reboot. Siemens SENTRON 3KC ATC6 Expansion Module is a power distribution protection device from Germany's Siemens, used to monitor and protect power systems
VAR-202403-0630 CVE-2024-21483 Siemens SENTRON 7KM PAC3x20 Devices Improper Access Control Vulnerability CVSS V2: 4.9
CVSS V3: 4.6
Severity: MEDIUM
A vulnerability has been identified in SENTRON 7KM PAC3120 AC/DC (7KM3120-0BA01-1DA0) (All versions >= V3.2.3 < V3.3.0 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3120 DC (7KM3120-1BA01-1EA0) (All versions >= V3.2.3 < V3.3.0 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3220 AC/DC (7KM3220-0BA01-1DA0) (All versions >= V3.2.3 < V3.3.0 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3220 DC (7KM3220-1BA01-1EA0) (All versions >= V3.2.3 < V3.3.0 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)). The read out protection of the internal flash of affected devices was not properly set at the end of the manufacturing process. An attacker with physical access to the device could read out the data. SENTRON PAC Meter products are power measuring devices for precise energy management and transparent information collection
VAR-202403-0576 CVE-2024-2353 TOTOLINK X6000R operating system command injection vulnerability CVSS V2: 9.0
CVSS V3: 8.8
Severity: HIGH
A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.852_20230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256313 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK X6000R is a wireless router made by China Zeon Electronics (TOTOLINK) Company. TOTOLINK X6000R version 9.4.0cu.852_20230719 has an operating system command injection vulnerability. This vulnerability originates from a security issue in the setDiagnosisCfg function in /cgi-bin/cstecgi.cgi in the component shttpd, which causes operating system command injection by changing the parameter ip. No detailed vulnerability details are currently available
VAR-202403-0160 CVE-2024-2188 TP-LINK AX50 cross-site scripting vulnerability CVSS V2: 4.6
CVSS V3: 6.1
Severity: MEDIUM
Cross-Site Scripting (XSS) vulnerability stored in TP-Link Archer AX50 affecting firmware version 1.0.11 build 2022052. This vulnerability could allow an unauthenticated attacker to create a port mapping rule via a SOAP request and store a malicious JavaScript payload within that rule, which could result in an execution of the JavaScript payload when the rule is loaded. TP-LINK AX50 is a router device produced by China Pulian (TP-LINK) Company. This vulnerability stems from the application's lack of effective filtering and escaping of user-provided data
VAR-202403-0393 CVE-2024-27684 D-Link GO-RT-AC750 cross-site scripting vulnerability CVSS V2: 6.4
CVSS V3: -
Severity: MEDIUM
A Cross-site scripting (XSS) vulnerability in dlapn.cgi, dldongle.cgi, dlcfg.cgi, fwup.cgi and seama.cgi in D-Link GORTAC750_A1_FW_v101b03 allows remote attackers to inject arbitrary web script or HTML via the url parameter. D-Link GO-RT-AC750 is a wireless dual-band simple router from China D-Link. D-Link GO-RT-AC750 has a cross-site scripting vulnerability. This vulnerability stems from the lack of effective filtering and escaping of user-provided data in components such as dlapn.cgi and dldongle.cgi
VAR-202403-0510 CVE-2024-0156 Dell Digital Delivery Buffer Overflow Vulnerability CVSS V2: 6.0
CVSS V3: 7.0
Severity: HIGH
Dell Digital Delivery, versions prior to 5.0.86.0, contain a Buffer Overflow vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to arbitrary code execution and/or privilege escalation. Dell Digital Delivery is an application developed by the American Dell Company specifically for Dell computer equipment and used to purchase computer pre-installed software online. This vulnerability is caused by the program's failure to correctly verify the length of input data
VAR-202403-0394 No CVE Beijing StarNet Ruijie Network Technology Co., Ltd. EG3210 has a command execution vulnerability (CNVD-2024-11054) CVSS V2: 7.1
CVSS V3: -
Severity: HIGH
EG3210 is a multi-service security gateway. There is a command execution vulnerability in the EG3210 of Beijing StarNet Ruijie Network Technology Co., Ltd. An attacker can use this vulnerability to gain control of the server.
VAR-202403-0195 CVE-2024-24907 Dell Secure Connect Gateway cross-site scripting vulnerability CVSS V2: 6.7
CVSS V3: 7.6
Severity: HIGH
Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in the Filters page. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. Dell Secure Connect Gateway is a secure connection gateway from the American company Dell. No detailed vulnerability details are currently available
VAR-202403-0458 CVE-2024-22458 Dell Secure Connect Gateway encryption issue vulnerability CVSS V2: 2.6
CVSS V3: 3.7
Severity: LOW
Dell Secure Connect Gateway, 5.18, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext. No detailed vulnerability details are currently available
VAR-202402-2601 No CVE There is a command execution vulnerability in EG3210 of Beijing StarNet Ruijie Network Technology Co., Ltd. CVSS V2: 7.1
CVSS V3: -
Severity: HIGH
Beijing Xingwang Ruijie Network Technology Co., Ltd. EG3210 is a router product. There is a command execution vulnerability in the EG3210 of Beijing StarNet Ruijie Network Technology Co., Ltd. An attacker can use this vulnerability to gain control of the server.
VAR-202402-2400 No CVE Beijing Xingwang Ruijie Network Technology Co., Ltd. NBR6205-E has a command execution vulnerability (CNVD-2024-07921) CVSS V2: 7.1
CVSS V3: -
Severity: HIGH
NBR6205-E is a router product. Beijing Xingwang Ruijie Network Technology Co., Ltd. NBR6205-E has a command execution vulnerability. An attacker can use this vulnerability to gain server permissions.
VAR-202402-1803 CVE-2023-45581 fortinet's  FortiClient EMS  Vulnerability in CVSS V2: -
CVSS V3: 7.2
Severity: HIGH
An improper privilege management vulnerability [CWE-269] in Fortinet FortiClientEMS version 7.2.0 through 7.2.2 and before 7.0.10 allows an Site administrator with Super Admin privileges to perform global administrative operations affecting other sites via crafted HTTP or HTTPS requests. fortinet's FortiClient EMS Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202402-1750 CVE-2023-28078 Dell OS10 Networking Switches information leakage vulnerability CVSS V2: 9.4
CVSS V3: 9.1
Severity: CRITICAL
Dell OS10 Networking Switches running 10.5.2.x and above contain a vulnerability with zeroMQ when VLT is configured. A remote unauthenticated attacker could potentially exploit this vulnerability leading to information disclosure and a possible Denial of Service when a huge number of requests are sent to the switch. This is a high severity vulnerability as it allows an attacker to view sensitive data. Dell recommends customers to upgrade at the earliest opportunity
VAR-202402-1924 CVE-2023-32462 Dell OS10 Networking Switches command execution vulnerability CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Dell OS10 Networking Switches running 10.5.2.x and above contain an OS command injection vulnerability when using remote user authentication. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands and possible system takeover. This is a critical vulnerability as it allows an attacker to cause severe damage. Dell recommends customers to upgrade at the earliest opportunity. Dell OS10 Networking Switches is a switch made by the American company Dell
VAR-202402-1915 CVE-2023-44293 Dell Secure Connect Gateway Application SQL Injection Vulnerability CVSS V2: 5.5
CVSS V3: 5.4
Severity: MEDIUM
In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of IP Range Rest API.  This issue may potentially lead to unintentional information disclosure from the product database. Dell Secure Connect Gateway Application is a secure connection gateway from Dell Corporation of the United States
VAR-202402-1804 CVE-2023-44294 Dell Secure Connect Gateway Application SQL injection vulnerability (CNVD-2024-11513) CVSS V2: 5.5
CVSS V3: 5.4
Severity: MEDIUM
In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of Collection Rest API. This issue may potentially lead to unintentional information disclosure from the product database
VAR-202402-1317 CVE-2024-23804 Siemens'  Tecnomatix Plant Simulation  Out-of-bounds write vulnerability in CVSS V2: -
CVSS V3: 7.8
Severity: HIGH
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain a stack overflow vulnerability while parsing specially crafted PSOBJ files. This could allow an attacker to execute code in the context of the current process. Siemens' Tecnomatix Plant Simulation Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state