VARIoT IoT vulnerabilities database

Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics, INC. of cncsoft-g2 Exists in a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Delta Electronics CNCSoft-G2 suffers from a stack buffer overflow vulnerability due to improper memory buffer manipulation restrictions

OS Command injection vulnerability in D-Link C1 2020-02-21. The sub_47F028 function in jhttpd contains a command injection vulnerability via the HTTP parameter "time". The D-Link DI-7100G is a router designed for small and medium-sized enterprises that manages internet access. It supports Gigabit network transmission speeds (some models are marked as 100Mbps), features four WAN ports, one LAN port, and a built-in USB 2.0 port. It complies with the IEEE 802.11n/g/b wireless standards and the IEEE 802.3 wired standard. No detailed vulnerability details are currently available

Buffer overflow vulnerability in Tenda AC9 1.0 via the user supplied sys.vendor configuration value.

Buffer overflow vulnerability in D-Link DI-7100G 2020-02-21 in the sub_451754 function of the jhttpd service in the viav4 parameter allowing attackers to cause a denial of service or execute arbitrary code. D-Link Corporation of di-7100g A heap-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The D-Link DI-7100G is a router designed for small and medium-sized enterprises that manages internet access. It supports Gigabit network transmission speeds (some models are marked as 100Mbps), features four WAN ports, one LAN port, and a built-in USB 2.0 port. It complies with the IEEE 802.11n/g/b wireless standards and the IEEE 802.3 wired standard. The D-Link DI-7100G suffers from a buffer overflow vulnerability

OS Command injection vulnerability in Tenda AC9 1.0 was discovered to contain a command injection vulnerability via the usb.samba.guest.user parameter in the formSetSambaConf function of the httpd file. Shenzhen Tenda Technology Co.,Ltd

Improper Input Validation vulnerability in TOTOLINK X6000R allows Flooding.This issue affects X6000R: through V9.4.0cu.1360_B20241207. TOTOLINK of x6000r There are unspecified vulnerabilities in the firmware.Service operation interruption (DoS) It may be in a state. The TOTOLINK X6000R is a Wi-Fi 6 wireless router launched by TOTOLINK, a Chinese electronics company, featuring high-concurrency connections and dual-band transmission

A local privilege escalation vulnerability exists in the safe_asterisk script included with the Asterisk toolkit package. When Asterisk is started via this script (common in SysV init or FreePBX environments), it sources all .sh files located in /etc/asterisk/startup.d/ as root, without validating ownership or permissions. Non-root users with legitimate write access to /etc/asterisk can exploit this behaviour by placing malicious scripts in the startup.d directory, which will then execute with root privileges upon service restart.

A vulnerability was identified in Tenda AC21 16.03.08.16. The affected element is the function sub_45BB10 of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. Shenzhen Tenda Technology Co.,Ltd. of ac21 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability stems from the fact that the parameter `wpapsk_crypto` in the function `sub_45BB10` within the file `/goform/WifiExtraSet` fails to properly validate the length of the input data. Attackers could exploit this vulnerability to execute arbitrary code or cause a denial-of-service attack

A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Affected by this issue is the function strcpy of the file /goform/SetPptpServerCfg of the component HTTP POST Request Handler. Such manipulation of the argument startIp leads to buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be used. Shenzhen Tenda Technology Co.,Ltd. of AC20 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability was determined in D-Link DIR-823X 240126/240802/250416. Affected by this vulnerability is an unknown functionality of the file /usr/sbin/goahead. This manipulation of the argument port causes command injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. D-Link Corporation of DIR-823X The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DIR-823X is a wireless router from D-Link, a Chinese company. This vulnerability could allow an attacker to execute arbitrary commands on the system

A vulnerability has been found in Tenda AC23 up to 16.03.07.52. Affected by this vulnerability is the function sscanf of the file /goform/SetPptpServerCfg of the component HTTP POST Request Handler. Such manipulation of the argument startIp leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. of ac23 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. It offers dual-band concurrent transmission rates up to 2033 Mbps, with the 5 GHz band reaching up to 1733 Mbps. It is suitable for high-bandwidth applications such as 4K video and online live streaming. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A security vulnerability has been detected in D-Link DIR-513 A1FW110. Affected is an unknown function of the file /goform/formWPS. Such manipulation of the argument webpage leads to buffer overflow. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Corporation of DIR-513 The firmware contains buffer error vulnerabilities, classic buffer overflow vulnerabilities, and out-of-bounds write vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DIR-513 is a wireless router product from D-Link, a Chinese company. Detailed vulnerability details are currently unavailable

A vulnerability was found in D-Link DCS-935L up to 1.13.01. The impacted element is the function sub_402280 of the file /HNAP1/. The manipulation of the argument HNAP_AUTH/SOAPAction results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Corporation of DCS-935L An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DCS-935L is a router manufactured by D-Link, a Chinese company. This vulnerability stems from the failure of the HNAP_AUTH/SOAPAction parameter in the file /HNAP1/ to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service

Tenda AC6 router firmware 15.03.05.19 contains a command injection vulnerability in the formSetIptv function, which processes requests to the /goform/SetIPTVCfg web interface. When handling the list and vlanId parameters, the sub_ADBC0 helper function concatenates these user-supplied values into nvram set system commands using doSystemCmd, without validating or sanitizing special characters (e.g., ;, ", #). An unauthenticated or authenticated attacker can exploit this by submitting a crafted POST request, leading to arbitrary system command execution on the affected device. The Tenda AC6 is a dual-band wireless router from Tenda, supporting both 2.4GHz and 5GHz bands and achieving a maximum transfer rate of 1167Mbps. Detailed vulnerability details are currently unavailable

An issue was discovered in Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01 allowing attackers to cause a denial of service via the funcname, funcpara1, funcpara2 parameters to the formSetCfm function (uri path: SetCfm). Shenzhen Tenda Technology Co.,Ltd. of AC6 There is an input validation vulnerability in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda AC6 is a dual-band wireless router from Tenda, supporting both 2.4GHz and 5GHz bands and achieving a maximum transmission rate of 1167Mbps. The Tenda AC6 suffers from an improper input validation vulnerability caused by improper handling of the funcname, funcpara1, and funcpara2 parameters in the formSetCfm function. Detailed vulnerability details are currently unavailable

The CX2550 M2 is a 2U rackmount server node designed for high-performance computing, managed services, and big data applications. It utilizes Intel® Xeon® E5-2600 v4 series processors and offers high-density computing and scalability. A weak password vulnerability exists in the Fujitsu (China) Co., Ltd. CX2550 M2 server, which attackers could exploit to obtain sensitive information.

The AC20 is a wireless router. The AC20 router developed by Shenzhen Jixiang Tengda Technology Co., Ltd. contains a denial-of-service vulnerability, which attackers can exploit to cause a denial-of-service attack.

The ADAM-3600 is an intelligent remote terminal device developed by Advantech for remote IoT applications. Advantech Technology (China) Co., Ltd.'s ADAM-3600 contains a logical flaw vulnerability that attackers could exploit to obtain sensitive information.

A vulnerability was identified in D-Link DIR-645 105B01. This issue affects the function soapcgi_main of the file /soap.cgi. Such manipulation of the argument service leads to command injection. The attack can be launched remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer. (DoS) It may be in a state. The D-Link DIR-645 is a gigabit wireless router launched by D-Link in 2012, designed primarily for home and small- to medium-sized businesses. The D-Link DIR-645 suffers from a command injection vulnerability caused by the "service" parameter in the file "/soap.cgi" failing to properly sanitize special characters and commands when constructing commands. Detailed vulnerability details are currently unavailable

A security flaw has been discovered in D-Link DIR-825 up to 2.10. Affected by this vulnerability is the function sub_4106d4 of the file apply.cgi. The manipulation of the argument countdown_time results in buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be exploited. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Corporation of DIR-825 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DIR-825 is a dual-band wireless router designed for small and medium-sized enterprises (SMEs) and SOHO environments. It supports both 2.4GHz and 5GHz bands, meeting the needs of multi-device HD video transmission. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service