VARIoT IoT vulnerabilities database

The D-Link DI-500WF is a panel-mounted wireless access point. The D-Link DI-500WF, manufactured by D-Link Electronics (Shanghai) Co., Ltd., contains a binary vulnerability that could allow an attacker to execute arbitrary commands.

The Honeywell PD43 is an industrial-grade label printer. The Honeywell PD43, manufactured by Honeywell (China) Co., Ltd., has a weak password vulnerability that could allow attackers to obtain sensitive information.

The BL-AC2100 is a Wi-Fi 6 wireless router. Shenzhen Bilian Electronics Co., Ltd.'s BL-AC2100 has a binary vulnerability that could allow an attacker to gain server privileges.

An issue was discovered in Couchbase Sync Gateway before 3.2.6. In sgcollect_info_options.log and sync_gateway.log, there are cleartext passwords in redacted and unredacted output. Couchbase, Inc. of Sync Gateway Contains a vulnerability in the transmission of important information in clear text.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/Wan6to4TunnelCfgRpm.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service (DoS) condition. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer. TP-LINK Technologies of TL-WR841N A buffer error vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state

A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WzdWlanSiteSurveyRpm_AP.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service (DoS) condition. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer. TP-LINK Technologies of TL-WR841N A buffer error vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state

A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WlanNetworkRpm_APC.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service (DoS) condition. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer. TP-LINK Technologies of TL-WR841N The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state

A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WlanNetworkRpm_AP.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service (DoS) condition.  The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer. TP-LINK Technologies of TL-WR841N The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state

A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WlanNetworkRpm.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service (DoS) condition. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer. TP-LINK Technologies of TL-WR841N The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state

Totolink X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in the sub_4184C0 function via the tz parameter. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request. TOTOLINK of x6000r Firmware contains a command injection vulnerability.Information may be obtained and information may be tampered with. The TOTOLINK X6000R, a wireless router released by China's TOTOLINK Electronics, supports WiFi 6 technology, offering high concurrent connections and dual-band transmission capabilities. Detailed vulnerability details are currently unavailable

Sharp Technology (Shanghai) Co., Ltd. is a world-renowned developer and manufacturer of comprehensive electronic products. Sharp Technology (Shanghai) Co., Ltd.'s SHARP-MX series products contain an information leakage vulnerability that could allow attackers to obtain sensitive information.

Shenzhen Jixiang Tengda Technology Co., Ltd. (Tenda) is a high-tech enterprise specializing in the research and development, production, sales, and service of network communication equipment. Shenzhen Jixiang Tengda Technology Co., Ltd.'s Tenda HG10 has a command execution vulnerability that could allow an attacker to execute arbitrary commands.

Shenzhen Jixiang Tengda Technology Co., Ltd. (Tenda) is a high-tech enterprise specializing in the research and development, production, sales, and service of network communication equipment. Shenzhen Jixiang Tengda Technology Co., Ltd.'s Tenda HG10 has a command execution vulnerability that could allow an attacker to execute arbitrary commands.

Shenzhen Jixiang Tengda Technology Co., Ltd. (Tenda) is a high-tech enterprise specializing in the research and development, production, sales, and service of network communication equipment. A denial of service vulnerability exists in the Tenda HG10, a device manufactured by Shenzhen Jixiang Tengda Technology Co., Ltd., that could be exploited by an attacker to cause a denial of service.

Shenzhen Jixiang Tengda Technology Co., Ltd. (Tenda) is a high-tech enterprise specializing in the research and development, production, sales, and service of network communication equipment. Shenzhen Jixiang Tenda Technology Co., Ltd.'s HG7, HG9, HG10, and HG10C devices contain a command execution vulnerability that could allow an attacker to execute arbitrary commands.

Vicon Industries specializes in the development and production of security and surveillance solutions. A weak password vulnerability exists in Vicon Industries' IQinVision software, allowing attackers to obtain sensitive information.

The D-Link DI-500WF is a panel-mounted wireless access point. The D-Link DI-500WF, manufactured by D-Link Electronics (Shanghai) Co., Ltd., has a command execution vulnerability that could allow an attacker to execute arbitrary commands.

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boafrm/formRoute of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of X15 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. The TOTOLINK X15 is a router manufactured by TOTOLINK. An attacker could exploit this vulnerability by crafting a malicious request to trigger the buffer overflow and remotely execute arbitrary code

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMultiAPVLAN of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of X15 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. The TOTOLINK X15 is a wireless network extender manufactured by China's TOTOLINK Electronics, primarily used to extend Wi-Fi coverage. It supports Wi-Fi 6 technology and offers AX1500 wireless transmission speeds, making it suitable for home and small office environments. An attacker could exploit this vulnerability to cause a denial of service or execute arbitrary code

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. Affected is an unknown function of the file /boafrm/formMapDelDevice of the component HTTP POST Request Handler. The manipulation of the argument macstr leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of X15 The firmware contains buffer error vulnerabilities, classic buffer overflow vulnerabilities, and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK X15 is a wireless network extender manufactured by TOTOLINK Electronics of China, primarily used to extend Wi-Fi coverage. This device supports Wi-Fi 6 technology and offers AX1500 wireless transmission speeds, making it suitable for home and small office environments. An attacker could exploit this vulnerability by remotely constructing an overly long macstr parameter, triggering a buffer overflow and potentially causing a denial of service or arbitrary code execution