VARIoT IoT vulnerabilities database

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument user with the input messagebus leads to hard-coded credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259283. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. D-Link DNS-320L firmware, dns-120 firmware, dnr-202l firmware etc. D-Link Systems, Inc. The product contains a vulnerability related to the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. RV016 Multi-WAN VPN firmware, RV042 Dual WAN VPN firmware, RV042G Dual Gigabit WAN VPN Cross-site scripting vulnerabilities exist in multiple Cisco Systems products, including firmware.Information may be obtained and information may be tampered with. Cisco Small Business is a switch of Cisco. The vulnerability is caused by the lack of effective filtering and escaping of user-supplied data by the application

Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the ntp_server parameter. (DoS) It may be in a state. NETGEAR R6850 is a wireless router from NETGEAR. Attackers can exploit this vulnerability to cause arbitrary command execution

An information leak in the BRS_top.html component of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required. Netgear R6850 is a wireless router from NETGEAR

An information leak in debuginfo.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required. of netgear R6850 Firmware has an information disclosure vulnerability.Information may be tampered with. Netgear R6850 is a wireless router from NETGEAR

An information leak in currentsetting.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required. Netgear R6850 is a wireless router from NETGEAR

Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the c4-IPAddr parameter. of netgear R6850 A code injection vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR R6850 is a wireless router from NETGEAR. Attackers can exploit this vulnerability to cause arbitrary command execution

Tenda AX1803 v1.0.0.1 contains a stack overflow via the serverName parameter in the function fromAdvSetMacMtuWan. Shenzhen Tenda Technology Co.,Ltd. of ax1803 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Tenda AX1803 v1.0.0.1 contains a stack overflow via the serviceName parameter in the function fromAdvSetMacMtuWan. Shenzhen Tenda Technology Co.,Ltd. of ax1803 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the failure of the serviceName parameter in the function fromAdvSetMacMtuWan to correctly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

Improper verification of intent by broadcast receiver vulnerability in SmartThings prior to version 1.8.13.22 allows local attackers to access testing configuration. Samsung's SmartThings Exists in unspecified vulnerabilities.Information may be tampered with

SQL injection vulnerability exists in GetDIAE_usListParameters. Delta Electronics, INC. of DIAEnergie for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Delta Electronics DIAEnergie GetDIAE_usList has a SQL injection vulnerability, which can be exploited by attackers to view, add, modify or delete information in the backend database

Memory corruption when there is failed unmap operation in GPU. 315 5g iot modem firmware, 9206 lte modem firmware, APQ8017 Multiple Qualcomm products, such as firmware, contain vulnerabilities related to use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Memory corruption while processing finish_sign command to pass a rsp buffer. 315 5g iot firmware, APQ8017 firmware, APQ8037 Multiple Qualcomm products such as firmware have a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Memory corruption in SPS Application while requesting for public key in sorter TA. 315 5g iot firmware, 9205 lte firmware, APQ8017 Several Qualcomm products, such as firmware, contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

In modem protocol, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01240012; Issue ID: MSV-1215. LR12A , LR13 , NR15 A number of MediaTek products, including the following, contain out-of-bounds write vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. IBM X-Force ID: 281607

Tenda AC15V1.0 V15.03.20_multi has a command injection vulnerability via the deviceName parameter. Shenzhen Tenda Technology Co.,Ltd. of AC15 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Dlink Dir-3040us A1 1.20b03a hotfix is vulnerable to Buffer Overflow. Any user having read/write access to ftp server can write directly to ram causing buffer overflow if file or files uploaded are greater than available ram. Ftp server allows change of directory to root which is one level up than root of usb flash directory. During upload ram is getting filled and causing system resource exhaustion (no free memory) which causes system to crash and reboot. D-Link Dir-3040us is a router. D-Link Dir-3040us has a denial of service vulnerability that can be exploited by an attacker to cause the system to crash and reboot

Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability in the page parameter of fromAddressNat function. Shenzhen Tenda Technology Co.,Ltd. of F1202 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda F1202 is an enterprise-grade dual-band wireless router that supports both 2.4GHz and 5GHz bands, with a maximum transmission rate of 1200Mbps. This vulnerability stems from the fact that the `page` parameter of the `fromAddressNat` method fails to properly validate the length of the input data. An attacker could exploit this vulnerability to cause a denial-of-service attack

Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the entrys parameter in the fromAddressNat function. Shenzhen Tenda Technology Co.,Ltd. of F1202 A stack-based buffer overflow vulnerability exists in the firmware.Information may be tampered with. The Tenda F1202 is an enterprise-grade dual-band wireless router that supports both 2.4GHz and 5GHz bands, with a maximum transmission rate of 1200Mbps. It is equipped with four 5dBi antennas for enhanced signal coverage. This vulnerability stems from the failure of the entries parameter of the fromAddressNat method to properly validate the length of the input data. Detailed vulnerability details are currently unavailable