VARIoT IoT vulnerabilities database

A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been declared as critical. This vulnerability affects the function formWlanMultipleAP of the file /boafrm/formWlanMultipleAP. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of A3002R The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3002R is a wireless router produced by China's TOTOLINK Electronics. The vulnerability is caused by the parameter submit-url in the file /boafrm/formWlanMultipleAP failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been classified as critical. This affects the function formWlSiteSurvey of the file /boafrm/formWlSiteSurvey. The manipulation of the argument wlanif leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3002R is a wireless router from China's TOTOLINK Electronics. TOTOLINK A3002R has a command injection vulnerability, which is caused by the parameter wlanif in the file /boafrm/formWlSiteSurvey failing to properly filter special characters and commands in the constructed command. No detailed vulnerability details are currently available

H3C NX15 is a home wireless router. H3C NX15 of H3C Technologies Co., Ltd. has an unauthorized access vulnerability. Attackers can use this vulnerability to log in to telnet and obtain system permissions.

DI-8200 is an enterprise-level router from China's D-Link. D-Link DI-8200 has a command injection vulnerability that can be exploited by attackers to execute arbitrary commands.

Quanxun Huiju Network Technology (Beijing) Co., Ltd. was established in 2013. iKuai is the company's product brand, and iKuic is the company's overseas product brand. iKuai of Quanxun Huiju Network Technology (Beijing) Co., Ltd. has an arbitrary file read vulnerability, and attackers can exploit the vulnerability to obtain sensitive information.

H3C NX15 is a home wireless router. H3C NX15 of H3C Technologies Co., Ltd. has a command execution vulnerability, and attackers can exploit the vulnerability to execute commands.

H3C NX15 is a home wireless router. H3C NX15 of H3C Technologies Co., Ltd. has a command execution vulnerability, and attackers can exploit the vulnerability to execute commands.

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. This vulnerability affects unknown code of the file /boafrm/formIpv6Setup of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK X15 is a network wireless extender from China's TOTOLINK Electronics. TOTOLINK X15 has a buffer overflow vulnerability, which is caused by the parameter submit-url in the file /boafrm/formIpv6Setup failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability was found in TOTOLINK N300RH 6.1c.1390_B20191101. It has been classified as problematic. This affects an unknown part of the file /boafrm/formFilter of the component HTTP POST Message Handler. The manipulation of the argument url leads to denial of service. The exploit has been disclosed to the public and may be used. TOTOLINK of N300RH A vulnerability exists in firmware related to improper shutdown and release of resources.Service operation interruption (DoS) It may be in a state. The TOTOLINK N300RH is a long-range wireless router released by China's TOTOLINK Electronics. It supports the IEEE 802.11n standard and offers a maximum wireless transmission rate of 300Mbps

A vulnerability was found in TOTOLINK N300RH 6.1c.1390_B20191101 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formPortFw of the component HTTP POST Message Handler. The manipulation of the argument service_type leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of N300RH The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N300RH is a long-distance wireless router from China's TOTOLINK Electronics. TOTOLINK N300RH has a buffer overflow vulnerability, which is caused by the parameter service_type in the file /boafrm/formPortFw failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability, which was classified as critical, was found in TOTOLINK X15 1.0.0-B20230714.1105. Affected is an unknown function of the file /boafrm/formIPv6Addr of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of X15 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK X15 is a network wireless extender from China's TOTOLINK Electronics. TOTOLINK X15 has a buffer overflow vulnerability, which is caused by the parameter submit-url in the file /boafrm/formIPv6Addr failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability was found in TOTOLINK A702R, A3002R, A3002RU and EX1200T 3.0.0-B20230809.1615/4.0.0-B20230531.1404/4.0.0-B20230721.1521/4.1.2cu.5232_B20210713. It has been classified as critical. Affected is an unknown function of the file /boafrm/formIPv6Addr of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. A3002RU firmware, A3002R firmware, A702R firmware etc. TOTOLINK The product contains a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state

A vulnerability was found in D-Link DIR-619L 2.06B01 and classified as critical. This issue affects the function formSetACLFilter of the file /goform/formSetACLFilter. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-619L The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DIR-619L is a wireless router designed for home and small office environments. It utilizes the IEEE 802.11n wireless standard and offers a maximum transmission rate of 300 Mbps. This vulnerability stems from the failure to properly validate the length of input data in the parameter curTime in the file /goform/formSetACLFilter. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service

A vulnerability has been found in D-Link DIR-619L 2.06B01 and classified as critical. This vulnerability affects the function formSetWizard1 of the file /goform/formWlSiteSurvey. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. The D-Link DIR-619L is a wireless router designed for home and small office environments. It utilizes the IEEE 802.11n wireless standard and offers a maximum transmission rate of 300Mbps. This vulnerability stems from a failure to properly validate the length of input data in the parameter curTime in the file /goform/formWlSiteSurvey. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service

LB-LINK X26 is a ‌Wi-Fi 5 wireless router‌. Shenzhen Bilian Electronics Co., Ltd. LB-LINK X26 has a command execution vulnerability, and attackers can exploit the vulnerability to execute commands.

HL-L2360D series is a multi-function all-in-one printer. Brother (China) Commercial Co., Ltd. HL-L2360D series has a weak password vulnerability, which can be exploited by attackers to log in to the system and obtain sensitive information.

ACTi provides a full range of surveillance products - IP cameras, video management systems, video wall systems, mobile applications, IoT devices and access control systems. ACTIACTI video surveillance has an arbitrary file read vulnerability that can be exploited by attackers to obtain sensitive information.

Chengdu Zhenshi Technology Development Co., Ltd. is a high-tech research enterprise focusing on intelligent video, computer vision and artificial intelligence. Chengdu Zhenshi Technology Development Co., Ltd.'s high-definition license plate recognition camera has a weak password vulnerability, which can be exploited by attackers to log in to the system and obtain sensitive information.

EG3000CE is a new generation of high-performance integrated gateway. Beijing Xingwang Ruijie Network Technology Co., Ltd. EG3000CE has an information leakage vulnerability, and attackers can exploit the vulnerability to obtain sensitive information.

A vulnerability, which was classified as critical, was found in D-Link DIR-619L 2.06B01. This affects the function formSetWizard1 of the file /goform/formSetWizard1. The manipulation of the argument curTime leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-619L The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-619L is a wireless router designed for home and small office environments. It adopts the IEEE 802.11n wireless standard and has a maximum transmission rate of 300Mbps. D-Link DIR-619L /goform/formSetWizard1 has a stack overflow vulnerability. Remote attackers can use this vulnerability to submit special requests, which can cause the application to crash or execute arbitrary code in the application context