VARIoT IoT vulnerabilities database

An Unchecked Input for Loop Condition in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to cause IO devices that use the library to enter an infinite loop by sending a malicious RPC packet. RT-Labs of P-Net contains vulnerabilities regarding unchecked loop condition input values and improper validation of quantities specified in the input.Service operation interruption (DoS) It may be in a state. RT-Labs P-Net is an open source PROFINET protocol stack from RT-Labs that implements standard communication between industrial devices and PROFINET controllers. RT-Labs P-Net 1.0.1 and earlier versions have a security vulnerability. The vulnerability is caused by not checking the loop condition

A NULL Pointer Dereference in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to induce a crash in IO devices that use the library by sending a malicious RPC packet. RT-Labs of P-Net for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. RT-Labs P-Net is an open source PROFINET protocol stack from RT-Labs that implements standard communication between industrial devices and PROFINET controllers. Attackers can exploit this vulnerability to cause IO devices to crash

An Heap-based Buffer Overflow in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to induce a crash in IO devices that use the library by sending a malicious RPC packet. RT-Labs of P-Net contains a heap-based buffer overflow vulnerability and an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state. RT-Labs P-Net is an open source PROFINET protocol stack from RT-Labs that implements standard communication between industrial devices and PROFINET controllers

An Heap-based Buffer Overflow in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to induce a crash in IO devices that use the library by sending a malicious RPC packet. RT-Labs of P-Net contains a heap-based buffer overflow vulnerability and an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state. RT-Labs P-Net is an open source PROFINET protocol stack from RT-Labs that implements standard communication between industrial devices and PROFINET controllers

H3C Technologies Co., Ltd. is a global leader in digital solutions. H3C Technologies Co., Ltd. NX15 has a binary vulnerability that can be exploited by attackers to cause a denial of service.

There is a stack overflow vulnerability in Tenda RX3 V1.0br_V16.03.13.11 In the fromSetWifiGusetBasic function of the web url /goform/ WifiGuestSet, the manipulation of the parameter shareSpeed leads to stack overflow. Shenzhen Tenda Technology Co.,Ltd. of RX3 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Attackers can use this vulnerability to submit special requests to crash the application and cause a denial of service

In Tenda RX3 V1.0br_V16.03.13.11 in the GetParentControlInfo function of the web url /goform/GetParentControlInfo, the manipulation of the parameter mac leads to stack overflow. Shenzhen Tenda Technology Co.,Ltd. of RX3 A stack-based buffer overflow vulnerability exists in the firmware.Information may be obtained and information may be tampered with. No detailed vulnerability details are currently available

A vulnerability, which was classified as critical, was found in Tenda AC8 16.03.34.06. Affected is the function formGetRouterStatus of the file /goform/MtuSetMacWan. The manipulation of the argument shareSpeed leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC8 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC8 has a buffer overflow vulnerability, which is caused by the parameter shareSpeed in /goform/MtuSetMacWan failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the Iface parameter in the action_wireless function. of netgear EX8000 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR EX8000 is a tri-band WiFi wireless extender, mainly used to expand WiFi coverage, eliminate WiFi dead spots, and provide faster network speeds. Attackers can use this vulnerability to execute arbitrary commands

A vulnerability was found in Tenda RX3 16.03.13.11_multi. It has been rated as critical. This issue affects some unknown processing of the file /goform/telnet. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Tenda of RX3 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda RX3 is a dual-band WiFi 6 home wireless router from China's Tenda company. It is used for home network coverage and supports high-speed wireless connection. Tenda RX3 has a command injection vulnerability, which is caused by the file /goform/telnet failing to properly filter special characters and commands in the construction command. No detailed vulnerability details are currently provided

A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02. It has been declared as critical. This vulnerability affects the function mod_graph_auth_uri_handler of the file /storage of the component Authentication Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of D-Link DAP-1520 The firmware contains a buffer error vulnerability, a stack-based buffer overflow vulnerability, and an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda DAP-1520 is a dual-band wireless access point from China's Tenda company. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02. It has been classified as critical. This affects the function set_ws_action of the file /dws/api/. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of D-Link DAP-1520 The firmware contains a buffer error vulnerability, a heap-based buffer overflow vulnerability, and an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda DAP-1520 is a dual-band wireless access point from China's Tenda company. The vulnerability is caused by the function set_ws_action in the file /dws/api failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02 and classified as critical. Affected by this issue is the function check_dws_cookie of the file /storage. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of D-Link DAP-1520 The firmware contains a buffer error vulnerability, a stack-based buffer overflow vulnerability, and an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda DAP-1520 is a dual-band wireless access point from China's Tenda company. The vulnerability is caused by the function check_dws_cookie in the file/storage failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability classified as critical was found in D-Link DIR-600L up to 2.07B01. This vulnerability affects the function wake_on_lan. The manipulation of the argument host leads to command injection. The attack can be initiated remotely. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-600L The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-600L is a wireless router from D-Link of China. D-Link DIR-600L has a command injection vulnerability, which is caused by the failure of the wake_on_lan function parameter host to properly filter special characters and commands in constructing commands. Attackers can exploit this vulnerability to cause arbitrary command execution

A vulnerability classified as critical has been found in D-Link DIR-600L up to 2.07B01. This affects the function formSysCmd. The manipulation of the argument host leads to command injection. It is possible to initiate the attack remotely. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-600L The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-600L is an entry-level wireless router from D-Link, China, supporting 150Mbps wireless transmission and 4 100Mbps wired ports. D-Link DIR-600L has a command injection vulnerability, which is caused by the formSysCmd function parameter host failing to properly filter special characters and commands in the constructed command. Attackers can exploit this vulnerability to execute arbitrary commands

A vulnerability was found in D-Link DIR-600L up to 2.07B01. It has been rated as critical. Affected by this issue is the function formSetWanL2TP. The manipulation of the argument host leads to buffer overflow. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-600L The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-600L is an entry-level wireless router from D-Link, a Chinese company, that supports 150Mbps wireless transmission and four 100Mbps wired ports. D-Link DIR-600L has a buffer overflow vulnerability, which stems from the fact that the parameter host of the formSetWanL2TP function fails to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability was found in D-Link DIR-600L up to 2.07B01. It has been declared as critical. Affected by this vulnerability is the function formWlSiteSurvey. The manipulation of the argument host leads to buffer overflow. The attack can be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-600L The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-600L is an entry-level wireless router from D-Link, a Chinese company, that supports 150Mbps wireless transmission and four 100Mbps wired ports. D-Link DIR-600L has a buffer overflow vulnerability, which stems from the fact that the parameter host of the formWlSiteSurvey function fails to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability was found in D-Link DIR-600L up to 2.07B01. It has been classified as critical. Affected is the function formSetWAN_Wizard534. The manipulation of the argument host leads to buffer overflow. It is possible to launch the attack remotely. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-600L The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-600L is an entry-level wireless router from D-Link, a Chinese company, that supports 150Mbps wireless transmission and four 100Mbps wired ports. D-Link DIR-600L has a buffer overflow vulnerability, which stems from the fact that the parameter host of the formSetWAN_Wizard534 function fails to properly validate the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability was found in D-Link DIR-600L up to 2.07B01 and classified as critical. This issue affects the function formSetLog. The manipulation of the argument host leads to buffer overflow. The attack may be initiated remotely. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-600L The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-600L is a wireless router from D-Link, a Chinese company. The vulnerability is caused by the parameter host of the function formSetLog failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability, which was classified as critical, was found in D-Link DIR-600L up to 2.07B01. This affects the function formLogin. The manipulation of the argument host leads to buffer overflow. It is possible to initiate the attack remotely. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-600L The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-600L is an entry-level wireless router from D-Link, a Chinese company, that supports 150Mbps wireless transmission and four 100Mbps wired ports. D-Link DIR-600L has a buffer overflow vulnerability, which stems from the fact that the parameter host of the function formLogin fails to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service