VARIoT IoT vulnerabilities database

A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability. dir-825acg1 firmware, DIR-841 firmware, dir-1260 firmware etc. D-Link Systems, Inc. There are unspecified vulnerabilities in the product.Information may be obtained

A heap buffer-overflow exists in Delta Electronics ISPSoft. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DVP file to achieve code execution. of ISPSoft Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

SonicWall Capture Client version 3.7.10, NetExtender client version 10.2.337 and earlier versions are installed with sfpmonitor.sys driver. The driver has been found to be vulnerable to Denial-of-Service (DoS) caused by Stack-based Buffer Overflow vulnerability. SonicWALL of capture client and NetExtender Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state

Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and Out-Of-Bounds Memory Read. of Citrix Systems netscaler application delivery controller and netscaler gateway Exists in a buffer error vulnerability.Service operation interruption (DoS) It may be in a state. NetScaler Gateway is an access gateway with an SSL VPN solution that provides single sign-on and authentication for remote end users of network assets. NetScaler ADC is an application delivery controller. Both are products of Citrix. Citrix NetScaler ADC and Gateway have a denial of service vulnerability. The vulnerability is due to not restricting memory operations within the boundary range. Attackers can exploit this vulnerability to launch a denial of service vulnerability

Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface. NetScaler ADC is an application delivery controller. NetScaler Gateway is an access gateway with an SSL VPN solution that provides single sign-on and authentication for remote end users of network assets. Both are products of Citrix

Insecure Permissiosn vulnerability in TP Link TC70 and C200 WIFI Camera v.3 firmware v.1.3.4 and fixed in v.1.3.11 allows a physically proximate attacker to obtain sensitive information via a connection to the UART pin components. TP-LINK Technologies of tapo c200 firmware and tapo tc70 There are unspecified vulnerabilities in the firmware.Information may be obtained

SuperMap iServer is a cloud GIS application server based on a high-performance cross-platform GIS core. There is a command execution vulnerability in SuperMap iServer 10i of Beijing SuperMap Software Co., Ltd. An attacker can use this vulnerability to gain control of the server.

An issue discovered in sub_4117F8 function in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the 'lang' parameter. TOTOLINK of x6000r There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK X6000R is a wireless router from China's TOTOLINK Electronics. TOTOLINK X6000R has a code execution vulnerability, which is caused by the application's failure to properly filter special characters and commands in constructing commands

An issue discovered in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary code via the sub_410118 function of the shttpd program. TOTOLINK of x6000r There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK X6000R is a wireless router from China's TOTOLINK Electronics. TOTOLINK X6000R has a code execution vulnerability, which is caused by the application's failure to properly filter special characters and commands in constructing commands

A vulnerability classified as critical was found in Totolink X2000R 1.0.0-B20221212.1452. Affected by this vulnerability is the function formMapDelDevice of the file /boafrm/formMapDelDevice. The manipulation of the argument macstr leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of x2000r Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK X2000R is a wireless router made by China Zeon Electronics (TOTOLINK) Company. The vulnerability originates from the failure of the macstr parameter of the formMapDelDevice function in the /boafrm/formMapDelDevice file to correctly filter special characters, commands, etc. in the constructed command. An attacker could exploit this vulnerability to cause arbitrary command execution

A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected is the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250794 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of lr1200gb A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK LR1200GB is a dual-band 4G LTE wireless router manufactured by TOTOLINK, a Chinese company. It supports both 2.4GHz and 5GHz dual-band networks and is primarily used to provide mobile broadband connectivity and Wi-Fi coverage. This vulnerability stems from the fact that the File parameter in the UploadCustomModule function of the /cgi-bin/cstecgi.cgi file fails to properly validate the length of the input data. Attackers could exploit this vulnerability to execute arbitrary code or cause a denial-of-service attack

A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been rated as critical. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument lang leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250793 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of lr1200gb A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK LR1200GB is a wireless dual-band 4G LTE router released by China's TOTOLINK Electronics. It supports both 2.4GHz and 5GHz bands. The TOTOLINK LR1200GB suffers from a buffer overflow vulnerability. This vulnerability stems from the setLanguageCfg function in the /cgi-bin/cstecgi.cgi file failing to properly validate the length of the input data in the lang parameter. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been declared as critical. This vulnerability affects the function setIpPortFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument sPort leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250792. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of lr1200gb A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK LR1200GB is a wireless dual-band 4G LTE router released by China's TOTOLINK Electronics. It supports both 2.4GHz and 5GHz bands. The TOTOLINK LR1200GB suffers from a buffer overflow vulnerability. This vulnerability stems from the failure of the sPort parameter in the setIpPortFilterRules function in the /cgi-bin/cstecgi.cgi file to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been classified as critical. This affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250791. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of lr1200gb A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK LR1200GB is a dual-band 4G LTE wireless router manufactured by TOTOLINK, a Chinese company. It supports both 2.4GHz and 5GHz dual-band networks and is primarily used to provide mobile broadband connectivity and Wi-Fi coverage. This vulnerability stems from the fact that the `command` parameter of the `setTracerouteCfg` function in the `/cgi-bin/cstecgi.cgi` file fails to properly validate the length of the input data. Attackers could exploit this vulnerability to execute arbitrary code or cause a denial-of-service attack

A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130 and classified as critical. Affected by this issue is the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument sTime leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250790 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of lr1200gb A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK LR1200GB is a dual-band 4G LTE wireless router manufactured by TOTOLINK, a Chinese company. It supports both 2.4GHz and 5GHz dual-band networks and is primarily used to provide mobile broadband connectivity and Wi-Fi coverage. This vulnerability stems from the fact that the `sTime` parameter in the `setParentalRules` function of the `/cgi-bin/cstecgi.cgi` file fails to properly validate the length of the input data. Attackers could exploit this vulnerability to execute arbitrary code or cause a denial-of-service attack

A vulnerability has been found in Totolink LR1200GB 9.1.0u.6619_B20230130 and classified as critical. Affected by this vulnerability is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250789 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of lr1200gb A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK LR1200GB is a wireless dual-band 4G LTE router released by China's TOTOLINK Electronics. It supports both 2.4GHz and 5GHz bands. The TOTOLINK LR1200GB suffers from a buffer overflow vulnerability. This vulnerability stems from the setDiagnosisCfg function in the /cgi-bin/cstecgi.cgi file failing to properly validate the length of the input data in the "ip" parameter. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service

A vulnerability, which was classified as critical, was found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected is the function setOpModeCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument pppoeUser leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250788. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of lr1200gb A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK LR1200GB is a wireless dual-band 4G LTE router released by China's TOTOLINK Electronics. It supports both 2.4GHz and 5GHz bands. This vulnerability stems from the failure to properly validate the length of the input data in the setOpModeCfg function in the /cgi-bin/cstecgi.cgi file. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service

A vulnerability, which was classified as critical, has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. This issue affects the function setSmsCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument text leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250787. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of lr1200gb A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK LR1200GB is a dual-band 4G LTE wireless router manufactured by TOTOLINK, a Chinese company. It supports both 2.4GHz and 5GHz dual-band networks and is primarily used to provide mobile broadband connectivity and Wi-Fi coverage. This vulnerability stems from the fact that the `text` parameter of the `setSmsCfg` function in the `/cgi-bin/cstecgi.cgi` file fails to properly validate the length of the input data. Attackers could exploit this vulnerability to execute arbitrary code or cause a denial-of-service attack

A vulnerability classified as problematic has been found in Totolink T8 4.1.5cu.833_20220905. This affects the function getSysStatusCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument ssid/key leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.5cu.862_B20230228 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-250785 was assigned to this vulnerability. TOTOLINK of T8 A lack of authentication vulnerability exists in the firmware.Information may be obtained and information may be tampered with. TOTOLINK T8 is a wireless dual-band router from China's TOTOLINK Electronics. The vulnerability is caused by the insufficient protection of sensitive information by the parameter ssid/key in the file /cgi-bin/cstecgi.cgi. Attackers can exploit this vulnerability to obtain sensitive information

A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been rated as critical. Affected by this issue is the function formWifiMacFilterGet of the component httpd. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250712. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. of w9 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. An attacker can exploit this vulnerability to inject malicious code to steal sensitive information or damage the system