VARIoT IoT vulnerabilities database

Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function setIptvInfo.

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function setIptvInfo.

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function setIptvInfo.

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formGetIptv. Tenda AX1803 is a dual-band Gigabit WIFI6 router from China's Tenda Company. This vulnerability is caused by the iptv.city.vlan parameter of the formGetIptv method failing to correctly verify the length of the input data. An attacker can use this vulnerability to execute arbitrary code on the system or Lead to denial of service attacks

Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formGetIptv. Tenda AX1803 is a dual-band Gigabit WIFI6 router from China's Tenda Company. This vulnerability is caused by the adv.iptv.stbpvid parameter of the formGetIptv method failing to correctly verify the length of the input data. An attacker can use this vulnerability to execute arbitrary code on the system or Lead to denial of service attacks

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formGetIptv. Tenda AX1803 is a dual-band Gigabit WIFI6 router from China's Tenda Company. This vulnerability is caused by the iptv.stb.port parameter of the formGetIptv method failing to correctly verify the length of the input data. An attacker can use this vulnerability to execute arbitrary code on the system or Lead to denial of service attacks

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formGetIptv. Tenda AX1803 is a dual-band Gigabit WIFI6 router from China's Tenda Company. This vulnerability is caused by the iptv.stb.mode parameter of the formGetIptv method failing to correctly verify the length of the input data. An attacker can use this vulnerability to execute arbitrary code on the system or Lead to denial of service attacks

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formSetIptv. Tenda AX1803 is a dual-band Gigabit WIFI6 router from China's Tenda Company. This vulnerability is caused by the iptv.city.vlan parameter of the formSetIptv method failing to correctly verify the length of the input data. An attacker can use this vulnerability to execute arbitrary code on the system or Lead to denial of service attacks

Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formSetIptv. Tenda AX1803 is a dual-band Gigabit WIFI6 router from China's Tenda Company. This vulnerability is caused by the adv.iptv.stballvlans parameter of the formSetIptv method failing to correctly verify the length of the input data. An attacker can use this vulnerability to execute arbitrary code on the system or Lead to denial of service attacks

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formSetIptv. Tenda AX1803 is a dual-band Gigabit WIFI6 router from China's Tenda Company. This vulnerability is caused by the iptv.stb.port parameter of the formSetIptv method failing to correctly verify the length of the input data. A remote attacker can use this vulnerability to execute arbitrary code on the system or cause a denial of service attack

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv. Tenda AX1803 is a dual-band Gigabit WIFI6 router from China's Tenda Company. An attacker can exploit this vulnerability to execute arbitrary code on the system by sending a specially crafted HTTP request using the iptv.stb.mode parameter

Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formSetIptv. Tenda AX1803 is a dual-band Gigabit WIFI6 router from China's Tenda Company. This vulnerability is caused by the adv.iptv.stbpvid parameter of the formSetIptv method failing to correctly verify the length of the input data. An attacker can use this vulnerability to execute arbitrary code on the system or Lead to denial of service attacks

Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function setIptvInfo.

Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formGetIptv. Tenda AX1803 is a dual-band Gigabit WIFI6 router from China's Tenda Company. This vulnerability is caused by the adv.iptv.stballvlans parameter of the formGetIptv method failing to correctly verify the length of the input data. An attacker can use this vulnerability to execute arbitrary code on the system or Lead to denial of service attacks

Tenda AX1803 v1.0.0.1 was discovered to contain a command injection vulnerability via the function fromAdvSetLanIp. Tenda AX1803 is a dual-band Gigabit WIFI6 router from China's Tenda Company. The vulnerability is caused by the fromAdvSetLanIp method failing to correctly filter special characters, commands, etc. in the constructed command. An attacker could exploit this vulnerability to cause arbitrary command execution

Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function getIptvInfo. Tenda AX1803 is a dual-band Gigabit WIFI6 router from China's Tenda Company. This vulnerability is caused by the adv.iptv.stbpvid parameter of the getIptvInfo method failing to correctly verify the length of the input data. A remote attacker can use this vulnerability to execute arbitrary code on the system. or result in a denial of service attack

Buffer Overflow vulnerability in Tenda AX12 V22.03.01.46, allows remote attackers to cause a denial of service (DoS) via list parameter in SetNetControlList function. Tenda AX12 is a dual-band Gigabit Wifi 6 wireless router from China's Tenda Company. Tenda AX12 V22.03.01.46 version has a buffer overflow vulnerability. The vulnerability results from a bounds error when the application handles untrusted input

D-Link R15 before v1.08.02 was discovered to contain no firewall restrictions for IPv6 traffic. This allows attackers to arbitrarily access any services running on the device that may be inadvertently listening via IPv6. D-Link R15 is a wireless router made by China D-Link Company. D-Link R15 v1.08.02 has a code issue vulnerability

Totolink N200RE_V5 V9.3.5u.6255_B20211224 is vulnerable to Incorrect Access Control. The device allows remote attackers to obtain Wi-Fi system information, such as Wi-Fi SSID and Wi-Fi password, without logging into the management page. TOTOLINK N200RE is a wireless broadband router that uses 11N wireless technology

A vulnerability classified as problematic has been found in Totolink T6 4.1.9cu.5241_B20210923. This affects an unknown part of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input showSyslog leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249867. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK T6 is a wireless dual-band router made by China Zeon Electronics (TOTOLINK) Company. TOTOLINK T6 version 4.1.9cu.5241_B20210923 has an access control error vulnerability. The vulnerability is caused by an access control error in the file /cgi-bin/cstecgi.cgi. An attacker could exploit this vulnerability to obtain sensitive information