VARIoT IoT vulnerabilities database

A vulnerability has been found in D-Link DIR-600L up to 2.07B01 and classified as critical. This vulnerability affects the function formEasySetupWizard. The manipulation of the argument host leads to buffer overflow. The attack can be initiated remotely. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-600L The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-600L is a wireless router from D-Link, a Chinese company. The vulnerability is caused by the parameter host of the function formEasySetupWizard failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability, which was classified as critical, has been found in D-Link DIR-600L up to 2.07B01. Affected by this issue is the function formEasySetupWizard3. The manipulation of the argument host leads to buffer overflow. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-600L The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-600L is an entry-level wireless router from D-Link, a Chinese company, that supports 150Mbps wireless transmission and four 100Mbps wired ports. D-Link DIR-600L has a buffer overflow vulnerability, which stems from the fact that the parameter host of the function formEasySetupWizard3 fails to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability classified as critical was found in D-Link DIR-880L up to 104WWb01. Affected by this vulnerability is the function sub_16570 of the file /htdocs/ssdpcgi of the component Request Header Handler. The manipulation of the argument HTTP_ST/REMOTE_ADDR/REMOTE_PORT/SERVER_ID leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-880L Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-880L is a dual-band Gigabit wireless router from D-Link. No detailed vulnerability details are currently provided

Memory corruption during concurrent access to server info object due to unprotected critical field. c-v2x 9150 firmware, fastconnect 6800 firmware, fastconnect 6900 Multiple Qualcomm products, such as firmware, contain vulnerabilities related to use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A vulnerability classified as critical has been found in D-Link DIR-890L and DIR-806A1 up to 100CNb11/108B03. Affected is the function sub_175C8 of the file /htdocs/soap.cgi. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-806 firmware and DIR-890L Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-890L and D-Link DIR-806A1 are both products of D-Link. D-Link DIR-890L is a wireless router. D-Link DIR-806A1 is a dual-band wireless router that supports AC750 wireless rate and USB sharing function. The vulnerability is caused by the function sub_175C8 in the file /htdocs/soap.cgi failing to properly filter the special characters and commands of the constructed command. Attackers can use this vulnerability to execute arbitrary commands

A vulnerability was found in Tenda AC1206 up to 15.03.06.23. It has been rated as critical. This issue affects the function setSchedWifi of the file /goform/openSchedWifi. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. of ac1206 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Attackers can exploit this vulnerability to launch attacks and cause buffer overflow

A vulnerability was found in Tenda AC1206 up to 15.03.06.23. It has been declared as critical. This vulnerability affects the function formSetCfm of the file /goform/setcfm. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. of ac1206 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. An attacker can exploit this vulnerability to execute arbitrary code

ACTi Web Configurator is a camera management configuration interface launched by ACTi Corporation. ACTi Corporation ACTi Web Configurator has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the iface parameter in the vif_enable function. of netgear RAX50 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR RAX5 is a wireless router from NETGEAR. Attackers can exploit this vulnerability to execute arbitrary commands

NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function. of netgear RAX50 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR RAX5 is a wireless router from NETGEAR. An attacker can exploit this vulnerability to execute arbitrary commands

NETGEAR RAX5 (AX1600 WiFi Router) v1.0.2.26 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function. of netgear RAX50 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR RAX5 is a wireless router from NETGEAR. Attackers can exploit this vulnerability to execute arbitrary commands

NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function. of netgear RAX50 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR RAX5 is a wireless router from NETGEAR. An attacker can exploit this vulnerability to execute arbitrary commands

NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function. of netgear RAX50 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR RAX5 is a wireless router from NETGEAR. An attacker can exploit this vulnerability to execute arbitrary commands

NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function. of netgear RAX50 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR RAX5 is a wireless router from NETGEAR. The vulnerability is caused by improper processing of the ifname parameter in the apcli_do_enr_pin_wps function. Attackers can exploit this vulnerability to launch attacks, causing the system to be damaged or controlled

NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function. of netgear RAX50 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR RAX5 is a wireless router from NETGEAR. An attacker can exploit this vulnerability to execute arbitrary commands

Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet function. Shenzhen Tenda Technology Co.,Ltd. of AC9 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. No detailed vulnerability details are currently provided

A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input showSyslog leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of A720R There are unspecified vulnerabilities in the firmware.Information may be obtained. TOTOLINK A720R is a wireless router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause information leakage

A vulnerability was found in TOTOLINK A720R 4.1.5cu.374 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/cstecgi.cgi of the component Log Handler. The manipulation of the argument topicurl with the input clearDiagnosisLog/clearSyslog/clearTracerouteLog leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of A720R There are unspecified vulnerabilities in the firmware.Information may be tampered with. TOTOLINK A720R is a wireless router from China's TOTOLINK Electronics. No detailed vulnerability details are currently provided

A vulnerability has been found in TOTOLINK A720R 4.1.5cu.374 and classified as critical. This vulnerability affects unknown code of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input RebootSystem leads to missing authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of A720R The firmware contains vulnerabilities related to authentication and lack of authentication for critical functions.Service operation interruption (DoS) It may be in a state. TOTOLINK A720R is a wireless router of China's TOTOLINK Electronics. TOTOLINK A720R has an improper authentication vulnerability, which is caused by improper processing of the parameter topicurl in the file /cgi-bin/cstecgi.cgi. No detailed vulnerability details are provided at present

In Modem, there is a possible permission bypass due to improper certificate validation. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with User execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01334347; Issue ID: MSV-2772. media tech's nr16 , NR17 , NR17R Exists in a certificate validation vulnerability.Information may be obtained