VARIoT IoT vulnerabilities database

HP Color LaserJet Pro MFP M477fdn is a color laser multifunction printer launched by HP. HP Color LaserJet MFP M477fdn of HP Trading (Shanghai) Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to log in to the system and obtain sensitive information.

HP Color LaserJet Pro M252n is a laser printer under HP (HP). HP Color LaserJet Pro M252n of HP Trading (Shanghai) Co., Ltd. has a weak password vulnerability. Attackers can use the vulnerability to log in to the system and obtain sensitive information.

CentreWare Internet Services WorkCentre 3215 is a black and white laser multifunction printer. CentreWare Internet Services WorkCentre 3215 of Fujifilm Business Innovation (China) Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to log in to the system and obtain sensitive information.

Ruisikangda Technology Development Co., Ltd. focuses on the field of fiber-optic broadband access and is committed to the integration of fiber-optic technology, Ethernet technology and broadband access technology. Ruisikangda Technology Development Co., Ltd.'s multi-service intelligent gateway has a file upload vulnerability, which can be exploited by attackers to upload malicious files and obtain server permissions.

Fujifilm Apeos C4571 is a high-speed color multifunction integrated printer. Fujifilm (China) Investment Co., Ltd. Fujifilm Apeos C4571 has a weak password vulnerability, which can be exploited by attackers to log in to the system and obtain sensitive information.

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. This vulnerability affects unknown code of the file /boafrm/formTmultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK X15 is a network wireless extender from China's TOTOLINK Electronics. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

A vulnerability was found in TOTOLINK A3002R 4.0.0-B20230531.1404. It has been classified as critical. This affects an unknown part of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of A3002R The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3002R is a wireless router produced by China's TOTOLINK Electronics. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

A vulnerability was found in TOTOLINK A3002RU 3.0.0-B20230809.1615 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of A3002RU The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3002RU is a wireless router product of China's Jiweng Electronics (TOTOLINK) Company. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

A vulnerability has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK EX1200T is a Wi-Fi range extender from China's TOTOLINK Electronics. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

A vulnerability classified as critical has been found in D-Link DIR-665 1.00. This affects the function sub_AC78 of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-655 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-665 is a high-performance wireless router and a flagship product of D-Link. Attackers can exploit this vulnerability to cause remote code execution or service crash

A vulnerability has been found in TP-Link TL-WR940N V4 and TL-WR841N V11. Affected by this issue is some unknown functionality of the file /userRpm/WanSlaacCfgRpm.htm, which may lead to buffer overflow. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer. TP-LINK Technologies of TL-WR940N Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A vulnerability classified as critical was found in TOTOLINK X15 1.0.0-B20230714.1105. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of X15 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK X15 is a network wireless extender from China's TOTOLINK Electronics. The vulnerability is caused by the submit-url parameter in the /boafrm/formMultiAP file failing to correctly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

A vulnerability classified as critical has been found in TOTOLINK A3002R 4.0.0-B20230531.1404. Affected is an unknown function of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK A3002R is a wireless router from China's TOTOLINK Electronics. The vulnerability is caused by the submit-url parameter in the /boafrm/formSysLog file failing to properly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

A vulnerability was found in TOTOLINK A3002RU 3.0.0-B20230809.1615. It has been rated as critical. This issue affects some unknown processing of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of A3002RU The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3002RU is a wireless router product of China's Jiweng Electronics (TOTOLINK) Company. The vulnerability is caused by the submit-url parameter in the /boafrm/formSysLog file failing to correctly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521. It has been declared as critical. This vulnerability affects unknown code of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of A702R The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A702r is a router device from China's TOTOLINK Electronics. The vulnerability is caused by the submit-url parameter in the /boafrm/formSysLog file failing to properly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. This affects an unknown part of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK X15 is a network wireless extender from China's TOTOLINK Electronics. The vulnerability is caused by the failure of the parameter submit-url in the file /boafrm/formSysLog to correctly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

MP C3004 is a color multifunction digital copier with copy, print, scan and other functions. Ricoh Company, Ltd.MP C3004 has a weak password vulnerability, which can be exploited by attackers to log in to the system and obtain sensitive information.

DIR-823X (AX3000) is a dual-band wireless router that supports the WiFi 6 standard and has a dual-band concurrent rate of up to 3000Mbps. D-Link Electronics (Shanghai) Co., Ltd. DIR-823X (AX3000) has a command execution vulnerability that can be exploited by attackers to execute commands.

Fuji Electric Smart Editor is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of V10 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process

Shanghai Huanchuang Communication Technology Co., Ltd. is a high-tech enterprise focusing on the research and development of wireless communication products for private networks with wireless communication technology as its core, providing private network solutions for industries such as rail transit, fire emergency, intelligent manufacturing, coal mining, and campus. There is a weak password vulnerability in the LAC WEB control center of Shanghai Huanchuang Communication Technology Co., Ltd., and attackers can use the vulnerability to log in to the system and obtain sensitive information.