VARIoT IoT vulnerabilities database
| VAR-202310-1121 | CVE-2023-46290 | Rockwell Automation FactoryTalk Services Platform Authorization Issue Vulnerability |
CVSS V2: 7.6 CVSS V3: 8.1 Severity: HIGH |
Due to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Windows OS user token through the FactoryTalk® Services Platform web service and then use the token to log in into FactoryTalk® Services Platform . This vulnerability can only be exploited if the authorized user did not previously log in into the FactoryTalk® Services Platform web service. Rockwell Automation FactoryTalk Services Platform is a service platform composed of multiple products from Rockwell Automation, an American company. It provides general services for applications, such as diagnostic information, health monitoring, and real-time data access. The vulnerability is caused by insufficient code logic
| VAR-202310-1140 | CVE-2023-42406 | D-Link Systems, Inc. of dar-7000 in the firmware SQL Injection vulnerability |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
SQL injection vulnerability in D-Link Online behavior audit gateway DAR-7000 V31R02B1413C allows a remote attacker to obtain sensitive information and execute arbitrary code via the editrole.php component. D-Link Systems, Inc. of dar-7000 The firmware has SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202310-2140 | CVE-2023-46574 | TOTOLINK A3700R command execution vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function. TOTOLINK A3700R is a wireless router made by China Zeon Electronics (TOTOLINK) Company.
There is a command execution vulnerability in the TOTOLINK A3700R v9.1.2u.6165_20211012 version
| VAR-202310-2550 | CVE-2023-46564 | TOTOLINK X2000R Gh formDMZ method buffer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formDMZ. TOTOLINK X2000R Gh is a wireless router from China's TOTOLINK Electronics.
TOTOLINK X2000R Gh has a buffer overflow vulnerability, which is caused by the formDMZ method failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202310-2645 | CVE-2023-46563 | TOTOLINK X2000R Gh formIpQoS method stack buffer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIpQoS. The TOTOLINK X2000R Gh is a Wi-Fi 6 router launched by TOTOLINK, a Chinese electronics company. This vulnerability stems from the formIpQoS method failing to properly validate the length of input data. Attackers could exploit this vulnerability to execute arbitrary code on the system or cause a denial-of-service attack
| VAR-202310-1834 | CVE-2023-46562 | TOTOLINK X2000R Gh formDosCfg method buffer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formDosCfg. TOTOLINK X2000R Gh is a wireless router from China's TOTOLINK Electronics. The vulnerability is caused by the formDosCfg method failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202310-1729 | CVE-2023-46560 | TOTOLINK X2000R Gh formTcpipSetup method buffer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formTcpipSetup. The TOTOLINK X2000R Gh is a WiFi 6 router released by China's TOTOLINK Electronics. It supports Gigabit networking and Easy Mesh functionality, offering multi-device connectivity and wireless expansion capabilities.
The TOTOLINK X2000R Gh suffers from a buffer overflow vulnerability caused by the formTcpipSetup method's failure to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202310-1947 | CVE-2023-46557 | TOTOLINK X2000R Gh formMultiAPVLAN method buffer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMultiAPVLAN. The TOTOLINK X2000R Gh is a WiFi 6 router released by China's TOTOLINK Electronics. It supports Gigabit networking and Easy Mesh functionality, offering multi-device connectivity and wireless expansion capabilities.
The TOTOLINK X2000R Gh suffers from a buffer overflow vulnerability caused by the formMultiAPVLAN method's failure to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202310-2141 | CVE-2023-46556 | TOTOLINK X2000R Gh formFilter method buffer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formFilter. TOTOLINK X2000R Gh is a wireless router from China's TOTOLINK Electronics. The vulnerability is caused by the formFilter method failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202310-2041 | CVE-2023-46555 | TOTOLINK X2000R Gh formPortFw method buffer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPortFw. The TOTOLINK X2000R Gh is a WiFi 6 router released by China's TOTOLINK Electronics. It supports Gigabit networking and Easy Mesh functionality, offering multi-device connectivity and wireless expansion capabilities.
The TOTOLINK X2000R Gh suffers from a buffer overflow vulnerability caused by the formPortFw method's failure to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202310-1948 | CVE-2023-46539 |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function registerRequestHandle.
| VAR-202310-2142 | CVE-2023-46538 |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkResetVeriRegister.
| VAR-202310-2042 | CVE-2023-46537 |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getRegVeriRegister.
| VAR-202310-2453 | CVE-2023-46536 |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkRegVeriRegister.
| VAR-202310-2043 | CVE-2023-46535 |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getResetVeriRegister.
| VAR-202310-2646 | CVE-2023-46534 |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function modifyAccPwdRegister.
| VAR-202310-2351 | CVE-2023-46527 |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin and TL-WDR7660 2.0.30 was discovered to contain a stack overflow via the function bindRequestHandle.
| VAR-202310-2252 | CVE-2023-46526 |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function resetCloudPwdRegister.
| VAR-202310-1730 | CVE-2023-46525 |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function loginRegister.
| VAR-202310-1949 | CVE-2023-46523 |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function upgradeInfoRegister.