VARIoT IoT vulnerabilities database
| VAR-202310-2143 | CVE-2023-46522 |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
TP-LINK device TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin and TL-WDR7660 2.0.30 were discovered to contain a stack overflow via the function deviceInfoRegister.
| VAR-202310-2551 | CVE-2023-46521 |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function RegisterRegister.
| VAR-202310-2454 | CVE-2023-46520 |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function uninstallPluginReqHandle.
| VAR-202310-1070 | CVE-2023-46546 | TOTOLINK X2000R Gh formStats method buffer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formStats. The TOTOLINK X2000R Gh is a WiFi 6 router released by China's TOTOLINK Electronics. It supports Gigabit networking and Easy Mesh functionality, offering multi-device connectivity and wireless expansion capabilities.
The TOTOLINK X2000R Gh suffers from a buffer overflow vulnerability caused by the formStats method's failure to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202310-1211 | CVE-2023-46553 | TOTOLINK X2000R GH formParentControl method buffer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formParentControl. The OTOLINK X2000R Gh is a WiFi 6 router released by China's TOTOLINK Electronics. It supports Gigabit networking and Easy Mesh functionality, enabling multi-device connectivity and wireless expansion.
The TOTOLINK X2000R Gh suffers from a buffer overflow vulnerability caused by the formParentControl method's failure to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202310-1467 | CVE-2023-46540 | TOTOLINK X2000R Gh formNtp method buffer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formNtp. The TOTOLINK X2000R Gh is a WiFi 6 router released by China's TOTOLINK Electronics. It supports Gigabit networking and Easy Mesh functionality, offering multi-device connectivity and wireless expansion capabilities.
The TOTOLINK X2000R Gh suffers from a buffer overflow vulnerability caused by the formNtp method's failure to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202310-1212 | CVE-2023-46549 | TOTOLINK X2000R Gh formSetLg method buffer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formSetLg. The TOTOLINK X2000R Gh is a WiFi 6 router released by China's TOTOLINK Electronics. It supports Gigabit networking and Easy Mesh functionality, offering multi-device connectivity and wireless expansion capabilities.
The TOTOLINK X2000R Gh suffers from a buffer overflow vulnerability caused by the formSetLg method's failure to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202310-1434 | CVE-2023-46547 | TOTOLINK X2000R GH formSysLog method buffer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formSysLog. The TOTOLINK X2000R Gh is a WiFi 6 router released by China's TOTOLINK Electronics. It supports Gigabit networking and Easy Mesh functionality, enabling multi-device connectivity and wireless expansion.
The TOTOLINK X2000R Gh suffers from a buffer overflow vulnerability caused by the formSysLog method's failure to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202310-1213 | CVE-2023-46542 | TOTOLINK X2000R Gh formMeshUploadConfig method buffer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMeshUploadConfig. The TOTOLINK X2000R Gh is a WiFi 6 router released by China's TOTOLINK Electronics. It supports Gigabit networking and Easy Mesh functionality, offering multi-device connectivity and wireless expansion capabilities.
The TOTOLINK X2000R Gh suffers from a buffer overflow vulnerability caused by the formMeshUploadConfig method's failure to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202310-1349 | CVE-2023-46158 | IBM of IBM WebSphere Application Server Liberty Session deadline vulnerability in |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 could provide weaker than expected security due to improper resource expiration handling. IBM X-Force ID: 268775. (DoS) It may be in a state
| VAR-202310-1031 | CVE-2023-4607 |
CVSS V2: - CVSS V3: 8.8 Severity: HIGH |
An authenticated XCC user can change permissions for any user through a crafted API command
| VAR-202310-1252 | CVE-2023-46541 | TOTOLINK X2000R Gh formIpv6Setup method stack buffer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIpv6Setup. The TOTOLINK X2000R Gh is a Wi-Fi 6 router launched by TOTOLINK, a Chinese electronics company. This vulnerability stems from the formIpv6Setup method failing to properly validate the length of input data. Attackers could exploit this vulnerability to execute arbitrary code or cause a denial-of-service attack
| VAR-202310-1257 | CVE-2023-46370 | Tenda W18E Command Injection Vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda W18E V16.01.0.8(1576) has a command injection vulnerability via the hostName parameter in the formSetNetCheckTools function. Tenda W18E is a wireless router from China's Tenda company. Attackers can exploit this vulnerability to execute arbitrary commands
| VAR-202310-1381 | CVE-2023-46552 | TOTOLINK X2000R Gh formMultiAP method buffer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMultiAP. The TOTOLINK X2000R Gh is a WiFi 6 router released by China's TOTOLINK Electronics. It supports Gigabit networking and Easy Mesh functionality, offering multi-device connectivity and wireless expansion capabilities.
The TOTOLINK X2000R Gh suffers from a buffer overflow vulnerability caused by the formMultiAP method's failure to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202310-1075 | CVE-2023-46369 | Tenda W18E Buffer Overflow Vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda W18E V16.01.0.8(1576) contains a stack overflow vulnerability via the portMirrorMirroredPorts parameter in the formSetNetCheckTools function. Tenda W18E is a wireless router from China's Tenda company. The vulnerability is caused by the portMirrorMirroredPorts parameter in the formSetNetCheckTools function failing to correctly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack
| VAR-202310-1250 | CVE-2023-46551 | TOTOLINK X2000R GH formReflashClientTbl method buffer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formReflashClientTbl. The TOTOLINK X2000R Gh is a WiFi 6 router released by China's TOTOLINK Electronics. It supports Gigabit networking and Easy Mesh functionality, offering multi-device connectivity and wireless expansion capabilities.
The TOTOLINK X2000R Gh suffers from a buffer overflow vulnerability caused by the formReflashClientTbl method's failure to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202310-0752 | CVE-2023-41893 | Home Assistant Vulnerability in |
CVSS V2: - CVSS V3: 5.4 Severity: MEDIUM |
Home assistant is an open source home automation. The audit team’s analyses confirmed that the `redirect_uri` and `client_id` are alterable when logging in. Consequently, the code parameter utilized to fetch the `access_token` post-authentication will be sent to the URL specified in the aforementioned parameters. Since an arbitrary URL is permitted and `homeassistant.local` represents the preferred, default domain likely used and trusted by many users, an attacker could leverage this weakness to manipulate a user and retrieve account access. Notably, this attack strategy is plausible if the victim has exposed their Home Assistant to the Internet, since after acquiring the victim’s `access_token` the adversary would need to utilize it directly towards the instance to achieve any pertinent malicious actions. To achieve this compromise attempt, the attacker must send a link with a `redirect_uri` that they control to the victim’s own Home Assistant instance. In the eventuality the victim authenticates via said link, the attacker would obtain code sent to the specified URL in `redirect_uri`, which can then be leveraged to fetch an `access_token`. Pertinently, an attacker could increase the efficacy of this strategy by registering a near identical domain to `homeassistant.local`, which at first glance may appear legitimate and thereby obfuscate any malicious intentions. This issue has been addressed in version 2023.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. Home Assistant Exists in unspecified vulnerabilities.Information may be obtained and information may be tampered with
| VAR-202310-0843 | CVE-2023-41894 | Home Assistant Vulnerability in |
CVSS V2: - CVSS V3: 5.3 Severity: MEDIUM |
Home assistant is an open source home automation. The assessment verified that webhooks available in the webhook component are triggerable via the `*.ui.nabu.casa` URL without authentication, even when the webhook is marked as Only accessible from the local network. This issue is facilitated by the SniTun proxy, which sets the source address to 127.0.0.1 on all requests sent to the public URL and forwarded to the local Home Assistant. This issue has been addressed in version 2023.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability
| VAR-202310-0498 | CVE-2023-46033 | D-Link Systems, Inc. of DSL-2730u firmware and DSL-2750U Firmware vulnerabilities |
CVSS V2: - CVSS V3: 6.8 Severity: MEDIUM |
D-Link (Non-US) DSL-2750U N300 ADSL2+ and (Non-US) DSL-2730U N150 ADSL2+ are vulnerable to Incorrect Access Control. The UART/Serial interface on the PCB, provides log output and a root terminal without proper access control. D-Link Systems, Inc. of DSL-2730u firmware and DSL-2750U There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202310-0696 | CVE-2023-41899 | Home Assistant Server-side request forgery vulnerability in |
CVSS V2: - CVSS V3: 7.2 Severity: HIGH |
Home assistant is an open source home automation. In affected versions the `hassio.addon_stdin` is vulnerable to a partial Server-Side Request Forgery where an attacker capable of calling this service (e.g.: through GHSA-h2jp-7grc-9xpp) may be able to invoke any Supervisor REST API endpoints with a POST request. An attacker able to exploit will be able to control the data dictionary, including its addon and input key/values. This issue has been addressed in version 2023.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as GitHub Security Lab (GHSL) Vulnerability Report: `GHSL-2023-162`. Home Assistant Contains a server-side request forgery vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state