VARIoT IoT vulnerabilities database

A vulnerability has been identified in SINEMA Server V14 (All versions). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could perform a stored cross-site scripting (XSS) attack that may lead to arbitrary code execution with `SYSTEM` privileges on the application server. (ZDI-CAN-19823). Siemens' SINEMA Server Exists in a cross-site scripting vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens SINEMA Server. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of SNMP sysLocation OID. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Siemens SINEMA Server is a software developed by the German Siemens company specifically for industrial applications. It enables you to fully visualize and monitor your network

IVMS-7200 is a mobile video surveillance management system. There is a file upload vulnerability in the IVMS-7200 video surveillance management system of Hangzhou Hikvision Digital Technology Co., Ltd. An attacker can use the vulnerability to gain system permissions.

TL-ER6120G is a router of TP-LINK. The TL-ER6120G of Pulian Technology Co., Ltd. has a directory traversal vulnerability. An attacker can use this vulnerability to obtain sensitive information and download sensitive files.

IPELA ENGINE IP Cameras SNC-CH160, SNC-CH210, SNC-RS86P, DH-160, DH-120, SNC-ER550 are surveillance equipment owned by Sony. Many Sony cameras have weak password vulnerabilities that attackers can use to gain web management rights.

ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute (for content sent to the /api/admin/settings endpoint). ThingsBoard, Inc. of ThingsBoard There is an injection vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the cancelPing function. D-Link Systems, Inc. of DIR-820L The firmware contains an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

D-Link Wireless MU-MIMO Gigabit AC1200 Router DIR-846 100A53DBR-Retail devices allow an authenticated remote attacker to execute arbitrary code via an unspecified manipulation of the QoS POST parameter. D-Link DIR-846 is a wireless router made by China D-Link Company. D-Link DIR-846 has a code execution vulnerability that allows an attacker to execute arbitrary code

Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the admin panel.

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Encryption parameter in the SetWLanRadioSecurity function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. D-Link DIR-823G is a wireless router made by China D-Link Company. The vulnerability is caused by incorrect boundary checking of the SetWLanRadioSecurity function

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the TXPower parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. D-Link DIR-823G is a wireless router made by China D-Link Company. The vulnerability is caused by incorrect bounds checking of the SetWLanRadioSettings function

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Password parameter in the SetWanSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. D-Link DIR-823G is a wireless router made by China D-Link Company. The vulnerability is caused by incorrect bounds checking of the SetWanSettings function

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the SSID parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. D-Link DIR-823G is a wireless router made by China D-Link Company. The vulnerability is caused by incorrect bounds checking of the SetWLanRadioSettings function

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Mac parameter in the SetParentsControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. D-Link DIR-823G is a wireless router made by China D-Link Company. This vulnerability is due to incorrect boundary checking of the SetParentsControlInfo function

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the StartTime parameter in the SetParentsControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. D-Link DIR-823G is a wireless router made by China D-Link Company. This vulnerability is due to incorrect boundary checking of the SetParentsControlInfo function

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the GuardInt parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. D-Link DIR-823G is a wireless router made by China D-Link Company. The vulnerability is caused by incorrect boundary checking of the SetWLanRadioSettings function

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the MacAddress parameter in the SetWanSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. D-Link DIR-823G is a wireless router made by China D-Link Company. The vulnerability is caused by incorrect bounds checking of the SetWanSettings function

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Type parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. D-Link DIR-823G is a wireless router made by China D-Link Company. The vulnerability is caused by incorrect bounds checking of the SetWLanRadioSettings function

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the EndTime parameter in the SetParentsControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. D-Link DIR-823G is a wireless router made by China D-Link Company. This vulnerability is due to incorrect boundary checking of the SetParentsControlInfo function

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the AdminPassword parameter in the SetDeviceSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. D-Link DIR-823G is a wireless router made by China D-Link Company

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the CurrentPassword parameter in the CheckPasswdSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. D-Link DIR-823G is a wireless router made by China D-Link Company. This vulnerability is caused by the CurrentPassword parameter of the CheckPasswdSettings method failing to correctly verify the length of the input data