VARIoT IoT vulnerabilities database

Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via the deviceName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of AC9 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Wavlink WL-WN530H4 20220801 was found to contain a command injection vulnerability in the ping_test function of the adm.cgi via the pingIp parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. WAVLINK of WL-WN530H4 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. WAVLINK WL-WN530H4 is a high-performance USB wireless network card from WAVLINK, China, that supports 802.11ac dual-band Wi-Fi

An issue was discovered on Tenda RX2 Pro 16.03.30.14 devices. Improper network isolation between the guest Wi-Fi network and other network interfaces on the router allows an attacker (who is authenticated to the guest Wi-Fi) to access resources on the router and/or resources and devices on other networks hosted by the router by configuring a static IP address (within the non-guest subnet) on their host. Shenzhen Tenda Technology Co.,Ltd. of RX2 Pro Firmware contains an access control vulnerability.Information may be obtained and information may be tampered with. Tenda RX2 Pro is a high-performance WiFi 6 signal amplifier from China's Tenda. Tenda RX2 Pro 16.03.30.14 version has a security bypass vulnerability that can be exploited by attackers to access routers and other network resources

Cleartext transmission of sensitive information in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an unauthenticated attacker to authenticate to the web management portal by collecting credentials from observed/collected traffic. It implements encryption, but not until after the user has transmitted the hash of their password in cleartext. The hash can be replayed to authenticate. Shenzhen Tenda Technology Co.,Ltd. of RX2 Pro The firmware contains a vulnerability related to plaintext storage of sensitive information.Information may be obtained and information may be tampered with. Tenda RX2 Pro is a high-performance WiFi 6 signal amplifier from China's Tenda. Tenda RX2 Pro has an information leakage vulnerability that can be exploited by attackers to collect credentials for authentication

Initialization vector (IV) reuse in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an attacker to discern information about or more easily decrypt encrypted messages between client and server. Shenzhen Tenda Technology Co.,Ltd. of RX2 Pro The firmware contains a vulnerability related to the reuse of cryptographic nonce and key pairs.Information may be obtained and information may be tampered with. Tenda RX2 Pro is a high-performance WiFi 6 signal amplifier from China's Tenda. Tenda RX2 Pro 16.03.30.14 version has an information leakage vulnerability, which can lead to decryption of encrypted messages by attackers

Improper access controls in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to enable telnet access to the router's OS by sending a /goform/telnet web request. Shenzhen Tenda Technology Co.,Ltd. of RX2 Pro An authentication vulnerability exists in firmware.Information may be obtained and information may be tampered with. Tenda RX2 Pro is a high-performance WiFi 6 signal amplifier from China's Tenda

Improper access controls in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to enable 'ate' (a remote system management binary) by sending a /goform/ate web request. Shenzhen Tenda Technology Co.,Ltd. of RX2 Pro An authentication vulnerability exists in firmware.Information may be obtained and information may be tampered with. Tenda RX2 Pro is a high-performance WiFi 6 signal amplifier from China's Tenda

Lack of access controls in the 'ate' management binary of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to perform unauthorized configuration changes for any router where 'ate' has been enabled by sending a crafted UDP packet. Shenzhen Tenda Technology Co.,Ltd. of RX2 Pro Firmware contains an access control vulnerability.Information may be obtained and information may be tampered with. Tenda RX2 Pro is a high-performance WiFi 6 signal amplifier from China's Tenda. Attackers can exploit this vulnerability to cause unauthorized configuration changes

Lack of input validation/sanitization in the 'ate' management service in the Tenda RX2 Pro 16.03.30.14 allows an unauthorized remote attacker to gain root shell access to the device by sending a crafted UDP packet to the 'ate' service when it is enabled. Authentication is not needed. Shenzhen Tenda Technology Co.,Ltd. of RX2 Pro Firmware contains an access control vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda RX2 Pro is a high-performance WiFi 6 signal amplifier from China's Tenda. No detailed vulnerability details are currently provided

Reuse of a static AES key and initialization vector for encrypted traffic to the 'ate' management service of the Tenda RX2 Pro 16.03.30.14 allows an attacker to decrypt, replay, and/or forge traffic to the service. Shenzhen Tenda Technology Co.,Ltd. of RX2 Pro The firmware has a cryptographic strength vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda RX2 Pro is a high-performance WiFi 6 signal amplifier from China's Tenda. Tenda RX2 Pro 16.03.30.14 version has a security bypass vulnerability that can be exploited by attackers to cause decryption, replay, or forged traffic

Lack of input validation/sanitization in the 'setLanCfg' API endpoint in httpd in the Tenda RX2 Pro 16.03.30.14 allows a remote attacker that is authorized to the web management portal to gain root shell access to the device by sending a crafted web request. This is persistent because the command injection is saved in the configuration of the device. Shenzhen Tenda Technology Co.,Ltd. of RX2 Pro Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda RX2 Pro is a high-performance WiFi 6 signal amplifier from China's Tenda. Tenda RX2 Pro has an input validation error vulnerability, which stems from the lack of input validation in the setLanCfg API endpoint. Attackers can exploit this vulnerability to gain root shell access

Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetNetCheckTools function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of W20E Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. No detailed vulnerability details are currently available

Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the level parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of W20E Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. No detailed vulnerability details are currently available

Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the enable parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of W20E Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. No detailed vulnerability details are currently available

Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the module parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of W20E Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. No detailed vulnerability details are currently available

TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the msg_process function via the Url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. TOTOLINK CA300-PoE is a wireless access point of China's Jiong Electronics (TOTOLINK) company

TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the recvUpgradeNewFw function via the fwUrl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. TOTOLINK of CA300-PoE Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK CA300-PoE is a wireless access point of China's Jiong Electronics (TOTOLINK) company

TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. TOTOLINK of CA300-PoE Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK CA300-PoE is a wireless access point from China's TOTOLINK Electronics

TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the msg_process function via the Port parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. TOTOLINK CA300-PoE is a wireless access point from China's TOTOLINK Electronics

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the msg_process function via the Url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. TOTOLINK CA600-PoE is an outdoor wireless AP/CPE device from China's TOTOLINK Electronics. No detailed vulnerability details are currently provided