VARIoT IoT vulnerabilities database
| VAR-202310-2042 | CVE-2023-46537 |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getRegVeriRegister.
| VAR-202310-2453 | CVE-2023-46536 |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkRegVeriRegister.
| VAR-202310-2043 | CVE-2023-46535 |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getResetVeriRegister.
| VAR-202310-2646 | CVE-2023-46534 |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function modifyAccPwdRegister.
| VAR-202310-2351 | CVE-2023-46527 |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin and TL-WDR7660 2.0.30 was discovered to contain a stack overflow via the function bindRequestHandle.
| VAR-202310-2252 | CVE-2023-46526 |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function resetCloudPwdRegister.
| VAR-202310-1730 | CVE-2023-46525 |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function loginRegister.
| VAR-202310-1949 | CVE-2023-46523 |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function upgradeInfoRegister.
| VAR-202310-2143 | CVE-2023-46522 |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
TP-LINK device TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin and TL-WDR7660 2.0.30 were discovered to contain a stack overflow via the function deviceInfoRegister.
| VAR-202310-2551 | CVE-2023-46521 |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function RegisterRegister.
| VAR-202310-2454 | CVE-2023-46520 |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function uninstallPluginReqHandle.
| VAR-202310-1031 | CVE-2023-4607 |
CVSS V2: - CVSS V3: 8.8 Severity: HIGH |
An authenticated XCC user can change permissions for any user through a crafted API command
| VAR-202310-1349 | CVE-2023-46158 | IBM of IBM WebSphere Application Server Liberty Session deadline vulnerability in |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 could provide weaker than expected security due to improper resource expiration handling. IBM X-Force ID: 268775. (DoS) It may be in a state
| VAR-202310-1434 | CVE-2023-46547 | TOTOLINK X2000R GH formSysLog method buffer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formSysLog. The TOTOLINK X2000R Gh is a WiFi 6 router released by China's TOTOLINK Electronics. It supports Gigabit networking and Easy Mesh functionality, enabling multi-device connectivity and wireless expansion.
The TOTOLINK X2000R Gh suffers from a buffer overflow vulnerability caused by the formSysLog method's failure to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202310-1075 | CVE-2023-46369 | Tenda W18E Buffer Overflow Vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda W18E V16.01.0.8(1576) contains a stack overflow vulnerability via the portMirrorMirroredPorts parameter in the formSetNetCheckTools function. Tenda W18E is a wireless router from China's Tenda company. The vulnerability is caused by the portMirrorMirroredPorts parameter in the formSetNetCheckTools function failing to correctly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack
| VAR-202310-1257 | CVE-2023-46370 | Tenda W18E Command Injection Vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda W18E V16.01.0.8(1576) has a command injection vulnerability via the hostName parameter in the formSetNetCheckTools function. Tenda W18E is a wireless router from China's Tenda company. Attackers can exploit this vulnerability to execute arbitrary commands
| VAR-202310-1252 | CVE-2023-46541 | TOTOLINK X2000R Gh formIpv6Setup method stack buffer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIpv6Setup. The TOTOLINK X2000R Gh is a Wi-Fi 6 router launched by TOTOLINK, a Chinese electronics company. This vulnerability stems from the formIpv6Setup method failing to properly validate the length of input data. Attackers could exploit this vulnerability to execute arbitrary code or cause a denial-of-service attack
| VAR-202310-1211 | CVE-2023-46553 | TOTOLINK X2000R GH formParentControl method buffer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formParentControl. The OTOLINK X2000R Gh is a WiFi 6 router released by China's TOTOLINK Electronics. It supports Gigabit networking and Easy Mesh functionality, enabling multi-device connectivity and wireless expansion.
The TOTOLINK X2000R Gh suffers from a buffer overflow vulnerability caused by the formParentControl method's failure to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202310-1250 | CVE-2023-46551 | TOTOLINK X2000R GH formReflashClientTbl method buffer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formReflashClientTbl. The TOTOLINK X2000R Gh is a WiFi 6 router released by China's TOTOLINK Electronics. It supports Gigabit networking and Easy Mesh functionality, offering multi-device connectivity and wireless expansion capabilities.
The TOTOLINK X2000R Gh suffers from a buffer overflow vulnerability caused by the formReflashClientTbl method's failure to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202310-1213 | CVE-2023-46542 | TOTOLINK X2000R Gh formMeshUploadConfig method buffer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMeshUploadConfig. The TOTOLINK X2000R Gh is a WiFi 6 router released by China's TOTOLINK Electronics. It supports Gigabit networking and Easy Mesh functionality, offering multi-device connectivity and wireless expansion capabilities.
The TOTOLINK X2000R Gh suffers from a buffer overflow vulnerability caused by the formMeshUploadConfig method's failure to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service