VARIoT IoT vulnerabilities database

D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter statuscheckpppoeuser in dir_setWanWifi. D-Link Systems, Inc. of DIR-816 A2 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter StartTime and EndTime in SetWifiDownSettings. D-Link Systems, Inc. of DIR-823G An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management. TP-LINK Technologies of TL-ER5120G A lack of authentication vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds NAPT rules after authentication, and the rule name has an injection point. TP-LINK Technologies of TL-ER5120G Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection points. TP-LINK Technologies of TL-ER5120G Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TP-LINK TL-ER5120G is a multi-WAN port Gigabit commercial router from China TP-LINK Company. TP-LINK TL-ER5120G has a command execution vulnerability. The vulnerability is due to the failure of the rule name to correctly filter special characters, commands, etc. in the constructed command. An attacker could exploit this vulnerability to cause arbitrary command execution

A buffer overflow vulnerability exists in the Rockwell Automation select 1756-EN* communication devices. If exploited, a threat actor could potentially leverage this vulnerability to perform a remote code execution. To exploit this vulnerability, a threat actor would have to send a maliciously crafted CIP request to device

D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a stack overflow vulnerability in the function update_users. D-Link DWL-6610 is a wireless access point from China D-Link Company. This vulnerability is caused by the failure to correctly verify the length of input data in the function update_users. A remote attacker can use this vulnerability to execute arbitrary code on the system or cause a denial of service attack

Hard-coded credentials in Juplink RX4-1500 versions V1.0.2 through V1.0.5 allow unauthenticated attackers to log in to the web interface or telnet service as the 'user' user. Juplink of RX4-1500 A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Buffer Overflow vulnerability in Tenda AC10V4 v.US_AC10V4.0si_V16.03.10.13_cn_TDC01 allows a remote attacker to cause a denial of service via the mac parameter in the GetParentControlInfo function. Shenzhen Tenda Technology Co.,Ltd. of AC10 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

ASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. An authenticated remote attacker can exploit the exported OpenVPN configuration to execute an externally-controlled format string attack, resulting in sensitivity information leakage, or forcing the device to reset and permanent denial of service.

TOTOLINK WA300-PoE is a high-performance in-wall wireless AP. Zeon Electronics (Shenzhen) Co., Ltd.'s WA300-PoE has a command execution vulnerability, which an attacker can exploit to gain control of the server.

DIR-822 A1 is a wireless cloud router. D-X Electronic Equipment (Shanghai) Co., Ltd. DIR-822 A1 has a command execution vulnerability. An attacker can use the vulnerability to gain control of the server.

DIR-852 is a router product of D-X Electronic Equipment (Shanghai) Co., Ltd. There is an unauthorized access vulnerability in DIR-852 of D-X Electronic Equipment (Shanghai) Co., Ltd. An attacker can use the vulnerability to obtain sensitive information.

DIR-816L is a router product of D-X Electronic Equipment (Shanghai) Co., Ltd. D-X Electronic Equipment (Shanghai) Co., Ltd. DIR-816L has an unauthorized access vulnerability that allows attackers to exploit the vulnerability to obtain sensitive information.

Dlink DIR-818LW is a 750M 11AC dual-band Gigabit cloud router. The wireless speed greatly exceeds 11N and can provide a high-speed wireless network environment of up to 750Mbps. D-X Electronic Equipment (Shanghai) Co., Ltd. DIR-818LW has a command execution vulnerability. An attacker can use the vulnerability to execute arbitrary commands through malicious HTTP requests, thereby gaining control of the server.

DIR-822 A1 is a wireless cloud router. D-X Electronic Equipment (Shanghai) Co., Ltd. DIR-822 A1 has a command execution vulnerability. An attacker can use the vulnerability to gain control of the server.

DIR-816L is a router product of D-X Electronic Equipment (Shanghai) Co., Ltd. D-X Electronic Equipment (Shanghai) Co., Ltd. DIR-816L has an unauthorized access vulnerability that allows attackers to exploit the vulnerability to obtain sensitive information.

DIR-852 is a router product of D-X Electronic Equipment (Shanghai) Co., Ltd. There is an unauthorized access vulnerability in DIR-852 of D-X Electronic Equipment (Shanghai) Co., Ltd. An attacker can use the vulnerability to obtain sensitive information.

Maipu Communication Technology Co., Ltd. was established in 1993 and is a leading domestic supplier of network products and solutions. Maipu Telecom Technology Co., Ltd.'s MPSec MSG4000 security gateway has an arbitrary file download vulnerability that allows attackers to exploit the vulnerability to obtain sensitive information.

China Mobile Smart Home Gateway H2-3 is a general gateway device of China Mobile Communications. China Mobile Communications Co., Ltd.'s smart home gateway H2-3 has a command execution vulnerability. An attacker can use the vulnerability to gain server control permissions.