VARIoT IoT vulnerabilities database

Zhuhai Pantum Printing Technology Co., Ltd. is an enterprise that masters the core technology of printers and independent intellectual property rights, and integrates R&D, design, production and sales of printers, consumables and text printing output solutions. Zhuhai Pantum Printing Technology Co., Ltd. Pantum M6700DW Series has a logic flaw vulnerability, which can be exploited by attackers to obtain sensitive information.

M7160DW is a monochrome laser all-in-one machine that supports printing, copying and scanning functions, and can be connected via USB, wired network, LAN and WIFI. The M7160DW of Zhuhai Pantum Printing Technology Co., Ltd. has an arbitrary file reading vulnerability. Attackers can use this vulnerability to arbitrarily read files in the printer's file system without authorization.

Tenda AC6 US_AC6V4.0RTL_V02.03.01.26_cn.bin allows attackers (who have the administrator password) to cause a denial of service (device crash) via a long string in the wifiPwd_5G parameter to /goform/setWifi. Shenzhen Tenda Technology Co.,Ltd. of AC6 A vulnerability exists in firmware related to improper shutdown and release of resources.Service operation interruption (DoS) It may be in a state. Tenda AC6 has a denial of service vulnerability. This vulnerability results from incorrect processing of input error messages

Memory corruption in Graphics while processing user packets for command submission. APQ8064AU firmware, AQT1000 firmware, AR8035 Multiple Qualcomm products, such as firmware, contain vulnerabilities related to use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA during CSA IE. 9206 lte firmware, APQ8017 firmware, APQ8052 Unspecified vulnerabilities exist in multiple Qualcomm products, including firmware.Service operation interruption (DoS) It may be in a state

Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA IE. 9206 lte firmware, APQ8017 firmware, APQ8052 Unspecified vulnerabilities exist in multiple Qualcomm products, including firmware.Service operation interruption (DoS) It may be in a state

Memory corruption in WLAN HAL while handling command streams through WMI interfaces. 9205 lte firmware, APQ8017 firmware, APQ8064AU Several Qualcomm products, such as firmware, contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Memory corruption in WLAN HAL while passing command parameters through WMI interfaces. AQT1000 firmware, AR8031 firmware, AR9380 Several Qualcomm products, such as firmware, contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Memory corruption in Audio during playback session with audio effects enabled. APQ8096AU firmware, AQT1000 firmware, MDM9150 Several Qualcomm products, such as firmware, contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Dell Alienware Command Center, versions prior to 5.5.51.0, contain a deserialization of untrusted data vulnerability. A local malicious user could potentially send specially crafted requests to the .NET Remoting server to run arbitrary code on the system. (DoS) It may be in a state

The Wanbaoze p12 camera is a camera product of Shenzhen Anjubao Electronics Co., Ltd. Shenzhen Anjubao Electronics Co., Ltd.'s Wanbaoze p12 camera has a binary vulnerability that attackers can exploit to cause a denial of service.

A vulnerability was found in Tenda AC8 16.03.34.06_cn_TDC01. It has been declared as critical. Affected by this vulnerability is the function formSetDeviceName. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-238633 was assigned to this vulnerability. of AC8 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda AC8 is a dual-gigabit wireless router designed for homes with fiber optic connections up to 1000 Mbps. It supports IPv6 and features intelligent network management. The Tenda AC8 suffers from a stack buffer overflow vulnerability caused by a bounds error in the formSetDeviceName function when processing untrusted input. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service

Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd. CBR40 firmware, LAX20 firmware, MK62 A classic buffer overflow vulnerability exists in multiple Netgear products, including firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR R6400v2 is a router from NETGEAR. It is a hardware device that connects two or more networks and acts as a gateway between networks. NETGEAR R6400v2 has a code execution vulnerability, which is caused by the program failing to properly filter special elements in the constructed code segment

A vulnerability, which was classified as critical, has been found in D-Link DAR-8000-10 up to 20230819. Affected by this issue is some unknown functionality of the file /log/decodmail.php. The manipulation of the argument file leads to os command injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-238574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. D-Link Systems, Inc. of dar-8000-10 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

TP-Link Tapo C210 ActiveCells Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Tapo C210 IP cameras. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the ActiveCells parameter of the CreateRules and ModifyRules APIs. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20589. TP-LINK Technologies of Tapo C210 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TP-LINK Tapo C210 is a network camera device from China's TP-LINK company

Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment. Digi International Provided by Digi RealPort Protocol The following vulnerabilities exist in. It was * Authentication using password hashes instead of passwords (CWE-836) - CVE-2023-4299If the vulnerability is exploited, it may be affected as follows. It was * Authentication is bypassed and connected devices are accessed by a remote third party

Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_3A1D0' contains a command execution vulnerability. The Tenda AC6 is a dual-band wireless router launched by Tenda. It supports both 2.4GHz and 5GHz bands, boasts a maximum transmission rate of 1167Mbps, and features dual-band integration. An attacker could exploit this vulnerability to execute arbitrary commands

Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADD50' contains a command execution vulnerability. In the "formSetIptv" function, obtaining the "list" and "vlanId" fields, unfiltered passing these two fields as parameters to the "sub_ADD50" function to execute commands. Tenda AC6 is a wireless router made by China Tenda Company. The vulnerability is caused by the failure of the sub_ADD50 function to correctly filter special characters, commands, etc. in the constructed command

Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter mac at url /goform/GetParentControlInfo. Shenzhen Tenda Technology Co.,Ltd. of AC9 firmware and AC5 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter time at url /goform/PowerSaveSet. Shenzhen Tenda Technology Co.,Ltd. of AC9 firmware, AC7 firmware, AC5 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state