VARIoT IoT vulnerabilities database

A vulnerability has been found in Netgear EX6200 1.0.3.94 and classified as critical. This vulnerability affects the function sub_3C8EC. The manipulation of the argument host leads to buffer overflow. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way. of netgear EX6200 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR EX6200 is a wireless network signal extender from NETGEAR. The vulnerability is caused by the sub_3C8EC function parameter host failing to correctly verify the length of the input data. Attackers can use this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability, which was classified as critical, was found in Netgear EX6200 1.0.3.94. This affects the function sub_3C03C. The manipulation of the argument host leads to buffer overflow. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. of netgear EX6200 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR EX6200 is a wireless network signal extender from NETGEAR. The vulnerability is caused by the sub_3C03C function parameter host failing to correctly verify the length of the input data. Attackers can use this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability, which was classified as critical, has been found in Netgear EX6120 1.0.3.94. Affected by this issue is the function sub_30394. The manipulation of the argument host leads to buffer overflow. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. of netgear EX6120 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR EX6120 is a wireless extender from NETGEAR. The vulnerability is caused by the sub_30394 function parameter host failing to correctly verify the length of the input data. Attackers can use this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability classified as critical was found in Netgear EX6120 1.0.0.68. Affected by this vulnerability is the function fwAcosCgiInbound. The manipulation of the argument host leads to buffer overflow. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. of netgear EX6120 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR EX6120 is a wireless extender from NETGEAR. The vulnerability is caused by the failure of the parameter host of the fwAcosCgiInbound function to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface, which in specific conditions could potentially enable a remote unauthenticated attacker to cause the appliance to make requests to an unintended location. SonicWALL of SMA1000 A server-side request forgery vulnerability exists in the firmware.Information may be obtained and information may be tampered with

A vulnerability was found in Netgear WG302v2 up to 5.2.9 and classified as critical. Affected by this issue is the function ui_get_input_value. The manipulation of the argument host leads to command injection. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. of netgear wg302v2 The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR WG302v2 is a wireless access point from NETGEAR. NETGEAR WG302v2 has a command injection vulnerability, which is caused by the failure of the ui_get_input_value function parameter host to properly filter special characters and commands in constructing commands. No detailed vulnerability details are currently available

A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been rated as critical. Affected by this issue is the function sub_435E04. The manipulation of the argument host leads to command injection. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. of netgear jwnr2000v2 The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR JWNR2000v2 has a command injection vulnerability, which is caused by the sub_435E04 function parameter host failing to properly filter special characters and commands in the constructed command. No detailed vulnerability details are currently available

A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been declared as critical. Affected by this vulnerability is the function cmd_wireless. The manipulation of the argument host leads to command injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. of netgear jwnr2000v2 The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR JWNR2000v2 has a command injection vulnerability, which is caused by the cmd_wireless function parameter host failing to properly filter special characters and commands in the constructed command. No detailed vulnerability details are currently available

A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been classified as critical. Affected is the function sub_4238E8. The manipulation of the argument host leads to buffer overflow. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. of netgear jwnr2000v2 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the failure of the parameter host of the sub_4238E8 function to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability, which was classified as critical, was found in Netgear JWNR2000v2 1.0.0.11. This affects the function sub_41A914. The manipulation of the argument host leads to buffer overflow. The vendor was contacted early about this disclosure but did not respond in any way. of netgear JWNR2000 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR JWNR2000v2 is a wireless router from NETGEAR. The vulnerability is caused by the sub_41A914 function parameter host failing to correctly verify the length of the input data. No detailed vulnerability details are currently provided

A vulnerability, which was classified as critical, has been found in Netgear JWNR2000v2 1.0.0.11. Affected by this issue is the function get_cur_lang_ver. The manipulation of the argument host leads to buffer overflow. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. of netgear JWNR2000 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR JWNR2000v2 is a wireless router from NETGEAR. The vulnerability is caused by the parameter host of the get_cur_lang_ver function failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability classified as critical was found in Netgear JWNR2000v2 1.0.0.11. Affected by this vulnerability is the function default_version_is_new. The manipulation of the argument host leads to buffer overflow. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. of netgear JWNR2000 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR JWNR2000v2 is a wireless router from NETGEAR. The vulnerability is caused by the default_version_is_new function parameter host failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability classified as critical has been found in Netgear JWNR2000v2 1.0.0.11. Affected is the function check_language_file. The manipulation of the argument host leads to buffer overflow. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. of netgear JWNR2000 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR JWNR2000v2 is a wireless router from NETGEAR. The vulnerability is caused by the fact that the parameter host of the check_language_file function fails to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file. Delta Electronics, INC. of ISPSoft Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file. Delta Electronics, INC. of ISPSoft Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file. Delta Electronics, INC. of ISPSoft Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file. Delta Electronics, INC. of ISPSoft Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to leverage debugging logic to execute arbitrary code when parsing CBDGL file. Delta Electronics, INC. of ISPSoft Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A vulnerability classified as critical was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). Affected by this vulnerability is the function cgidhcpsCfgSet of the file /goform/modules of the component httpd. The manipulation of the argument json leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vulnerability is caused by the failure of the parameter json in /goform/modules to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /home.htm of the component MAC Filtering Page. The manipulation of the argument Comment leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of N150RT The firmware contains cross-site scripting and code injection vulnerabilities.Information may be obtained and information may be tampered with. TOTOLINK N150RT is a high-power wireless router device. TOTOLINK N150RT has a cross-site scripting vulnerability, which originates from the parameter Comment in the file /home.htm. No detailed vulnerability details are provided at present