VARIoT IoT vulnerabilities database

A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /boafrm/fromStaticDHCP of the component LAN Settings Page. The manipulation of the argument Hostname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of N150RT The firmware contains cross-site scripting and code injection vulnerabilities.Information may be tampered with. TOTOLINK N150RT is a wireless router from China's TOTOLINK Electronics. There is a cross-site scripting vulnerability in the 3.4.0-B20190525 version of TOTOLINK N150RT. Attackers can exploit this vulnerability to execute arbitrary web scripts or HTML by injecting carefully crafted payloads

A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been classified as problematic. Affected is an unknown function of the file /home.htm of the component IP Port Filtering. The manipulation of the argument Comment leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of N150RT The firmware contains cross-site scripting and code injection vulnerabilities.Information may be tampered with. TOTOLINK N150RT is a wireless router from China's TOTOLINK Electronics. TOTOLINK N150RT 3.4.0-B20190525 version has a cross-site scripting vulnerability. Attackers can exploit this vulnerability to execute arbitrary web scripts or HTML by injecting carefully crafted payloads

A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525 and classified as critical. This issue affects some unknown processing of the file /boafrm/formWsc. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of N150RT The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N150RT is a wireless router produced by TOTOLINK. TOTOLINK N150RT has a buffer overflow vulnerability, which is caused by improper processing of the parameter submit-url in the file /boafrm/formWsc. No detailed vulnerability details are provided at present

A vulnerability has been found in TOTOLINK N150RT 3.4.0-B20190525 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formWlwds. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of N150RT The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N150RT is a wireless router produced by China's TOTOLINK Electronics Company. The vulnerability is caused by the failure of the parameter submit-url in the file /boafrm/formWlwds to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability, which was classified as critical, was found in TOTOLINK N150RT 3.4.0-B20190525. This affects an unknown part of the file /boafrm/formWdsEncrypt. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of N150RT The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N150RT is a wireless router produced by China's TOTOLINK Electronics. The vulnerability is caused by the failure of the submit-url parameter in the file /boafrm/formWdsEncrypt to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability, which was classified as critical, has been found in TOTOLINK N150RT 3.4.0-B20190525. Affected by this issue is some unknown functionality of the file /boafrm/formVlan. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of N150RT The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N150RT is a wireless router produced by China's TOTOLINK Electronics. The vulnerability is caused by the parameter submit-url in the file /boafrm/formVlan failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability classified as critical was found in TOTOLINK N150RT 3.4.0-B20190525. Affected by this vulnerability is an unknown functionality of the file /boafrm/formStaticDHCP. The manipulation of the argument Hostname leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of N150RT The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N150RT is a wireless router produced by China's TOTOLINK Electronics. The vulnerability is caused by the failure of the parameter Hostname in the file /boafrm/formStaticDHCP to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability classified as critical has been found in TOTOLINK N150RT 3.4.0-B20190525. Affected is an unknown function of the file /boafrm/formPortFw. The manipulation of the argument service_type leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of N150RT The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N150RT is a wireless router from China's TOTOLINK Electronics. TOTOLINK N150RT has a buffer overflow vulnerability, which is caused by the parameter service_type in the file /boafrm/formPortFw failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been rated as critical. This issue affects some unknown processing of the file /boafrm/formWsc. The manipulation of the argument localPin leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of N150RT The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N150RT is a wireless router from China's TOTOLINK Electronics. TOTOLINK N150RT has a command injection vulnerability, which is caused by the failure of the localPin parameter in the file /boafrm/formWsc to properly filter special characters and commands in the constructed command. No detailed vulnerability details are currently provided

B-LINK Router is a network device, mainly used for network connection and data forwarding. B-LINK Router has a logic flaw vulnerability, which can be exploited by attackers to reset account passwords.

HP LaserJet MFP M132nw is a black and white laser multifunction printer, mainly used for printing, copying and scanning. ‌ HP LaserJet MFP M132nw of HP Trading (Shanghai) Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

‌HollySys Technology Group Co., Ltd. is a high-tech enterprise group mainly engaged in automation control system platforms and industry solutions‌. HollySys Technology Group Co., Ltd. LE5118 programmable logic controller has a denial of service vulnerability, which can be exploited by attackers to cause denial of service.

Sony (China) Co., Ltd. is a company engaged in investment, product marketing, customer after-sales service contact, etc. in the electronic information industry. Sony (China) Co., Ltd. SONY SNC-CH260 camera has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

HP OfficeJet Pro 8740 is a multi-function printer with multiple functions such as printing, copying, scanning and faxing. HP OfficeJet Pro 8740 of HP Trading (Shanghai) Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Emerson Electric (China) Investment Co., Ltd. is a global technology and engineering company. Emerson DCS DeltaV MQ Controller of Emerson Electric (China) Investment Co., Ltd. has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

TP-Link Technologies Co., Ltd. is a leading global supplier of network communication equipment, mainly providing network communication equipment and solutions. TP-Link Technologies Co., Ltd. TL-IPC43AN-4GY PTZ network camera has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

Beijing Yakong Technology Development Co., Ltd. is a high-tech enterprise of industrial automation and information software platform, focusing on independent research and development, marketing and service of domestic industrial software. Beijing Yakong Technology Development Co., Ltd. KingH5Stream has an unauthorized access vulnerability, which can be exploited by attackers to add/delete users beyond their authority.

SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system. SAP of SAP NetWeaver Contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Brother MFC-L2713DW is a multifunction laser printer with printing, copying, scanning and faxing functions. Brother MFC-L2713DW has a weak password vulnerability that can be exploited by attackers to obtain sensitive information.

D-Link DCS-960L is a network camera product of China's D-Link company. D-Link DCS-960L has a binary vulnerability that can be exploited by attackers to cause a denial of service.