VARIoT IoT vulnerabilities database

HA Bridge is a gateway product of BWS Systems. BWS Systems HA Bridge has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information.

D-Link DCS-960L is a network camera product of China's D-Link company. D-Link DCS-960L has a binary vulnerability that can be exploited by attackers to cause a denial of service.

DocuCentre-IV 2060 is a medium-speed digital multifunction printer with main functions including copying, printing and scanning. Fuji Xerox (China) Co., Ltd. DocuCentre-IV 2060 has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Brother MFC-J491DW is a multi-function color inkjet printer suitable for various office and personal use scenarios. Brother MFC-J491DW has a weak password vulnerability that can be exploited by attackers to obtain sensitive information.

HP LaserJet Pro MFP 3101-3108 is a multi-function laser printer that supports printing, copying, and scanning functions, suitable for small and medium-sized enterprises and office environments. ‌ HP LaserJet Pro MFP 3101-3108 of HP Trading (Shanghai) Co., Ltd. has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.

Brother MFC-L2713DW is a multifunction laser printer with printing, copying, scanning and faxing functions. Brother MFC-L2713DW has a weak password vulnerability that can be exploited by attackers to obtain sensitive information.

Xerox® VersaLink® B7030 MFP is a multi-function printer with multiple functions and performance features. Fuji Xerox (China) Co., Ltd. Xerox® VersaLink® B7030 MFP has a weak password vulnerability that can be exploited by attackers to obtain sensitive information.

TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in downloadFile.cgi through the v5 parameter. A830R firmware, a950rg firmware, A3000RU firmware etc. TOTOLINK The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in downloadFile.cgi through the v14 parameter. A830R firmware, a950rg firmware, A3000RU firmware etc. TOTOLINK The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v25 parameter. TOTOLINK of A810R Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A810R is a wireless dual-band router from China's TOTOLINK Electronics. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in the downloadFile.cgi through the v14 and v3 parameters. TOTOLINK of A810R Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A810R is a wireless dual-band router from China's TOTOLINK Electronics. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v25 parameter. TOTOLINK of a800r Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A800R is a wireless router from China's TOTOLINK Electronics. The vulnerability is caused by the failure of the v25 parameter in downloadFile.cgi to correctly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in the downloadFile.cgi component. TOTOLINK of a800r Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A800R is a wireless router from China's TOTOLINK Electronics. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v14 parameter. TOTOLINK of a800r Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A800R is a wireless router from China's TOTOLINK Electronics. The vulnerability is caused by the failure of the v14 parameter in downloadFile.cgi to correctly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

TOTOLINK A800R V4.1.2cu.5032_B20200408 is vulnerable to Command Injection in downloadFile.cgi via the QUERY_STRING parameter. TOTOLINK of a800r Firmware contains a command injection vulnerability.Information may be obtained and information may be tampered with. TOTOLINK A800R is a wireless router from China's TOTOLINK Electronics. No detailed vulnerability details are currently provided

In the Tenda ac9 v1.0 router with firmware V15.03.05.14_multi, there is a stack overflow vulnerability in /goform/WifiWpsStart, which may lead to remote arbitrary code execution. Shenzhen Tenda Technology Co.,Ltd. of AC9 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC9 has a buffer overflow vulnerability, which is caused by /goform/WifiWpsStart failing to properly verify the length of input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

In Tenda ac9 v1.0 with firmware V15.03.05.14_multi, the rebootTime parameter of /goform/SetSysAutoRebbotCfg has a stack overflow vulnerability, which can lead to remote arbitrary code execution. Shenzhen Tenda Technology Co.,Ltd. of AC9 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC9 has a buffer overflow vulnerability. The vulnerability is caused by the rebootTime parameter of /goform/SetSysAutoRebbotCfg failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

In Tenda AC9 v1.0 with firmware V15.03.05.14_multi, the security parameter of /goform/WifiBasicSet has a stack overflow vulnerability, which can lead to remote arbitrary code execution. Shenzhen Tenda Technology Co.,Ltd. of AC9 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC9 V15.03.05.14_multi has a buffer overflow vulnerability. The vulnerability is caused by the /goform/WifiBasicSet security parameter failing to properly verify the length of the input data

D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in /goform/delRouting. D-Link Systems, Inc. D-Link DIR-816 A2 is a home and small office (SOHO) wireless router launched by D-Link. The vulnerability originates from the /goform/delRouting path. No detailed vulnerability details are provided at this time

TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution vulnerability in the setUpgradeFW function through the FileName parameter. TOTOLINK of ex1200t The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a dual-band wireless signal amplifier, mainly used to expand the coverage of existing wireless networks. TOTOLINK EX1200T has a code execution vulnerability. An attacker can exploit this vulnerability to execute arbitrary code on the target system, thereby gaining full control of the system