VARIoT IoT vulnerabilities database
| VAR-202306-0932 | CVE-2023-34942 | ASUSTeK Computer Inc. of rt-n10lx Out-of-bounds write vulnerability in firmware |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overflow via the mac parameter at /start-apply.html. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. ASUSTeK Computer Inc. of rt-n10lx An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state
| VAR-202306-0904 | CVE-2023-33625 | D-Link DIR-600 Command Injection Vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command injection vulnerability via the ST parameter in the lxmldbc_system() function. D-Link DIR-600 is a wireless router made by China D-Link Company.
There is a command injection vulnerability in D-Link DIR-600. in constructing commands. An attacker could exploit this vulnerability to cause arbitrary command execution
| VAR-202306-0510 | CVE-2023-32542 | Multiple vulnerabilities in multiple Fuji Electric products |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution. Display drawing software provided by Fuji Electric Co., Ltd. Fuji Electric TELLUS is advanced, user-friendly industrial automation software that supports remote control. Fuji Electric TELLUS Lite is remote control software primarily used for equipment monitoring and management in industrial environments
| VAR-202306-0752 | CVE-2023-31195 | ASUS router RT-AX3000 In Secure without attributes Cookie Usage vulnerability |
CVSS V2: 2.6 CVSS V3: 5.3 Severity: MEDIUM |
ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 uses sensitive cookies without 'Secure' attribute. When an attacker is in a position to be able to mount a man-in-the-middle attack, and a user is tricked to log into the affected device through an unencrypted ('http') connection, the user's session may be hijacked. ASUSTeK COMPUTER INC. This vulnerability information is reported directly to the product developer by the following person, and after coordination with the product developer, for the purpose of disseminating it to product users. JVN It was announced at
| VAR-202306-0765 | CVE-2023-34100 | Contiki-NG Out-of-bounds read vulnerability in |
CVSS V2: - CVSS V3: 6.5 Severity: MEDIUM |
Contiki-NG is an open-source, cross-platform operating system for IoT devices. When reading the TCP MSS option value from an incoming packet, the Contiki-NG OS does not verify that certain buffer indices to read from are within the bounds of the IPv6 packet buffer, uip_buf. In particular, there is a 2-byte buffer read in the module os/net/ipv6/uip6.c. The buffer is indexed using 'UIP_IPTCPH_LEN + 2 + c' and 'UIP_IPTCPH_LEN + 3 + c', but the uip_buf buffer may not have enough data, resulting in a 2-byte read out of bounds. The problem has been patched in the "develop" branch of Contiki-NG, and is expected to be included in release 4.9. Users are advised to watch for the 4.9 release and to upgrade when it becomes available. There are no workarounds for this vulnerability aside from manually patching with the diff in commit `cde4e9839`. Contiki-NG Exists in an out-of-bounds read vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state
| VAR-202306-0870 | CVE-2023-34566 | Tenda AC10 Buffer error vulnerability |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter time at /goform/saveParentControlInfo.
| VAR-202306-0820 | CVE-2023-34570 | Tenda AC10 Buffer error vulnerability |
CVSS V2: - CVSS V3: 6.7 Severity: MEDIUM |
Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter devName at /goform/SetOnlineDevName.
| VAR-202306-0577 | CVE-2023-34283 | of netgear RAX30 Link interpretation vulnerability in firmware |
CVSS V2: 4.9 CVSS V3: 4.6 Severity: MEDIUM |
NETGEAR RAX30 USB Share Link Following Information Disclosure Vulnerability. This vulnerability allows physically present attackers to disclose sensitive information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of symbolic links on removable USB media. By creating a symbolic link, an attacker can abuse the router's web server to access arbitrary local files. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-19498. NETGEAR RAX30 is a WiFi 6 router launched by NETGEAR. It supports dual bands (2.4GHz and 5GHz), has a maximum transmission rate of 2400Mbps, uses three external antennas, is equipped with a 1.5GHz triple-core processor, and can connect 20 devices at the same time
| VAR-202306-0542 | CVE-2023-34285 | of netgear RAX30 Out-of-bounds write vulnerability in firmware |
CVSS V2: 8.3 CVSS V3: 8.8 Severity: HIGH |
NETGEAR RAX30 cmsCli_authenticate Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within a shared library used by the telnetd service, which listens on TCP port 23 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19918. of netgear RAX30 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR RAX30 is a dual-band wireless router from NETGEAR
| VAR-202306-0499 | CVE-2023-34571 | Tenda AC10 Buffer error vulnerability |
CVSS V2: - CVSS V3: 6.7 Severity: MEDIUM |
Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter shareSpeed at /goform/WifiGuestSet.
| VAR-202306-0582 | CVE-2023-34567 | Tenda AC10 Buffer error vulnerability |
CVSS V2: - CVSS V3: 6.7 Severity: MEDIUM |
Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list at /goform/SetVirtualServerCfg.
| VAR-202306-0680 | CVE-2023-34568 | Tenda AC10 Buffer error vulnerability |
CVSS V2: - CVSS V3: 6.7 Severity: MEDIUM |
Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter time at /goform/PowerSaveSet.
| VAR-202306-0634 | CVE-2023-34569 | Tenda AC10 Buffer error vulnerability |
CVSS V2: - CVSS V3: 6.7 Severity: MEDIUM |
Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list at /goform/SetNetControlList
| VAR-202306-0613 | CVE-2023-34284 | of netgear RAX30 Vulnerability related to use of hardcoded credentials in firmware |
CVSS V2: 5.8 CVSS V3: 6.3 Severity: MEDIUM |
NETGEAR RAX30 Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the system configuration. The system contains a hardcoded user account which can be used to access the CLI service as a low-privileged user. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19660. of netgear RAX30 A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR RAX30 is a dual-band wireless router from NETGEAR. No detailed vulnerability details are available
| VAR-202306-0380 | CVE-2023-30575 | Apache Guacamole Injection vulnerability |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole instructions during the handshake through specially-crafted data
| VAR-202306-0563 | CVE-2023-33537 | TP-Link wireless router Buffer error vulnerability |
CVSS V2: - CVSS V3: 8.1 Severity: HIGH |
TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/FixMapCfgRpm
| VAR-202306-0534 | CVE-2023-33538 | TP-Link wireless router Command injection vulnerability |
CVSS V2: - CVSS V3: 8.8 Severity: HIGH |
TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm
| VAR-202306-0643 | CVE-2023-30576 | Apache Guacamole Resource Management Error Vulnerability |
CVSS V2: - CVSS V3: 8.1 Severity: HIGH |
Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a freed RDP audio input buffer. Depending on timing, this may allow an attacker to execute arbitrary code with the privileges of the guacd process
| VAR-202306-0826 | CVE-2023-33536 | TP-Link wireless router Buffer error vulnerability |
CVSS V2: - CVSS V3: 8.1 Severity: HIGH |
TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/WlanMacFilterRpm
| VAR-202306-0797 | CVE-2023-33556 | TOTOLINK A7100RU Command injection vulnerability |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the staticGw parameter at /setting/setWanIeCfg