VARIoT IoT vulnerabilities database

TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/WlanMacFilterRpm

There is a command injection vulnerability in a mobile internet product of ZTE. Due to insufficient validation of SET_DEVICE_LED interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands. ZTE of MF286R Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Authentication is required to exploit this vulnerability.The specific flaw exists within the handling of a request parameter provided to the SET_DEVICE_LED endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. ZTE MF286R is a wireless router made by China's ZTE Corporation. This vulnerability is caused by the application's failure to correctly filter special characters and commands in constructed commands

Netgear D6220 with Firmware Version 1.0.0.80, D8500 with Firmware Version 1.0.3.60, R6700 with Firmware Version 1.0.2.26, and R6900 with Firmware Version 1.0.2.26 are vulnerable to Command Injection. If an attacker gains web management privileges, they can inject commands into the post request parameters, gaining shell privileges

The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account credential of the victim

There is a command injection vulnerability in the Netgear R6250 router with Firmware Version 1.0.4.48. If an attacker gains web management privileges, they can inject commands into the post request parameters, thereby gaining shell privileges. Netgear R6250 is a router launched by Netgear. Attackers can use this vulnerability to execute arbitrary commands and obtain host privileges

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection via the setWanCfg function.

There is a command injection vulnerability in the Tenda G103 Gigabit GPON Terminal with firmware version V1.0.0.5. If an attacker gains web management privileges, they can inject commands gaining shell privileges. Tenda G103 is a GPON fiber access device specially designed for home and SOHO users by China Tenda Company. The vulnerability stems from the fact that the application fails to properly filter and construct commands with special characters, commands, etc

A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code

An ErrorMessage driver stack-based buffer overflow vulnerability in BIOS of some ThinkPad models could allow an attacker with local access to elevate their privileges and execute arbitrary code

In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when uploading it, which can lead to remote code execution. Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from China Advantech Company. The software supports dynamic graphic display and real-time data control, and provides remote control and management of automation equipment

In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to upload an ASP script file to a webserver when logged in as manager user, which can lead to arbitrary code execution. Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from China Advantech Company. The software supports dynamic graphic display and real-time data control, and provides remote control and management of automation equipment. This vulnerability is caused by the application's lack of effective verification of uploaded files

Stack-based buffer overflow vulnerability exists in FRENIC RHC Loader v1.1.0.3. If a user opens a specially crafted FNE file, sensitive information on the system where the affected product is installed may be disclosed or arbitrary code may be executed. Provided by Fuji Electric Co., Ltd. FRENIC RHC Loader contains multiple vulnerabilities: * stack-based buffer overflow ( CWE-121 ) - CVE-2023-29160 It was * out-of-bounds read ( CWE-125 ) - CVE-2023-29167 It was * XML External entity reference ( XXE ) inappropriate restriction ( CWE-611 ) - CVE-2023-29498 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Fuji Electric FRENIC RHC Loader is a software tool developed by Fuji Electric in Japan for debugging and monitoring inverters, primarily serving the industrial automation sector

Hitron CODA-5310 has hard-coded encryption/decryption keys in the program code. A remote attacker authenticated as an administrator can decrypt system files using the hard-coded keys for file access, modification, and cause service disruption. Hitron Technologies Inc. of coda-5310 A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the get_parentControl_list_Info function. Shenzhen Tenda Technology Co.,Ltd. of AC8 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda AC8 is a dual-band gigabit wireless router designed for homes with fiber optic connections up to 1000 Mbps. It supports dual-band concurrent transmission rates of up to 1167 Mbps and is equipped with full gigabit ports (one WAN port and three LAN ports), meeting broadband access needs between 100 and 1000 Mbps. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Hitron Technologies CODA-5310’s Telnet function transfers sensitive data in plaintext. An unauthenticated remote attacker can exploit this vulnerability to access credentials of normal users and administrator

It is identified a vulnerability of insufficient authentication in the system configuration interface of Hitron Technologies CODA-5310. An unauthorized remote attacker can exploit this vulnerability to access system configuration interface, resulting in performing arbitrary system operation or disrupt service

Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the sub_4a79ec function. Shenzhen Tenda Technology Co.,Ltd. of AC8 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda AC8 is a dual-band gigabit wireless router designed for homes with fiber optic connections up to 1000 Mbps. It supports dual-band concurrent transmission rates of up to 1167 Mbps and is equipped with full gigabit ports (one WAN port and three LAN ports), meeting broadband access needs between 100 and 1000 Mbps. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Out-of-bound reads vulnerability exists in FRENIC RHC Loader v1.1.0.3. If a user opens a specially crafted FNE file, sensitive information on the system where the affected product is installed may be disclosed or arbitrary code may be executed. Provided by Fuji Electric Co., Ltd. FRENIC RHC Loader contains multiple vulnerabilities: * stack-based buffer overflow ( CWE-121 ) - CVE-2023-29160 It was * out-of-bounds read ( CWE-125 ) - CVE-2023-29167 It was * XML External entity reference ( XXE ) inappropriate restriction ( CWE-611 ) - CVE-2023-29498 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Fuji Electric FRENIC RHC Loader is a software tool developed by Fuji Electric in Japan for debugging and monitoring inverters, primarily serving the industrial automation sector

Hitron CODA-5310 has insufficient filtering for specific parameters in the connection test function. A remote attacker authenticated as an administrator, can use the management page to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service. Hitron Technologies Inc. of coda-5310 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Hitron Technologies CODA-5310 has a remote command execution vulnerability

In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files), inject code into an XLS file, and modify the file extension, which could lead to arbitrary code execution. Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from China Advantech Company. The software supports dynamic graphic display and real-time data control, and provides remote control and management of automation equipment