VARIoT IoT vulnerabilities database

A vulnerability classified as critical has been found in TOTOLINK A3002RU 3.0.0-B20230809.1615. Affected is an unknown function of the file /boafrm/formWlSiteSurvey of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of A3002RU The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3002RU is a wireless router product of China's Jiweng Electronics (TOTOLINK) Company. The vulnerability is caused by the parameter submit-url in the file /boafrm/formWlSiteSurvey failing to correctly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

A vulnerability, which was classified as problematic, was found in D-Link DCS-7517 up to 2.02.0. This affects the function g_F_n_GenPassForQlync of the file /bin/httpd of the component Qlync Password Generation Handler. The manipulation leads to use of hard-coded password. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DCS-7517 The firmware contains vulnerabilities related to certificate and password management, as well as vulnerabilities related to the use of hard-coded passwords.Information may be obtained. D-Link DCS-7517 is a network camera from D-Link, a Chinese company. Attackers can exploit this vulnerability to affect confidentiality

A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748_B20211015. This affects the function Form_Login of the file /formLoginAuth.htm. The manipulation of the argument authCode/goURL leads to missing authentication. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. TOTOLINK of t6 The firmware contains vulnerabilities related to authentication and lack of authentication for critical functions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK T6 is a wireless dual-band router from China's Jiweng Electronics (TOTOLINK) company. TOTOLINK T6 version 4.1.5cu.748_B20211015 has an authentication error vulnerability, which stems from the lack of authentication in the parameter authCode/goURL in the file /formLoginAuth.htm. Attackers can exploit this vulnerability to affect confidentiality, integrity, and availability

An issue D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210 allows a remote attacker to execute arbitrary code via system() function in the bin/goahead file. D-Link Systems, Inc. of DIR-816 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DIR-816 A2 is a wireless router from D-Link, a Chinese company

A buffer overflow in the formSetCfm() function of Tenda AC1206 1200M 11ac US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Tenda AC1206 is a wireless Gigabit router from China's Tenda Company. Tenda AC1206 has a buffer overflow vulnerability. The vulnerability is caused by the formSetCfm function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to cause a denial of service

Delta Electronics DTN Soft Project File Parsing Deserialization of Untrusted Data Remote Code Execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of project files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of an administrator. Delta Electronics DTN Soft is a temperature controller software developed by Delta Electronics, a Chinese company

Delta Electronics DTM Soft Project File Parsing Deserialization of Untrusted Data Remote Code Execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of BIN files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics DTN Soft is a temperature controller software developed by Delta Electronics, a Chinese company

A vulnerability classified as critical was found in D-Link DI-7300G+ 19.12.25A1. Affected by this vulnerability is an unknown functionality of the file httpd_debug.asp. The manipulation of the argument Time leads to os command injection. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of di-7300g+ The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DI-7300G+ is a rugged enterprise-class smart gateway from D-Link, a Chinese company. D-Link DI-7300G+ has a command injection vulnerability, which is caused by a flaw in httpd_debug.asp. An attacker can exploit this vulnerability to execute arbitrary operating system commands on the system

A vulnerability was found in Tenda AC5 15.03.06.47 and classified as critical. Affected by this issue is some unknown functionality of the file /goform/SetSysTimeCfg. The manipulation of the argument time/timeZone leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC5 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC5 has a stack buffer overflow vulnerability, which is caused by the failure of the parameters time and timeZone in the file /goform/SetSysTimeCfg to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability has been found in Tenda AC5 15.03.06.47 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC5 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the failure of the parameters schedStartTime and schedEndTime in the file /goform/openSchedWifi to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability classified as critical has been found in D-Link DIR-513 1.0. This affects an unknown part of the file /goform/formSetWanPPTP. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-513 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-513 is a wireless router product of D-Link, a Chinese company. The vulnerability is caused by the parameter curTime in the file /goform/formSetWanPPTP failing to correctly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

A vulnerability was found in D-Link DI-8100 16.07.21. It has been rated as critical. Affected by this issue is some unknown functionality of the file /pppoe_base.asp of the component jhttpd. The manipulation of the argument mschap_en leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of di-8100 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DI-8100 is a wireless broadband router designed for small and medium-sized network environments by D-Link. The vulnerability is caused by the parameter mschap_en in the file /pppoe_base.asp failing to correctly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

A vulnerability classified as critical was found in TOTOLINK A702R up to 4.0.0-B20230721.1521. Affected by this vulnerability is an unknown functionality of the file /boafrm/formWlSiteSurvey of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of A702R The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A702R is a router device produced by China's Jiweng Electronics (TOTOLINK) company. Attackers can exploit this vulnerability to cause a denial of service or execute arbitrary code on the device

A vulnerability classified as critical has been found in TOTOLINK X15 up to 1.0.0-B20230714.1105. Affected is an unknown function of the file /boafrm/formParentControl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of X15 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. TOTOLINK X15 is a network wireless extender produced by China's Jiong Electronics Company (TOTOLINK). Attackers can exploit this vulnerability to execute arbitrary code or cause the device to crash

A buffer overflow vulnerability exists in the fromNatStaticSetting function of Tenda AC6 <=V15.03.05.19 via the page parameter. Shenzhen Tenda Technology Co.,Ltd. (DoS) It may be in a state. The vulnerability is caused by the fromNatStaticSetting function failing to properly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

D-Link DIR-823-Pro 1.02 has improper permission control, allowing unauthorized users to turn on and access Telnet services. D-Link Systems, Inc. of DIR-823-Pro Firmware contains an access control vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DIR-823-Pro is a dual-band smart wireless router with a four-antenna design. It supports 802.11ac Gigabit Wi-Fi technology and offers wireless speeds up to 1200Mbps, meeting the bandwidth-demanding needs of high-definition video playback, online gaming, and other applications

H3C ER5100G2 is an enterprise-class Gigabit high-performance router. H3C ER5100G2 of H3C Technologies Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to log in to the system and obtain sensitive information.

WNDAP360 is a wireless access point (AP) device from Netgear Inc. Netgear WNDAP360 has an information leakage vulnerability that attackers can exploit to obtain sensitive information.

NETGEAR WNDAP350 is a dual-band wireless access point. NETGEAR WNDAP350 has an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information.

A vulnerability has been found in TOTOLINK A702R 4.0.0-B20230721.1521 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formIpv6Setup of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of A702R The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A702R is a router device produced by China's Jiweng Electronics (TOTOLINK) company. TOTOLINK A702R has a buffer overflow vulnerability, which is caused by the improper processing of the parameter submit-url in the file /boafrm/formIpv6Setup. No detailed vulnerability details are currently provided