VARIoT IoT vulnerabilities database
| VAR-202304-0528 | CVE-2023-25220 | Shenzhen Tenda Technology Co.,Ltd. of AC5 Out-of-bounds write vulnerability in firmware |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the add_white_node function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. Shenzhen Tenda Technology Co.,Ltd. of AC5 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202304-0520 | CVE-2023-27806 | H3C of magic r100 Out-of-bounds write vulnerability in firmware |
CVSS V2: - CVSS V3: 4.9 Severity: MEDIUM |
H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the ipqos_lanip_dellist interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. H3C of magic r100 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state
| VAR-202304-0535 | CVE-2023-27808 | H3C of magic r100 Out-of-bounds write vulnerability in firmware |
CVSS V2: - CVSS V3: 4.9 Severity: MEDIUM |
H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. H3C of magic r100 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state
| VAR-202304-0526 | CVE-2023-24800 | D-Link Systems, Inc. of DIR-878 Out-of-bounds write vulnerability in firmware |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_495220 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. D-Link Systems, Inc. of DIR-878 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202304-0527 | CVE-2023-25215 | Shenzhen Tenda Technology Co.,Ltd. of AC5 Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. Shenzhen Tenda Technology Co.,Ltd. of AC5 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202304-0504 | CVE-2023-25216 | Shenzhen Tenda Technology Co.,Ltd. of AC5 Out-of-bounds write vulnerability in firmware |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the formSetFirewallCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. Shenzhen Tenda Technology Co.,Ltd. of AC5 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202304-0497 | CVE-2023-27807 | H3C of magic r100 Out-of-bounds write vulnerability in firmware |
CVSS V2: - CVSS V3: 4.9 Severity: MEDIUM |
H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the Delstlist interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. H3C of magic r100 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state
| VAR-202304-0584 | CVE-2023-25214 | Shenzhen Tenda Technology Co.,Ltd. of AC5 Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the setSchedWifi function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. Shenzhen Tenda Technology Co.,Ltd. of AC5 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202304-0529 | CVE-2023-27017 | Shenzhen Tenda Technology Co.,Ltd. of AC10 Out-of-bounds write vulnerability in firmware |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_45DC58 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. Shenzhen Tenda Technology Co.,Ltd. of AC10 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202304-0563 | CVE-2023-26848 | TOTOLINK of A7100RU Command injection vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the org parameter at setting/delStaticDhcpRules. TOTOLINK of A7100RU Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK A7100RU is a wireless router manufactured by the Chinese company TOTOLINK, primarily used for home network connections. An attacker could exploit this vulnerability to execute arbitrary commands
| VAR-202304-0585 | CVE-2023-25212 | Shenzhen Tenda Technology Co.,Ltd. of AC5 Out-of-bounds write vulnerability in firmware |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromSetWirelessRepeat function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. Shenzhen Tenda Technology Co.,Ltd. of AC5 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202304-0586 | CVE-2023-25218 | Shenzhen Tenda Technology Co.,Ltd. of AC5 Out-of-bounds write vulnerability in firmware |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the form_fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. Shenzhen Tenda Technology Co.,Ltd. of AC5 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202304-0498 | CVE-2023-27016 | Shenzhen Tenda Technology Co.,Ltd. of AC10 Out-of-bounds write vulnerability in firmware |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the R7WebsSecurityHandler function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. Shenzhen Tenda Technology Co.,Ltd. of AC10 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202304-0486 | CVE-2023-27018 | Shenzhen Tenda Technology Co.,Ltd. of AC10 Out-of-bounds write vulnerability in firmware |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_45EC1C function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. Shenzhen Tenda Technology Co.,Ltd. of AC10 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202304-0572 | CVE-2023-27804 | H3C of magic r100 Out-of-bounds write vulnerability in firmware |
CVSS V2: - CVSS V3: 4.9 Severity: MEDIUM |
H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DelvsList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. H3C of magic r100 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state
| VAR-202304-0618 | CVE-2023-25213 | Shenzhen Tenda Technology Co.,Ltd. of AC5 Out-of-bounds write vulnerability in firmware |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the check_param_changed function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. Shenzhen Tenda Technology Co.,Ltd. of AC5 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202304-0461 | CVE-2023-27019 | Shenzhen Tenda Technology Co.,Ltd. of AC10 Out-of-bounds write vulnerability in firmware |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_458FBC function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. Shenzhen Tenda Technology Co.,Ltd. of AC10 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202304-0599 | CVE-2023-25211 | Shenzhen Tenda Technology Co.,Ltd. of AC5 Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the R7WebsSecurityHandler function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. Shenzhen Tenda Technology Co.,Ltd. of AC5 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202304-0617 | CVE-2023-24799 | D-Link Systems, Inc. of DIR-878 Out-of-bounds write vulnerability in firmware |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_48AF78 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. D-Link Systems, Inc. of DIR-878 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202304-0606 | CVE-2023-27801 | H3C of magic r100 Out-of-bounds write vulnerability in firmware |
CVSS V2: - CVSS V3: 4.9 Severity: MEDIUM |
H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DelDNSHnList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. H3C of magic r100 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state