VARIoT IoT vulnerabilities database

An authentication bypass vulnerability exists in the HTTP authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send packets to trigger this vulnerability. Shenzhen Tenda Technology Co.,Ltd. of AC6 The firmware contains an authentication bypass vulnerability using alternate paths or channels.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. It supports both IPv4 and IPv6 protocols, utilizes the 802.11ac/n wireless standard, and offers a wireless transmission rate of 1167Mbps

An information disclosure vulnerability exists in the /goform/getproductInfo functionality of Tenda AC6 V5.0 V02.03.01.110. Specially crafted network packets can lead to a disclosure of sensitive information. An attacker can send packets to trigger this vulnerability. Shenzhen Tenda Technology Co.,Ltd. of AC6 The firmware contains an authentication bypass vulnerability using alternate paths or channels.Information may be obtained. It supports both IPv4 and IPv6 protocols, utilizes the 802.11ac/n wireless standard, and offers a wireless transmission rate of 1167 Mbps

An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted network request can lead to arbitrary code execution. An attacker can browse to the device to trigger this vulnerability. Shenzhen Tenda Technology Co.,Ltd. of AC6 The firmware is vulnerable due to a missing key step of authentication.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. It supports both IPv4 and IPv6 protocols, utilizes the 802.11ac/n wireless standard, and offers a wireless transmission rate of 1167Mbps. The Tenda AC6 has a code execution vulnerability

TOTOLINK-A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability in the devicemac parameter in the formMapDel endpoint. TOTOLINK of A3002R Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK A3002R is a wireless router manufactured by China's TOTOLINK Electronics. Its primary function is to provide wireless network connectivity for homes and small offices. An attacker can exploit this vulnerability by submitting a specially crafted request to execute arbitrary commands in the context of the application

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an command injection vulnerability via the component bupload.html. The TOTOLINK A3002R is a wireless router manufactured by China's TOTOLINK Electronics. Its primary function is to provide wireless network connectivity for homes and small offices. The TOTOLINK A3002R suffers from a command injection vulnerability caused by the bupload.html component's failure to properly sanitize special characters and commands when constructing commands. Detailed vulnerability details are currently unavailable

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain multiple OS command injection vulnerabilities via the macstr, bandstr, and clientoff parameters at /boafrm/formMapDelDevice. The TOTOLINK A3002R is a wireless router manufactured by China's TOTOLINK Electronics. Its primary function is to provide wireless network connectivity for homes and small offices. Detailed vulnerability details are not available at this time

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the fw_ip parameter at /boafrm/formPortFw. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. TOTOLINK of A3002R Firmware has a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state. The TOTOLINK A3002R is a wireless router manufactured by China's TOTOLINK Electronics. Its primary function is to provide wireless network connectivity for homes and small offices. This vulnerability arises from the fw_ip parameter in /boafrm/formPortFw being copied directly into a fixed-length stack buffer without performing length and character checks

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the hostname parameter at /boafrm/formMapDelDevice. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. TOTOLINK of A3002R Firmware has a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state. The TOTOLINK A3002R is a wireless router manufactured by China's TOTOLINK Electronics. Its primary function is to provide wireless network connectivity for homes and small offices

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the url parameter at /boafrm/formFilter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. TOTOLINK of A3002R Firmware has a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state. The TOTOLINK A3002R is a wireless router manufactured by China's TOTOLINK Electronics. Its primary function is to provide wireless network connectivity for homes and small offices

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an eval injection vulnerability via the eval() function. The TOTOLINK A3002R is a wireless router manufactured by TOTOLINK Electronics of China. Its primary function is to provide wireless network connectivity for homes and small offices. Detailed vulnerability details are currently unavailable

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain insecure credentials for the telnet service and root account. TOTOLINK of A3002R The firmware is vulnerable to the use of weak credentials.Information may be obtained. The TOTOLINK A3002R is a wireless router manufactured by the Chinese company TOTOLINK. Its primary function is to provide wireless network connectivity for homes and small offices. Detailed vulnerability details are not available at this time

DIAEnergie - Reflected Cross-site Scripting. Delta Electronics, INC. It is used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency. Delta Electronics DIAEnergie suffers from a cross-site scripting vulnerability caused by improper validation of user-supplied input. No detailed vulnerability details are currently available

DIAEnergie - Reflected Cross-site Scripting. Delta Electronics, INC. It is used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency. Delta Electronics DIAEnergie suffers from a cross-site scripting vulnerability caused by improper validation of user-supplied input. No detailed vulnerability details are currently available

DIAEnergie - Reflected Cross-site Scripting. Delta Electronics, INC. It is used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency. Delta Electronics DIAEnergie suffers from a cross-site scripting vulnerability caused by improper validation of user-supplied input. No detailed vulnerability details are currently available

DIAEnergie - Stored Cross-site Scripting. Delta Electronics, INC. It is used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency. Delta Electronics DIAEnergie suffers from a cross-site scripting vulnerability caused by improper validation of user-supplied input. No detailed vulnerability details are currently available

A security flaw has been discovered in Tenda AC20 16.03.08.12. Affected by this vulnerability is an unknown functionality of the file /etc_ro/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC20 The firmware contains vulnerabilities related to the use of hard-coded passwords and vulnerabilities related to the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda AC20 is a home router released by Tenda. The Tenda AC20 suffers from a hardcoded credential vulnerability caused by hardcoded credentials in the /etc_ro/shadow file. This vulnerability could be exploited to compromise confidentiality

A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC20 The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability stems from the websFormDefine function in the /goform/telnet file failing to properly sanitize special characters and commands when constructing commands. An attacker could exploit this vulnerability to execute arbitrary commands

A vulnerability was determined in Tenda AC20 16.03.08.12. This issue affects the function sub_48E628 of the file /goform/SetIpMacBind. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC20 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability stems from the failure of the sub_48E628 function parameter list in the /goform/SetIpMacBind file to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service

A vulnerability was found in Tenda AC20 16.03.08.12. This vulnerability affects the function save_virtualser_data of the file /goform/formSetVirtualSer. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. of AC20 The firmware contains a buffer error vulnerability, a stack-based buffer overflow vulnerability, and an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability stems from a failure to properly validate the length of input data in the `save_virtualser_data` function parameter `list` in the `/goform/formSetVirtualSer` file. This vulnerability could allow an attacker to execute arbitrary code or cause a denial of service

A vulnerability has been found in Tenda AC20 16.03.08.12. This affects the function set_qosMib_list of the file /goform/SetNetControlList of the component SetNetControlList Endpoint. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. of AC20 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability stems from a failure to properly validate the length of input data in the set_qosMib_list function parameter list in the /goform/SetNetControlList file. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service