VARIoT IoT vulnerabilities database
| VAR-202301-1982 | CVE-2022-44026 | NetScout nGeniusONE Cross-site scripting vulnerability in |
CVSS V2: - CVSS V3: 6.1 Severity: MEDIUM |
An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 3 of 6
| VAR-202301-2118 | CVE-2022-44029 | NetScout nGeniusONE Cross-site scripting vulnerability in |
CVSS V2: - CVSS V3: 6.1 Severity: MEDIUM |
An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 6 of 6
| VAR-202301-1858 | CVE-2022-44027 | NetScout nGeniusONE Cross-site scripting vulnerability in |
CVSS V2: - CVSS V3: 6.1 Severity: MEDIUM |
An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 4 of 6
| VAR-202301-2031 | CVE-2022-48067 | Totolink A830R Vulnerability in using hard-coded credentials in |
CVSS V2: 4.6 CVSS V3: 5.5 Severity: MEDIUM |
An information disclosure vulnerability in Totolink A830R V4.1.2cu.5182 allows attackers to obtain the root password via a brute-force attack. Totolink A830R Contains a vulnerability in the use of hard-coded credentials.Information may be obtained. The TOTOLINK A830R is a dual-band wireless router that supports both 2.4GHz and 5GHz bands, with a maximum wireless transmission rate of 1200Mbps, making it suitable for home network coverage needs
| VAR-202301-2303 | CVE-2022-44718 | NetScout nGeniusONE Open redirect vulnerability in |
CVSS V2: - CVSS V3: 3.5 Severity: LOW |
An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur (issue 2 of 2). After successful login, an attacker must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. The attack vector is Network, and the Attack Complexity required is High. Privileges required are administrator, User Interaction is required, and Scope is unchanged. The user must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. NetScout nGeniusONE Exists in an open redirect vulnerability.Information may be obtained and information may be tampered with
| VAR-202301-2148 | CVE-2022-44024 | NetScout nGeniusONE Cross-site scripting vulnerability in |
CVSS V2: - CVSS V3: 6.1 Severity: MEDIUM |
An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 1 of 6
| VAR-202301-1768 | CVE-2022-41013 | Siretta QUARTZ-GOLD Classic buffer overflow vulnerability in |
CVSS V2: 10.0 CVSS V3: 7.2 Severity: HIGH |
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'static dhcp mac WORD (WORD|null) ip A.B.C.D hostname (WORD|null) description (WORD|null)' command template. Siretta QUARTZ-GOLD Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is an industrial router with various functions and services
| VAR-202301-1972 | CVE-2023-24167 | Tenda AC18 Out-of-bounds write vulnerability in |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/add_white_node. Tenda AC18 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC18 is a router of Tenda company. Attackers can use this vulnerability to submit special requests, crash the program or execute arbitrary code in the context
| VAR-202301-1788 | CVE-2022-40222 | Siretta QUARTZ-GOLD In OS Command injection vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
An OS command injection vulnerability exists in the m2m DELETE_FILE cmd functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability. Siretta QUARTZ-GOLD for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta Company
| VAR-202301-1767 | CVE-2022-40996 | Siretta QUARTZ-GOLD Classic buffer overflow vulnerability in |
CVSS V2: 10.0 CVSS V3: 7.2 Severity: HIGH |
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no firmwall srcmac (WORD|null) srcip (A.B.C.D|null) dstip (A.B.C.D|null) protocol (none|tcp|udp|icmp) srcport (<1-65535>|null) dstport (<1-65535>|null) policy (drop|accept) description (WORD|null)' command template. Siretta QUARTZ-GOLD Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed industrial router of Siretta Company. Attackers can use this vulnerability to execute arbitrary commands
| VAR-202301-1762 | CVE-2022-41025 | Siretta QUARTZ-GOLD Out-of-bounds write vulnerability in |
CVSS V2: 8.3 CVSS V3: 7.2 Severity: HIGH |
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'vpn pptp advanced name WORD dns (yes|no) mtu <128-16384> mru <128-16384> mppe (on|off) stateful (on|off) options WORD' command template. Siretta QUARTZ-GOLD Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta Company
| VAR-202301-1909 | CVE-2023-24164 | Tenda AC18 Out-of-bounds write vulnerability in |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_000c2318. Tenda AC18 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC18 is a router of Tenda Company. Attackers can use this vulnerability to submit special requests, crash the program or execute arbitrary code in the context
| VAR-202301-1741 | CVE-2022-41024 | Siretta QUARTZ-GOLD Out-of-bounds write vulnerability in |
CVSS V2: 8.3 CVSS V3: 7.2 Severity: HIGH |
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no vpn pptp advanced name WORD dns (yes|no) mtu <128-16384> mru <128-16384> mppe (on|off) stateful (on|off)' command template. Siretta QUARTZ-GOLD Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta Company
| VAR-202301-1755 | CVE-2022-41010 | Siretta QUARTZ-GOLD Classic buffer overflow vulnerability in |
CVSS V2: 10.0 CVSS V3: 7.2 Severity: HIGH |
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no port triger protocol (tcp|udp|tcp/udp) triger port <1-65535> forward port <1-65535> description WORD' command template. Siretta QUARTZ-GOLD Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed industrial router of Siretta Company. Attackers can use this vulnerability to execute arbitrary commands
| VAR-202301-2295 | CVE-2023-24022 | plural Baicells Product use of hardcoded credentials vulnerability |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded credentials that are easily discovered and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.)
. Baicells Nova 227 , Nova 233 , Nova 243 Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202301-2055 | CVE-2022-36279 | Siretta QUARTZ-GOLD Classic buffer overflow vulnerability in |
CVSS V2: 9.0 CVSS V3: 7.2 Severity: HIGH |
A stack-based buffer overflow vulnerability exists in the httpd delfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability. Siretta QUARTZ-GOLD Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta Company
| VAR-202301-1749 | CVE-2022-41023 | Siretta QUARTZ-GOLD Out-of-bounds write vulnerability in |
CVSS V2: 8.3 CVSS V3: 7.2 Severity: HIGH |
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'vpn pptp advanced name WORD dns (yes|no) mtu <128-16384> mru <128-16384> mppe (on|off) stateful (on|off)' command template. Siretta QUARTZ-GOLD Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta Company
| VAR-202301-1745 | CVE-2022-40990 | Siretta QUARTZ-GOLD Classic buffer overflow vulnerability in |
CVSS V2: 10.0 CVSS V3: 7.2 Severity: HIGH |
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no bandwidth WORD dlrate <1-9999> dlceil <1-9999> ulrate <1-9999> ulceil <1-9999> priority (highest|high|normal|low|lowest)' command template. Siretta QUARTZ-GOLD contains a classic buffer overflow vulnerabilityInformation is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed industrial router of Siretta Company
| VAR-202301-1747 | CVE-2022-41022 | Siretta QUARTZ-GOLD Out-of-bounds write vulnerability in |
CVSS V2: 8.3 CVSS V3: 7.2 Severity: HIGH |
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no vpn l2tp advanced name WORD dns (yes|no) mtu <128-16384> mru <128-16384> auth (on|off) password (WORD|null) options WORD' command template. Siretta QUARTZ-GOLD Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta Company
| VAR-202301-1729 | CVE-2022-40997 | Siretta QUARTZ-GOLD Classic buffer overflow vulnerability in |
CVSS V2: 10.0 CVSS V3: 7.2 Severity: HIGH |
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'gre index <1-8> destination A.B.C.D/M description (WORD|null)' command template. Siretta QUARTZ-GOLD Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed industrial router of Siretta Company. Attackers can use this vulnerability to execute arbitrary commands