VARIoT IoT vulnerabilities database

A security vulnerability has been detected in Tenda AC18 15.03.05.19(6318). This vulnerability affects unknown code of the file /goform/SetUpnpCfg. The manipulation of the argument upnpEn leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tengda Technology Co., Ltd. in July 2016, primarily for villa and large-sized home users. This vulnerability stems from the failure of the upnpEn parameter in the /goform/SetUpnpCfg file to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A weakness has been identified in Tenda AC18 15.03.05.19(6318). This affects an unknown part of the file /goform/WifiMacFilterSet. Executing a manipulation of the argument wifi_chkHz can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. Shenzhen Tenda Technology Co.,Ltd. of AC18 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. in July 2016, primarily for villa and large-sized home users. The Tenda AC18 suffers from a stack buffer overflow vulnerability. This vulnerability stems from the failure of the wifi_chkHz parameter in the file /goform/WifiMacFilterSet to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A security flaw has been discovered in Tenda AC18 15.03.05.19(6318). Affected by this issue is some unknown functionality of the file /goform/fast_setting_pppoe_set. Performing a manipulation of the argument Username results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tengda Technology Co., Ltd. in July 2016, primarily for villa and large-sized home users. The Tenda AC18 suffers from a stack buffer overflow vulnerability. This vulnerability stems from a failure to properly validate the length of the input data in the parameter Username in the file /goform/fast_setting_pppoe_set. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability was identified in Tenda AC18 15.03.05.19(6318). Affected by this vulnerability is an unknown functionality of the file /goform/setNotUpgrade. Such manipulation of the argument newVersion leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. Shenzhen Tenda Technology Co.,Ltd. of AC18 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. in July 2016, primarily for villa and large-sized home users. This vulnerability stems from the failure of the parameter newVersion in the file /goform/setNotUpgrade to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

The HP 2530-48G Switch (J9775A) is a 48-port Gigabit Layer 3 switch that supports PoE+, ACLs, and IPv6, providing highly reliable networks for enterprise access layers. HP Development Company, L.P. The HP 2530-48G Switch (J9775A) has an unauthorized access vulnerability that could allow an attacker to obtain sensitive information.

The Netis E3 is a Gigabit dual-band wireless router that supports MU-MIMO and Beamforming, providing high-speed Wi-Fi coverage for homes and small, medium-sized offices (SOHOs). The Netis E3, manufactured by Netis Systems Co., Ltd., contains a command execution vulnerability that could allow an attacker to gain server privileges.

The RG-MA3063 is a home router. The RG-MA3063 router, manufactured by Beijing Star-Net Ruijie Networks Technology Co., Ltd., contains a logical flaw vulnerability that attackers could exploit to obtain sensitive information.

The MFC-T930DW is a color inkjet multifunction printer. Brother (China) Commercial Co., Ltd.'s MFC-T930DW printer contains an unauthorized access vulnerability that could be exploited by attackers to obtain sensitive information.

The Brother DCP-T536DW is a full-featured color inkjet multifunction printer. The Brother (China) Commercial Co., Ltd.'s Brother DCP-T536DW contains an unauthorized access vulnerability that could be exploited by attackers to obtain sensitive information.

The Canon MF745C/746C is a color laser multifunction printer that supports printing, copying, scanning, and faxing. Canon (China) Co., Ltd.'s Canon MF745C/746C printers contain a weak password vulnerability that attackers could exploit to obtain sensitive information.

The Brother (China) Commercial Co., Ltd. DCP-T730DW is a color inkjet multifunction printer that integrates printing, copying, and scanning functions. The Brother (China) Commercial Co., Ltd. DCP-T730DW contains an unauthorized access vulnerability that could be exploited by attackers to obtain sensitive information.

The DCME-720 is a next-generation high-performance internet egress gateway. The DCME-720 developed by Beijing Digital China Cloud Technology Co., Ltd. contains a command execution vulnerability, which attackers could exploit to execute arbitrary commands.

Delta Electronics DIAScreen lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics, INC. of DIAScreen Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of DPA files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure

Delta Electronics DIAScreen lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DPA files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. Delta Electronics DIAScreen is a smart machine building software developed by Delta Electronics, a Chinese company

Delta Electronics DIAScreen lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics, INC. of DIAScreen Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DPA files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure

Delta Electronics DIAScreen lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics, INC. of DIAScreen Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DPA files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the wanMTU parameter in the fromAdvSetMacMtuWan function. The Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tengda Technology Co., Ltd. in July 2016, primarily for villa and large-sized home users. This vulnerability stems from the failure of the fromAdvSetMacMtuWan function to properly validate the length of the input data in the wanMTU parameter. An attacker could exploit this vulnerability to cause a denial of service

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the cloneType parameter in the fromAdvSetMacMtuWan function. The Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tengda Technology Co., Ltd. in July 2016, primarily for villas and large homes. This vulnerability stems from the failure of the cloneType parameter in the fromAdvSetMacMtuWan function to properly validate the length of input data. An attacker could exploit this vulnerability to cause a denial of service

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the wanSpeed parameter in the fromAdvSetMacMtuWan function. Shenzhen Tenda Technology Co.,Ltd. of AC18 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. in July 2016, primarily for villa and large-sized home users. This vulnerability stems from the failure to properly validate the length of the input data for the wanSpeed parameter in the fromAdvSetMacMtuWan function. An attacker could exploit this vulnerability to cause a denial of service

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the mac parameter in the fromAdvSetMacMtuWan function. The Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tengda Technology Co., Ltd. in July 2016, primarily for villa and large-sized home users. This vulnerability stems from the failure to properly validate the length of the input data in the mac parameter in the fromAdvSetMacMtuWan function. An attacker could exploit this vulnerability to cause a denial of service