VARIoT IoT vulnerabilities database

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockSmtpSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. Siemens TeleControl Server Basic is an industrial remote controller of Siemens, Germany. Siemens TeleControl Server Basic versions prior to v3.1.2.2 have multiple SQL injection vulnerabilities that can be exploited by attackers to read and write the application's database, causing a denial of service and executing code in the operating system shell with limited "NT AUTHORITYNetworkService" permissions

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'CreateProject' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. (ZDI-CAN-25917). This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens TeleControl Server Basic. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the implementation of the CreateProject method. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker could leverage this vulnerability to disclose stored credentials, leading to further compromise. Siemens TeleControl Server Basic is an industrial remote controller of Siemens, Germany. Siemens TeleControl Server Basic versions prior to v3.1.2.2 have multiple SQL injection vulnerabilities that can be exploited by attackers to read and write the application's database, causing a denial of service and executing code in the operating system shell with limited "NT AUTHORITYNetworkService" permissions

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateBufferingSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. (ZDI-CAN-25918). This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens TeleControl Server Basic. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the implementation of the UpdateBufferingSettings method. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker could leverage this vulnerability to disclose stored credentials, leading to further compromise. Siemens TeleControl Server Basic is an industrial remote controller of Siemens, Germany. Siemens TeleControl Server Basic versions prior to v3.1.2.2 have multiple SQL injection vulnerabilities that can be exploited by attackers to read and write the application's database, causing a denial of service and executing code in the operating system shell with limited "NT AUTHORITYNetworkService" permissions

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateGeneralSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. TeleControl Server Basic allows remote monitoring and control of devices over WAN/LAN. Siemens TeleControl Server Basic versions prior to v3.1.2.2 have multiple SQL injection vulnerabilities that can be exploited by attackers to read and write the application's database, causing a denial of service and executing code in the operating system shell with limited "NT AUTHORITYNetworkService" permissions

RUGGEDCOM APE1808 is a powerful utility-grade application hosting platform that allows you to deploy a range of commercial applications for edge computing and network security in harsh industrial environments. Siemens RUGGEDCOM APE1808 Fortigate NGFW has multiple vulnerabilities that can be exploited by attackers to affect the confidentiality, availability, and integrity of the system.

Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via serverName2. Shenzhen Tenda Technology Co.,Ltd. of AC10 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the serverName2 parameter in AdvSetMacMtuWan failing to properly verify the length of the input data. Attackers can exploit this vulnerability to cause a denial of service

Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via serviceName2. Shenzhen Tenda Technology Co.,Ltd. of AC10 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC10 is a high-performance router with Gigabit ports for both WAN and LAN ports. There is a buffer overflow vulnerability in Tenda AC10 AdvSetMacMtuWan, which can be exploited by attackers to submit special requests and cause a denial of service attack

An unauthenticated attacker can obtain EV charger energy consumption information of other users. Growatt Cloud Applications is a monitoring platform of China's Growatt

Unauthenticated attackers can query information about total energy consumed by EV chargers of arbitrary users. Growatt Cloud Applications is a monitoring platform of China's Growatt

Unauthenticated attackers can send configuration settings to device and possible perform physical actions remotely (e.g., on/off). Growatt Cloud Applications is a monitoring platform of China's Growatt

Unauthenticated attackers can query an API endpoint and get device details. Growatt Cloud Applications is a monitoring platform of China's Growatt

Unauthenticated attackers can add devices of other users to their scenes (or arbitrary scenes of other arbitrary users). Growatt Cloud Applications is a monitoring platform of China's Growatt

An unauthenticated attacker can obtain a list of smart devices by knowing a valid username. Growatt Cloud Applications is a monitoring platform of China's Growatt

An unauthenticated attacker can obtain a user's plant list by knowing the username. Growatt Cloud Applications is a monitoring platform of China's Growatt

Unauthenticated attackers can obtain restricted information about a user's smart device collections (i.e., "rooms"). Growatt Cloud Applications is a monitoring platform of China's Growatt

An unauthenticated attacker can get users' emails by knowing usernames. A password reset email will be sent in response to this unsolicited request. Growatt Cloud Applications is a monitoring platform of China's Growatt. Growatt Cloud Applications 3.6.0 and earlier versions have an authorization bypass vulnerability that can be exploited by unauthenticated attackers to obtain user emails by knowing the username, resulting in the sending of password reset emails

Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via mac2. Shenzhen Tenda Technology Co.,Ltd. of AC10 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC10 has a buffer overflow vulnerability, which is caused by the mac2 parameter in AdvSetMacMtuWan failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the pin parameter in the function setWiFiWpsConfig. TOTOLINK of n600r A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N600R is a wireless router produced by China's TOTOLINK Electronics. TOTOLINK N600R has a buffer overflow vulnerability. The vulnerability is caused by the pin parameter in the setWiFiWpsConfig function failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to cause a denial of service

Totolink N600R v4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the macCloneMac parameter in the setWanConfig function. TOTOLINK of n600r A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N600R is a wireless router produced by China's TOTOLINK Electronics. TOTOLINK N600R has a buffer overflow vulnerability. The vulnerability is caused by the macCloneMac parameter in the setWanConfig function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3_1.0.15 was discovered to contain a command injection vulnerability via the groupname at the /boafrm/formDiskCreateGroup. EDIMAX Technology of BR-6478AC V3 Firmware contains a command injection vulnerability.Information may be obtained and information may be tampered with. Edimax BR-6478AC is a dual-band Gigabit router from China's Edimax. Edimax BR-6478AC has a command execution vulnerability, which is caused by the groupname parameter in /boafrm/formDiskCreateGroup failing to properly filter special characters and commands in the constructed command. Attackers can exploit this vulnerability to cause arbitrary command execution