VARIoT IoT vulnerabilities database

Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameters: starthour, startminute , endhour, and endminute. NETGEAR R7000P is a wireless router made by NETGEAR. No detailed vulnerability details are currently available

Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameters KEY1 and KEY2. NETGEAR R7000P is a wireless router made by NETGEAR. The vulnerability is due to the lack of length verification of the input data for the KEY1 and KEY2 parameters. Attackers can use this vulnerability to initiate denial of service or remote code execution

The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection attack via crafted data due to insufficient restrictions on the database data type. Mitel Networks Corporation of MiVoice Connect There is a code injection vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_server_ip. NETGEAR R7000P is a wireless router made by NETGEAR. No detailed vulnerability details were provided at this time

Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter enable_band_steering. NETGEAR R7000P is a wireless router made by NETGEAR. The vulnerability is caused by the lack of length verification of the input data in the enable_band_steering parameter. Attackers can use this vulnerability to cause denial of service or remote code execution

A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. Affected products: Modicon M340 CPUs(BMXP34* versions prior to V3.40), Modicon M340 X80 Ethernet Communication modules:BMXNOE0100 (H), BMXNOE0110 (H), BMXNOR0200H RTU(BMXNOE* all versions)(BMXNOR* versions prior to v1.7 IR24). Schneider Electric Modicon M340 is a medium-range PLC (programmable logic controller) for industrial processes and infrastructures from Schneider Electric, France. Schneider Electric products have an authorization problem vulnerability. This vulnerability stems from improper authority management

There is an access control vulnerability in some ZTE PON OLT products. Due to improper access control settings, remote attackers could use the vulnerability to log in to the device and execute any operation. ZTE ZXA10 C3XX is a series of optical access and convergence equipment with EPON/GPON functions produced by China ZTE Corporation (ZTE)

A vulnerability exists in the Intelligent Electronic Device (IED) Connectivity Package (ConnPack) credential storage function in Hitachi Energy’s PCM600 product included in the versions listed below, where IEDs credentials are stored in a cleartext format in the PCM600 database and logs files. An attacker having get access to the exported backup file can exploit the vulnerability and obtain user credentials of the IEDs. Additionally, an attacker with administrator access to the PCM600 host machine can obtain other user credentials by analyzing database log files. The credentials may be used to perform unauthorized modifications such as loading incorrect configurations, reboot the IEDs or cause a denial-of-service on the IEDs. Hitachi Energy PCM600 is a simplified management tool for protection and control relays from Hitachi, Japan. Hitachi Energy PCM600 has an information disclosure vulnerability. The vulnerability stems from the fact that IED credentials are stored in the PCM600 database in clear text

A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00(ABLG.6)C0 could allow a remote attacker to access the device using an improper pre-configured password if the remote administration feature has been enabled by an authenticated administrator. ZyXEL of lte3301-m209 A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Zyxel LTE3301-M209 is a wireless router made by China Zyxel. There is an access control error vulnerability in Zyxel LTE3301-M209 V1.00(ABLG.6)C0 and earlier versions, which is caused by incorrect access control

A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU (part numbers BMXP34*)(V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*)(V3.22 and prior), Legacy Modicon Quantum/Premium(All Versions), Modicon Momentum MDI (171CBU*)(All Versions), Modicon MC80 (BMKC80)(V1.7 and prior). Schneider Electric Modicon M340 is a medium-range PLC (programmable logic controller) for industrial processes and infrastructures from Schneider Electric, France. Schneider Electric products have a number error vulnerability. The vulnerability is caused by a memory access violation. Attackers can use the vulnerability to launch a denial of service attack

Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via wan_dns1_pri. NETGEAR R7000P is a wireless router made by NETGEAR. There is a security vulnerability in NETGEAR R7000P V1.3.0.8, which is caused by the influence of the wan_dns1_prii parameter. No detailed vulnerability details are currently available

D-Link DIR878 1.02B04 and 1.02B05 are vulnerable to Buffer Overflow. D-Link DIR-823G is a wireless router made by China D-Link Company. The vulnerability is caused by the lack of length verification of the input data in the sub_4883F0 function. Attackers can use this vulnerability to cause denial of service or remote code execution

D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow. D-Link DIR-882 is a wireless router made by China D-Link Company. The vulnerability is caused by the sub_46D180 function wan_wan_phy_ifname parameter lacking length verification for input data. Attackers can exploit this vulnerability to cause denial of service or remote code execution

Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_server_ip. NETGEAR R7000P is a wireless router made by NETGEAR. The vulnerability stems from the lack of length verification of the data entered in the openvpn_server_ip parameter. Attackers can use this vulnerability to cause denial of service or remote code execution

Netgear R7000P V1.3.0.8, V1.3.1.64 is vulnerable to Buffer Overflow via parameters: stamode_dns1_pri and stamode_dns1_sec. NETGEAR R7000P is a wireless router made by NETGEAR. This vulnerability stems from the lack of length verification of the input data of the stamode_dns1_pri and stamode_dns1_sec parameters. Attackers can exploit the vulnerability to cause denial of service or remote code execution

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow leads to arbitrary code execution in the SetupUtility driver on Intel platforms. An attacker can change the values of certain UEFI variables. If the size of the second variable exceeds the size of the first, then the buffer will be overwritten. This issue affects the SetupUtility driver of InsydeH2O

D-Link DIR823G 1.02B05 is vulnerable to Commad Injection. D-Link DIR-823G is a wireless router made by China D-Link Company. D-Link DIR-823G firmware version 1.02B05 has a command execution vulnerability, which is caused by sub_42383C failing to properly filter special characters, commands, etc. in constructing commands. An attacker could exploit this vulnerability to cause arbitrary command execution

Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameters apmode_dns1_pri and apmode_dns1_sec.

Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter wan_dns1_sec. NETGEAR R7000P is a wireless router made by NETGEAR. This vulnerability is caused by the lack of length verification of the data input for the wan_dns1_sec parameter in /usr/sbin/httpd. Attackers can exploit the vulnerability to cause denial of service or remote code execution

Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_push1. The NETGEAR R7000P is a dual-band router from Netgear's Nighthawk series, optimized for gaming, streaming, and mobile devices. Detailed vulnerability details are not available at this time