VARIoT IoT vulnerabilities database

Schneider M340 is a high-performance mid-range PLC platform launched by Schneider Electric. Schneider M340 of Schneider Electric (China) Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

HP LaserJet MFP M132nw is a multifunctional black and white laser printer. HP LaserJet MFP M132nw of HP Trading (Shanghai) Co., Ltd. has a command execution vulnerability, which can be exploited by attackers to execute arbitrary printer commands.

Maipu Communication Technology Co., Ltd. is a leading provider of network products and solutions in China. Maipu Multi-Service Fusion Gateway of Maipu Communication Technology Co., Ltd. has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

ZTE Corporation is a leading global provider of integrated communications solutions. ZTE Corporation's ZTE-IAD voice gateway has a weak password vulnerability that can be exploited by attackers to obtain sensitive information.

D-LINK DI-8100 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_net_asp function via the remot_ip parameter. D-Link Systems, Inc. of di-8100 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DI-8100 is a wireless broadband router designed for small and medium-sized network environments by China's D-Link Corporation. The vulnerability is caused by the remot_ip parameter in the ipsec_net_asp function failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

D-LINK DI-8100 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_road_asp function via the host_ip parameter. D-Link Systems, Inc. of di-8100 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DI-8100 is a wireless broadband router designed for small and medium-sized network environments by D-Link, a Chinese company. The vulnerability is caused by the host_ip parameter in the ipsec_road_asp function failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Canon is a Japanese company dedicated to imaging, optics and office automation products, including cameras, camcorders, copiers, fax machines, image scanners and printers. Canon vb-c60 camera has a remote control backdoor vulnerability, allowing attackers to send a get request with specific parameters to image.cgi without identity authentication, and then control the camera up and down, left and right, and adjust the focus.

Netgear Inc WNR854T 1.5.2 (North America) contains a stack-based buffer overflow vulnerability in the parse_st_header function due to use of a request header parameter in a strncpy where size is determined based on the input specified. By sending a specially crafted packet, an attacker can take control of the program counter and hijack control flow of the program to execute arbitrary system commands. of netgear WNR854T A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR WNR854T is a wireless router from NETGEAR. NETGEAR WNR854T 1.5.2 version has a buffer overflow vulnerability. The vulnerability is caused by the parse_st_header function failing to correctly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Netgear WNR854T 1.5.2 (North America) contains a stack-based buffer overflow vulnerability in the SetDefaultConnectionService function due to an unconstrained use of sscanf. The vulnerability allows for control of the program counter and can be utilized to achieve arbitrary code execution. (DoS) It may be in a state. NETGEAR WNR854T is a wireless router from NETGEAR. The vulnerability is caused by the SetDefaultConnectionService function failing to properly verify the length of the input data

In Netgear WNR854T 1.5.2 (North America), the UPNP service is vulnerable to command injection in the function addmap_exec which parses the NewInternalClient parameter of the AddPortMapping SOAPAction into a system call without sanitation. An attacker can send a specially crafted SOAPAction request for AddPortMapping via the router's WANIPConn1 service to achieve arbitrary command execution. of netgear WNR854T A code injection vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR WNR854T is a wireless router from NETGEAR. NETGEAR WNR854T 1.5.2 version has a command execution vulnerability, which is caused by the addmap_exec function failing to properly filter special characters and commands in constructing commands

Netgear WNR854T 1.5.2 (North America) is vulnerable to Arbitrary command execution in cmd.cgi which allows for the execution of system commands via the web interface. of netgear WNR854T A code injection vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR WNR854T is a wireless router from NETGEAR. NETGEAR WNR854T 1.5.2 version has a command execution vulnerability, which is caused by the cmd.cgi file failing to properly filter special characters and commands in constructing commands

Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter get_email. After which, they can visit the send_log.cgi endpoint which uses the parameter in a system call to achieve command execution. of netgear WNR854T A code injection vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR WNR854T is a wireless router from NETGEAR. The vulnerability is caused by the failure of the nvram parameter of the get_email function in the post.cgi file to properly filter special characters and commands in the constructed command. Attackers can exploit this vulnerability to cause arbitrary command execution

Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter wan_hostname and forcing a reboot. This will result in command injection. of netgear WNR854T A code injection vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR WNR854T is a wireless router from NETGEAR. The vulnerability is caused by the failure of the nvram parameter of wan_hostname to properly filter special characters and commands in constructing commands. Attackers can exploit this vulnerability to cause arbitrary command execution

Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter pppoe_peer_mac and forcing a reboot. This will result in command injection. of netgear WNR854T A code injection vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR WNR854T is a wireless router from NETGEAR. The vulnerability is caused by the failure of the nvram parameter of the pppoe_peer_mac function in the post.cgi file to properly filter special characters and commands in the constructed command. Attackers can exploit this vulnerability to cause arbitrary command execution

In Netgear WNR854T 1.5.2 (North America), the UPNP service (/usr/sbin/upnp) is vulnerable to stack-based buffer overflow in the M-SEARCH Host header. of netgear WNR854T Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR WNR854T is a wireless router from NETGEAR. The vulnerability is caused by the UPNP service failing to properly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability was found in Tenda FH1202 1.2.0.14(408) and classified as critical. This issue affects some unknown processing of the file /goform/SysToolDDNS of the component Web Management Interface. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of FH1202 There are unspecified vulnerabilities in the firmware.Information may be tampered with. No detailed vulnerability details are currently available

A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. This vulnerability affects unknown code of the file /goform/SysToolChangePwd of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of FH1202 There are unspecified vulnerabilities in the firmware.Information may be tampered with. No detailed vulnerability details are currently available

A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14(408). This affects an unknown part of the file /goform/qossetting of the component Web Management Interface. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of FH1202 There are unspecified vulnerabilities in the firmware.Information may be tampered with. Attackers can exploit this vulnerability to gain unauthorized access or modification to the affected device

A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). Affected by this issue is some unknown functionality of the file /default.cfg. The manipulation of the argument these leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of FH1202 There are unspecified vulnerabilities in the firmware.Information may be obtained. The vulnerability is caused by improper access control caused by the operation of the parameter 'these' in the file /default.cfg. Attackers can exploit this vulnerability to perform remote attacks

A vulnerability classified as critical was found in Tenda FH1202 1.2.0.14(408). Affected by this vulnerability is an unknown functionality of the file /goform/AdvSetWrlsafeset of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of FH1202 There are unspecified vulnerabilities in the firmware.Information may be tampered with. No detailed vulnerability details are currently available