VARIoT IoT vulnerabilities database

A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is the function sub_409184 of the file /wizard_rep.shtml. The manipulation of the argument sel_EncrypTyp results in command injection. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. WAVLINK of WL-WN578W2 The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Wavlink WL-WN578W2 is a wireless repeater manufactured by Wavlink, a Chinese company. This vulnerability stems from the failure of the sel_Encryp parameter of the sub_409184 function in the file /wizard_rep.shtml to properly sanitize special characters and commands during command construction. An attacker could exploit this vulnerability to execute arbitrary commands

A vulnerability has been found in Wavlink WL-WN578W2 221110. The affected element is an unknown function of the file /sysinit.html. The manipulation of the argument newpass/confpass leads to weak password recovery. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. WAVLINK of WL-WN578W2 There is a vulnerability in the firmware related to the password management function.Information may be tampered with. The Wavlink WL-WN578W2 is a wireless repeater from the Chinese company Wavlink. The Wavlink WL-WN578W2 version 221110 contains an authorization vulnerability. This vulnerability stems from improper permission management for the newpass/confpass parameters in the /sysinit.html file

A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is an unknown function of the file /live_online.shtml. Executing manipulation can lead to information disclosure. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. WAVLINK of WL-WN578W2 There are unspecified vulnerabilities in the firmware.Information may be obtained. The Wavlink WL-WN578W2 is a wireless repeater manufactured by Wavlink, a Chinese company. The Wavlink WL-WN578W2 version 221110 contains an access control vulnerability. This vulnerability stems from incorrect access control in the file /live_online.shtml. An attacker could exploit this vulnerability to leak information

The GeoVision GV-EFD4700 is a 4MP (4-megapixel) network camera. The GeoVision GV-EFD4700 has a weak password vulnerability that could allow attackers to log into the system and obtain sensitive information.

The DI-8400 is an enterprise-class router. The D-Link DI-8400 has a denial of service vulnerability that could be exploited by an attacker to cause a denial of service.

The DI-7003G is an enterprise-class router. The DI-7003G router from D-Link Electronics (Shanghai) Co., Ltd. has a command execution vulnerability that could allow an attacker to execute arbitrary commands.

Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIALink. Authentication is not required to exploit this vulnerability.The specific flaw exists within the DataCenter service, which listens on TCP port 7631 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Delta Electronics DIALink is an industrial automation communication gateway from Delta Electronics, a Chinese company

Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability. Delta Electronics, INC. of DIALink Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to overwrite configuration files on affected installations of Delta Electronics DIALink. Authentication is not required to exploit this vulnerability.The specific flaw exists within the web service, which listens on TCP port 7631 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations

The D-Link DSL-2890AL is a unified service router. The D-Link DSL-2890AL has a weak password vulnerability that could allow attackers to log into the system and obtain sensitive information.

The DAP-1665 is an enterprise-class wireless access device. D-Link Electronics (Shanghai) Co., Ltd.'s DAP-1665 has a denial of service vulnerability that could be exploited by an attacker to cause a denial of service.

The DI-8200 is an enterprise-grade router. The D-Link DI-8200 has a binary vulnerability that could be exploited to cause a denial of service.

Samsung (China) Investment Co., Ltd. is a company primarily engaged in business services. A command execution vulnerability exists in Samsung (China) Investment Co., Ltd.'s Samsung C565FW devices, allowing attackers to execute commands.

The NETGEAR Extender EAX14 is a mesh network extender that supports WiFi 6 technology. The NETGEAR Extender EAX14 has an unauthorized access vulnerability that could allow an attacker to obtain sensitive information.

Intelbras IWR 3000N 1.9.8 exposes the Wi-Fi password in plaintext via the /api/wireless endpoint. Any unauthenticated user on the local network can directly obtain the Wi-Fi network password by querying this endpoint. Intelbras of IWR 3000N The firmware contains vulnerabilities that may allow information to be leaked and important information to be transmitted in plain text.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the wifiTimeClose parameter in goform/setWifi. Shenzhen Tenda Technology Co.,Ltd. of F3 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda F3 is a 300M wireless router launched by Shenzhen Jixiang Tengda Technology Co., Ltd. on May 15, 2015. This vulnerability stems from a failure in the goform/setWifi file to properly validate the length of input data. An attacker could exploit this vulnerability to cause a denial of service

Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the onlineList parameter in goform/setParentControl. Shenzhen Tenda Technology Co.,Ltd. of F3 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda F3 is a 300M wireless router released by Shenzhen Jixiang Tengda Technology Co., Ltd. on May 15, 2015. The Tenda F3 suffers from a buffer overflow vulnerability caused by a failure in the goform/setParentControl function to properly validate the length of input data. An attacker could exploit this vulnerability to cause a denial of service

Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow. via the macFilterList parameter in goform/setNAT. Shenzhen Tenda Technology Co.,Ltd. of F3 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda F3 is a 300M wireless router released by Shenzhen Jixiang Tengda Technology Co., Ltd. on May 15, 2015. This vulnerability stems from the failure of the macFilterList parameter in the goform/setNAT file to properly validate the length of input data. An attacker could exploit this vulnerability to cause a denial of service

Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the QosList parameter in goform/setQoS. Shenzhen Tenda Technology Co.,Ltd. of F3 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda F3 is a 300M wireless router released by Shenzhen Jixiang Tengda Technology Co., Ltd. on May 15, 2015. This vulnerability stems from the failure of the QosList parameter in the goform/setQoS file to properly validate the length of input data. An attacker could exploit this vulnerability to cause a denial of service

Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the portList parameter in /goform/setNAT. Shenzhen Tenda Technology Co.,Ltd. of F3 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda F3 is a 300M wireless router launched by Shenzhen Jixiang Tengda Technology Co., Ltd. on May 15, 2015. This vulnerability stems from a failure to properly validate the length of input data in the portList parameter in the /goform/setNAT file. An attacker could exploit this vulnerability to cause a denial of service

The DWR-M961 is a 4G LTE router. The D-Link DWR-M961 has a command execution vulnerability that could allow an attacker to execute arbitrary commands.