VARIoT IoT vulnerabilities database

A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 15.6, macOS Monterey 12.5. Processing maliciously crafted web content may lead to arbitrary code execution. apple's Safari and macOS Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A logic issue was addressed with improved state management. This issue is fixed in Safari 15.6, macOS Monterey 12.5. A user may be tracked through their IP address

This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.5. An app may be able to access user-sensitive data. apple's macOS Exists in unspecified vulnerabilities.Information may be obtained

This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to bypass Privacy preferences. apple's macOS Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, setSchedWifi. Shenzhen Tenda Technology Co.,Ltd. of ac21 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state

Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via bin/httpd, function: formSetFirewallCfg. Shenzhen Tenda Technology Co.,Ltd. of ac21 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. The vulnerability is caused by the lack of length check of the input data in the formSetFirewallCfg function of /bin/httpd. An attacker can use the vulnerability to cause httpd to restart through the payload

Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: fromSetWifiGusetBasic. Shenzhen Tenda Technology Co.,Ltd. of ac21 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. The vulnerability is caused by the fact that the fromSetWifiGusetBasic function of /bin/httpd lacks a length check for the input data. Attackers can use the vulnerability to cause httpd to restart through the payload

Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, saveParentControlInfo. Shenzhen Tenda Technology Co.,Ltd. of ac21 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. The vulnerability is caused by the lack of length check of the input data in the saveParentControlInfo function of /bin/httpd. An attacker can use the vulnerability to cause httpd to restart through the payload

Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: formSetQosBand. Shenzhen Tenda Technology Co.,Ltd. of ac21 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. The vulnerability is caused by the lack of length check of the input data in the formSetQosBand function of /bin/httpd. An attacker can use the vulnerability to cause httpd to restart through the payload

]Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: fromSetSysTime. Shenzhen Tenda Technology Co.,Ltd. of ac21 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. The vulnerability is caused by the fact that the fromSetSysTime function of /bin/httpd lacks a length check for the input data. Attackers can use the vulnerability to cause httpd to restart through the payload

Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: formSetVirtualSer. Shenzhen Tenda Technology Co.,Ltd. of ac21 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state

Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, form_fast_setting_wifi_set. Shenzhen Tenda Technology Co.,Ltd. of ac21 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. The vulnerability is caused by the lack of length check of the input data in the form_fast_setting_wifi_set function of /bin/httpd. Attackers can use this vulnerability to cause httpd to restart through the payload

Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: setSmartPowerManagement. Shenzhen Tenda Technology Co.,Ltd. of ac21 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. The vulnerability is caused by the lack of length check of the input data in the setSmartPowerManagement function of /bin/httpd. An attacker can use the vulnerability to cause httpd to restart through the payload

Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, formSetDeviceName. Shenzhen Tenda Technology Co.,Ltd. of ac21 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. The vulnerability is caused by the lack of length check of the input data in the formSetDeviceName function of /bin/httpd. Attackers can use this vulnerability to cause httpd to restart through the payload

EX300_V2 is a repeater from Zeon Electronics (Shenzhen) Co., Ltd. TOTOLINK EX300_V2 has a command injection vulnerability, which can be exploited by attackers to execute arbitrary commands.

The WBW Currency Switcher for WooCommerce WordPress plugin before 1.6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). woobewoo of WordPress for wbw currency switcher for woocommerce Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Versions prior to  1.9.03.009 have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer authorization, allowing remote code execution. DIAEnergie The following vulnerabilities exist in. It was * Use hard-coded credentials (CWE-798) - CVE-2022-3214If the vulnerability is exploited, it may be affected as follows. It was * hard-coded by a remote third party Bearer The product may be accessed using your credentials. This vulnerability allows remote attackers to bypass authentication on affected installations of Delta Industrial Automation DIAEnergie. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of requests to the web service. An attacker can leverage this vulnerability to bypass authentication on the system

TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to Buffer Overflow via cstecgi.cgi. TOTOLINK of t6 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

In TOTOLINK T6 V4.1.5cu.709_B20210518, there is an execute arbitrary command in cstecgi.cgi. TOTOLINK of t6 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK T6 is a wireless dual-band router released by China's TOTOLINK Electronics. It supports the MQTT protocol and Telnet service. The TOTOLINK T6 suffers from a command injection vulnerability caused by the sub_421504 function in cstecgi.cgi failing to properly sanitize special characters and commands during command construction

Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/setIPv6Status. Shenzhen Tenda Technology Co.,Ltd. of rx9 pro Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is due to the lack of length check of the input data in setIPv6Status. Attackers can exploit the vulnerability to cause code execution or denial of service