VARIoT IoT vulnerabilities database

A SQL injection vulnerability has been identified in bwdpi. A remote, authenticated attacker could leverage this vulnerability to potentially execute arbitrary SQL queries, leading to unauthorized data access. Refer to the 'Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information. ASUS Router is a router product and accompanying management application launched by ASUS, primarily used for wireless connectivity and management of home and enterprise networks. This vulnerability stems from the application's lack of validation for externally input SQL statements

An integer underflow vulnerability has been identified in Aicloud. An authenticated attacker may trigger this vulnerability by sending a crafted request, potentially impacting the availability of the device. Refer to the ' Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information. ASUS Router is a router product and accompanying management application launched by ASUS, primarily used for wireless connectivity and management in home and enterprise networks. ASUS Router contains an integer underflow vulnerability, which attackers could exploit to compromise device availability

An authentication-bypass vulnerability exists in AiCloud. This vulnerability can be triggered by an unintended side effect of the Samba functionality, potentially leading to allow execution of specific functions without proper authorization. Refer to the Security Update for ASUS Router Firmware section on the ASUS Security Advisory for more information. ASUS Router is a router product and accompanying management application launched by ASUS, primarily used for wireless connectivity and management in home and enterprise networks. Attackers could exploit this vulnerability to enable unauthorized function execution

A stack buffer overflow vulnerability has been identified in certain router models. An authenticated attacker may trigger this vulnerability by sending a crafted request, potentially impacting the availability of the device. Refer to the ' Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information. ASUS Router is a router product and accompanying management application launched by ASUS, primarily used for wireless connectivity and management in home and enterprise networks. This vulnerability stems from a boundary error in the application when processing untrusted input

A path traversal vulnerability has been identified in WebDAV, which may allow unauthenticated remote attackers to impact the integrity of the device. Refer to the ' Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information. ASUS Router is a router product and accompanying management application launched by ASUS, primarily used for wireless connectivity and management in home and enterprise networks

A vulnerability was identified in D-Link DIR-852 1.00. This issue affects some unknown processing of the file /gena.cgi. Such manipulation of the argument service leads to command injection. The attack can be executed remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer. (DoS) It may be in a state

Improper handling of insufficient entropy in the AMD CPUs could allow a local attacker to influence the values returned by the RDSEED instruction, potentially resulting in the consumption of insufficiently random values. AMD CPUs are a series of CPUs manufactured by AMD. AMD CPUs have a vulnerability due to improper entropy handling; detailed vulnerability information is not currently available

A bug within some AMD CPUs could allow a local admin-privileged attacker to run a SEV-SNP guest using stale TLB entries, potentially resulting in loss of data integrity. AMD CPUs are a series of CPUs from AMD Inc

Shenzhen Tenda Technology Co.,Ltd. of ac21 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. The Tenda AC21 is a dual-band gigabit wireless router from Tenda Technology, designed for high-speed home internet needs. It supports 802.11ac wave2 technology, with a dual-band concurrent speed of up to 2033Mbps, including 1733Mbps on the 5GHz band, meeting the demands of high-bandwidth applications such as 4K video and live streaming. The Tenda AC21 contains a buffer overflow vulnerability. This vulnerability stems from the fact that the deviceId parameter in the /goform/saveParentControlInfo file fails to properly validate the length of input data. Attackers can exploit this vulnerability to cause a denial-of-service attack

Shenzhen Tenda Technology Co.,Ltd. of ac21 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda AC21 is a dual-band gigabit wireless router from Tenda Technology, designed for high-speed home internet needs. It supports 802.11ac wave2 technology, with a dual-band concurrent speed of up to 2033Mbps, including 1733Mbps on the 5GHz band, meeting the demands of high-bandwidth applications such as 4K video and live streaming. This vulnerability stems from the fact that the `urls` parameter in the `/goform/saveParentControlInfo` file fails to properly validate the length of input data. Attackers can exploit this vulnerability to cause a denial-of-service attack

Shenzhen Tenda Technology Co.,Ltd. of ac21 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda AC21 is a dual-band gigabit wireless router from Tenda Technology, designed for high-speed home internet needs. It supports 802.11ac wave2 technology, with a dual-band concurrent speed of up to 2033Mbps, including 1733Mbps on the 5GHz band, meeting the demands of high-bandwidth applications such as 4K video and live streaming. This vulnerability stems from the fact that the rebootTime parameter in `/goform/SetSysAutoRebbotCfg` fails to properly validate the length of the input data. Attackers can exploit this vulnerability to cause a denial-of-service attack

Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the list parameter of /goform/setPptpUserList. Shenzhen Tenda Technology Co.,Ltd. of ac21 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda AC21 is a dual-band gigabit wireless router from Tenda Technology, designed for high-speed home internet needs. It supports 802.11ac wave2 technology, with a dual-band concurrent speed of up to 2033Mbps, including 1733Mbps on the 5GHz band, meeting the demands of high-bandwidth applications such as 4K video and live streaming. This vulnerability stems from the fact that the `list` parameter in `/goform/setPptpUserList` fails to properly validate the length of the input data. Attackers can exploit this vulnerability to cause a denial-of-service attack

Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow in: /goform/SetVirtualServerCfg via the list parameter. Shenzhen Tenda Technology Co.,Ltd. of ac21 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda AC21 is a dual-band gigabit wireless router from Tenda Technology, designed for high-speed home internet needs. It supports 802.11ac wave2 technology, with a dual-band concurrent speed of up to 2033Mbps, including 1733Mbps on the 5GHz band, meeting the demands of high-bandwidth applications such as 4K video and live streaming. This vulnerability stems from the fact that the `list` parameter in `/goform/SetVirtualServerCfg` fails to properly validate the length of input data. Attackers can exploit this vulnerability to cause a denial-of-service attack

A vulnerability has been found in Tenda AC21 16.03.08.16. This vulnerability affects unknown code of the file /goform/SetSysTimeCfg. The manipulation of the argument timeZone/time leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. of ac21 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda AC21 is a dual-band gigabit wireless router from Tenda Technology, designed for high-speed home internet needs. It supports 802.11ac wave2 technology, with a dual-band concurrent speed of up to 2033Mbps, including 1733Mbps on the 5GHz band, meeting the demands of high-bandwidth applications such as 4K video and live streaming. This vulnerability stems from the `/goform/SetSysTimeCfg` file, where the parameter `timeZone/time` fails to properly validate the length of input data. Attackers could exploit this vulnerability to execute arbitrary code or cause a denial-of-service attack

A flaw has been found in Tenda AC21 16.03.08.16. This affects an unknown part of the file /goform/SetIpMacBind. Executing manipulation of the argument list can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been published and may be used. Shenzhen Tenda Technology Co.,Ltd. of ac21 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda AC21 is a dual-band gigabit wireless router from Tenda Technology, designed for high-speed home internet needs. It supports 802.11ac wave2 technology, with a dual-band concurrent speed of up to 2033Mbps, including 1733Mbps on the 5GHz band, meeting the demands of high-bandwidth applications such as 4K video and live streaming. This vulnerability stems from the `/goform/SetIpMacBind` file's parameter `list` failing to properly validate the length of input data. Attackers could exploit this vulnerability to execute arbitrary code or cause a denial-of-service attack

A vulnerability was detected in Tenda CH22 1.0.0.1. Affected is the function formWrlExtraGet of the file /goform/WrlExtraGet. Performing manipulation of the argument chkHz results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. The Tenda CH22 is a network device manufactured by Tenda, a Chinese company. This vulnerability stems from the fact that the parameter chkHz in the file /goform/WrlExtraGet fails to properly validate the length of the input data. Attackers could exploit this vulnerability to execute arbitrary code on the system or cause a denial-of-service attack

An improper neutralization of special elements used in an SQL Command ("SQL Injection") vulnerability [CWE-89] in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 allows an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP or HTTPS requests. fortinet's FortiVoice for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through 7.4.6, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated user to execute arbitrary code or commands via crafted CLI commands. fortinet's FortiExtender Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Fortinet FortiExtender is a wireless WAN (Wide Area Network) extender device manufactured by Fortinet Systems, Inc. The Fortinet FortiExtender contains a buffer overflow vulnerability stemming from unchecked input size buffer copying

A debug messages revealing unnecessary information vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through 7.4.6, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated user to obtain administrator credentials via debug log commands

An Improper Isolation or Compartmentalization vulnerability [CWE-653] in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an unauthenticated attacker to evade the sandboxing scan via a crafted file. fortinet's FortiSandbox has a vulnerability to isolation or classification.Information may be tampered with