VARIoT IoT vulnerabilities database
| VAR-202208-1992 | CVE-2022-38566 | Shenzhen Tenda Technology Co.,Ltd. of m3 Out-of-bounds write vulnerability in firmware |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formEmailTest. This vulnerability allows attackers to cause a Denial of Service (DoS) via the mailname parameter. Shenzhen Tenda Technology Co.,Ltd. of m3 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state
| VAR-202208-2016 | CVE-2022-38565 | Shenzhen Tenda Technology Co.,Ltd. of m3 Out-of-bounds write vulnerability in firmware |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formEmailTest. This vulnerability allows attackers to cause a Denial of Service (DoS) via the mailpwd parameter. Shenzhen Tenda Technology Co.,Ltd. of m3 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state
| VAR-202208-1996 | CVE-2022-38563 | Shenzhen Tenda Technology Co.,Ltd. of m3 Out-of-bounds write vulnerability in firmware |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service (DoS) via the MACAddr parameter. Shenzhen Tenda Technology Co.,Ltd. of m3 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state
| VAR-202208-2017 | CVE-2022-36614 | TOTOLINK of a860r Vulnerability related to use of hardcoded credentials in firmware |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a hardcoded password for root at /etc/shadow.sample. TOTOLINK of a860r A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202208-2015 | CVE-2022-38571 | Shenzhen Tenda Technology Co.,Ltd. of m3 Out-of-bounds write vulnerability in firmware |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Tenda M3 V1.0.0.12(4856) was discovered to contain a buffer overflow in the function formSetGuideListItem. Shenzhen Tenda Technology Co.,Ltd. of m3 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state
| VAR-202208-1994 | CVE-2022-38510 | Shenzhen Tenda Technology Co.,Ltd. of tx9 pro Classic buffer overflow vulnerability in firmware |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
Tenda_TX9pro V22.03.02.10 was discovered to contain a buffer overflow via the component httpd/SetNetControlList. Shenzhen Tenda Technology Co.,Ltd. of tx9 pro Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202208-2047 | CVE-2022-37053 | TRENDnet of TEW733GR Code injection vulnerability in firmware |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
TRENDnet TEW733GR v1.03B01 is vulnerable to Command injection via /htdocs/upnpinc/gena.php. TRENDnet of TEW733GR A code injection vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202208-2019 | CVE-2022-38570 | Shenzhen Tenda Technology Co.,Ltd. of m3 Out-of-bounds write vulnerability in firmware |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow in the function formDelPushedAd. This vulnerability allows attackers to cause a Denial of Service (DoS) via the adPushUID parameter. Shenzhen Tenda Technology Co.,Ltd. of m3 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state
| VAR-202208-2194 | CVE-2022-36755 | D-Link Systems, Inc. of dir-845l Authentication vulnerability in firmware |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
D-Link DIR845L A1 contains a authentication vulnerability via an AUTHORIZED_GROUP=1 value, as demonstrated by a request for getcfg.php. D-Link Systems, Inc. of dir-845l An authentication vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202208-2086 | CVE-2022-38567 | Shenzhen Tenda Technology Co.,Ltd. of m3 Out-of-bounds write vulnerability in firmware |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow vulnerability in the function formSetAdConfigInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the authIPs parameter. Shenzhen Tenda Technology Co.,Ltd. of m3 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state
| VAR-202208-2018 | CVE-2022-36610 | TOTOLINK of A720R Vulnerability related to use of hardcoded credentials in firmware |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hardcoded password for root at /etc/shadow.sample. TOTOLINK of A720R A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK A720R is a wireless router launched by TOTOLINK, a Chinese electronics company. It features dual-band Wi-Fi and emphasizes high-speed network speeds and strong signal coverage. Detailed vulnerability information is currently unavailable
| VAR-202208-2068 | CVE-2022-36756 | D-Link Systems, Inc. of dir-845l Code injection vulnerability in firmware |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
DIR845L A1 v1.00-v1.03 is vulnerable to command injection via /htdocs/upnpinc/gena.php. D-Link Systems, Inc. of dir-845l A code injection vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202208-2070 | CVE-2022-38562 | Shenzhen Tenda Technology Co.,Ltd. of m3 Out-of-bounds write vulnerability in firmware |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service (DoS) via the lan parameter. Shenzhen Tenda Technology Co.,Ltd. of m3 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state
| VAR-202208-2044 | CVE-2022-38569 | Shenzhen Tenda Technology Co.,Ltd. of m3 Out-of-bounds write vulnerability in firmware |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow in the function formDelAd. Shenzhen Tenda Technology Co.,Ltd. of m3 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state
| VAR-202208-2139 | CVE-2022-38555 | Cisco Systems (Linksys) of E1200 Out-of-bounds write vulnerability in firmware |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Linksys E1200 v1.0.04 is vulnerable to Buffer Overflow via ej_get_web_page_name. Cisco Systems (Linksys) of E1200 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202208-2087 | CVE-2022-38557 | D-Link Systems, Inc. of dir-845l Authentication vulnerability in firmware |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
D-Link DIR845L v1.00-v1.03 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh. D-Link Systems, Inc. of dir-845l An authentication vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202208-2049 | CVE-2022-38564 | Shenzhen Tenda Technology Co.,Ltd. of m3 Out-of-bounds write vulnerability in firmware |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Tenda M3 V1.0.0.12(4856) was discovered to contain a buffer overflow vulnerability in the function formSetPicListItem. This vulnerability allows attackers to cause a Denial of Service (DoS) via the adItemUID parameter. Shenzhen Tenda Technology Co.,Ltd. of m3 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state
| VAR-202208-2282 | CVE-2022-38556 | TRENDnet of TEW733GR Authentication vulnerability in firmware |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Trendnet TEW733GR v1.03B01 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh. TRENDnet of TEW733GR An authentication vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202208-2050 | CVE-2022-38568 | Shenzhen Tenda Technology Co.,Ltd. of m3 Out-of-bounds write vulnerability in firmware |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service (DoS) via the hostname parameter. Shenzhen Tenda Technology Co.,Ltd. of m3 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state
| VAR-202208-2048 | CVE-2022-36613 | TOTOLINK of n600r Vulnerability related to use of hardcoded credentials in firmware |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a hardcoded password for root at /etc/shadow.sample. TOTOLINK of n600r A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK N600R is a dual-band wireless router launched by the South Korean brand TOTOLINK in 2013. It supports concurrent operation on both 2.4GHz and 5GHz bands, with a maximum wireless transmission rate of 300Mbps. Detailed vulnerability information is currently unavailable