VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202208-1992 CVE-2022-38566 Shenzhen Tenda Technology Co.,Ltd.  of  m3  Out-of-bounds write vulnerability in firmware CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formEmailTest. This vulnerability allows attackers to cause a Denial of Service (DoS) via the mailname parameter. Shenzhen Tenda Technology Co.,Ltd. of m3 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state
VAR-202208-2016 CVE-2022-38565 Shenzhen Tenda Technology Co.,Ltd.  of  m3  Out-of-bounds write vulnerability in firmware CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formEmailTest. This vulnerability allows attackers to cause a Denial of Service (DoS) via the mailpwd parameter. Shenzhen Tenda Technology Co.,Ltd. of m3 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state
VAR-202208-1996 CVE-2022-38563 Shenzhen Tenda Technology Co.,Ltd.  of  m3  Out-of-bounds write vulnerability in firmware CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service (DoS) via the MACAddr parameter. Shenzhen Tenda Technology Co.,Ltd. of m3 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state
VAR-202208-2017 CVE-2022-36614 TOTOLINK  of  a860r  Vulnerability related to use of hardcoded credentials in firmware CVSS V2: -
CVSS V3: 7.8
Severity: HIGH
TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a hardcoded password for root at /etc/shadow.sample. TOTOLINK of a860r A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202208-2015 CVE-2022-38571 Shenzhen Tenda Technology Co.,Ltd.  of  m3  Out-of-bounds write vulnerability in firmware CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
Tenda M3 V1.0.0.12(4856) was discovered to contain a buffer overflow in the function formSetGuideListItem. Shenzhen Tenda Technology Co.,Ltd. of m3 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state
VAR-202208-1994 CVE-2022-38510 Shenzhen Tenda Technology Co.,Ltd.  of  tx9 pro  Classic buffer overflow vulnerability in firmware CVSS V2: -
CVSS V3: 7.8
Severity: HIGH
Tenda_TX9pro V22.03.02.10 was discovered to contain a buffer overflow via the component httpd/SetNetControlList. Shenzhen Tenda Technology Co.,Ltd. of tx9 pro Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202208-2047 CVE-2022-37053 TRENDnet  of  TEW733GR  Code injection vulnerability in firmware CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
TRENDnet TEW733GR v1.03B01 is vulnerable to Command injection via /htdocs/upnpinc/gena.php. TRENDnet of TEW733GR A code injection vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202208-2019 CVE-2022-38570 Shenzhen Tenda Technology Co.,Ltd.  of  m3  Out-of-bounds write vulnerability in firmware CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow in the function formDelPushedAd. This vulnerability allows attackers to cause a Denial of Service (DoS) via the adPushUID parameter. Shenzhen Tenda Technology Co.,Ltd. of m3 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state
VAR-202208-2194 CVE-2022-36755 D-Link Systems, Inc.  of  dir-845l  Authentication vulnerability in firmware CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
D-Link DIR845L A1 contains a authentication vulnerability via an AUTHORIZED_GROUP=1 value, as demonstrated by a request for getcfg.php. D-Link Systems, Inc. of dir-845l An authentication vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202208-2086 CVE-2022-38567 Shenzhen Tenda Technology Co.,Ltd.  of  m3  Out-of-bounds write vulnerability in firmware CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow vulnerability in the function formSetAdConfigInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the authIPs parameter. Shenzhen Tenda Technology Co.,Ltd. of m3 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state
VAR-202208-2018 CVE-2022-36610 TOTOLINK  of  A720R  Vulnerability related to use of hardcoded credentials in firmware CVSS V2: 6.8
CVSS V3: 7.8
Severity: HIGH
TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hardcoded password for root at /etc/shadow.sample. TOTOLINK of A720R A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK A720R is a wireless router launched by TOTOLINK, a Chinese electronics company. It features dual-band Wi-Fi and emphasizes high-speed network speeds and strong signal coverage. Detailed vulnerability information is currently unavailable
VAR-202208-2068 CVE-2022-36756 D-Link Systems, Inc.  of  dir-845l  Code injection vulnerability in firmware CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
DIR845L A1 v1.00-v1.03 is vulnerable to command injection via /htdocs/upnpinc/gena.php. D-Link Systems, Inc. of dir-845l A code injection vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202208-2070 CVE-2022-38562 Shenzhen Tenda Technology Co.,Ltd.  of  m3  Out-of-bounds write vulnerability in firmware CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service (DoS) via the lan parameter. Shenzhen Tenda Technology Co.,Ltd. of m3 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state
VAR-202208-2044 CVE-2022-38569 Shenzhen Tenda Technology Co.,Ltd.  of  m3  Out-of-bounds write vulnerability in firmware CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow in the function formDelAd. Shenzhen Tenda Technology Co.,Ltd. of m3 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state
VAR-202208-2139 CVE-2022-38555 Cisco Systems  (Linksys)  of  E1200  Out-of-bounds write vulnerability in firmware CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
Linksys E1200 v1.0.04 is vulnerable to Buffer Overflow via ej_get_web_page_name. Cisco Systems (Linksys) of E1200 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202208-2087 CVE-2022-38557 D-Link Systems, Inc.  of  dir-845l  Authentication vulnerability in firmware CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
D-Link DIR845L v1.00-v1.03 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh. D-Link Systems, Inc. of dir-845l An authentication vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202208-2049 CVE-2022-38564 Shenzhen Tenda Technology Co.,Ltd.  of  m3  Out-of-bounds write vulnerability in firmware CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
Tenda M3 V1.0.0.12(4856) was discovered to contain a buffer overflow vulnerability in the function formSetPicListItem. This vulnerability allows attackers to cause a Denial of Service (DoS) via the adItemUID parameter. Shenzhen Tenda Technology Co.,Ltd. of m3 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state
VAR-202208-2282 CVE-2022-38556 TRENDnet  of  TEW733GR  Authentication vulnerability in firmware CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
Trendnet TEW733GR v1.03B01 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh. TRENDnet of TEW733GR An authentication vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202208-2050 CVE-2022-38568 Shenzhen Tenda Technology Co.,Ltd.  of  m3  Out-of-bounds write vulnerability in firmware CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service (DoS) via the hostname parameter. Shenzhen Tenda Technology Co.,Ltd. of m3 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state
VAR-202208-2048 CVE-2022-36613 TOTOLINK  of  n600r  Vulnerability related to use of hardcoded credentials in firmware CVSS V2: 6.8
CVSS V3: 7.8
Severity: HIGH
TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a hardcoded password for root at /etc/shadow.sample. TOTOLINK of n600r A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK N600R is a dual-band wireless router launched by the South Korean brand TOTOLINK in 2013. It supports concurrent operation on both 2.4GHz and 5GHz bands, with a maximum wireless transmission rate of 300Mbps. Detailed vulnerability information is currently unavailable