VARIoT IoT vulnerabilities database

Telesquare TLR-2005KSH 1.1.4 is vulnerable to unauthorized stack buffer overflow vulnerability when requesting admin.cgi parameter with setDdns. Telesquare of TLR-2005KSH Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized command execution vulnerability when requesting the admin.cgi parameter with setAutorest. Telesquare of TLR-2005KSH A code injection vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setSyncTimeHost. Telesquare of TLR-2005KSH Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Telesquare TLR-2005KSH 1.1.4 is vulnerable to Information Disclosure via the parameter getUserNamePassword

A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function, triggering remote command execution. D-Link Systems, Inc. of DIR-823X Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-823X is a wireless router from D-Link, a Chinese company. D-Link DIR-823X has a command injection vulnerability, which is caused by /goform/set_prohibiting failing to properly filter special characters and commands in the constructed command

A vulnerability, which was classified as critical, has been found in D-Link DIR-823X 240126/240802. This issue affects the function sub_41710C of the file /goform/diag_nslookup of the component HTTP POST Request Handler. The manipulation of the argument target_addr leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of DIR-823X The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-823X is a wireless router from D-Link, a Chinese company. D-Link DIR-823X has a command injection vulnerability, which is caused by the application failing to properly filter special characters and commands in constructing commands. No detailed vulnerability details are currently available

MSE6-D2M-5000-CBUS-S-RG-BAR-VCB-AGD, MSE6-E2M-5000-FB13-AGD, MSE6-E2M-5000-FB37-AGD, etc. are all industrial control components. Many products of festo have denial of service vulnerabilities, which can be exploited by attackers to gain control of the server.

A stack-based buffer overflow vulnerability in Tenda AC7 V15.03.06.44 allows a remote attacker to execute arbitrary code through a stack overflow attack using the security parameter of the formWifiBasicSet function. Shenzhen Tenda Technology Co.,Ltd. of AC7 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the formWifiBasicSet function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system

Tenda AC8 V16.03.34.06 is vulnerable to Buffer Overflow in the fromSetRouteStatic function via the parameter list. Shenzhen Tenda Technology Co.,Ltd. of AC8 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. AC8 is a wireless router. AC8 has a buffer overflow vulnerability. The vulnerability is caused by the SetRouteStatic function failing to correctly verify the length of the input data. Attackers can use this vulnerability to execute arbitrary code on the system

A vulnerability classified as problematic was found in TOTOLINK A3000RU up to 5.9c.5185. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/ExportSyslog.sh of the component Syslog Configuration File Handler. The manipulation leads to improper access controls. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. TOTOLINK of A3000RU The firmware contains vulnerabilities related to improper permission settings and access control.Information may be obtained. TOTOLINK A3000RU is a wireless router from China's TOTOLINK Electronics. No detailed vulnerability details are currently provided

A vulnerability was found in D-Link DAP-1620 1.03 and classified as critical. This issue affects the function check_dws_cookie of the file /storage. The manipulation of the argument uid leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DAP-1620 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DAP-1620 is a wireless repeater extender from D-Link, a Chinese company. D-Link DAP-1620 has a stack buffer overflow vulnerability. The vulnerability is caused by improper processing of the parameter uid. Attackers can use this vulnerability to trigger a denial of service or execute malicious code

A vulnerability has been found in D-Link DAP-1620 1.03 and classified as critical. This vulnerability affects the function mod_graph_auth_uri_handler of the file /storage of the component Authentication Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DAP-1620 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DAP-1620 is a wireless repeater extender from D-Link, a Chinese company. D-Link DAP-1620 mod_graph_auth_uri_handler function has a stack buffer overflow vulnerability, which can be exploited by attackers to execute arbitrary code on the system or cause a denial of service

A vulnerability, which was classified as critical, was found in D-Link DAP-1620 1.03. This affects the function check_dws_cookie of the file /storage of the component Cookie Handler. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DAP-1620 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DAP-1620 is a wireless repeater extender from D-Link. The vulnerability is caused by the failure of the check_dws_cookie function of the Cookie processing component to correctly verify the length of the input data. Attackers can use this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability, which was classified as critical, has been found in D-Link DAP-1620 1.03. Affected by this issue is the function set_ws_action of the file /dws/api/ of the component Path Handler. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DAP-1620 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DAP-1620 is a wireless repeater extender from D-Link. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow in the wifiPwd parameter at /goform/setModules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Shenzhen Tenda Technology Co.,Ltd. of w18e A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state

Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow in the wifiSSID parameter at /goform/setModules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Shenzhen Tenda Technology Co.,Ltd. of w18e A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state

A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02. It has been rated as problematic. This issue affects some unknown processing of the file /goform/formVirtualServ. The manipulation leads to improper access controls. The attack needs to be approached within the local network. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link DIR-605L and D-Link DIR-618 are both wireless routers from China's D-Link company. D-Link DIR-605L and D-Link DIR-618 have access control error vulnerabilities. Attackers can use this vulnerability to set up virtual services on the device

Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow via the sub_43fdcc function at /goform/SetNetControlList. Shenzhen Tenda Technology Co.,Ltd. of AX12 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. Tenda AX12 is a dual-band Gigabit Wifi 6 wireless router from China's Tenda Company. The vulnerability is caused by the sub_43fdcc function in /goform/SetNetControlList failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02. It has been declared as problematic. This vulnerability affects unknown code of the file /goform/formTcpipSetup. The manipulation leads to improper access controls. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link DIR-605L and D-Link DIR-618 are both wireless routers from China's D-Link. D-Link DIR-618 version 2.02 and DIR-605L version 3.02 have access control error vulnerabilities. Attackers can use this vulnerability to set up the device's tcpip service

A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02. It has been classified as problematic. This affects an unknown part of the file /goform/formSetPortTr. The manipulation leads to improper access controls. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link DIR-605L and D-Link DIR-618 are both wireless routers from China's D-Link. D-Link DIR-618 version 2.02 and D-Link DIR-605L version 3.02 have access control error vulnerabilities. Attackers can use this vulnerability to set port rules for the device