VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202208-2019 CVE-2022-38570 Shenzhen Tenda Technology Co.,Ltd.  of  m3  Out-of-bounds write vulnerability in firmware CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow in the function formDelPushedAd. This vulnerability allows attackers to cause a Denial of Service (DoS) via the adPushUID parameter. Shenzhen Tenda Technology Co.,Ltd. of m3 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state
VAR-202208-2016 CVE-2022-38565 Shenzhen Tenda Technology Co.,Ltd.  of  m3  Out-of-bounds write vulnerability in firmware CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formEmailTest. This vulnerability allows attackers to cause a Denial of Service (DoS) via the mailpwd parameter. Shenzhen Tenda Technology Co.,Ltd. of m3 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state
VAR-202208-2082 CVE-2022-2915 plural  SonicWALL  Out-of-bounds write vulnerabilities in the product CVSS V2: -
CVSS V3: 8.8
Severity: HIGH
A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution. This vulnerability impacts 10.2.1.5-34sv and earlier versions. SMA200 firmware, SMA210 firmware, SMA400 firmware etc. SonicWALL The product contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202208-2056 CVE-2022-36522 MikroTik  of  routeros  Reachable Assertiveness Vulnerability in CVSS V2: -
CVSS V3: 6.5
Severity: MEDIUM
Mikrotik RouterOs through stable v6.48.3 was discovered to contain an assertion failure in the component /advanced-tools/nova/bin/netwatch. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. MikroTik of routeros Exists in a reachable assertiveness vulnerability.Service operation interruption (DoS) It may be in a state
VAR-202208-2051 CVE-2022-31773 IBM  of  IBM DataPower Gateway  Cross-site request forgery vulnerability in CVSS V2: -
CVSS V3: 8.8
Severity: HIGH
IBM DataPower Gateway V10CD, 10.0.1, and 2018.4.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 228357. (DoS) It may be in a state. IBM DataPower Gateway is a security and integration platform specially designed for mobile, cloud, application programming interface (API), network, service-oriented architecture (SOA), B2B and cloud workloads. The platform secures, integrates and optimizes access across channels with a dedicated gateway platform. The vulnerability stems from the fact that the WEB application does not fully verify whether the request is from a trusted user. Attackers can exploit this vulnerability to forge malicious requests to trick victims into clicking to perform sensitive operations
VAR-202208-1982 CVE-2022-36456 TOTOLINK  of  A720R  in the firmware  OS  Command injection vulnerability CVSS V2: 6.8
CVSS V3: 7.8
Severity: HIGH
TOTOLink A720R V4.1.5cu.532_B20210610 was discovered to contain a command injection vulnerability via the username parameter in /cstecgi.cgi. TOTOLINK of A720R The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK A720R is a wireless router launched by TOTOLINK, a Chinese electronics company. It features dual-band Wi-Fi and emphasizes high-speed network and signal coverage. Detailed vulnerability information is not currently available
VAR-202208-1841 CVE-2022-37821 Shenzhen Tenda Technology Co.,Ltd.  of  ax1803  Out-of-bounds write vulnerability in firmware CVSS V2: 7.2
CVSS V3: 7.8
Severity: HIGH
Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the ProvinceCode parameter in the function formSetProvince. Shenzhen Tenda Technology Co.,Ltd. of ax1803 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. An attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system, or cause a denial of service
VAR-202208-1779 CVE-2022-37804 Shenzhen Tenda Technology Co.,Ltd.  of  ac1206  Out-of-bounds write vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the time parameter in the function saveParentControlInfo. Shenzhen Tenda Technology Co.,Ltd. of ac1206 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC1206 is a wireless through-the-wall Gigabit router produced by China Tenda. An attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system
VAR-202208-1782 CVE-2022-37817 Shenzhen Tenda Technology Co.,Ltd.  of  ax1803  Out-of-bounds write vulnerability in firmware CVSS V2: 7.2
CVSS V3: 7.8
Severity: HIGH
Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the function fromSetIpMacBind. Shenzhen Tenda Technology Co.,Ltd. of ax1803 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by improper bounds checking of the fromSetIpMacBind function. An attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system, or cause a denial of service
VAR-202208-2151 CVE-2022-37075 TOTOLINK  of  a7000r  Out-of-bounds write vulnerability in firmware CVSS V2: -
CVSS V3: 7.8
Severity: HIGH
TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ip parameter in the function setDiagnosisCfg. TOTOLINK of a7000r An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202208-1839 CVE-2022-37078 TOTOLINK  of  a7000r  Out-of-bounds write vulnerability in firmware CVSS V2: -
CVSS V3: 7.8
Severity: HIGH
TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the lang parameter at /setting/setLanguageCfg. TOTOLINK of a7000r An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202208-1781 CVE-2022-37819 Shenzhen Tenda Technology Co.,Ltd.  of  ax1803  Out-of-bounds write vulnerability in firmware CVSS V2: 7.2
CVSS V3: 7.8
Severity: HIGH
Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the timezone parameter in the function fromSetSysTime. Shenzhen Tenda Technology Co.,Ltd. of ax1803 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. An attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system, or cause a denial of service
VAR-202208-1762 CVE-2022-37245 MDaemon Technologies  of  security gateway for email servers  Cross-site scripting vulnerability in CVSS V2: -
CVSS V3: 5.4
Severity: MEDIUM
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the Blacklist endpoint
VAR-202208-1928 CVE-2022-37822 Shenzhen Tenda Technology Co.,Ltd.  of  ax1803  Out-of-bounds write vulnerability in firmware CVSS V2: 7.2
CVSS V3: 7.8
Severity: HIGH
Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the function fromSetRouteStatic. Shenzhen Tenda Technology Co.,Ltd. of ax1803 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. An attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system, or cause a denial of service
VAR-202208-1926 CVE-2022-37084 TOTOLINK  of  a7000r  Out-of-bounds write vulnerability in firmware CVSS V2: -
CVSS V3: 7.8
Severity: HIGH
TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the sPort parameter at the addEffect function. TOTOLINK of a7000r An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202208-1840 CVE-2022-37244 MDaemon Technologies  of  security gateway for email servers  Cross-site scripting vulnerability in CVSS V2: -
CVSS V3: 5.4
Severity: MEDIUM
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to IFRAME Injectionvia the currentRequest parameter. after login leads to inject malicious tag leads to IFRAME injection. MDaemon Technologies of security gateway for email servers Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with
VAR-202208-1808 CVE-2022-37803 Shenzhen Tenda Technology Co.,Ltd.  of  ac1206  Out-of-bounds write vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the page parameter in the function fromAddressNat. Shenzhen Tenda Technology Co.,Ltd. of ac1206 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC1206 is a wireless through-the-wall Gigabit router produced by China Tenda. An attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system
VAR-202208-1834 CVE-2022-37238 MDaemon Technologies  of  security gateway for email servers  Cross-site scripting vulnerability in CVSS V2: -
CVSS V3: 5.4
Severity: MEDIUM
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the currentRequest parameter
VAR-202208-1780 CVE-2022-37806 Shenzhen Tenda Technology Co.,Ltd.  of  ac1206  Out-of-bounds write vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the page parameter in the function fromDhcpListClient. Shenzhen Tenda Technology Co.,Ltd. of ac1206 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC1206 is a wireless through-the-wall Gigabit router produced by China Tenda. There is a buffer overflow vulnerability in Tenda AC1206 V15.03.06.23, which can be exploited by attackers to cause buffer overflow or heap overflow
VAR-202208-1824 CVE-2022-35192 D-Link Systems, Inc.  of  DSL-3782  Classic buffer overflow vulnerability in firmware CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware v1.01 allows unauthenticated attackers to cause a Denial of Service (DoS) via the User parameter or Pwd parameter to Login.asp. D-Link Systems, Inc. of DSL-3782 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state