VARIoT IoT vulnerabilities database
| VAR-202208-2019 | CVE-2022-38570 | Shenzhen Tenda Technology Co.,Ltd. of m3 Out-of-bounds write vulnerability in firmware |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow in the function formDelPushedAd. This vulnerability allows attackers to cause a Denial of Service (DoS) via the adPushUID parameter. Shenzhen Tenda Technology Co.,Ltd. of m3 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state
| VAR-202208-2016 | CVE-2022-38565 | Shenzhen Tenda Technology Co.,Ltd. of m3 Out-of-bounds write vulnerability in firmware |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formEmailTest. This vulnerability allows attackers to cause a Denial of Service (DoS) via the mailpwd parameter. Shenzhen Tenda Technology Co.,Ltd. of m3 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state
| VAR-202208-2082 | CVE-2022-2915 | plural SonicWALL Out-of-bounds write vulnerabilities in the product |
CVSS V2: - CVSS V3: 8.8 Severity: HIGH |
A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution. This vulnerability impacts 10.2.1.5-34sv and earlier versions. SMA200 firmware, SMA210 firmware, SMA400 firmware etc. SonicWALL The product contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202208-2056 | CVE-2022-36522 | MikroTik of routeros Reachable Assertiveness Vulnerability in |
CVSS V2: - CVSS V3: 6.5 Severity: MEDIUM |
Mikrotik RouterOs through stable v6.48.3 was discovered to contain an assertion failure in the component /advanced-tools/nova/bin/netwatch. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. MikroTik of routeros Exists in a reachable assertiveness vulnerability.Service operation interruption (DoS) It may be in a state
| VAR-202208-2051 | CVE-2022-31773 | IBM of IBM DataPower Gateway Cross-site request forgery vulnerability in |
CVSS V2: - CVSS V3: 8.8 Severity: HIGH |
IBM DataPower Gateway V10CD, 10.0.1, and 2018.4.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 228357. (DoS) It may be in a state. IBM DataPower Gateway is a security and integration platform specially designed for mobile, cloud, application programming interface (API), network, service-oriented architecture (SOA), B2B and cloud workloads. The platform secures, integrates and optimizes access across channels with a dedicated gateway platform. The vulnerability stems from the fact that the WEB application does not fully verify whether the request is from a trusted user. Attackers can exploit this vulnerability to forge malicious requests to trick victims into clicking to perform sensitive operations
| VAR-202208-1982 | CVE-2022-36456 | TOTOLINK of A720R in the firmware OS Command injection vulnerability |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
TOTOLink A720R V4.1.5cu.532_B20210610 was discovered to contain a command injection vulnerability via the username parameter in /cstecgi.cgi. TOTOLINK of A720R The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK A720R is a wireless router launched by TOTOLINK, a Chinese electronics company. It features dual-band Wi-Fi and emphasizes high-speed network and signal coverage. Detailed vulnerability information is not currently available
| VAR-202208-1841 | CVE-2022-37821 | Shenzhen Tenda Technology Co.,Ltd. of ax1803 Out-of-bounds write vulnerability in firmware |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the ProvinceCode parameter in the function formSetProvince. Shenzhen Tenda Technology Co.,Ltd. of ax1803 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. An attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system, or cause a denial of service
| VAR-202208-1779 | CVE-2022-37804 | Shenzhen Tenda Technology Co.,Ltd. of ac1206 Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the time parameter in the function saveParentControlInfo. Shenzhen Tenda Technology Co.,Ltd. of ac1206 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC1206 is a wireless through-the-wall Gigabit router produced by China Tenda. An attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system
| VAR-202208-1782 | CVE-2022-37817 | Shenzhen Tenda Technology Co.,Ltd. of ax1803 Out-of-bounds write vulnerability in firmware |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the function fromSetIpMacBind. Shenzhen Tenda Technology Co.,Ltd. of ax1803 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by improper bounds checking of the fromSetIpMacBind function. An attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system, or cause a denial of service
| VAR-202208-2151 | CVE-2022-37075 | TOTOLINK of a7000r Out-of-bounds write vulnerability in firmware |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ip parameter in the function setDiagnosisCfg. TOTOLINK of a7000r An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202208-1839 | CVE-2022-37078 | TOTOLINK of a7000r Out-of-bounds write vulnerability in firmware |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the lang parameter at /setting/setLanguageCfg. TOTOLINK of a7000r An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202208-1781 | CVE-2022-37819 | Shenzhen Tenda Technology Co.,Ltd. of ax1803 Out-of-bounds write vulnerability in firmware |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the timezone parameter in the function fromSetSysTime. Shenzhen Tenda Technology Co.,Ltd. of ax1803 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. An attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system, or cause a denial of service
| VAR-202208-1762 | CVE-2022-37245 | MDaemon Technologies of security gateway for email servers Cross-site scripting vulnerability in |
CVSS V2: - CVSS V3: 5.4 Severity: MEDIUM |
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the Blacklist endpoint
| VAR-202208-1928 | CVE-2022-37822 | Shenzhen Tenda Technology Co.,Ltd. of ax1803 Out-of-bounds write vulnerability in firmware |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the function fromSetRouteStatic. Shenzhen Tenda Technology Co.,Ltd. of ax1803 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. An attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system, or cause a denial of service
| VAR-202208-1926 | CVE-2022-37084 | TOTOLINK of a7000r Out-of-bounds write vulnerability in firmware |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the sPort parameter at the addEffect function. TOTOLINK of a7000r An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202208-1840 | CVE-2022-37244 | MDaemon Technologies of security gateway for email servers Cross-site scripting vulnerability in |
CVSS V2: - CVSS V3: 5.4 Severity: MEDIUM |
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to IFRAME Injectionvia the currentRequest parameter. after login leads to inject malicious tag leads to IFRAME injection. MDaemon Technologies of security gateway for email servers Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with
| VAR-202208-1808 | CVE-2022-37803 | Shenzhen Tenda Technology Co.,Ltd. of ac1206 Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the page parameter in the function fromAddressNat. Shenzhen Tenda Technology Co.,Ltd. of ac1206 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC1206 is a wireless through-the-wall Gigabit router produced by China Tenda. An attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system
| VAR-202208-1834 | CVE-2022-37238 | MDaemon Technologies of security gateway for email servers Cross-site scripting vulnerability in |
CVSS V2: - CVSS V3: 5.4 Severity: MEDIUM |
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the currentRequest parameter
| VAR-202208-1780 | CVE-2022-37806 | Shenzhen Tenda Technology Co.,Ltd. of ac1206 Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the page parameter in the function fromDhcpListClient. Shenzhen Tenda Technology Co.,Ltd. of ac1206 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC1206 is a wireless through-the-wall Gigabit router produced by China Tenda.
There is a buffer overflow vulnerability in Tenda AC1206 V15.03.06.23, which can be exploited by attackers to cause buffer overflow or heap overflow
| VAR-202208-1824 | CVE-2022-35192 | D-Link Systems, Inc. of DSL-3782 Classic buffer overflow vulnerability in firmware |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware v1.01 allows unauthenticated attackers to cause a Denial of Service (DoS) via the User parameter or Pwd parameter to Login.asp. D-Link Systems, Inc. of DSL-3782 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state