VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202208-1896 CVE-2022-37239 MDaemon Technologies  of  security gateway for email servers  Cross-site scripting vulnerability in CVSS V2: -
CVSS V3: 5.4
Severity: MEDIUM
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the rulles_list_ajax endpoint
VAR-202208-1778 CVE-2022-37801 Shenzhen Tenda Technology Co.,Ltd.  of  ac1206  Out-of-bounds write vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the list parameter at the function formSetQosBand. Shenzhen Tenda Technology Co.,Ltd. of ac1206 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC1206 is a wireless through-the-wall Gigabit port router produced by China Tenda. An attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system
VAR-202208-1903 CVE-2022-37808 Shenzhen Tenda Technology Co.,Ltd.  of  ac1206  Out-of-bounds write vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the index parameter in the function formWifiWpsOOB. Shenzhen Tenda Technology Co.,Ltd. of ac1206 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC1206 is a wireless through-the-wall Gigabit router produced by China Tenda. An attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system
VAR-202208-1876 CVE-2022-37082 TOTOLINK  of  a7000r  in the firmware  OS  Command injection vulnerability CVSS V2: -
CVSS V3: 7.8
Severity: HIGH
TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the host_time parameter at the function NTPSyncWithHost. TOTOLINK of a7000r The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202208-1824 CVE-2022-35192 D-Link Systems, Inc.  of  DSL-3782  Classic buffer overflow vulnerability in firmware CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware v1.01 allows unauthenticated attackers to cause a Denial of Service (DoS) via the User parameter or Pwd parameter to Login.asp. D-Link Systems, Inc. of DSL-3782 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state
VAR-202208-1939 CVE-2022-27558 HCL Technologies Limited  of  Domino server  and  HCL iNotes  Vulnerability in requesting weak passwords in CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking. HCL Technologies Limited of Domino server and HCL iNotes contains a weak password requirement vulnerability.Information may be obtained
VAR-202208-1912 CVE-2022-27547 HCL Technologies Limited  of  HCL iNotes  and  Domino server  Open redirect vulnerability in CVSS V2: -
CVSS V3: 7.4
Severity: HIGH
HCL iNotes is susceptible to a link to non-existent domain vulnerability. An attacker could use this vulnerability to trick a user into supplying sensitive information such as username, password, credit card number, etc. HCL Technologies Limited of HCL iNotes and Domino server Exists in an open redirect vulnerability.Information may be obtained
VAR-202208-1828 CVE-2022-27546 HCL Technologies Limited  of  HCL iNotes  and  Domino server  Cross-site scripting vulnerability in CVSS V2: -
CVSS V3: 6.1
Severity: MEDIUM
HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's web browser within the security context of the hosting web site and/or steal the victim's cookie-based authentication credentials. HCL Technologies Limited of HCL iNotes and Domino server Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with
VAR-202208-1945 CVE-2022-37810 Shenzhen Tenda Technology Co.,Ltd.  of  ac1206  in the firmware  OS  Command injection vulnerability CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
Tenda AC1206 V15.03.06.23 was discovered to contain a command injection vulnerability via the mac parameter in the function formWriteFacMac. Shenzhen Tenda Technology Co.,Ltd. of ac1206 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202208-1926 CVE-2022-37084 TOTOLINK  of  a7000r  Out-of-bounds write vulnerability in firmware CVSS V2: -
CVSS V3: 7.8
Severity: HIGH
TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the sPort parameter at the addEffect function. TOTOLINK of a7000r An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202208-2026 CVE-2022-37798 Shenzhen Tenda Technology Co.,Ltd.  of  ac1206  Out-of-bounds write vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the list parameter at the function formSetVirtualSer. Shenzhen Tenda Technology Co.,Ltd. of ac1206 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC1206 is a wireless through-the-wall Gigabit router produced by China Tenda
VAR-202208-1930 CVE-2022-37814 Shenzhen Tenda Technology Co.,Ltd.  of  ac1206  Out-of-bounds write vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Tenda AC1206 V15.03.06.23 was discovered to contain multiple stack overflows via the deviceMac and the device_id parameters in the function addWifiMacFilter. Shenzhen Tenda Technology Co.,Ltd. of ac1206 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC1206 is a wireless through-the-wall Gigabit router produced by China Tenda. There is a buffer overflow vulnerability in Tenda AC1206 V15.03.06.23, which is caused by improper boundary check of the addWifiMacFilter function. An attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system
VAR-202208-1834 CVE-2022-37238 MDaemon Technologies  of  security gateway for email servers  Cross-site scripting vulnerability in CVSS V2: -
CVSS V3: 5.4
Severity: MEDIUM
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the currentRequest parameter
VAR-202208-2151 CVE-2022-37075 TOTOLINK  of  a7000r  Out-of-bounds write vulnerability in firmware CVSS V2: -
CVSS V3: 7.8
Severity: HIGH
TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ip parameter in the function setDiagnosisCfg. TOTOLINK of a7000r An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202208-1931 CVE-2022-37816 Shenzhen Tenda Technology Co.,Ltd.  of  ac1206  Out-of-bounds write vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromSetIpMacBind. Shenzhen Tenda Technology Co.,Ltd. of ac1206 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC1206 is a wireless through-the-wall Gigabit router produced by China Tenda. An attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system
VAR-202208-1957 CVE-2022-37081 TOTOLINK  of  a7000r  in the firmware  OS  Command injection vulnerability CVSS V2: -
CVSS V3: 7.8
Severity: HIGH
TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the command parameter at setting/setTracerouteCfg. TOTOLINK of a7000r The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202208-1958 CVE-2022-37242 MDaemon Technologies  of  security gateway for email servers  Injection vulnerability in CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
MDaemon Technologies SecurityGateway for Email Servers 8.5.2, is vulnerable to HTTP Response splitting via the data parameter. MDaemon Technologies of security gateway for email servers There is an injection vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202208-1875 CVE-2022-37077 TOTOLINK  of  a7000r  Out-of-bounds write vulnerability in firmware CVSS V2: -
CVSS V3: 7.8
Severity: HIGH
TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the pppoeUser parameter. TOTOLINK of a7000r An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202208-1904 CVE-2022-37824 Shenzhen Tenda Technology Co.,Ltd.  of  ax1803  Out-of-bounds write vulnerability in firmware CVSS V2: 7.2
CVSS V3: 7.8
Severity: HIGH
Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGusetBasic. Shenzhen Tenda Technology Co.,Ltd. of ax1803 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. An attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system, or cause a denial of service
VAR-202208-1777 CVE-2022-37799 Shenzhen Tenda Technology Co.,Ltd.  of  ac1206  Out-of-bounds write vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the time parameter at the function setSmartPowerManagement. Shenzhen Tenda Technology Co.,Ltd. of ac1206 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC1206 is a wireless through-the-wall Gigabit router produced by China Tenda. An attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system