VARIoT IoT vulnerabilities database
| VAR-202208-1896 | CVE-2022-37239 | MDaemon Technologies of security gateway for email servers Cross-site scripting vulnerability in |
CVSS V2: - CVSS V3: 5.4 Severity: MEDIUM |
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the rulles_list_ajax endpoint
| VAR-202208-1778 | CVE-2022-37801 | Shenzhen Tenda Technology Co.,Ltd. of ac1206 Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the list parameter at the function formSetQosBand. Shenzhen Tenda Technology Co.,Ltd. of ac1206 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC1206 is a wireless through-the-wall Gigabit port router produced by China Tenda. An attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system
| VAR-202208-1903 | CVE-2022-37808 | Shenzhen Tenda Technology Co.,Ltd. of ac1206 Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the index parameter in the function formWifiWpsOOB. Shenzhen Tenda Technology Co.,Ltd. of ac1206 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC1206 is a wireless through-the-wall Gigabit router produced by China Tenda. An attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system
| VAR-202208-1876 | CVE-2022-37082 | TOTOLINK of a7000r in the firmware OS Command injection vulnerability |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the host_time parameter at the function NTPSyncWithHost. TOTOLINK of a7000r The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202208-1824 | CVE-2022-35192 | D-Link Systems, Inc. of DSL-3782 Classic buffer overflow vulnerability in firmware |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware v1.01 allows unauthenticated attackers to cause a Denial of Service (DoS) via the User parameter or Pwd parameter to Login.asp. D-Link Systems, Inc. of DSL-3782 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state
| VAR-202208-1939 | CVE-2022-27558 | HCL Technologies Limited of Domino server and HCL iNotes Vulnerability in requesting weak passwords in |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking. HCL Technologies Limited of Domino server and HCL iNotes contains a weak password requirement vulnerability.Information may be obtained
| VAR-202208-1912 | CVE-2022-27547 | HCL Technologies Limited of HCL iNotes and Domino server Open redirect vulnerability in |
CVSS V2: - CVSS V3: 7.4 Severity: HIGH |
HCL iNotes is susceptible to a link to non-existent domain vulnerability. An attacker could use this vulnerability to trick a user into supplying sensitive information such as username, password, credit card number, etc. HCL Technologies Limited of HCL iNotes and Domino server Exists in an open redirect vulnerability.Information may be obtained
| VAR-202208-1828 | CVE-2022-27546 | HCL Technologies Limited of HCL iNotes and Domino server Cross-site scripting vulnerability in |
CVSS V2: - CVSS V3: 6.1 Severity: MEDIUM |
HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's web browser within the security context of the hosting web site and/or steal the victim's cookie-based authentication credentials. HCL Technologies Limited of HCL iNotes and Domino server Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with
| VAR-202208-1945 | CVE-2022-37810 | Shenzhen Tenda Technology Co.,Ltd. of ac1206 in the firmware OS Command injection vulnerability |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC1206 V15.03.06.23 was discovered to contain a command injection vulnerability via the mac parameter in the function formWriteFacMac. Shenzhen Tenda Technology Co.,Ltd. of ac1206 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202208-1926 | CVE-2022-37084 | TOTOLINK of a7000r Out-of-bounds write vulnerability in firmware |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the sPort parameter at the addEffect function. TOTOLINK of a7000r An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202208-2026 | CVE-2022-37798 | Shenzhen Tenda Technology Co.,Ltd. of ac1206 Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the list parameter at the function formSetVirtualSer. Shenzhen Tenda Technology Co.,Ltd. of ac1206 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC1206 is a wireless through-the-wall Gigabit router produced by China Tenda
| VAR-202208-1930 | CVE-2022-37814 | Shenzhen Tenda Technology Co.,Ltd. of ac1206 Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC1206 V15.03.06.23 was discovered to contain multiple stack overflows via the deviceMac and the device_id parameters in the function addWifiMacFilter. Shenzhen Tenda Technology Co.,Ltd. of ac1206 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC1206 is a wireless through-the-wall Gigabit router produced by China Tenda.
There is a buffer overflow vulnerability in Tenda AC1206 V15.03.06.23, which is caused by improper boundary check of the addWifiMacFilter function. An attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system
| VAR-202208-1834 | CVE-2022-37238 | MDaemon Technologies of security gateway for email servers Cross-site scripting vulnerability in |
CVSS V2: - CVSS V3: 5.4 Severity: MEDIUM |
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the currentRequest parameter
| VAR-202208-2151 | CVE-2022-37075 | TOTOLINK of a7000r Out-of-bounds write vulnerability in firmware |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ip parameter in the function setDiagnosisCfg. TOTOLINK of a7000r An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202208-1931 | CVE-2022-37816 | Shenzhen Tenda Technology Co.,Ltd. of ac1206 Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromSetIpMacBind. Shenzhen Tenda Technology Co.,Ltd. of ac1206 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC1206 is a wireless through-the-wall Gigabit router produced by China Tenda. An attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system
| VAR-202208-1957 | CVE-2022-37081 | TOTOLINK of a7000r in the firmware OS Command injection vulnerability |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the command parameter at setting/setTracerouteCfg. TOTOLINK of a7000r The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202208-1958 | CVE-2022-37242 | MDaemon Technologies of security gateway for email servers Injection vulnerability in |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
MDaemon Technologies SecurityGateway for Email Servers 8.5.2, is vulnerable to HTTP Response splitting via the data parameter. MDaemon Technologies of security gateway for email servers There is an injection vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202208-1875 | CVE-2022-37077 | TOTOLINK of a7000r Out-of-bounds write vulnerability in firmware |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the pppoeUser parameter. TOTOLINK of a7000r An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202208-1904 | CVE-2022-37824 | Shenzhen Tenda Technology Co.,Ltd. of ax1803 Out-of-bounds write vulnerability in firmware |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGusetBasic. Shenzhen Tenda Technology Co.,Ltd. of ax1803 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. An attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system, or cause a denial of service
| VAR-202208-1777 | CVE-2022-37799 | Shenzhen Tenda Technology Co.,Ltd. of ac1206 Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the time parameter at the function setSmartPowerManagement. Shenzhen Tenda Technology Co.,Ltd. of ac1206 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC1206 is a wireless through-the-wall Gigabit router produced by China Tenda. An attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system