VARIoT IoT vulnerabilities database
| VAR-202208-1930 | CVE-2022-37814 | Shenzhen Tenda Technology Co.,Ltd. of ac1206 Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC1206 V15.03.06.23 was discovered to contain multiple stack overflows via the deviceMac and the device_id parameters in the function addWifiMacFilter. Shenzhen Tenda Technology Co.,Ltd. of ac1206 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC1206 is a wireless through-the-wall Gigabit router produced by China Tenda.
There is a buffer overflow vulnerability in Tenda AC1206 V15.03.06.23, which is caused by improper boundary check of the addWifiMacFilter function. An attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system
| VAR-202208-2008 | CVE-2022-37802 | Shenzhen Tenda Technology Co.,Ltd. of ac1206 Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the page parameter in the function fromNatStaticSetting. Shenzhen Tenda Technology Co.,Ltd. of ac1206 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC1206 is a wireless through-the-wall Gigabit router produced by China Tenda. An attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system
| VAR-202208-1892 | CVE-2022-37292 | Shenzhen Tenda Technology Co.,Ltd. of AX12 Out-of-bounds write vulnerability in firmware |
CVSS V2: 4.9 CVSS V3: 5.5 Severity: MEDIUM |
Tenda AX12 V22.03.01.21_CN is vulnerable to Buffer Overflow. This overflow is triggered in the sub_42FDE4 function, which satisfies the request of the upper-level interface function sub_430124, that is, handles the post request under /goform/SetIpMacBind. Shenzhen Tenda Technology Co.,Ltd. of AX12 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda AX12 is a dual-band Gigabit Wifi 6 wireless router from the Chinese company Tenda.
Tenda AX12 V22.03.01.21_CN version has a security vulnerability, and no detailed vulnerability details are provided at present
| VAR-202208-1931 | CVE-2022-37816 | Shenzhen Tenda Technology Co.,Ltd. of ac1206 Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromSetIpMacBind. Shenzhen Tenda Technology Co.,Ltd. of ac1206 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC1206 is a wireless through-the-wall Gigabit router produced by China Tenda. An attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system
| VAR-202208-2151 | CVE-2022-37075 | TOTOLINK of a7000r Out-of-bounds write vulnerability in firmware |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ip parameter in the function setDiagnosisCfg. TOTOLINK of a7000r An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202208-1944 | CVE-2022-37805 | Shenzhen Tenda Technology Co.,Ltd. of ac1206 Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromWizardHandle. Shenzhen Tenda Technology Co.,Ltd. of ac1206 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC1206 is a wireless through-the-wall Gigabit router produced by China Tenda.
There is a buffer overflow vulnerability in Tenda AC1206 V15.03.06.23, which can be exploited by attackers to cause buffer overflow or heap overflow
| VAR-202208-1959 | CVE-2022-37813 | Shenzhen Tenda Technology Co.,Ltd. of ac1206 Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromSetSysTime. Shenzhen Tenda Technology Co.,Ltd. of ac1206 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC1206 is a wireless through-the-wall Gigabit router produced by China Tenda. An attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system
| VAR-202208-1929 | CVE-2022-37811 | Shenzhen Tenda Technology Co.,Ltd. of ac1206 Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the startIp parameter in the function formSetPPTPServer. Shenzhen Tenda Technology Co.,Ltd. of ac1206 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC1206 is a wireless through-the-wall Gigabit router produced by China Tenda. An attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system
| VAR-202208-1875 | CVE-2022-37077 | TOTOLINK of a7000r Out-of-bounds write vulnerability in firmware |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the pppoeUser parameter. TOTOLINK of a7000r An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202208-1777 | CVE-2022-37799 | Shenzhen Tenda Technology Co.,Ltd. of ac1206 Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the time parameter at the function setSmartPowerManagement. Shenzhen Tenda Technology Co.,Ltd. of ac1206 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC1206 is a wireless through-the-wall Gigabit router produced by China Tenda. An attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system
| VAR-202208-1778 | CVE-2022-37801 | Shenzhen Tenda Technology Co.,Ltd. of ac1206 Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the list parameter at the function formSetQosBand. Shenzhen Tenda Technology Co.,Ltd. of ac1206 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC1206 is a wireless through-the-wall Gigabit port router produced by China Tenda. An attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system
| VAR-202208-2026 | CVE-2022-37798 | Shenzhen Tenda Technology Co.,Ltd. of ac1206 Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the list parameter at the function formSetVirtualSer. Shenzhen Tenda Technology Co.,Ltd. of ac1206 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC1206 is a wireless through-the-wall Gigabit router produced by China Tenda
| VAR-202208-1775 | CVE-2022-37083 | TOTOLINK of a7000r in the firmware OS Command injection vulnerability |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the ip parameter at the function setDiagnosisCfg. TOTOLINK of a7000r The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202208-1808 | CVE-2022-37803 | Shenzhen Tenda Technology Co.,Ltd. of ac1206 Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the page parameter in the function fromAddressNat. Shenzhen Tenda Technology Co.,Ltd. of ac1206 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC1206 is a wireless through-the-wall Gigabit router produced by China Tenda. An attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system
| VAR-202208-1904 | CVE-2022-37824 | Shenzhen Tenda Technology Co.,Ltd. of ax1803 Out-of-bounds write vulnerability in firmware |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGusetBasic. Shenzhen Tenda Technology Co.,Ltd. of ax1803 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. An attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system, or cause a denial of service
| VAR-202208-1807 | CVE-2022-37240 | MDaemon Technologies of security gateway for email servers Injection vulnerability in |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to HTTP Response splitting via the format parameter. MDaemon Technologies of security gateway for email servers There is an injection vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202208-2180 | CVE-2022-37080 | TOTOLINK of a7000r Out-of-bounds write vulnerability in firmware |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the command parameter at setting/setTracerouteCfg. TOTOLINK of a7000r An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202208-1928 | CVE-2022-37822 | Shenzhen Tenda Technology Co.,Ltd. of ax1803 Out-of-bounds write vulnerability in firmware |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the function fromSetRouteStatic. Shenzhen Tenda Technology Co.,Ltd. of ax1803 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. An attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system, or cause a denial of service
| VAR-202208-1811 | CVE-2022-37818 | Shenzhen Tenda Technology Co.,Ltd. of ax1803 Out-of-bounds write vulnerability in firmware |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the list parameter at the function formSetQosBand. Shenzhen Tenda Technology Co.,Ltd. of ax1803 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. An attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system, or cause a denial of service
| VAR-202208-1879 | CVE-2022-20921 | Cisco Systems Cisco ACI Multi-Site Orchestrator Vulnerability in |
CVSS V2: - CVSS V3: 8.8 Severity: HIGH |
A vulnerability in the API implementation of Cisco ACI Multi-Site Orchestrator (MSO) could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability is due to improper authorization on specific APIs. An attacker could exploit this vulnerability by sending crafted HTTP requests. A successful exploit could allow an attacker who is authenticated with non-Administrator privileges to elevate to Administrator privileges on an affected device. Cisco Systems Cisco ACI Multi-Site Orchestrator Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Cisco ACI Multi-Site Orchestrator is a multi-site orchestrator of Cisco (Cisco). Provide consistent network and policy orchestration, scalability, and disaster recovery across multiple data centers through a single pane of glass while allowing data centers to go wherever data resides. Attackers exploit this vulnerability to escalate system privileges