VARIoT IoT vulnerabilities database

A vulnerability, which was classified as critical, was found in D-Link DIR-619L 2.04B04. Affected is the function formSetEasy_Wizard. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-619L The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-619L is a cost-effective wireless router designed for home office Internet access needs. The vulnerability is caused by the improper handling of the curTime parameter by the formSetEasy_Wizard function. Attackers can use this vulnerability to submit special requests to crash the application or execute arbitrary code

A vulnerability, which was classified as critical, has been found in D-Link DIR-619L 2.04B04. This issue affects the function formEasySetupWizard3. The manipulation of the argument wan_connected leads to buffer overflow. The attack may be initiated remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-619L The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-619L is a cost-effective wireless router designed for home office Internet access needs. The vulnerability is caused by the improper handling of the wan_connected parameter by the formEasySetupWizard3 function. Attackers can use this vulnerability to submit special requests to crash the application or execute arbitrary code

A vulnerability classified as critical was found in D-Link DIR-619L 2.04B04. This vulnerability affects the function formEasySetupWizard. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-619L The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-619L is a wireless router from D-Link of China. The vulnerability is caused by the curTime parameter of the formEasySetupWizard function failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01. Affected is the function wake_on_lan. The manipulation of the argument mac leads to command injection. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-605L The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-605L is a wireless router from D-Link, a Chinese company. D-Link DIR-605L has a command injection vulnerability, which is caused by the failure of the parameter mac to properly filter special characters and commands in constructing commands. No detailed vulnerability details are currently available

A vulnerability was found in D-Link DIR-605L 2.13B01. It has been rated as critical. This issue affects the function sub_454F2C. The manipulation of the argument sysCmd leads to command injection. The attack may be initiated remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-605L The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-605L is a wireless router from D-Link, a Chinese company. D-Link DIR-605L has a command injection vulnerability, which is caused by the parameter sysCmd failing to properly filter special characters and commands in constructing commands. No detailed vulnerability details are currently available

A vulnerability was found in D-Link DIR-605L 2.13B01. It has been declared as critical. This vulnerability affects the function formSetWAN_Wizard55. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-605L The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-605L is a wireless router from D-Link of China. The vulnerability is caused by the fact that the parameter curTime of the formSetWAN_Wizard55 function fails to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability was found in D-Link DIR-605L 2.13B01. It has been classified as critical. This affects the function formSetWAN_Wizard534. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-605L The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-605L is a wireless router from D-Link of China. The vulnerability is caused by the failure of the parameter curTime of the formSetWAN_Wizard534 function to correctly verify the length of the input data. Attackers can use this vulnerability to execute arbitrary code on the system or cause a denial of service

A command execution vulnerability exists in the TOTOLINK A950RG V4.1.2cu.5204_B20210112. The vulnerability is located in the setNoticeCfg interface within the /lib/cste_modules/system.so library, specifically in the processing of the IpTo parameter. TOTOLINK of a950rg Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A950RG is a super-generation Giga wireless router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to execute arbitrary commands

TOTOlink A950RG V4.1.2cu.5204_B20210112 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the NoticeUrl parameter in the setNoticeCfg interface of /lib/cste_modules/system.so. TOTOLINK of a950rg An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A950RG is a super-generation Giga wireless router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow via the priority parameter in the setMacQos interface of /lib/cste_modules/firewall.so. TOTOLINK of A3100R An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3100R is a series of wireless routers produced by China's TOTOLINK Electronics. The vulnerability is caused by the failure of the priority parameter of the setMacQos interface in /lib/cste_modules/firewall.so to correctly verify the length of the input data. No detailed vulnerability details are currently provided

TOTOLINK A3100R V5.9c.1527 is vulnerable to buffer overflow via the urlKeyword parameter in setParentalRules. TOTOLINK of A3100R An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3100R is a series of wireless routers from China's TOTOLINK Electronics. The vulnerability is caused by the failure of the urlKeyword parameter in setParentalRules to properly verify the length of the input data. No detailed vulnerability details are currently provided

TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow via the comment parameter in setMacFilterRules. TOTOLINK of A3100R An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3100R is a series of wireless routers from China's TOTOLINK Electronics. The vulnerability is caused by the comment parameter in setMacFilterRules failing to properly verify the length of the input data. No detailed vulnerability details are currently provided

TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow viathe comment parameter in setIpPortFilterRules. TOTOLINK of A3100R An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3100R is a series of wireless routers from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to crash the application or execute arbitrary code in the context of the application

TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid5g parameter in the setWiFiEasyGuestCfg function. TOTOLINK of nr1800x An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK NR1800X is an excellent 5G NR indoor Wi-Fi and SIP CPE from China's TOTOLINK Electronics. TOTOLINK NR1800X has a buffer overflow vulnerability. The vulnerability is caused by the ssid5g parameter in the setWiFiEasyGuestCfg function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid parameter in the setWiFiBasicCfg function. TOTOLINK of nr1800x An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK NR1800X is an excellent 5G NR indoor Wi-Fi and SIP CPE from China's TOTOLINK Electronics. TOTOLINK NR1800X has a buffer overflow vulnerability. The vulnerability is caused by the ssid parameter in the setWiFiBasicCfg function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid parameter in the setWiFiGuestCfg function. TOTOLINK of nr1800x An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK NR1800X is an excellent 5G NR indoor Wi-Fi and SIP CPE from China's TOTOLINK Electronics. TOTOLINK NR1800X has a buffer overflow vulnerability. The vulnerability is caused by the ssid parameter in the setWiFiGuestCfg function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid5g parameter in the setWiFiEasyCfg function. TOTOLINK of nr1800x An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK NR1800X is an excellent 5G NR indoor Wi-Fi and SIP CPE from China's TOTOLINK Electronics. TOTOLINK NR1800X has a buffer overflow vulnerability. The vulnerability is caused by the ssid5g parameter in the setWiFiEasyCfg function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the text parameter in the setSmsCfg function. TOTOLINK of nr1800x An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK NR1800X is an excellent 5G NR indoor Wi-Fi and SIP CPE from China's TOTOLINK Electronics. TOTOLINK NR1800X has a buffer overflow vulnerability. The vulnerability is caused by the text parameter in the setSmsCfg function failing to correctly verify the length of the input data. No detailed vulnerability details are currently provided

When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. F5 BIG-IP SCTP contains a denial of service vulnerability. An attacker could exploit this vulnerability to launch a denial of service attack

Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the function.frmL7ImForm. Shenzhen Tenda Technology Co.,Ltd. of fh451 A stack-based buffer overflow vulnerability exists in the firmware.Information may be obtained and information may be tampered with. No detailed vulnerability details are currently provided