VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202207-0020 CVE-2022-32034 Shenzhen Tenda Technology Co.,Ltd.  of  m3  Out-of-bounds write vulnerability in firmware CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the items parameter in the function formdelMasteraclist. Shenzhen Tenda Technology Co.,Ltd. of m3 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda M3 is an access controller from Tenda, a Chinese company. An attacker could exploit this vulnerability to cause a denial of service attack
VAR-202207-0026 CVE-2022-32033 Shenzhen Tenda Technology Co.,Ltd.  of  ax1806  Out-of-bounds write vulnerability in firmware CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the function formSetVirtualSer. Shenzhen Tenda Technology Co.,Ltd. of ax1806 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. An attacker could exploit this vulnerability to cause a denial of service attack
VAR-202207-0128 CVE-2022-32030 Shenzhen Tenda Technology Co.,Ltd.  of  ax1806  Out-of-bounds write vulnerability in firmware CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function formSetQosBand. Shenzhen Tenda Technology Co.,Ltd. of ax1806 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. The vulnerability stems from the fact that the list parameter in the formSetQosBand function does not check the length of the input data. An attacker could exploit this vulnerability to cause a denial of service attack
VAR-202207-0140 CVE-2022-32048 TOTOLINK  of  t6  Out-of-bounds write vulnerability in firmware CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the command parameter in the function FUN_0041cc88. TOTOLINK of t6 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. TOTOLINK T6 is a wireless dual-band router from China TOTOLINK. The vulnerability originates from the fact that the command parameter in the FUN_0041cc88 function does not check the length of the input data. An attacker could exploit this vulnerability to cause a denial of service
VAR-202207-0025 CVE-2022-32050 TOTOLINK  of  t6  Out-of-bounds write vulnerability in firmware CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN_0041af40. TOTOLINK of t6 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. TOTOLINK T6 is a wireless dual-band router from China TOTOLINK. An attacker could exploit this vulnerability to cause a denial of service
VAR-202207-0139 CVE-2022-32035 Shenzhen Tenda Technology Co.,Ltd.  of  m3  Out-of-bounds write vulnerability in firmware CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formMasterMng. Shenzhen Tenda Technology Co.,Ltd. of m3 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda M3 is an access controller from Tenda, a Chinese company. The vulnerability stems from the fact that the url parameter of the formMasterMng function does not check the length of the input data. An attacker could exploit this vulnerability to cause a denial of service attack
VAR-202207-0041 CVE-2022-32031 Shenzhen Tenda Technology Co.,Ltd.  of  ax1806  Out-of-bounds write vulnerability in firmware CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function fromSetRouteStatic. Shenzhen Tenda Technology Co.,Ltd. of ax1806 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. An attacker could exploit this vulnerability to cause a denial of service attack
VAR-202207-0094 CVE-2022-32032 Shenzhen Tenda Technology Co.,Ltd.  of  ax1806  Out-of-bounds write vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the deviceList parameter in the function formAddMacfilterRule. Shenzhen Tenda Technology Co.,Ltd. of ax1806 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability arises from the fact that the deviceList parameter of the formAddMacfilterRule function does not check the length of the input data. No detailed vulnerability details are currently provided
VAR-202207-0073 CVE-2022-32052 TOTOLINK  of  t6  Out-of-bounds write vulnerability in firmware CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_004137a4. TOTOLINK of t6 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. TOTOLINK T6 is a wireless dual-band router from China TOTOLINK. The vulnerability originates from the fact that the desc parameter in the FUN_004137a4 function does not check the length of the input data. A remote attacker could exploit this vulnerability to cause a denial of service
VAR-202207-0072 CVE-2022-32044 TOTOLINK  of  t6  Out-of-bounds write vulnerability in firmware CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the password parameter in the function FUN_00413f80. TOTOLINK of t6 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. TOTOLINK T6 is a wireless dual-band router from China TOTOLINK. A remote attacker could exploit this vulnerability to cause a denial of service
VAR-202207-0032 CVE-2022-32384 Tenda  of  ac23 ac2100  Out-of-bounds write vulnerability in firmware CVSS V2: 5.8
CVSS V3: 8.8
Severity: HIGH
Tenda AC23 v16.03.07.44 was discovered to contain a stack overflow via the security_5g parameter in the function formWifiBasicSet. Tenda of ac23 ac2100 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC23 is a dual-band Gigabit wireless router from Tenda, China. No detailed vulnerability details are currently available
VAR-202207-0022 CVE-2022-32045 TOTOLINK  of  t6  Out-of-bounds write vulnerability in firmware CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_00413be4. TOTOLINK of t6 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. TOTOLINK T6 is a wireless dual-band router from China TOTOLINK. The vulnerability originates from the fact that the desc parameter in the FUN_00413be4 function does not check the length of the input data. A remote attacker could exploit this vulnerability to cause a denial of service
VAR-202207-0118 CVE-2022-32036 Shenzhen Tenda Technology Co.,Ltd.  of  m3  Out-of-bounds write vulnerability in firmware CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
Tenda M3 V1.0.0.12 was discovered to contain multiple stack overflow vulnerabilities via the ssidList, storeName, and trademark parameters in the function formSetStoreWeb. Shenzhen Tenda Technology Co.,Ltd. of m3 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda M3 is an access controller from Tenda, a Chinese company. There is a buffer overflow vulnerability in Tenda M3 V1.0.0.12. The vulnerability stems from the fact that the ssidList, storeName, trademark parameters of the formSetStoreWeb function do not check the length of the input data. An attacker could exploit this vulnerability to cause a denial of service attack
VAR-202207-0062 CVE-2022-32046 TOTOLINK  of  t6  Out-of-bounds write vulnerability in firmware CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_0041880c. TOTOLINK of t6 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. TOTOLINK T6 is a wireless dual-band router from China TOTOLINK. The vulnerability stems from the fact that the desc parameter in the FUN_0041880c function does not check the length of the input data. A remote attacker could exploit this vulnerability to cause a denial of service
VAR-202207-0021 CVE-2022-32039 Shenzhen Tenda Technology Co.,Ltd.  of  m3  Out-of-bounds write vulnerability in firmware CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the listN parameter in the function fromDhcpListClient. Shenzhen Tenda Technology Co.,Ltd. of m3 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda M3 is an access controller from Tenda, a Chinese company. The vulnerability stems from the fact that the listN parameter of the fromDhcpListClient function does not check the length of the input data. An attacker could exploit this vulnerability to cause a denial of service attack
VAR-202207-0061 CVE-2022-32040 Shenzhen Tenda Technology Co.,Ltd.  of  m3  Out-of-bounds write vulnerability in firmware CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetCfm. Shenzhen Tenda Technology Co.,Ltd. of m3 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda M3 is an access controller from Tenda, a Chinese company. An attacker could exploit this vulnerability to cause a denial of service attack
VAR-202207-0042 CVE-2022-32037 Shenzhen Tenda Technology Co.,Ltd.  of  m3  Out-of-bounds write vulnerability in firmware CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAPCfg. Shenzhen Tenda Technology Co.,Ltd. of m3 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda M3 is an access controller from Tenda, a Chinese company. An attacker could exploit this vulnerability to cause a denial of service attack
VAR-202207-0177 CVE-2022-32043 Shenzhen Tenda Technology Co.,Ltd.  of  m3  Out-of-bounds write vulnerability in firmware CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAccessCodeInfo. Shenzhen Tenda Technology Co.,Ltd. of m3 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda M3 is an access controller from Tenda, a Chinese company. The vulnerability originates from the fact that the info parameter of the formSetAccessCodeInfo function does not check the length of the input data. An attacker could exploit this vulnerability to cause a denial of service attack
VAR-202207-0043 CVE-2022-32049 TOTOLINK  of  t6  Out-of-bounds write vulnerability in firmware CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the url parameter in the function FUN_00418540. TOTOLINK of t6 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. TOTOLINK T6 is a wireless dual-band router from China TOTOLINK. The vulnerability stems from the fact that the url parameter in the FUN_00418540 function does not check the length of the input data. A remote attacker could exploit this vulnerability to cause a denial of service
VAR-202207-0119 CVE-2022-32041 Shenzhen Tenda Technology Co.,Ltd.  of  m3  Out-of-bounds write vulnerability in firmware CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formGetPassengerAnalyseData. Shenzhen Tenda Technology Co.,Ltd. of m3 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda M3 is an access controller from Tenda, a Chinese company. An attacker could exploit this vulnerability to cause a denial of service attack