VARIoT IoT vulnerabilities database
| VAR-202207-0020 | CVE-2022-32034 | Shenzhen Tenda Technology Co.,Ltd. of m3 Out-of-bounds write vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the items parameter in the function formdelMasteraclist. Shenzhen Tenda Technology Co.,Ltd. of m3 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda M3 is an access controller from Tenda, a Chinese company. An attacker could exploit this vulnerability to cause a denial of service attack
| VAR-202207-0026 | CVE-2022-32033 | Shenzhen Tenda Technology Co.,Ltd. of ax1806 Out-of-bounds write vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the function formSetVirtualSer. Shenzhen Tenda Technology Co.,Ltd. of ax1806 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. An attacker could exploit this vulnerability to cause a denial of service attack
| VAR-202207-0128 | CVE-2022-32030 | Shenzhen Tenda Technology Co.,Ltd. of ax1806 Out-of-bounds write vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function formSetQosBand. Shenzhen Tenda Technology Co.,Ltd. of ax1806 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. The vulnerability stems from the fact that the list parameter in the formSetQosBand function does not check the length of the input data. An attacker could exploit this vulnerability to cause a denial of service attack
| VAR-202207-0140 | CVE-2022-32048 | TOTOLINK of t6 Out-of-bounds write vulnerability in firmware |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the command parameter in the function FUN_0041cc88. TOTOLINK of t6 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. TOTOLINK T6 is a wireless dual-band router from China TOTOLINK. The vulnerability originates from the fact that the command parameter in the FUN_0041cc88 function does not check the length of the input data. An attacker could exploit this vulnerability to cause a denial of service
| VAR-202207-0025 | CVE-2022-32050 | TOTOLINK of t6 Out-of-bounds write vulnerability in firmware |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN_0041af40. TOTOLINK of t6 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. TOTOLINK T6 is a wireless dual-band router from China TOTOLINK. An attacker could exploit this vulnerability to cause a denial of service
| VAR-202207-0139 | CVE-2022-32035 | Shenzhen Tenda Technology Co.,Ltd. of m3 Out-of-bounds write vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formMasterMng. Shenzhen Tenda Technology Co.,Ltd. of m3 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda M3 is an access controller from Tenda, a Chinese company. The vulnerability stems from the fact that the url parameter of the formMasterMng function does not check the length of the input data. An attacker could exploit this vulnerability to cause a denial of service attack
| VAR-202207-0041 | CVE-2022-32031 | Shenzhen Tenda Technology Co.,Ltd. of ax1806 Out-of-bounds write vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function fromSetRouteStatic. Shenzhen Tenda Technology Co.,Ltd. of ax1806 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. An attacker could exploit this vulnerability to cause a denial of service attack
| VAR-202207-0094 | CVE-2022-32032 | Shenzhen Tenda Technology Co.,Ltd. of ax1806 Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the deviceList parameter in the function formAddMacfilterRule. Shenzhen Tenda Technology Co.,Ltd. of ax1806 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability arises from the fact that the deviceList parameter of the formAddMacfilterRule function does not check the length of the input data. No detailed vulnerability details are currently provided
| VAR-202207-0073 | CVE-2022-32052 | TOTOLINK of t6 Out-of-bounds write vulnerability in firmware |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_004137a4. TOTOLINK of t6 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. TOTOLINK T6 is a wireless dual-band router from China TOTOLINK. The vulnerability originates from the fact that the desc parameter in the FUN_004137a4 function does not check the length of the input data. A remote attacker could exploit this vulnerability to cause a denial of service
| VAR-202207-0072 | CVE-2022-32044 | TOTOLINK of t6 Out-of-bounds write vulnerability in firmware |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the password parameter in the function FUN_00413f80. TOTOLINK of t6 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. TOTOLINK T6 is a wireless dual-band router from China TOTOLINK. A remote attacker could exploit this vulnerability to cause a denial of service
| VAR-202207-0032 | CVE-2022-32384 | Tenda of ac23 ac2100 Out-of-bounds write vulnerability in firmware |
CVSS V2: 5.8 CVSS V3: 8.8 Severity: HIGH |
Tenda AC23 v16.03.07.44 was discovered to contain a stack overflow via the security_5g parameter in the function formWifiBasicSet. Tenda of ac23 ac2100 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC23 is a dual-band Gigabit wireless router from Tenda, China. No detailed vulnerability details are currently available
| VAR-202207-0022 | CVE-2022-32045 | TOTOLINK of t6 Out-of-bounds write vulnerability in firmware |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_00413be4. TOTOLINK of t6 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. TOTOLINK T6 is a wireless dual-band router from China TOTOLINK. The vulnerability originates from the fact that the desc parameter in the FUN_00413be4 function does not check the length of the input data. A remote attacker could exploit this vulnerability to cause a denial of service
| VAR-202207-0118 | CVE-2022-32036 | Shenzhen Tenda Technology Co.,Ltd. of m3 Out-of-bounds write vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda M3 V1.0.0.12 was discovered to contain multiple stack overflow vulnerabilities via the ssidList, storeName, and trademark parameters in the function formSetStoreWeb. Shenzhen Tenda Technology Co.,Ltd. of m3 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda M3 is an access controller from Tenda, a Chinese company.
There is a buffer overflow vulnerability in Tenda M3 V1.0.0.12. The vulnerability stems from the fact that the ssidList, storeName, trademark parameters of the formSetStoreWeb function do not check the length of the input data. An attacker could exploit this vulnerability to cause a denial of service attack
| VAR-202207-0062 | CVE-2022-32046 | TOTOLINK of t6 Out-of-bounds write vulnerability in firmware |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_0041880c. TOTOLINK of t6 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. TOTOLINK T6 is a wireless dual-band router from China TOTOLINK. The vulnerability stems from the fact that the desc parameter in the FUN_0041880c function does not check the length of the input data. A remote attacker could exploit this vulnerability to cause a denial of service
| VAR-202207-0021 | CVE-2022-32039 | Shenzhen Tenda Technology Co.,Ltd. of m3 Out-of-bounds write vulnerability in firmware |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the listN parameter in the function fromDhcpListClient. Shenzhen Tenda Technology Co.,Ltd. of m3 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda M3 is an access controller from Tenda, a Chinese company. The vulnerability stems from the fact that the listN parameter of the fromDhcpListClient function does not check the length of the input data. An attacker could exploit this vulnerability to cause a denial of service attack
| VAR-202207-0061 | CVE-2022-32040 | Shenzhen Tenda Technology Co.,Ltd. of m3 Out-of-bounds write vulnerability in firmware |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetCfm. Shenzhen Tenda Technology Co.,Ltd. of m3 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda M3 is an access controller from Tenda, a Chinese company. An attacker could exploit this vulnerability to cause a denial of service attack
| VAR-202207-0042 | CVE-2022-32037 | Shenzhen Tenda Technology Co.,Ltd. of m3 Out-of-bounds write vulnerability in firmware |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAPCfg. Shenzhen Tenda Technology Co.,Ltd. of m3 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda M3 is an access controller from Tenda, a Chinese company. An attacker could exploit this vulnerability to cause a denial of service attack
| VAR-202207-0177 | CVE-2022-32043 | Shenzhen Tenda Technology Co.,Ltd. of m3 Out-of-bounds write vulnerability in firmware |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAccessCodeInfo. Shenzhen Tenda Technology Co.,Ltd. of m3 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda M3 is an access controller from Tenda, a Chinese company. The vulnerability originates from the fact that the info parameter of the formSetAccessCodeInfo function does not check the length of the input data. An attacker could exploit this vulnerability to cause a denial of service attack
| VAR-202207-0043 | CVE-2022-32049 | TOTOLINK of t6 Out-of-bounds write vulnerability in firmware |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the url parameter in the function FUN_00418540. TOTOLINK of t6 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. TOTOLINK T6 is a wireless dual-band router from China TOTOLINK. The vulnerability stems from the fact that the url parameter in the FUN_00418540 function does not check the length of the input data. A remote attacker could exploit this vulnerability to cause a denial of service
| VAR-202207-0119 | CVE-2022-32041 | Shenzhen Tenda Technology Co.,Ltd. of m3 Out-of-bounds write vulnerability in firmware |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formGetPassengerAnalyseData. Shenzhen Tenda Technology Co.,Ltd. of m3 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda M3 is an access controller from Tenda, a Chinese company. An attacker could exploit this vulnerability to cause a denial of service attack