VARIoT IoT vulnerabilities database
| VAR-202207-0139 | CVE-2022-32035 | Shenzhen Tenda Technology Co.,Ltd. of m3 Out-of-bounds write vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formMasterMng. Shenzhen Tenda Technology Co.,Ltd. of m3 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda M3 is an access controller from Tenda, a Chinese company. The vulnerability stems from the fact that the url parameter of the formMasterMng function does not check the length of the input data. An attacker could exploit this vulnerability to cause a denial of service attack
| VAR-202207-0141 | CVE-2022-32051 | TOTOLINK of t6 Out-of-bounds write vulnerability in firmware |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc, week, sTime, eTime parameters in the function FUN_004133c4. TOTOLINK of t6 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. TOTOLINK T6 is a wireless dual-band router from China TOTOLINK.
There is a stack overflow vulnerability in TOTOLINK T6 V4.1.9cu.5179_B20201015. A remote attacker could exploit this vulnerability to cause a denial of service
| VAR-202208-2220 | CVE-2022-37122 | plural CAREL INDUSTRIES S.p.a. Past traversal vulnerabilities in products |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the 'file' GET parameter through the 'logdownload.cgi' Bash script is not properly verified before being used to download log files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks. CAREL INDUSTRIES S.p.a. of pCOWeb card firmware, applica , pcoweb hvac bacnet gateway Exists in a past traversal vulnerability.Information may be obtained. pCO sistema is the solution CAREL offers its customers for managing HVAC/Rapplications and systems. It consists of programmable controllers, user interfaces,gateways and communication interfaces, remote management systems to offer the OEMsworking in HVAC/R a control system that is powerful yet flexible, can be easily interfacedto the more widely-used Building Management Systems, and can also be integrated intoproprietary supervisory systems.The device suffers from an unauthenticated arbitrary file disclosure vulnerability.Input passed through the 'file' GET parameter through the 'logdownload.cgi' Bash scriptis not properly verified before being used to download log files
| VAR-202206-2326 | CVE-2022-32988 | ASUSTeK Computer Inc. of DSL-N14U-B1 Cross-site scripting vulnerability in firmware |
CVSS V2: 3.5 CVSS V3: 5.4 Severity: MEDIUM |
Cross Site Scripting (XSS) vulnerability in router Asus DSL-N14U-B1 1.1.2.3_805 via the "*list" parameters (e.g. filter_lwlist, keyword_rulelist, etc) in every ".asp" page containing a list of stored strings. The following asp files are affected: (1) cgi-bin/APP_Installation.asp, (2) cgi-bin/Advanced_ACL_Content.asp, (3) cgi-bin/Advanced_ADSL_Content.asp, (4) cgi-bin/Advanced_ASUSDDNS_Content.asp, (5) cgi-bin/Advanced_AiDisk_ftp.asp, (6) cgi-bin/Advanced_AiDisk_samba.asp, (7) cgi-bin/Advanced_DSL_Content.asp, (8) cgi-bin/Advanced_Firewall_Content.asp, (9) cgi-bin/Advanced_FirmwareUpgrade_Content.asp, (10) cgi-bin/Advanced_GWStaticRoute_Content.asp, (11) cgi-bin/Advanced_IPTV_Content.asp, (12) cgi-bin/Advanced_IPv6_Content.asp, (13) cgi-bin/Advanced_KeywordFilter_Content.asp, (14) cgi-bin/Advanced_LAN_Content.asp, (15) cgi-bin/Advanced_Modem_Content.asp, (16) cgi-bin/Advanced_PortTrigger_Content.asp, (17) cgi-bin/Advanced_QOSUserPrio_Content.asp, (18) cgi-bin/Advanced_QOSUserRules_Content.asp, (19) cgi-bin/Advanced_SettingBackup_Content.asp, (20) cgi-bin/Advanced_System_Content.asp, (21) cgi-bin/Advanced_URLFilter_Content.asp, (22) cgi-bin/Advanced_VPN_PPTP.asp, (23) cgi-bin/Advanced_VirtualServer_Content.asp, (24) cgi-bin/Advanced_WANPort_Content.asp, (25) cgi-bin/Advanced_WAdvanced_Content.asp, (26) cgi-bin/Advanced_WMode_Content.asp, (27) cgi-bin/Advanced_WWPS_Content.asp, (28) cgi-bin/Advanced_Wireless_Content.asp, (29) cgi-bin/Bandwidth_Limiter.asp, (30) cgi-bin/Guest_network.asp, (31) cgi-bin/Main_AccessLog_Content.asp, (32) cgi-bin/Main_AdslStatus_Content.asp, (33) cgi-bin/Main_Spectrum_Content.asp, (34) cgi-bin/Main_WebHistory_Content.asp, (35) cgi-bin/ParentalControl.asp, (36) cgi-bin/QIS_wizard.asp, (37) cgi-bin/QoS_EZQoS.asp, (38) cgi-bin/aidisk.asp, (39) cgi-bin/aidisk/Aidisk-1.asp, (40) cgi-bin/aidisk/Aidisk-2.asp, (41) cgi-bin/aidisk/Aidisk-3.asp, (42) cgi-bin/aidisk/Aidisk-4.asp, (43) cgi-bin/blocking.asp, (44) cgi-bin/cloud_main.asp, (45) cgi-bin/cloud_router_sync.asp, (46) cgi-bin/cloud_settings.asp, (47) cgi-bin/cloud_sync.asp, (48) cgi-bin/device-map/DSL_dashboard.asp, (49) cgi-bin/device-map/clients.asp, (50) cgi-bin/device-map/disk.asp, (51) cgi-bin/device-map/internet.asp, (52) cgi-bin/error_page.asp, (53) cgi-bin/index.asp, (54) cgi-bin/index2.asp, (55) cgi-bin/qis/QIS_PTM_manual_setting.asp, (56) cgi-bin/qis/QIS_admin_pass.asp, (57) cgi-bin/qis/QIS_annex_setting.asp, (58) cgi-bin/qis/QIS_bridge_cfg_tmp.asp, (59) cgi-bin/qis/QIS_detect.asp, (60) cgi-bin/qis/QIS_finish.asp, (61) cgi-bin/qis/QIS_ipoa_cfg_tmp.asp, (62) cgi-bin/qis/QIS_manual_setting.asp, (63) cgi-bin/qis/QIS_mer_cfg.asp, (64) cgi-bin/qis/QIS_mer_cfg_tmp.asp, (65) cgi-bin/qis/QIS_ppp_cfg.asp, (66) cgi-bin/qis/QIS_ppp_cfg_tmp.asp, (67) cgi-bin/qis/QIS_wireless.asp, (68) cgi-bin/query_wan_status.asp, (69) cgi-bin/query_wan_status2.asp, and (70) cgi-bin/start_apply.asp. ASUSTeK Computer Inc. of DSL-N14U-B1 Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with
| VAR-202206-2264 | CVE-2022-29965 | Vulnerabilities related to the use of cryptographic algorithms in multiple Emerson products |
CVSS V2: - CVSS V3: 5.5 Severity: MEDIUM |
The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. Access to privileged operations on the maintenance port TELNET interface (23/TCP) on M-series and SIS (CSLS/LSNB/LSNG) nodes is controlled by means of utility passwords. These passwords are generated using a deterministic, insecure algorithm using a single seed value composed of a day/hour/minute timestamp with less than 16 bits of entropy. The seed value is fed through a lookup table and a series of permutation operations resulting in three different four-character passwords corresponding to different privilege levels. An attacker can easily reconstruct these passwords and thus gain access to privileged maintenance operations. NOTE: this is different from CVE-2014-2350. DeltaV Distributed Control System , DeltaV Distributed Control System SQ controller firmware, DeltaV Distributed Control System SX controller Multiple Emerson products, including firmware, contain vulnerabilities related to the use of cryptographic algorithms.Information may be obtained
| VAR-202206-2270 | CVE-2022-33329 | robustel of r1510 in the firmware OS Command injection vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/set_sys_time/` API is affected by a command injection vulnerability. robustel of r1510 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Robustel R1510 is an industrial VPN router from China Robustel company
| VAR-202206-2410 | No CVE | Multiple TP-Link Wireless Extenders Unauthorized Configuration File Disclosure Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
TP-Link WA850RE, etc. are all wireless extenders under TP-Link.
Several wireless extenders have unauthorized configuration file disclosure vulnerabilities. Remote attackers can use the vulnerability to access specific routes to unauthorizedly download the configuration file of the target device. The configuration file is encrypted with a hard-coded KEY and decrypted to obtain Wi-Fi Sensitive information such as password (plain text) and Web management system password (MD5).
| VAR-202206-1863 | CVE-2022-29957 | emerson's DeltaV Distributed Control System Vulnerability regarding lack of authentication for critical features in |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade (18508/TCP, 18518/TCP); Plug-and-Play (18510/UDP); Hawk services (18507/UDP); Management (18519/TCP); Cold restart (18512/UDP); SIS communications (12345/TCP); and Wireless Gateway Protocol (18515/UDP). None of these protocols have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality. emerson's DeltaV Distributed Control System There is a vulnerability in the lack of authentication for critical features.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The system includes functions such as network security management, alarm management, batch control and change management
| VAR-202206-2305 | CVE-2022-33087 | TP-LINK Technologies of archer a5 firmware and archer c50 Out-of-bounds write vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
A stack overflow in the function DM_ In fillobjbystr() of TP-Link Archer C50&A5(US)_V5_200407 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. TP-LINK Technologies of archer a5 firmware and archer c50 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state
| VAR-202206-2265 | CVE-2022-33312 | robustel of r1510 in the firmware OS Command injection vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_cert_file/` API is affected by command injection vulnerability. robustel of r1510 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Robustel R1510 is an industrial VPN router from China Robustel company
| VAR-202206-2050 | CVE-2022-2135 | Advantech iView setTaskEditorItem DESCRIPTION SQL Injection Remote Code Execution Vulnerability |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When parsing the sortname and sortorder elements of the runTaskEditorSearch action, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise
| VAR-202206-2263 | CVE-2022-29962 | Hardcoded Credentials Usage Vulnerability in Multiple Emerson Products |
CVSS V2: - CVSS V3: 5.5 Severity: MEDIUM |
The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. FTP has hardcoded credentials (but may often be disabled in production). This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from CVE-2014-2350. DeltaV Distributed Control System SQ controller firmware, DeltaV Distributed Control System SX controller firmware, SE4002S1T2B6 High Side 40-Pin Mass I/O Terminal Block Multiple Emerson products, including firmware, contain vulnerabilities related to the use of hard-coded credentials.Information may be obtained. Emerson DeltaV Distributed Control System
| VAR-202206-2273 | CVE-2022-33325 | robustel of r1510 in the firmware OS Command injection vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/clear_tools_log/` API is affected by command injection vulnerability. robustel of r1510 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Robustel R1510 is an industrial VPN router from China Robustel company
| VAR-202206-2262 | CVE-2022-29964 | Hardcoded Credentials Usage Vulnerability in Multiple Emerson Products |
CVSS V2: - CVSS V3: 5.5 Severity: MEDIUM |
The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. WIOC SSH provides access to a shell as root, DeltaV, or backup via hardcoded credentials. NOTE: this is different from CVE-2014-2350. DeltaV Distributed Control System SQ controller firmware, DeltaV Distributed Control System SX controller firmware, SE4002S1T2B6 High Side 40-Pin Mass I/O Terminal Block Multiple Emerson products, including firmware, contain vulnerabilities related to the use of hard-coded credentials.Information may be obtained. Emerson DeltaV Distributed Control System
| VAR-202206-2306 | CVE-2022-32585 | robustel of r1510 Firmware vulnerabilities |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
A command execution vulnerability exists in the clish art2 functionality of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. robustel of r1510 There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Robustel R1510 is an industrial VPN router from China Robustel company
| VAR-202206-2274 | CVE-2022-33328 | robustel of r1510 in the firmware OS Command injection vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/remove/` API is affected by a command injection vulnerability. robustel of r1510 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Robustel R1510 is an industrial VPN router from China Robustel company
| VAR-202206-2261 | CVE-2022-29963 | Hardcoded Credentials Usage Vulnerability in Multiple Emerson Products |
CVSS V2: - CVSS V3: 5.5 Severity: MEDIUM |
The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. TELNET on port 18550 provides access to a root shell via hardcoded credentials. This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from CVE-2014-2350. DeltaV Distributed Control System SQ controller firmware, DeltaV Distributed Control System SX controller firmware, SE4002S1T2B6 High Side 40-Pin Mass I/O Terminal Block Multiple Emerson products, including firmware, contain vulnerabilities related to the use of hard-coded credentials.Information may be obtained. Emerson DeltaV Distributed Control System
| VAR-202206-2267 | CVE-2022-33313 | robustel of r1510 in the firmware OS Command injection vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_https_cert_file/` API is affected by command injection vulnerability. robustel of r1510 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Robustel R1510 is an industrial VPN router from China Robustel company
| VAR-202206-2413 | No CVE | Multiple TP-Link Wireless Extender Remote Command Execution Vulnerabilities |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
TP-Link WA850RE, etc. are all wireless extenders under TP-Link.
Several wireless extenders have remote command execution vulnerabilities, which can be exploited by attackers to unauthorized remote command execution.
| VAR-202206-2272 | CVE-2022-33326 | robustel of r1510 in the firmware OS Command injection vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/config_rollback/` API is affected by a command injection vulnerability. robustel of r1510 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Robustel R1510 is an industrial VPN router from China Robustel company