VARIoT IoT vulnerabilities database

In the function process_crypto_cmd, the values of ptrs[i] can be potentially equal to NULL which is valid value after calling slice_map_array(). Later this values will be derefenced without prior NULL check, which can lead to local Temporary DoS or OOB Read, leading to information disclosure. Google of Android for, NULL There is a vulnerability in pointer dereference.Information may be obtained. Google Pixel is a smartphone produced by Google Inc. in the United States. Google Pixel has an information leakage vulnerability that can be exploited by attackers to cause out-of-bounds reading

There is a possible bypass of carrier restrictions due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Google Pixel is a smartphone produced by Google in the United States

There is a possible disclosure of Bluetooth adapter details due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Google of Android There is a vulnerability related to information leakage.Information may be obtained and information may be tampered with. Google Pixel is a smartphone produced by Google in the United States

A vulnerability was found in D-Link DI-8100 up to 20250523. It has been classified as critical. Affected is the function httpd_get_parm of the file /login.cgi of the component jhttpd. The manipulation of the argument notify leads to stack-based buffer overflow. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of di-8100 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DI-8100 is a wireless broadband router designed for small and medium-sized network environments by D-Link, a Chinese company. The vulnerability is caused by the parameter notify in the file /login.cgi failing to properly verify the length of the input data. Attackers can use this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability classified as critical has been found in D-Link DCS-5020L 1.01_B2. This affects the function websReadEvent of the file /rame/ptdc.cgi. The manipulation of the argument Authorization leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DCS-5020L An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DCS-5020L is a DCS series IP camera from D-Link of China. D-Link DCS-5020L has a buffer overflow vulnerability. The vulnerability is caused by the failure of the parameter Authorization in the file /rame/ptdc.cgi to correctly verify the length of the input data. Attackers can use this vulnerability to execute arbitrary code on the system or cause a denial of service

N300 Wi-Fi Router is a high-performance wireless router. EDIMAX N300 Wi-Fi Router has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.

N300 Wi-Fi Router is a high-performance wireless router. EDIMAX N300 Wi-Fi Router has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.

H3C Magic R365 is a full-gigabit wireless router for home smart networking needs. H3C Magic R100 is a router for home use. H3C Magic R365 and H3C Magic R100 of H3C Technologies Co., Ltd. have a logic defect vulnerability that can be exploited by attackers to cause a denial of service.

HP Color LaserJet Pro M452dn is a color laser printer designed for commercial use. HP Color LaserJet Pro M452dn has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information.

Comfast CF-616AC V2 is a wireless router. Shenzhen Sihai Zhonglian Network Technology Co., Ltd. Comfast CF-616AC V2 has a logic defect vulnerability, which can be exploited by attackers to cause denial of service.

N300 Wi-Fi Router is a high-performance wireless router. EDIMAX N300 Wi-Fi Router has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.

H3C NX54 is a Gigabit dual-band router that supports Wi-Fi 6 (802.11ax) protocol. H3C NX54 of H3C Technologies Co., Ltd. has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.

Shenzhen Congwen Security Electronics Co., Ltd. was founded in Shenzhen in 1993. It is committed to building the police cloud IoT security operation software platform and solutions, which are widely used in smart finance, safe campus, smart community, fire emergency and other fields. Shenzhen Congwen Security Electronics Co., Ltd. Police Cloud Integrated Integrated Management Server has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

N300 Wi-Fi Router is a high-performance wireless router. EDIMAX N300 Wi-Fi Router has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.

D-Link DI-7003GV2 is a router from D-Link, a Chinese company. D-Link DI-7003GV2 has a logic flaw that can be exploited by attackers to cause a denial of service.

QUANTUM D2G is a dual-gigabit home router. Ruiyin Technology (Shenzhen) Co., Ltd. QUANTUM D2G has a logic defect vulnerability, which can be exploited by attackers to obtain sensitive information.

H3C M60 is a new generation of enterprise-class high-performance wireless AP manager launched by H3C. H3C M60 of H3C Technologies Co., Ltd. has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

A vulnerability was determined in Teledyne FLIR AX8 up to 1.46.16. This issue affects some unknown processing of the file /prod.php. Executing manipulation of the argument cmd can lead to cross site scripting. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 1.49.16 is capable of addressing this issue. It is recommended to upgrade the affected component. The vendor points out: "FLIR AX8 internal web site has been refactored to be able to handle the reported vulnerabilities.". FLIR Systems, Inc. of flir ax8 Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

A vulnerability was found in Teledyne FLIR AX8 up to 1.46.16. This vulnerability affects the function setDataTime of the file \usr\www\application\models\settingsregional.php. Performing manipulation of the argument year/month/day/hour/minute results in command injection. The attack may be initiated remotely. The exploit has been made public and could be used. Upgrading to version 1.49.16 is able to resolve this issue. Upgrading the affected component is recommended. The vendor points out: "FLIR AX8 internal web site has been refactored to be able to handle the reported vulnerabilities.". FLIR Systems, Inc. of flir ax8 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Hardcoded credentials in the Telnet service in D-Link DIR-605L v2.13B01 and DIR-816L v2.06B01 allow attackers to remotely execute arbitrary commands via firmware analysis. D-Link Systems, Inc. of DIR-605L firmware and DIR-816L Firmware contains a command injection vulnerability.Information may be obtained and information may be tampered with. The D-Link DIR-605L is the company's first cloud router, designed primarily for home and small office network environments. The D-Link DIR-816L is a dual-band wireless router supporting both the 2.4GHz and 5GHz bands. It complies with IEEE 802.11ac and IEEE 802.11n network standards, offering a maximum transfer rate of 450Mbps. The D-Link DIR-605L and D-Link DIR-816L contain a hardcoded vulnerability. No detailed vulnerability details have been provided