VARIoT IoT vulnerabilities database

A vulnerability classified as critical has been found in D-Link DIR‑817L up to 1.04B01. This affects the function lxmldbc_system of the file ssdpcgi. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. D-Link Corporation of DIR-817L The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DIR-817L is a home-grade dual-band wireless router released by D-Link. It supports the IEEE 802.11ac standard and features dual-band concurrent functionality (2.4GHz/5GHz), with a maximum wireless transmission rate of 750Mbps. The D-Link DIR-817L suffers from a command injection vulnerability caused by the lxmldbc_system function in the ssdpcgi file failing to properly sanitize special characters and commands in constructed commands. No detailed vulnerability details are currently available

In Netgear RAX30 V1.0.10.94, a PHP-FPM misconfiguration vulnerability is caused by not following the specification to only limit FPM to .php extensions. An attacker may exploit this by uploading malicious scripts disguised with alternate extensions and tricking the web server into executing them as PHP, bypassing security mechanisms based on file extension filtering. This may lead to remote code execution (RCE), information disclosure, or full system compromise. of netgear RAX30 Firmware has an unrestricted upload of dangerous file types vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR RAX30 is a dual-band wireless router from NETGEAR

In TOTOLink A7100RU V7.4, A950RG V5.9, and T10 V5.9, the chroot_local_user option is enabled in the vsftpd.conf. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal network attacks. TOTOLINK of A7100RU firmware, a950rg firmware, t10 The firmware contains an improper permission vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

In Netgear R7000 V1.3.1.64_10.1.36 and EAX80 V1.0.1.70_1.0.2, the USERLIMIT_GLOBAL option is set to 0 in the bftpd.conf configuration file. This can cause DoS attacks when unlimited users are connected. of netgear R7000 firmware and EAX80 Firmware has a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state

A high privileged remote attacker can gain persistent XSS via POST requests due to improper neutralization of special elements used to create dynamic content. MB CONNECT LINE's mbNET.mini is an industrial router designed specifically for industrial scenarios, primarily used to enable secure remote connections between machines and systems. Detailed vulnerability details are currently unavailable

An unauthenticated remote attacker could exploit a buffer overflow vulnerability in the device causing a denial of service that affects only the network initializing wizard (Conftool) service. MB CONNECT LINE's mbNET.mini is an industrial router designed specifically for industrial scenarios, primarily used to enable secure remote connections between machines and systems. MB CONNECT LINE's mbNET.mini contains a buffer overflow vulnerability. This vulnerability occurs due to a boundary error when processing untrusted input

A high privileged remote attacker can alter the configuration database via POST requests due to improper neutralization of special elements used in a SQL statement. MB CONNECT LINE's mbNET.mini is an industrial router designed specifically for industrial scenarios, primarily used to enable secure remote connections between machines and systems. MB CONNECT LINE's mbNET.mini has a SQL injection vulnerability due to improperly neutralizing special elements in SQL statements. An attacker could exploit this vulnerability to modify the configuration database

A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-mail action in fast succession. MB CONNECT LINE's mbNET.mini is an industrial router designed for industrial scenarios, primarily used to enable secure remote connections between machines and systems. MB CONNECT LINE's mbNET.mini contains a resource management vulnerability. Detailed vulnerability details are not currently available

A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-sms action in fast succession. MB CONNECT LINE's mbNET.mini is an industrial router designed for industrial scenarios, primarily used to enable secure remote connections between machines and systems. MB CONNECT LINE's mbNET.mini contains a resource management error vulnerability. Detailed vulnerability details are not currently available

A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server communication script due to improper neutralization of special elements used in an OS command. MB CONNECT LINE's mbNET.mini is an industrial router designed specifically for industrial scenarios, primarily used to enable secure remote connections between machines and systems. MB CONNECT LINE's mbNET.mini has an operating system command injection vulnerability. This vulnerability stems from improperly neutralizing special elements in OS commands. An attacker could exploit this vulnerability to execute arbitrary system commands

A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements used in an OS command. MB CONNECT LINE's mbNET.mini is an industrial router designed specifically for industrial scenarios, primarily used to enable secure remote connections between machines and systems. MB CONNECT LINE's mbNET.mini has an operating system command injection vulnerability. This vulnerability stems from improperly neutralizing special elements in OS commands. An attacker could exploit this vulnerability to execute arbitrary system commands

A high privileged remote attacker can execute arbitrary system commands via POST requests in the send_sms action due to improper neutralization of special elements used in an OS command. MB CONNECT LINE's mbNET.mini is an industrial router designed specifically for industrial scenarios, primarily used to enable secure remote connections between machines and systems. MB CONNECT LINE's mbNET.mini has an operating system command injection vulnerability. This vulnerability stems from improper neutralization of special elements in the send_sms operation. An attacker could exploit this vulnerability to remotely execute system commands

A vulnerability has been found in Tenda AC6 15.03.06.50 and classified as critical. Affected by this vulnerability is the function setparentcontrolinfo of the component httpd. The manipulation leads to buffer overflow. The attack can be launched remotely. Shenzhen Tenda Technology Co.,Ltd. of AC6 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. It supports IPv4 and IPv6 protocols and is mainly designed for home network environments. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748_B20211015. Affected is the function updateWifiInfo of the component MQTT Service. The manipulation of the argument serverIp leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of t6 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK T6 is a wireless dual-band router from the Chinese company TOTOLINK. This vulnerability stems from the failure of the serverIp parameter in the MQTT service to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

The UTT nv640E is an enterprise-class router. The UTT nv640E, manufactured by Shanghai Aitai Technology Co., Ltd., has a command execution vulnerability that could allow an attacker to execute arbitrary commands.

A vulnerability, which was classified as critical, has been found in TOTOLINK T6 4.1.5cu.748_B20211015. This issue affects the function recvSlaveUpgstatus of the component MQTT Service. The manipulation of the argument s leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of t6 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK T6 is a wireless dual-band router released by China's TOTOLINK Electronics. It supports the MQTT protocol and Telnet service, and is primarily designed for home and small business networking. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service

A vulnerability classified as critical was found in D-Link DI-8100 1.0. This vulnerability affects the function sprintf of the file /upnp_ctrl.asp of the component jhttpd. The manipulation of the argument remove_ext_proto/remove_ext_port leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of di-8100 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DI-8100 is an enterprise-level router device from D-Link. Attackers can exploit this vulnerability to trigger a buffer overflow by remotely constructing malicious parameters, thereby executing arbitrary code or causing the service to crash

A vulnerability classified as critical has been found in D-Link DIR-513 1.10. This affects the function sprintf of the file /goform/formSetWanNonLogin of the component Boa Webserver. The manipulation of the argument curTime leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-513 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-513 is a wireless router device produced by D-Link. Attackers can exploit this vulnerability to trigger a buffer overflow by remotely constructing malicious data, thereby executing arbitrary code or causing the device to crash

A vulnerability was found in D-Link DIR-513 1.0. It has been rated as critical. Affected by this issue is the function sprintf of the file /goform/formLanSetupRouterSettings of the component Boa Webserver. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link DIR-513 is a wireless router device produced by D-Link. Attackers can exploit this vulnerability to trigger a buffer overflow by remotely constructing malicious data, thereby executing arbitrary code or causing the device to crash

A vulnerability was found in D-Link DI-8100 1.0. It has been declared as critical. Affected by this vulnerability is the function sprintf of the file /ddns.asp?opt=add of the component jhttpd. The manipulation of the argument mx leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of di-8100 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DI-8100 is an enterprise-level router from D-Link. An attacker can exploit this vulnerability to trigger a buffer overflow by remotely constructing malicious data, thereby executing arbitrary code or causing the service to crash