VARIoT IoT vulnerabilities database

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setAdInfoDetail. Shenzhen Tenda Technology Co.,Ltd. (DoS) It may be in a state. Tenda M3 is an access controller from Tenda, a Chinese company. for constructing commands. Attackers can use this vulnerability to execute arbitrary commands

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/WriteFacMac. Shenzhen Tenda Technology Co.,Ltd. (DoS) It may be in a state. Tenda M3 is an access controller from Tenda, a Chinese company. The vulnerability stems from the failure of the component /goform/WriteFacMac to properly filter special characters, commands, etc. for constructing commands. Attackers can use this vulnerability to execute arbitrary commands

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. When parsing the SOAPAction header, the process does not properly validate the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15692. R6400 firmware, R6700 firmware, R6900P A classic buffer overflow vulnerability exists in multiple Netgear products, including firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The NETGEAR R6700v3 is a Nighthawk AC1750 Smart Dual-Band Gigabit Router from NETGEAR

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the circled daemon. A crafted circleinfo.txt file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15879. R6400 firmware, R6700 firmware, R6900P A stack-based buffer overflow vulnerability exists in multiple Netgear products, including firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the name or email field provided to libreadycloud.so. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15874. cax80 firmware, LAX20 firmware, MR60 For multiple Netgear products such as firmware, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The NETGEAR R6700v3 is a Nighthawk AC1750 Smart Dual-Band Gigabit Router from NETGEAR

This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15797. R6400 firmware, R6700 firmware, R6900P Multiple Netgear products, including firmware, contain vulnerabilities related to certificate validation.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The NETGEAR R6700v3 is a Nighthawk AC1750 Smart Dual-Band Gigabit Router from NETGEAR

Asus RT-AC68U <3.0.0.4.385.20633 and RT-AC5300 <3.0.0.4.384.82072 are affected by a buffer overflow in blocking_request.cgi. ASUSTeK Computer Inc. of RT-AC68U firmware and RT-AC5300 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ASUS RT-AC68U and ASUS RT-AC5300 are both routers from the Chinese company ASUS (ASUS). Asus RT-AC68U versions prior to 3.0.0.4.385.20633 and RT-AC5300 versions prior to 3.0.0.4.384.82072 have a command injection vulnerability. The vulnerability stems from the fact that when performing operations on memory in blocking_request.cgi, the data boundary is not properly verified. Exploiting this vulnerability leads to arbitrary command execution

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762. LAX20 firmware, R6400 firmware, R6700 Multiple NETGEAR products, such as firmware, have vulnerabilities related to lack of authentication for important functions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The issue results from incorrect string matching logic when accessing protected pages

D-Link DIR-816 A2 1.10 B05 allows unauthenticated attackers to arbitrarily reset the device via a crafted tokenid parameter to /goform/form2Reboot.cgi. of D-Link Japan Co., Ltd. dir-816 An authentication vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-816 A2 is a wireless router from D-Link, a Taiwanese company. There is a command injection vulnerability in D-Link DIR-816 A2 1.10 B05

This vulnerability allows network-adjacent attackers to upload arbitrary files on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability.The specific flaw exists within the Circle Parental Control feature, which listens on TCP ports 4444 and 4567 by default. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root.

ASUS AC68U <=3.0.0.4.385.20852 is affected by a buffer overflow in blocking.cgi, which may cause a denial of service (DoS). ASUSTeK Computer Inc. ASUS AC68U is a router from China ASUS (ASUS). The vulnerability is caused by incorrect validation of data boundaries when performing operations on memory in blocking.cgi

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadAccessCodePic. Shenzhen Tenda Technology Co.,Ltd. (DoS) It may be in a state. Tenda M3 is an access controller from Tenda, a Chinese company

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/exeCommand. Shenzhen Tenda Technology Co.,Ltd. (DoS) It may be in a state. Tenda M3 is an access controller from Tenda, a Chinese company. The vulnerability is caused by the failure of the component /goform/exeCommand to properly filter special characters, commands, etc. for constructing commands. Attackers can use this vulnerability to execute arbitrary commands

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetLanInfo. Shenzhen Tenda Technology Co.,Ltd. (DoS) It may be in a state. Tenda M3 is an access controller from Tenda, a Chinese company. for constructing commands. Attackers can use this vulnerability to execute arbitrary commands

Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow in the setSmartPowerManagement function. Tenda AC10-1200 is a wireless router from China Tenda Company. A buffer error vulnerability exists in Tenda AC10-1200, which arises from incorrect validation of data boundaries when performing operations on memory in the setSmartPowerManagement function. An attacker could exploit this vulnerability to crash the program

Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the urls parameter in the saveParentControlInfo function. Tenda of AC10 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC10-1200 is a wireless router from China Tenda Company. An attacker could exploit this vulnerability to cause the program to crash

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetInternetLanInfo. Shenzhen Tenda Technology Co.,Ltd. (DoS) It may be in a state. Tenda M3 is an access controller from Tenda, a Chinese company

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setPicListItem. Shenzhen Tenda Technology Co.,Ltd. (DoS) It may be in a state. Tenda M3 is an access controller from Tenda, a Chinese company. for constructing commands. Attackers can use this vulnerability to cause arbitrary command execution

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-15854. cax80 firmware, LAX20 firmware, MR60 Multiple Netgear products, including firmware, contain vulnerabilities related to unauthorized authentication.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The NETGEAR R6700v3 is the Nighthawk AC1750 Smart Dual-Band Gigabit Router from NETGEAR

Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function. Tenda AC10-1200 is a wireless router from China Tenda Company. An attacker could exploit this vulnerability to cause the program to crash