VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202205-0657 CVE-2022-29324 D-Link DIR-816 Buffer Overflow Vulnerability (CNVD-2022-64489) CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the proto parameter in /goform/form2IPQoSTcAdd. D-Link DIR-816 is a wireless router from D-Link Company in Taiwan. The D-Link DIR-816 A2_v1.10CNB04 firmware version has a buffer overflow vulnerability caused by a boundary error in the proto parameter in /goform/form2IPQoSTcAdd when handling untrusted input. An attacker could exploit this vulnerability to overflow the buffer and execute arbitrary code on the system, or cause the system to crash
VAR-202205-0985 CVE-2022-28895 of D-Link Japan Co., Ltd.  dir-882  Command injection vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
A command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. of D-Link Japan Co., Ltd. dir-882 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202205-0623 CVE-2022-29327 D-Link DIR-816 Buffer Overflow Vulnerability (CNVD-2022-64492) CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the urladd parameter in /goform/websURLFilterAddDel. D-Link DIR-816 is a wireless router from D-Link Company in Taiwan. D-Link DIR-816 A2_v1.10CNB04 version has a buffer overflow vulnerability caused by a boundary error in the urladd parameter in device /goform/websURLFilterAddDel when handling untrusted input. An attacker could exploit this vulnerability to overflow the buffer and execute arbitrary code on the system, or cause the system to crash
VAR-202205-0765 CVE-2022-29321 D-Link DIR-816 Buffer Overflow Vulnerability (CNVD-2022-64490) CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the lanip parameter in /goform/setNetworkLan. D-Link DIR-816 is a wireless router from D-Link Company in Taiwan. The D-Link DIR-816 A2_v1.10CNB04 firmware version has a buffer overflow vulnerability caused by a boundary error in the lanip parameter in /goform/setNetworkLan when handling untrusted input. An attacker could exploit this vulnerability to execute arbitrary code on the system, or cause the system to crash
VAR-202205-0882 CVE-2022-28896 D-Link DIR882 Command Injection Vulnerability CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
A command injection vulnerability in the component /setnetworksettings/SubnetMask of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. of D-Link Japan Co., Ltd. dir-882 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR882 is a dual-band wireless router from China D-Link company
VAR-202205-0554 CVE-2022-24042 Session Expiration Vulnerability in Multiple Siemens Products CVSS V2: 6.4
CVSS V3: 9.1
Severity: CRITICAL
A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The web application returns an AuthToken that does not expire at the defined auto logoff delay timeout. An attacker could be able to capture this token and re-use old session credentials or session IDs for authorization. desigo pxc5 firmware, desigo pxc4 firmware, desigo pxc3 Multiple Siemens products such as firmware contain vulnerabilities related to session expiration.Information may be obtained and information may be tampered with. Desigo DXR2 controllers are programmable automation stations to support the standard control needs of terminal HVAC equipment and TRA (Total Room Automation) applications. The Desigo PXC3 series of automation stations can be used in buildings with higher requirements for functionality and flexibility. Use Desigo room automation when multiple specialties (HVAC, lighting, shading) are combined into one solution and when a high degree of flexibility is required. The Desigo PXC4 building automation controller is designed for HVAC system control. It is a compact device with built-in IOs that can be expanded to your needs with additional TX-IO modules. The Desigo PXC5 is a freely programmable controller for BACnet system-level functions such as alarm routing, system-wide scheduling and trending, and device monitoring
VAR-202205-0691 CVE-2022-29394 TOTOLINK N600R Buffer Overflow Vulnerability (CNVD-2022-50675) CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the macAddress parameter in the function FUN_0041b448. TOTOLINK N600R is a wireless router from Taiwan TOTOLINK Company. An attacker could exploit this vulnerability to cause a buffer overflow
VAR-202205-0608 CVE-2022-29393 TOTOLINK N600R Buffer Overflow Vulnerability (CNVD-2022-50673) CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004192cc. TOTOLINK N600R is a wireless router from Taiwan TOTOLINK Company. An attacker could exploit this vulnerability to cause a buffer overflow
VAR-202205-0764 CVE-2022-28906 TOTOLINK  of  n600r  Command injection vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the langtype parameter in /setting/setLanguageCfg. TOTOLINK of n600r Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N600R is a wireless router from Taiwan TOTOLINK
VAR-202205-0732 CVE-2022-29398 TOTOLINK N600R Buffer Overflow Vulnerability (CNVD-2022-50669) CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the File parameter in the function FUN_0041309c. TOTOLINK N600R is a wireless router from Taiwan TOTOLINK. An attacker could exploit this vulnerability to cause a buffer overflow
VAR-202205-0692 CVE-2022-29391 TOTOLINK N600R Buffer Overflow Vulnerability CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004200c8. TOTOLINK N600R is a wireless router from Taiwan TOTOLINK Company. An attacker could exploit this vulnerability to cause a buffer overflow
VAR-202205-0792 CVE-2022-29399 TOTOLINK N600R Buffer Overflow Vulnerability (CNVD-2022-50670) CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the url parameter in the function FUN_00415bf0. TOTOLINK N600R is a wireless router from Taiwan TOTOLINK Company. An attacker could exploit this vulnerability to cause a buffer overflow
VAR-202205-0874 CVE-2022-29395 TOTOLINK N600R Buffer Overflow Vulnerability (CNVD-2022-50676) CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the apcliKey parameter in the function FUN_0041bac4. TOTOLINK N600R is a wireless router from Taiwan TOTOLINK. An attacker could exploit this vulnerability to cause a buffer overflow
VAR-202205-0905 CVE-2022-29392 TOTOLINK N600R Buffer Overflow Vulnerability (CNVD-2022-50671) CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_00418c24. TOTOLINK N600R is a wireless router from Taiwan TOTOLINK. There is a buffer overflow vulnerability in TOTOLINK N600R V4.3.0cu.7647_B20210106. Attackers can exploit this vulnerability to cause buffer overflow
VAR-202205-0906 CVE-2022-29396 TOTOLINK N600R Buffer Overflow Vulnerability (CNVD-2022-50672) CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_00418f10. TOTOLINK N600R is a wireless router from Taiwan TOTOLINK Company. Attackers can exploit this vulnerability to cause buffer overflow
VAR-202205-0698 CVE-2022-28907 TOTOLINK  of  n600r  Command injection vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the hosttime function in /setting/NTPSyncWithHost. TOTOLINK of n600r Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N600R is a wireless router from Taiwan TOTOLINK
VAR-202205-0825 CVE-2022-29397 TOTOLINK N600R Buffer Overflow Vulnerability (CNVD-2022-50674) CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004196c8. TOTOLINK N600R is a wireless router from Taiwan TOTOLINK Company. An attacker could exploit this vulnerability to cause a buffer overflow
VAR-202205-0799 CVE-2022-26925 plural  Microsoft Windows  Spoofed vulnerabilities in the product CVSS V2: 4.3
CVSS V3: 5.9
Severity: MEDIUM
Windows LSA Spoofing Vulnerability. Microsoft Local Security Authority Server是美国微软(Microsoft)公司的LSA身份认证服务. Microsoft Local Security Authority Server (lsasrv)存在安全漏洞。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows 10 Version 1909 for 32-bit Systems,Windows 10 Version 1909 for x64-based Systems,Windows 10 Version 1909 for ARM64-based Systems,Windows 10 Version 21H1 for x64-based Systems,Windows 10 Version 21H1 for ARM64-based Systems,Windows 10 Version 21H1 for 32-bit Systems,Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 20H2 for x64-based Systems,Windows 10 Version 20H2 for 32-bit Systems,Windows 10 Version 20H2 for ARM64-based Systems,Windows Server, version 20H2 (Server Core Installation),Windows 11 for x64-based Systems,Windows 11 for ARM64-based Systems,Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows 7 for 32-bit Systems Service Pack 1,Windows 7 for x64-based Systems Service Pack 1,Windows 8.1 for 32-bit systems,Windows 8.1 for x64-based systems,Windows RT 8.1,Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation)
VAR-202205-0856 CVE-2022-28909 TOTOLINK  of  n600r  Command injection vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the webwlanidx parameter in /setting/setWebWlanIdx. TOTOLINK of n600r Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N600R is a wireless router from Taiwan TOTOLINK
VAR-202205-0699 CVE-2022-28910 TOTOLINK  of  n600r  Command injection vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicename parameter in /setting/setDeviceName. TOTOLINK of n600r Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N600R is a wireless router from Taiwan TOTOLINK