VARIoT IoT vulnerabilities database

A vulnerability has been found in TOTOLINK T6 4.1.5cu.748_B20211015 and classified as critical. Affected by this vulnerability is the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument telnet_enabled with the input 1 leads to missing authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of t6 The firmware contains vulnerabilities related to authentication and lack of authentication for critical functions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK T6 is a wireless dual-band router released by China's TOTOLINK Electronics. It supports the MQTT protocol and Telnet service. No detailed vulnerability details are currently available

Tenda Wireless Router is a network equipment brand that focuses on providing stable and easy-to-use wireless router solutions. Shenzhen Jixiang Tenda Technology Co., Ltd. Tenda Wireless Router has an information leakage vulnerability, and attackers can exploit the vulnerability to obtain sensitive information.

SecFox operation and maintenance security management and audit system is an operation and maintenance security management solution that integrates identity authentication, account management, permission control, and operation and maintenance audit. It provides unified operation and maintenance identity authentication, fine-grained permission control, real-time supervision, and post-event tracing functions to help enterprises build a security management system for pre-event prevention, in-event monitoring, and post-event audit. There is a command execution vulnerability in the SecFox operation and maintenance security management and audit system of Qi'anxin Technology Group Co., Ltd., which can be exploited by attackers to execute commands.

A vulnerability classified as critical was found in Tenda FH451 1.0.0.9. Affected by this vulnerability is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be launched remotely. Shenzhen Tenda Technology Co.,Ltd. of fh451 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. Affected is the function fromVirtualSer of the file /goform/VirtualSer. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of fh451 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the fromVirtualSer function in the file /goform/VirtualSer failing to correctly verify the length of the input data for the parameter page. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

A vulnerability was found in Tenda FH451 1.0.0.9. It has been rated as critical. This issue affects the function fromSetIpBind of the file /goform/SetIpBind. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. of fh451 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the parameter page of the fromSetIpBind function in the file /goform/SetIpBind failing to correctly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

A vulnerability was found in TOTOLINK T6 4.1.5cu.748_B20211015 and classified as critical. Affected by this issue is the function recvSlaveStaInfo of the component MQTT Service. The manipulation of the argument dest leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of t6 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK T6 is a wireless dual-band router from the Chinese company TOTOLINK. This vulnerability stems from the failure of the dest parameter in the recvSlaveStaInfo function in the MQTT service to properly validate the length of the input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability has been found in D-Link DIR-816L up to 2.06B01 and classified as critical. Affected by this vulnerability is the function lxmldbc_system of the file /htdocs/cgibin of the component Environment Variable Handler. The manipulation leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Corporation of DIR-816L The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-816L is a wireless router from D-Link of China. No detailed vulnerability details are currently available

A vulnerability, which was classified as critical, has been found in Tenda FH451 1.0.0.9. This issue affects the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. The manipulation of the argument Go/page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of fh451 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the failure to properly verify the length of the input data in the parameter Go/page in the file/goform/SafeUrlFilter. Attackers can use this vulnerability to execute arbitrary code on the system or cause a denial of service attack

A vulnerability classified as critical was found in Tenda FH451 1.0.0.9. This vulnerability affects the function fromSafeClientFilter of the file /goform/SafeClientFilter. The manipulation of the argument Go/page leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of fh451 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the parameter Go/page in the file/goform/SafeClientFilter failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. This affects the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The manipulation of the argument delno leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of fh451 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda FH451 is a single-frequency 2.4GHz SOHO wireless router launched by China's Tenda Company. It has a maximum transmission rate of 450Mbps and belongs to the wall-penetrating king series of products. The vulnerability is caused by the failure to correctly verify the length of the input data in the parameter delno in the file /goform/PPTPUserSetting. Attackers can use this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability, which was classified as critical, was found in Tenda FH451 1.0.0.9. This affects the function fromPptpUserAdd of the file /goform/PPTPDClient. The manipulation of the argument Username leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of fh451 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda FH451 is a single-frequency 2.4GHz SOHO wireless router launched by China's Tenda Company. It has a maximum transmission rate of 450Mbps and belongs to the wall-penetrating king series of products. The vulnerability is caused by the parameter Username in the file /goform/PPTPDClient failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability, which was classified as critical, has been found in Tenda FH451 1.0.0.9. Affected by this issue is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of fh451 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda FH451 is a single-frequency 2.4GHz SOHO wireless router launched by China's Tenda Company. It has a maximum transmission rate of 450Mbps and belongs to the wall-penetrating king series of products. The vulnerability is caused by the failure to correctly verify the length of the input data in the parameter page in the file /goform/P2pListFilter. Attackers can use this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability classified as critical was found in Tenda FH451 1.0.0.9. Affected by this vulnerability is the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of fh451 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda FH451 is a single-frequency 2.4GHz SOHO wireless router launched by China's Tenda Company. It has a maximum transmission rate of 450Mbps and belongs to the wall-penetrating king series of products. The vulnerability is caused by the failure to correctly verify the length of the input data in the parameter page in the file /goform/NatStaticSetting. Attackers can use this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. Affected is the function formWebTypeLibrary of the file /goform/webtypelibrary. The manipulation of the argument webSiteId leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of fh451 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the failure of the parameter webSiteId in the file /goform/webtypelibrary to correctly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

A vulnerability was found in Tenda FH451 1.0.0.9. It has been rated as critical. This issue affects the function formSafeEmailFilter of the file /goform/SafeEmailFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. of fh451 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the failure to properly verify the length of the input data in the parameter page in the file /goform/SafeEmailFilter. Attackers can use this vulnerability to execute arbitrary code on the system or cause a denial of service attack

A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been classified as critical. This affects an unknown part of the file /menu_nat.asp of the component HTTP Request Handler. The manipulation of the argument out_addr/in_addr/out_port/proto leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. D-Link DI-8100 is an enterprise-level router device from D-Link. Attackers can exploit this vulnerability to trigger a stack overflow by remotely constructing malicious parameters, thereby executing arbitrary code or causing the system to crash

An insufficient session expiration vulnerability [CWE-613] in FortiSandbox FortiSandbox version 4.4.4 and below, version 4.2.6 and below, 4.0 all versions, 3.2 all versions and FortiIsolator version 2.4 and below, 2.3 all versions, 2.2 all versions, 2.1 all versions, 2.0 all versions, 1.2 all versions may allow a remote attacker in possession of an admin session cookie to keep using that admin's session even after the admin user was deleted. fortinet's FortiIsolator and FortiSandbox contains a session expiration vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

The Ricoh M320F is a monochrome laser multifunction printer. The Ricoh M320F has an unauthorized access vulnerability that could allow an attacker to obtain sensitive information.

A vulnerability, which was classified as critical, has been found in D-Link DI-8100 16.07.26A1. This issue affects some unknown processing of the file /menu_nat_more.asp of the component HTTP Request Handler. The manipulation leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. The D-Link DI-8100 is a broadband router designed for small and medium-sized networks. It supports four Internet ports and four LAN ports, and uses a dedicated network processor, allowing up to 80 devices to connect to the network simultaneously. This vulnerability stems from a failure to properly validate the length of input data in the file /menu_nat_more.asp. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service