VARIoT IoT vulnerabilities database
| VAR-202204-1251 | CVE-2022-27294 | D-Link DIR-619 Stack Overflow Vulnerability (NVD-C-2022-192748) |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formWlanWizardSetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the webpage parameter. The D-Link DIR-619 is a series of routers from the D-Link company in China
| VAR-202204-0463 | CVE-2022-27292 | D-Link DIR-619 Stack Overflow Vulnerability (CNVD-2022-31547) |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formLanguageChange. This vulnerability allows attackers to cause a Denial of Service (DoS) via the nextPage parameter. The D-Link DIR-619 is a series of routers from the D-Link company in China
| VAR-202204-1253 | CVE-2022-27277 | InHand Networks InRouter 900 Industrial 4G Router Path Traversal Vulnerability (CNVD-2022-31536) |
CVSS V2: 6.4 CVSS V3: 9.1 Severity: CRITICAL |
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain an arbitrary file deletion vulnerability via the function sub_17C08. InHand Networks InRouter 900 is a series of industrial routers from InHand Networks in the United States
| VAR-202204-1400 | CVE-2022-27268 | InHand Networks of inrouter 900 Command injection vulnerability in firmware |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component get_cgi_from_memory. This vulnerability is triggered via a crafted packet. InHand Networks of inrouter 900 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. InHand Networks InRouter 900 is a series of industrial routers from InHand Networks in the United States
| VAR-202204-1275 | CVE-2022-27274 | InHand Networks InRouter 900 Industrial 4G Router Command Injection Vulnerability (CNVD-2022-31534) |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_12028. This vulnerability is triggered via a crafted packet. InHand Networks InRouter 900 is a series of industrial routers from InHand Networks in the United States
| VAR-202204-1544 | CVE-2022-27271 | InHand Networks InRouter 900 Industrial 4G Router Command Injection Vulnerability (CNVD-2022-31532) |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component python-lib. This vulnerability is triggered via a crafted packet. InHand Networks InRouter 900 is a series of industrial routers from InHand Networks in the United States
| VAR-202204-1252 | CVE-2022-27286 | D-Link DIR-619 Stack Overflow Vulnerability (CNVD-2022-31541) |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanNonLogin. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter. D-Link DIR-619 is a series of routers from China D-Link company
| VAR-202204-1399 | CVE-2022-27275 | InHand Networks InRouter 900 Industrial 4G Router Command Injection Vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_122D0. This vulnerability is triggered via a crafted packet. InHand Networks InRouter 900 is a series of industrial routers from InHand Networks in the United States
| VAR-202204-1543 | CVE-2022-27290 | D-Link DIR-619 Stack Overflow Vulnerability (CNVD-2022-31545) |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanDhcpplus. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter. D-Link DIR-619 is a series of routers from China D-Link company
| VAR-202204-0464 | CVE-2022-27273 | InHand Networks InRouter 900 Industrial 4G Router Command Injection Vulnerability (CNVD-2022-31530) |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_12168. This vulnerability is triggered via a crafted packet. InHand Networks InRouter 900 is a series of industrial routers from InHand Networks in the United States
| VAR-202204-1666 | CVE-2022-27269 | InHand Networks of inrouter 900 Command injection vulnerability in firmware |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component config_ovpn. This vulnerability is triggered via a crafted packet. InHand Networks of inrouter 900 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. InHand Networks InRouter 900 is a series of industrial routers from InHand Networks in the United States
| VAR-202204-1664 | CVE-2022-27293 | D-Link DIR-619 Stack Overflow Vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formWlanSetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the webpage parameter. The D-Link DIR-619 is a series of routers from the D-Link company in China
| VAR-202204-0714 | CVE-2022-27279 | InHand Networks InRouter 900 Industrial 4G Router Path Traversal Vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain an arbitrary file read via the function sub_177E0. InHand Networks InRouter 900 is a series of industrial routers from InHand Networks in the United States
| VAR-202204-0921 | CVE-2022-27270 | InHand Networks InRouter 900 Industrial 4G Router Command Injection Vulnerability (CNVD-2022-31531) |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component ipsec_secrets. This vulnerability is triggered via a crafted packet. InHand Networks InRouter 900 is a series of industrial routers from InHand Networks in the United States
| VAR-202204-0586 | CVE-2022-1289 | tildearrow of furnace Vulnerability in |
CVSS V2: 4.3 CVSS V3: 6.5 Severity: MEDIUM |
A denial of service vulnerability was found in tildearrow Furnace. It has been classified as problematic. This is due to an incomplete fix of CVE-2022-1211. It is possible to initiate the attack remotely but it requires user interaction. The issue got fixed with the patch 0eb02422d5161767e9983bdaa5c429762d3477ce. tildearrow of furnace Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state
| VAR-202204-0713 | CVE-2022-27289 | D-Link DIR-619 Stack Overflow Vulnerability (CNVD-2022-31543) |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanL2TP. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter. The D-Link DIR-619 is a series of routers from the D-Link company in China
| VAR-202204-1071 | CVE-2022-27280 | InHand Networks InRouter 900 Industrial 4G Router Cross-Site Scripting Vulnerability |
CVSS V2: 3.5 CVSS V3: 5.4 Severity: MEDIUM |
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the web_exec parameter at /apply.cgi. InHand Networks InRouter 900 is a series of industrial routers from InHand Networks in the United States
| VAR-202204-1095 | CVE-2022-27288 | D-Link DIR-619 Stack Overflow Vulnerability (CNVD-2022-31540) |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanPPTP. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter. D-Link DIR-619 is a series of routers from China D-Link company
| VAR-202204-0920 | CVE-2022-27287 | D-Link DIR-619 Stack Overflow Vulnerability (CNVD-2022-31542) |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanPPPoE. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter. The D-Link DIR-619 is a series of routers from the D-Link company in China
| VAR-202204-1665 | CVE-2022-27291 | D-Link DIR-619 Stack Overflow Vulnerability (CNVD-2022-31546) |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formdumpeasysetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the config.save_network_enabled parameter. The D-Link DIR-619 is a series of routers from the D-Link company in China