VARIoT IoT vulnerabilities database

A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serverName`) to /goform/AdvSetMacMtuWan.

A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serviceName`) to /goform/AdvSetMacMtuWan.

A vulnerability was determined in TOTOLINK X5000R 9.1.0cu.2089_B20211224. Affected by this issue is the function snprintf of the file /cgi-bin/cstecgi.cgi?action=exportOvpn&type=user. This manipulation of the argument User causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. TOTOLINK of X5000R The firmware contains a command injection vulnerability. OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

In AzeoTech DAQFactory release 20.7 (Build 2555), an Out-of-bounds Write vulnerability can be exploited by an attacker to cause the program to write data past the end of an allocated memory buffer. This can lead to arbitrary code execution or a system crash. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AzeoTech DAQFactory. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of CTL files. An attacker can leverage this vulnerability to execute code in the context of the current process. AzeoTech DAQFactory is a data acquisition and monitoring software developed by AzeoTech, a US-based company, commonly used in industrial automation. AzeoTech DAQFactory contains an out-of-bounds write vulnerability

In AzeoTech DAQFactory release 20.7 (Build 2555), an Out-of-bounds Read vulnerability can be exploited by an attacker to cause the program to read data past the end of an allocated buffer. This could allow an attacker to disclose information or cause a system crash. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AzeoTech DAQFactory. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of CTL files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. AzeoTech DAQFactory is a data acquisition and monitoring software developed by AzeoTech, a US-based company, commonly used in industrial automation. AzeoTech DAQFactory contains an out-of-bounds read vulnerability

In AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Uninitialized Pointer vulnerability can be exploited by an attacker which can lead to arbitrary code execution. AzeoTech DAQFactory is a data acquisition and monitoring software developed by AzeoTech, a US-based company, commonly used in industrial automation

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. AzeoTech DAQFactory is a data acquisition and monitoring software developed by AzeoTech, a US-based company, commonly used in industrial automation. AzeoTech DAQFactory contains a memory corruption vulnerability. This vulnerability stems from memory corruption during the parsing of specially crafted .ctl files, which attackers can exploit to execute arbitrary code

In AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Resource Using Incompatible Type vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of CTL files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition

In AzeoTech DAQFactory release 20.7 (Build 2555), a Use After Free vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of CTL files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. AzeoTech DAQFactory is a data acquisition and monitoring software developed by AzeoTech, a US-based company, commonly used in industrial automation. AzeoTech DAQFactory contains a use-after-free vulnerability

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. AzeoTech DAQFactory is a data acquisition and monitoring software developed by AzeoTech, a US-based company, commonly used in industrial automation. AzeoTech DAQFactory contains a stack buffer overflow vulnerability. This vulnerability stems from a stack buffer overflow that occurs when parsing specially crafted .ctl files, allowing attackers to execute arbitrary code

A vulnerability was detected in D-Link DIR-803 up to 1.04. Impacted is an unknown function of the file /getcfg.php of the component Configuration Handler. The manipulation of the argument AUTHORIZED_GROUP results in information disclosure. The attack may be performed from remote. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Corporation of DIR-803 There are unspecified vulnerabilities in the firmware.Information may be obtained

A security flaw has been discovered in Tenda CH22 1.0.0.1. This affects the function frmL7ImForm of the file /goform/L7Im. Performing manipulation of the argument page results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. The Tenda CH22 is an enterprise-grade wireless router suitable for small and medium-sized businesses or home office environments. It supports a single-band 2.4GHz wireless network with a maximum transmission rate of 450Mbps. A buffer overflow vulnerability exists in version 1.0.0.1 of the Tenda CH22. This vulnerability is related to the `frmL7ImForm` function on the `/goform/L7Im` interface and arises from the lack of valid length validation for the passed `page` parameter. A remote attacker could exploit this vulnerability to execute arbitrary code, thereby gaining complete control of the device or causing service disruption

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7, FortiVoice 6.4 all versions, FortiVoice 6.0 all versions may allow an authenticated privileged attacker to execute unauthorized code or commands via crafted requests

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiExtender 7.6.0 through 7.6.3, FortiExtender 7.4.0 through 7.4.7, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated attacker to execute unauthorized code or commands via a specific HTTP request.

Multiple Improper Limitations of a Pathname to a Restricted Directory ('Path Traversal') vulnerabilities [CWE-22] vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 may allow a privileged authenticated attacker to write arbitrary files via specifically HTTP or HTTPS commands

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an attacker to perform an XSS attack via crafted HTTP requests. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fortinet FortiSandbox. Minimal user interaction is required to exploit this vulnerability.The specific flaw exists within the handling of HA cluster paths. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of arbitrary script. An attacker can leverage this vulnerability to interact with the application in the context of a target user

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fortinet FortiSandbox. Authentication is required to exploit this vulnerability.The specific flaw exists within the handling of the names parameter provided to the admindel_confirm endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox Cloud 24.1, FortiSandbox Cloud 23 all versions allows a remote privileged attacker to execute unauthorized code or commands via crafted HTTP or HTTPS requests.

A vulnerability in the speedtest feature of affected NETGEAR Nighthawk routers, caused by improper input validation, can allow attackers on the router's WAN side, using attacker-in-the-middle techniques (MiTM) to manipulate DNS responses and execute commands when speedtests are run. This issue affects RS700: through 1.0.7.82; RAX54Sv2 : before V1.1.6.36; RAX41v2: before V1.1.6.36; RAX50: before V1.2.14.114; RAXE500: before V1.2.14.114; RAX41: before V1.0.17.142; RAX43: before V1.0.17.142; RAX35v2: before V1.0.17.142; RAXE450: before V1.2.14.114; RAX43v2: before V1.1.6.36; RAX42: before V1.0.17.142; RAX45: before V1.0.17.142; RAX50v2: before V1.1.6.36; MR90: before V1.0.2.46; MS90: before V1.0.2.46; RAX42v2: before V1.1.6.36; RAX49S: before V1.1.6.36. This vulnerability affects the following products: RS700 teeth 1.0.7.82 to, RAX54Sv2 teeth V1.1.6.36 Before, RAX41v2 teeth V1.1.6.36 Before, RAX50 teeth V1.2.14.114 Before, RAXE500 teeth V1.2.14.114 Before, RAX41 teeth V1.0.17.142 Before, RAX43 teeth V1.0.17.142 Before, RAX35v2 teeth V1.0.17.142 Before, RAXE450 teeth V1.2.14.114 Before, RAX43v2 teeth V1.1.6.36 Before, RAX42 teeth V1.0.17.142 Before, RAX45 teeth V1.0.17.142 Before, RAX50v2 teeth V1.1.6.36 Before, MR90 teeth V1.0.2.46 Before, MS90 teeth V1.0.2.46 Before, RAX42v2 teeth V1.1.6.36 Before, RAX49S teeth V1.1.6.36 It affects earlier.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

A vulnerability in NETGEAR Nighthawk R7000P routers lets an authenticated admin execute OS command injections due to improper input validation. This issue affects R7000P: through 1.3.3.154. OS There is a vulnerability that allows command injection. R7000P version of 1.3.3.154 It will affect up to.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software