VARIoT IoT vulnerabilities database
| VAR-202202-0345 | CVE-2021-46227 | D-Link device DI-7200GV2.E1 Command injection vulnerability in |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function proxy_client.asp. This vulnerability allows attackers to execute arbitrary commands via the proxy_srv, proxy_srvport, proxy_lanip, proxy_lanport parameters. (DoS) It may be in a state. The D-Link Di-7200G is a gigabit enterprise-class router from D-Link, a company in China
| VAR-202202-1235 | CVE-2021-45994 | Tenda router G1 and G3 Out-of-bounds write vulnerability in |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formDelDhcpRule. This vulnerability allows attackers to cause a Denial of Service (DoS) via the delDhcpIndex parameter
| VAR-202202-0652 | CVE-2021-21969 | Sealevel Systems, Inc. SeaConnect 370W Out-of-bounds write vulnerability in |
CVSS V2: 6.8 CVSS V3: 8.1 Severity: HIGH |
An out-of-bounds write vulnerability exists in the HandleSeaCloudMessage functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. The HandleIncomingSeaCloudMessage function uses at [4] the json_object_get_string to populate the p_payload global variable. The p_payload is only 0x100 bytes long, and the total MQTT message could be up to 0x201 bytes. Because the function json_object_get_string will fill str based on the length of the json’s value and not the actual str size, this would result in a possible out-of-bounds write. Sealevel Systems, Inc. SeaConnect 370W Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Used to remotely monitor and control the status of the actual I/O process
| VAR-202202-1244 | CVE-2022-24151 | Tenda AX3 Out-of-bounds write vulnerability in |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetWifiGusetBasic. This vulnerability allows attackers to cause a Denial of Service (DoS) via the shareSpeed parameter. Tenda AX3 Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state. Tenda Ax3 is an Ax1800 Gigabit port dual-band Wifi 6 wireless router from Tenda, China
| VAR-202202-0295 | CVE-2022-22724 | plural Modicon M340 Product resource exhaustion vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause a denial of service on ports 80 (HTTP) and 502 (Modbus), when sending a large number of TCP RST or FIN packets to any open TCP port of the PLC. Affected Product: Modicon M340 CPUs: BMXP34 (All Versions). plural Modicon M340 The product contains a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state. The Schneider Electric Modicon M340 is a mid-range PLC (Programmable Logic Controller) from Schneider Electric in France for industrial processes and infrastructure
| VAR-202202-0687 | CVE-2021-45734 | TOTOLINK X5000R Out-of-bounds write vulnerability in |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setUrlFilterRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via the url parameter. TOTOLINK X5000R Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state
| VAR-202202-0679 | CVE-2021-45988 | Tenda router G1 and G3 Out-of-bounds write vulnerability in |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formAddDnsForward. This vulnerability allows attackers to cause a Denial of Service (DoS) via the DnsForwardRule parameter
| VAR-202202-0677 | CVE-2021-45996 | Tenda router G1 and G3 Out-of-bounds write vulnerability in |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetPortMapping. This vulnerability allows attackers to cause a Denial of Service (DoS) via the portMappingServer, portMappingProtocol, portMappingWan, porMappingtInternal, and portMappingExternal parameters
| VAR-202202-0344 | CVE-2021-46230 | D-Link device DI-7200GV2.E1 Command injection vulnerability in |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function upgrade_filter. This vulnerability allows attackers to execute arbitrary commands via the path and time parameters. (DoS) It may be in a state. The D-Link Di-7200G is a gigabit enterprise-class router from China's D-Link company
| VAR-202202-1242 | CVE-2022-24146 | Tenda AX3 Out-of-bounds write vulnerability in |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetQosBand. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. Tenda AX3 Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state. Tenda Ax3 is an Ax1800 Gigabit port dual-band Wifi 6 wireless router from Tenda, China
| VAR-202202-1239 | CVE-2022-24142 | Tenda AX3 Out-of-bounds write vulnerability in |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetFirewallCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the firewallEn parameter. Tenda AX3 Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state. Tenda Ax3 is an Ax1800 Gigabit port dual-band Wifi 6 wireless router from Tenda, China
| VAR-202202-1232 | CVE-2021-45989 | Tenda router G1 and G3 Out-of-bounds write vulnerability in |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function guestWifiRuleRefresh. This vulnerability allows attackers to cause a Denial of Service (DoS) via the qosGuestUpstream and qosGuestDownstream parameters
| VAR-202202-1234 | CVE-2021-45992 | Tenda router G1 and G3 Out-of-bounds write vulnerability in |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetQvlanList. This vulnerability allows attackers to cause a Denial of Service (DoS) via the qvlanName parameter
| VAR-202202-1231 | CVE-2021-45987 | Tenda router G1 and G3 In OS Command injection vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetNetCheckTools. This vulnerability allows attackers to execute arbitrary commands via the hostName parameter. (DoS) It may be in a state
| VAR-202202-0359 | CVE-2021-44880 | D-Link device DIR_878 and DIR_882 Command injection vulnerability in |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
D-Link devices DIR_878 DIR_878_FW1.30B08_Hotfix_02 and DIR_882 DIR_882_FW1.30B06_Hotfix_02 were discovered to contain a command injection vulnerability in the system function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request. D-Link device DIR_878 and DIR_882 Contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-878 is a wireless router from D-Link Company in Taiwan
| VAR-202202-0358 | CVE-2021-44882 | D-Link device DIR_878 Command injection vulnerability in |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
D-Link device DIR_878_FW1.30B08_Hotfix_02 was discovered to contain a command injection vulnerability in the twsystem function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request. (DoS) It may be in a state. D-Link DIR-878 is a wireless router from D-Link Company in Taiwan
| VAR-202202-1243 | CVE-2022-24148 | Tenda AX3 Command injection vulnerability in |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function mDMZSetCfg. This vulnerability allows attackers to execute arbitrary commands via the dmzIp parameter. (DoS) It may be in a state. Tenda Ax3 is an Ax1800 Gigabit port dual-band Wifi 6 wireless router from Tenda, China
| VAR-202202-0678 | CVE-2021-45993 | Tenda router G1 and G3 Out-of-bounds write vulnerability in |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formIPMacBindModify. This vulnerability allows attackers to cause a Denial of Service (DoS) via the IPMacBindRuleIP and IPMacBindRuleMac parameters
| VAR-202202-0650 | CVE-2021-22284 | ABB Made OPC Server for AC 800M Code Execution Vulnerability with Unnecessary Privileges |
CVSS V2: 6.5 CVSS V3: 8.8 Severity: HIGH |
Incorrect Permission Assignment for Critical Resource vulnerability in OPC Server for AC 800M allows an attacker to execute arbitrary code in the node running the AC800M OPC Server. ABB Provided by OPC Server for AC 800M Is a run-time data reader
| VAR-202202-0336 | CVE-2021-46454 | D-Link device DIR-823-Pro Command injection vulnerability in |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetWLanApcliSettings. This vulnerability allows attackers to execute arbitrary commands via the ApCliKeyStr parameter. (DoS) It may be in a state. D-Link Dir-823-Pro is a dual-band smart wireless router from China D-Link company