VARIoT IoT vulnerabilities database

VAR-202202-0653	CVE-2021-21964	Sealevel Systems, Inc. SeaConnect 370W Vulnerability regarding lack of authentication for critical features in	CVSS V2: 7.1 CVSS V3: 7.4 Severity: HIGH

A denial of service vulnerability exists in the Modbus configuration functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. Specially-crafted network packets can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability. Sealevel Systems, Inc. SeaConnect 370W There is a vulnerability in the lack of authentication for critical features.Service operation interruption (DoS) It may be in a state. Used to remotely monitor and control the status of the actual I/O process

VAR-202202-1235	CVE-2021-45994	Tenda router G1 and G3 Out-of-bounds write vulnerability in	CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formDelDhcpRule. This vulnerability allows attackers to cause a Denial of Service (DoS) via the delDhcpIndex parameter

VAR-202202-0358	CVE-2021-44882	D-Link device DIR_878 Command injection vulnerability in	CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL

D-Link device DIR_878_FW1.30B08_Hotfix_02 was discovered to contain a command injection vulnerability in the twsystem function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request. (DoS) It may be in a state. D-Link DIR-878 is a wireless router from D-Link Company in Taiwan

VAR-202202-0685	CVE-2021-45735	TOTOLINK X5000R Vulnerability in plaintext transmission of important information in	CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH

TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to use the HTTP protocol for authentication into the admin interface, allowing attackers to intercept user credentials via packet capture software. TOTOLINK X5000R Contains a vulnerability in the transmission of important information in clear text.Information may be obtained

VAR-202202-0344	CVE-2021-46230	D-Link device DI-7200GV2.E1 Command injection vulnerability in	CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function upgrade_filter. This vulnerability allows attackers to execute arbitrary commands via the path and time parameters. (DoS) It may be in a state. The D-Link Di-7200G is a gigabit enterprise-class router from China's D-Link company

VAR-202202-0679	CVE-2021-45988	Tenda router G1 and G3 Out-of-bounds write vulnerability in	CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formAddDnsForward. This vulnerability allows attackers to cause a Denial of Service (DoS) via the DnsForwardRule parameter

VAR-202202-1239	CVE-2022-24142	Tenda AX3 Out-of-bounds write vulnerability in	CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH

Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetFirewallCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the firewallEn parameter. Tenda AX3 Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state. Tenda Ax3 is an Ax1800 Gigabit port dual-band Wifi 6 wireless router from Tenda, China

VAR-202202-1245	CVE-2022-24152	Tenda AX3 Out-of-bounds write vulnerability in	CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH

Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetRouteStatic. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. Tenda AX3 Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state. Tenda Ax3 is an Ax1800 Gigabit port dual-band Wifi 6 wireless router from Tenda, China

VAR-202202-1242	CVE-2022-24146	Tenda AX3 Out-of-bounds write vulnerability in	CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH

Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetQosBand. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. Tenda AX3 Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state. Tenda Ax3 is an Ax1800 Gigabit port dual-band Wifi 6 wireless router from Tenda, China

VAR-202202-0684	CVE-2021-45738	TOTOLINK X5000 Command injection vulnerability in	CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL

TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function UploadFirmwareFile. This vulnerability allows attackers to execute arbitrary commands via the parameter FileName. TOTOLINK X5000 Contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK X5000R is a router

VAR-202202-1231	CVE-2021-45987	Tenda router G1 and G3 In OS Command injection vulnerability	CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetNetCheckTools. This vulnerability allows attackers to execute arbitrary commands via the hostName parameter. (DoS) It may be in a state

VAR-202202-0687	CVE-2021-45734	TOTOLINK X5000R Out-of-bounds write vulnerability in	CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH

TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setUrlFilterRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via the url parameter. TOTOLINK X5000R Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state

VAR-202202-1234	CVE-2021-45992	Tenda router G1 and G3 Out-of-bounds write vulnerability in	CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetQvlanList. This vulnerability allows attackers to cause a Denial of Service (DoS) via the qvlanName parameter

VAR-202202-1244	CVE-2022-24151	Tenda AX3 Out-of-bounds write vulnerability in	CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH

Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetWifiGusetBasic. This vulnerability allows attackers to cause a Denial of Service (DoS) via the shareSpeed parameter. Tenda AX3 Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state. Tenda Ax3 is an Ax1800 Gigabit port dual-band Wifi 6 wireless router from Tenda, China

VAR-202202-0688	CVE-2021-44247	plural Totolink Command injection vulnerability in device	CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL

Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain command injection vulnerability in the function setNoticeCfg. This vulnerability allows attackers to execute arbitrary commands via the IpFrom parameter. Totolink device A3100R , A830R , A720R Contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLink A3100R is a wireless router. TOTOLink A830R is a wireless dual-band router. TOTOLink A720R is a wireless router

VAR-202202-0349	CVE-2021-46228	D-Link device DI-7200GV2.E1 Command injection vulnerability in	CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function httpd_debug.asp. This vulnerability allows attackers to execute arbitrary commands via the time parameter. (DoS) It may be in a state. The D-Link Di-7200G is a gigabit enterprise-class router from China's D-Link company

VAR-202202-0677	CVE-2021-45996	Tenda router G1 and G3 Out-of-bounds write vulnerability in	CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetPortMapping. This vulnerability allows attackers to cause a Denial of Service (DoS) via the portMappingServer, portMappingProtocol, portMappingWan, porMappingtInternal, and portMappingExternal parameters

VAR-202202-1219	CVE-2021-21963	Sealevel Systems, Inc. SeaConnect 370W Vulnerability regarding lack of encryption of critical data in	CVSS V2: 4.3 CVSS V3: 5.9 Severity: MEDIUM

An information disclosure vulnerability exists in the Web Server functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. Sealevel Systems, Inc. SeaConnect 370W There is a vulnerability in the lack of encryption of critical data.Information may be obtained. Used to remotely monitor and control the status of the actual I/O process

VAR-202202-1224	CVE-2021-45739	TOTOLINK A720R Out-of-bounds write vulnerability in	CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH

TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the flag parameter. TOTOLINK A720R Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state. TOTOLINK A720R is a wireless router

VAR-202202-0674	CVE-2022-24149	Tenda AX3 Out-of-bounds write vulnerability in	CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH

Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetWirelessRepeat. This vulnerability allows attackers to cause a Denial of Service (DoS) via the wpapsk_crypto parameter. Tenda AX3 Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state. Tenda Ax3 is an Ax1800 Gigabit port dual-band Wifi 6 wireless router from Tenda, China