VARIoT IoT vulnerabilities database

A vulnerability, which was classified as critical, has been found in D-Link DAP-1320 1.00. Affected by this issue is the function replace_special_char of the file /storagein.pd-XXXXXX. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DAP-1320 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DAP-1320 is a wireless signal extender from D-Link, a Chinese company. Attackers can exploit this vulnerability to cause the program to crash or even execute arbitrary code

A vulnerability classified as critical was found in D-Link DAP-1320 1.00. Affected by this vulnerability is the function set_ws_action of the file /dws/api/. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DAP-1320 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DAP-1320 is a wireless signal extender from D-Link, a Chinese company. Attackers can exploit this vulnerability to cause the program to crash or even execute arbitrary code

DS-A80624S is a 24-slot network storage device launched by Hikvision. Hangzhou Hikvision Digital Technology Co., Ltd. DS-A80624S has a logic defect vulnerability, which can be exploited by attackers to obtain sensitive information.

The MX-3070N is a commercial-grade color multifunction printer that is primarily designed to meet the office needs of medium to large companies. The Sharp Corporation MX-3070N has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information.

Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the funcpara1 parameter in the formSetCfm function. Shenzhen Tenda Technology Co.,Ltd. of I12 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda i12 is a high-power AP wireless access point for commercial use. Remote attackers can use this vulnerability to submit special requests, which can cause the application to crash and cause a denial of service attack

Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the list parameter in the formwrlSSIDset function. Shenzhen Tenda Technology Co.,Ltd. of I12 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda i12 is a high-power AP wireless access point for commercial use. Remote attackers can use this vulnerability to submit special requests, which can cause the application to crash and cause a denial of service attack

Tenda AC10 V1.0 V15.03.06.23 has a command injection vulnerablility located in the formexeCommand function. The str variable receives the cmdinput parameter from a POST request and is later assigned to the cmd_buf variable, which is directly used in the doSystemCmd function, causing an arbitrary command execution. Shenzhen Tenda Technology Co.,Ltd. of AC10 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. No detailed vulnerability details are currently provided

Tenda AC10 V1.0 V15.03.06.23 is vulnerable to Buffer Overflow in form_fast_setting_wifi_set via the parameter ssid. Shenzhen Tenda Technology Co.,Ltd. of AC10 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the sub_47D878 function. Shenzhen Tenda Technology Co.,Ltd. of AC8 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the urls parameter in the function get_parentControl_list_Info. Shenzhen Tenda Technology Co.,Ltd. of AC8 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Attackers can exploit this vulnerability to cause the program to crash or even execute arbitrary code

Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the sub_49E098 function. Shenzhen Tenda Technology Co.,Ltd. of AC8 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Attackers can exploit this vulnerability to corrupt memory and possibly cause the browser to crash

A vulnerability was found in Tenda AC8V4 V16.03.34.06. Affected is the function SUB_0046AC38 of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. of AC8 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC8 has a buffer overflow vulnerability, which can be exploited by attackers to cause the program to crash or even execute arbitrary code

Tenda O4 V3.0 V1.0.0.10(2936) is vulnerable to Buffer Overflow in the function SafeSetMacFilter of the file /goform/setMacFilterList via the argument remark/type/time. Shenzhen Tenda Technology Co.,Ltd. of O4 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda O4 is a router product of Tenda. Remote attackers can use this vulnerability to submit special requests, which can cause the application to crash and execute arbitrary code in the context of the application

A vulnerability in the email filtering mechanism of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to bypass the configured rules and allow emails that should have been denied to flow through an affected device.   This vulnerability is due to improper handling of email that passes through an affected device. An attacker could exploit this vulnerability by sending a crafted email through the affected device. A successful exploit could allow the attacker to bypass email filters on the affected device. Cisco Secure Email Gateway is a secure email gateway software of Cisco, an American company. Remote attackers can bypass the rules and conduct malicious attacks by submitting special emails through the vulnerability

‌Siemens SiPass integrated‌ is a powerful and flexible access control system for organizations of all sizes, from simple offices to large, complex facilities with thousands of doors, gates, barriers, and elevators. A directory traversal vulnerability exists in DotNetZip, a third-party component of Siemens SiPass integrated, which can be exploited by an attacker to execute arbitrary code on the application server if a specially crafted backup set is used to restore it.

A buffer overflow vulnerability was discovered in D-Link DSL-3782 v1.01 via the destination, netmask, and gateway parameters. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. D-Link Systems, Inc. D-Link DSL-3782 is a wireless router from Taiwan's D-Link company

An OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the public_type parameter. This vulnerability allows attackers to execute arbitrary operating system (OS) commands via a crafted packet. D-Link Systems, Inc. (DoS) It may be in a state. D-Link DSL-3782 is a wireless router from D-Link. The vulnerability originates from processing the public_type parameter

An OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the samba_wg and samba_nbn parameters. This vulnerability allows attackers to execute arbitrary operating system (OS) commands via a crafted packet. D-Link Systems, Inc. (DoS) It may be in a state. D-Link DSL-3782 is a wireless router from Taiwan's D-Link company

An OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the inIP, insPort, inePort, exsPort, exePort, and protocol parameters. This vulnerability allows attackers to execute arbitrary operating system (OS) commands via a crafted packet. D-Link Systems, Inc. (DoS) It may be in a state. D-Link DSL-3782 is a wireless router from Taiwan's D-Link company

A buffer overflow vulnerability was discovered in D-Link DSL-3782 v1.01 via the sstartip, sendip, dstartip, and dendip parameters. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. D-Link Systems, Inc. D-Link DSL-3782 is a wireless router from Taiwan's D-Link company