VARIoT IoT vulnerabilities database

A buffer overflow vulnerability was discovered in D-Link DSL-3782 v1.01, triggered by the destination, netmask and gateway parameters. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. D-Link Systems, Inc. D-Link DSL-3782 is a wireless router from D-Link, a Chinese company

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-11714. Reason: This candidate is a reservation duplicate of CVE-2018-11714. Notes: All CVE users should reference CVE-2018-11714 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. TP-LINK Technologies of wr840n An authentication vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A vulnerability in the Netgear DGN2200 router with firmware version v1.0.0.46 and earlier permits unauthorized individuals to bypass the authentication. When adding "?x=1.gif" to the the requested url, it will be recognized as passing the authentication. of netgear DGN2200 An authentication vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR DGN2200 is a wireless router from NETGEAR. NETGEAR DGN2200 has a permission issue vulnerability

Opcenter Intelligence (formerly known as "Manufacturing Intelligence") connects manufacturing data from disparate company sources and aggregates it into cohesive, intelligent, and contextualized information. Siemens Opcenter Intelligence Tableau Server component has multiple vulnerabilities that can be exploited by attackers to affect the confidentiality and integrity of the system.

A vulnerability has been found in D-Link DIR-816 1.01TO and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/webproc?getpage=html/index.html&var:menu=24gwlan&var:page=24G_basic. The manipulation of the argument SSID leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link DIR-816 is a wireless router from D-Link of China. D-Link DIR-816 version 1.01TO has a code injection vulnerability. The vulnerability is caused by the incorrect operation of the parameter SSID, which will lead to a cross-site scripting attack. Attackers can use this vulnerability to execute malicious scripts, steal user cookies, or conduct phishing attacks

A cross-site scripting (XSS) vulnerability in the RT-N10E/ RT-N12E 2.0.0.x firmware . This vulnerability caused by improper input validation and can be triggered via the manipulation of the SSID argument in the sysinfo.asp file, leading to disclosure of sensitive information. Note: All versions of RT-N10E and RT-N12E are unsupported (End-of-Life, EOL). Consumers can mitigate this vulnerability by disabling the remote access features from WAN. ASUS RT-N12E is a wireless router from ASUS, a Chinese company. Attackers can exploit this vulnerability to execute arbitrary web scripts or HTML by injecting carefully crafted payloads

A vulnerability classified as critical has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi. The manipulation as part of String leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of x18 The firmware contains a buffer error vulnerability, a stack-based buffer overflow vulnerability, and an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK X18 is a Gigabit router from China's TOTOLINK Electronics. The vulnerability is caused by the parameter String of the file /cgi-bin/cstecgi.cgi failing to correctly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329. It has been rated as critical. This issue affects the function setL2tpdConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of x18 The firmware contains a command injection vulnerability. OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK X18 is a Gigabit router from China's TOTOLINK Electronics. TOTOLINK X18 9.1.0cu.2024_B20220329 version has a command injection vulnerability, which is caused by the parameter enable of the file /cgi-bin/cstecgi.cgi failing to properly filter special characters and commands in the constructed command. Attackers can exploit this vulnerability to cause arbitrary command execution

TMS320F28335 is a high-performance TMS320C28x series 32-bit floating-point DSP processor produced by TI. Texas Instruments Incorporated. TMS320F28335 has a logic flaw vulnerability that can be exploited by attackers to cause a denial of service.

Xiamen Four-Faith Communication Technology Co., Ltd. is a global leading provider of IoT communication equipment and solutions. There is a logic flaw in the video surveillance management system of Xiamen Four-Faith Communication Technology Co., Ltd., which can be exploited by attackers to obtain sensitive information.

D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the Password parameter in the SetQuickVPNSettings module. D-Link Systems, Inc. (DoS) It may be in a state

D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the PSK parameter in the SetQuickVPNSettings module. D-Link Systems, Inc. (DoS) It may be in a state

DCWS-6028 is a new generation of high-performance 10G smart wireless controller, designed for large and medium-sized wireless network environments. Beijing Digital China Cloud Technology Co., Ltd. DCWS-6028 has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

MX-3071 is a digital multifunction printer, mainly used for black and white copying, printing and scanning functions. Sharp Corporation MX-3071 has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

mySCADA myPRO Manager is vulnerable to an OS command injection which could allow a remote attacker to execute arbitrary OS commands. mySCADA Technologies of myPRO for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. mySCADA myPRO is a professional HMI/SCADA system from mySCADA, designed for visualization and control of industrial processes. mySCADA myPRO has an operating system command injection vulnerability that stems from improper input validation

The administrative web interface of mySCADA myPRO Manager can be accessed without authentication which could allow an unauthorized attacker to retrieve sensitive information and upload files without the associated password. mySCADA Technologies of myPRO There is a vulnerability in the lack of authentication for critical features.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. mySCADA myPRO is a professional HMI/SCADA system from mySCADA, designed for visualization and control of industrial processes. mySCADA myPRO has an access control error vulnerability that allows access to the management interface without authentication

mySCADA myPRO Manager is vulnerable to cross-site request forgery (CSRF), which could allow an attacker to obtain sensitive information. An attacker would need to trick the victim in to visiting an attacker-controlled website. mySCADA myPRO is a professional HMI/SCADA system from mySCADA, designed for visualization and control of industrial processes

mySCADA myPRO Manager stores credentials in cleartext, which could allow an attacker to obtain sensitive information. mySCADA Technologies of myPRO There is a vulnerability in plaintext storage of important information.Information may be obtained. mySCADA myPRO is a professional HMI/SCADA system from mySCADA, designed for visualization and control of industrial processes. mySCADA myPRO has an information leakage vulnerability due to the storage of credentials in plain text

A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11, triggered by the dnsserver1 and dnsserver2 parameters at /userRpm/WanSlaacCfgRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. TP-LINK Technologies of TL-WR841ND An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state

A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the pskSecret parameter at /userRpm/WlanSecurityRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. TP-LINK Technologies of TL-WR841ND An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state