VARIoT IoT vulnerabilities database

A missing encryption of sensitive data in Fortinet FortiClientEMS version 7.0.1 and below, version 6.4.4 and below allows attacker to information disclosure via inspecting browser decrypted data. Fortinet FortiClientEMS There is a vulnerability in the lack of encryption of critical data.Information may be obtained. Fortinet FortiClientEms is a centralized central management system of Fortinet Corporation in the United States

An unauthenticated command injection vulnerability exists in multiple parameters in the Gryphon Tower router’s web interface at /cgi-bin/luci/rc. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the web interface. (DoS) It may be in a state. Gryphon Tower is a wireless router from Gryphon

An unprotected ssh private key exists on the Gryphon devices which could be used to achieve root access to a server affiliated with Gryphon's development and infrastructure. At the time of discovery, the ssh key could be used to login to the development server hosted in Amazon Web Services. Gryphon The device contains an insufficient credential protection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Gryphon Tower is a wireless router from Gryphon. Gryphon Tower has an information disclosure vulnerability

An unauthenticated command injection vulnerability exists in the parameters of operation 48 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999. (DoS) It may be in a state. Gryphon Tower is a wireless router from Gryphon. The package executes commands on the device as root

An unauthenticated command injection vulnerability exists in the parameters of operation 10 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999. (DoS) It may be in a state. Gryphon Tower is a wireless router from Gryphon

A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access to sensitive restricted information, such as forbidden files of the web application, via sending a specially crafted HTTP packet. Netgear RAX35 , RAX38 , RAX40 Routers contain a path traversal vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state. Netgear RAX35 is a router from Netgear. A hardware device that connects two or more networks and acts as a gateway between the networks. Netgear RAX35, RAX38 and RAX40 routers v1.0.4.102 and earlier versions of the firmware have an access control error vulnerability. The vulnerability stems from the network system or product improperly restricting access to resources from unauthorized roles

An unauthenticated command injection vulnerability exists in the parameters of operation 41 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999. (DoS) It may be in a state. Gryphon Tower is a wireless router from Gryphon

An unauthenticated command injection vulnerability exists in the parameters of operation 49 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999. (DoS) It may be in a state. Gryphon Tower is a wireless router from Gryphon

A violation of secure design principles in Fortinet Meru AP version 8.6.1 and below, version 8.5.5 and below allows attacker to execute unauthorized code or commands via crafted cli commands. Fortinet Meru AP for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet Meru Ap is a wireless access point of Fortinet, Inc. of the United States. Fortinet Meru AP has a code injection vulnerability in 8.6.1 and 8.5.5 and below. The vulnerability stems from the failure of the network system or product to properly filter special elements in the process of constructing code segments with external input data

An unauthenticated command injection vulnerability exists in the parameters of operation 32 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999. (DoS) It may be in a state. Gryphon Tower is a wireless router from Gryphon. The vulnerability is caused by the fact that the parameter of operation 32 in the controller_server service on the router fails to correctly filter the special characters and commands entered by the user

An unauthenticated command injection vulnerability exists in the parameters of operation 3 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999. (DoS) It may be in a state. Gryphon Tower is a wireless router from Gryphon. entered by the user

There is an information leak vulnerability in eCNS280_TD V100R005C10SPC650. The vulnerability is caused by improper log output management. An attacker with the ability to access the log file of device may lead to information disclosure. eCNS280_TD Exists in encoding and escaping vulnerabilities.Information may be obtained. Huawei eCNS280_TD is the core network equipment of the wireless broadband trunking system of China's Huawei (Huawei) company

Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers access to the Gryphon homebound VPN network which exposes the LAN interfaces of other users' devices connected to the same service. An attacker could leverage this to make configuration changes to, or otherwise attack victims' devices as though they were on an adjacent network. Gryphon Tower An authentication vulnerability exists in the router.Information may be obtained. Gryphon Tower is a wireless router from Gryphon

A reflected cross-site scripting vulnerability exists in the url parameter of the /cgi-bin/luci/site_access/ page on the Gryphon Tower router's web interface. An attacker could exploit this issue by tricking a user into following a specially crafted link, granting the attacker javascript execution in the context of the victim's browser

A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the LogReport API controller. Fortinet FortiWeb Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Multiple stack-based buffer overflows in the API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted requests. FortiWeb Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiWeb is a web application layer firewall developed by Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, etc., to ensure the security of web applications and protect sensitive database content

A improper authentication in Fortinet FortiAuthenticator version 6.4.0 allows user to bypass the second factor of authentication via a RADIUS login portal. Fortinet FortiAuthenticator There is an authentication vulnerability in.Information may be obtained and information may be tampered with. Fortinet FortiAuthenticator is a centralized user identity management solution from Fortinet. The vulnerability stems from the improper design or implementation of the authentication module code

An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 and below may allow an authenticated and remote attacker with low privileges to execute any command as an admin user with full access rights via bypassing the GUI restrictions. FortiWLC Exists in a fraudulent authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

There is a memory leak vulnerability in CloudEngine 12800 V200R019C00SPC800, CloudEngine 5800 V200R019C00SPC800, CloudEngine 6800 V200R019C00SPC800 and CloudEngine 7800 V200R019C00SPC800. The software does not sufficiently track and release allocated memory while parse a series of crafted binary messages, which could consume remaining memory. Successful exploit could cause memory exhaust. plural Huawei The product contains a vulnerability related to lack of freeing of resources after valid lifetime.Service operation interruption (DoS) It may be in a state. Huawei CloudEngine is a data center switch of China's Huawei (Huawei) company

An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 allows a remote unauthenticated attacker to DoS the web application via sending a specific HTTP packet. TP-Link AX10v1 for, HTTP There is a vulnerability related to request smuggling.Service operation interruption (DoS) It may be in a state. TP-Link AX10 is a router from China's Tp-link company. There is an input validation error vulnerability in TP-Link AX10 v1, which is caused by the product not effectively processing special HTTP messages. An attacker can use this vulnerability to cause the target to deny service