VARIoT IoT vulnerabilities database

Hardcoded credentials in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to gain root access to the device over the telnet service. Shenzhen Tenda Technology Co.,Ltd. of w18e A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda W18E has a trust management vulnerability, which is caused by the existence of hard-coded credentials. No detailed vulnerability details are currently available

A stack overflow vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an authenticated remote attacker to cause a denial of service or potentially execute arbitrary code. This vulnerability occurs due to improper input validation when handling user-supplied data in the delFacebookPic function. Shenzhen Tenda Technology Co.,Ltd. of w18e A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. There is a buffer overflow vulnerability in the Tenda W18E 16.01.0.8 (1625) version

Tenda W18E V16.01.0.8(1625) suffers from authentication bypass in the web management portal allowing an unauthorized remote attacker to gain administrative access by sending a specially crafted HTTP request. Shenzhen Tenda Technology Co.,Ltd. of w18e An authentication vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda W18E 16.01.0.8(1625) version has an authorization issue vulnerability. The vulnerability is caused by improper authentication of the device

A default credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using the default rzadmin account with administrative privileges. Shenzhen Tenda Technology Co.,Ltd. of w18e A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. An attacker can send a specially crafted HTTP POST request to the setQuickCfgWifiAndLogin function, which allows unauthorized changes to WiFi configuration settings and administrative credentials. Shenzhen Tenda Technology Co.,Ltd. of w18e Firmware contains an access control vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Tenda W18E V16.01.0.8(1625) is vulnerable to Buffer Overflow. An attacker with access to the web management portal can exploit this vulnerability by sending specially crafted data to the delWewifiPic function. Shenzhen Tenda Technology Co.,Ltd. of w18e Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda W18E has a buffer overflow vulnerability, which is caused by the delWewifiPic function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. Unauthorized password change via the web management portal allows an unauthenticated remote attacker to change the administrator password by sending a specially crafted HTTP POST request to the setLoginPassword function, bypassing the authentication mechanism. Shenzhen Tenda Technology Co.,Ltd

A hardcoded credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using a default guest account with administrative privileges. Shenzhen Tenda Technology Co.,Ltd. of w18e A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

HP China Ltd. is an enterprise mainly engaged in scientific research and technical services. HP China Ltd. HP officeJet Pro 9010 has an information leakage vulnerability, which can be exploited by attackers to obtain sensitive information.

Shenzhen Jixiang Tenda Technology Co., Ltd. (Tenda) is a high-tech enterprise specializing in the research and development, production, sales and service of network communication equipment. Shenzhen Jixiang Tenda Technology Co., Ltd. Tenda router AC8v4 has a binary vulnerability that can be exploited by attackers to cause denial of service.

TEW-639GR is a wireless router. Beijing Trendwell Network Technology Co., Ltd. TEW-639GR has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.

Netis Technology Co., Ltd. is a high-tech enterprise focusing on the research, development, production and sales of data communication network equipment. Netis Technology Co., Ltd.'s Netis WF2210 router has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.

Netis Technology Co., Ltd. is a high-tech enterprise focusing on the research, development, production and sales of data communication network equipment. Netis Technology Co., Ltd.'s Netis WF2411 router has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

Hangzhou Hikvision Digital Technology Co., Ltd. (Hikvision) is a technology company focusing on technological innovation and intelligent IoT. Hangzhou Hikvision Digital Technology Co., Ltd. HIK-WiFi has an information leakage vulnerability, which can be exploited by attackers to obtain sensitive information.

Netis Technology Co., Ltd. is a high-tech enterprise focusing on the research, development, production and sales of data communication network equipment. Netis Technology Co., Ltd.'s Netis WF2411 router has a binary vulnerability that can be exploited by attackers to cause a denial of service.

Mitsubishi Electric Automation (China) Co., Ltd. is a company mainly engaged in loading, unloading, handling and warehousing. Mitsubishi Electric Automation (China) Co., Ltd. PLC FX5U-64MR/ES has a denial of service vulnerability, which can be exploited by attackers to cause denial of service.

Shenzhen Jixiang Tengda Technology Co., Ltd. is a high-tech enterprise specializing in the research and development, production, sales and service of network communication equipment. Shenzhen Jixiang Tengda Technology Co., Ltd. Tenda AC10 router has a binary vulnerability that can be exploited by attackers to cause denial of service.

A vulnerability has been found in D-Link DHP-W310AV 1.04 and classified as critical. This vulnerability affects unknown code. The manipulation leads to authentication bypass by spoofing. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of dhp-w310av The firmware contains vulnerabilities related to authentication and vulnerabilities related to authentication evasion through spoofing.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DHP-W310AV is a popular router device

A vulnerability, which was classified as problematic, was found in D-Link DIR-823X 240126/240802. This affects the function set_wifi_blacklists of the file /goform/set_wifi_blacklists of the component HTTP POST Request Handler. The manipulation of the argument macList leads to null pointer dereference. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of DIR-823X The firmware has NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. D-Link DIR-823X is a wireless router of D-Link, a Chinese company. No detailed vulnerability details are currently provided

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. Delta Electronics CNCSoft-G2 is a human-machine interface (HMI) software from Delta Electronics, a Chinese company