VARIoT IoT vulnerabilities database

An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300 rev B and DIR-600 (firmware ≤ 2.13 and ≤ 2.14b01, respectively)—due to improper input handling in the unauthenticated command.php endpoint. By sending specially crafted POST requests, a remote attacker can execute arbitrary shell commands with root privileges, allowing full takeover of the device. This includes launching services such as Telnet, exfiltrating credentials, modifying system configuration, and disrupting availability. The flaw stems from the lack of authentication and inadequate sanitation of the cmd parameter. D-Link Corporation of DIR-300 firmware and DIR-600 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the yyxz_dlink_asp function via the id parameter. D-Link Systems, Inc. of di-8200 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The D-Link DI_8200 is a D-Link router designed for small and medium-sized network environments. It supports multi-line bandwidth aggregation, PPPoE authentication and billing, and intelligent flow control. This vulnerability stems from the yyxz_dlink_asp function failing to properly validate the length of input data. An attacker could exploit this vulnerability to cause a denial of service

D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_net_asp function via the remot_ip parameter. D-Link Systems, Inc. of di-8200 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The D-Link DI_8200 is a D-Link router designed for small and medium-sized network environments. It supports multi-line bandwidth aggregation, PPPoE authentication and billing, and intelligent flow control. This vulnerability stems from the ipsec_net_asp function failing to properly validate the length of input data. An attacker could exploit this vulnerability to cause a denial of service

D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_road_asp function via the host_ip parameter. D-Link Systems, Inc. of di-8200 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The D-Link DI_8200 is a D-Link router designed for small and medium-sized network environments. It supports multi-channel bandwidth aggregation, PPPoE authentication and billing, and intelligent flow control. This vulnerability stems from the ipsec_road_asp function failing to properly validate the length of input data. An attacker could exploit this vulnerability to cause a denial of service

A stack-based buffer overflow vulnerability exists in D-Link DIR-605L Wireless N300 Cloud Router firmware versions 1.12 and 1.13 via the getAuthCode() function. The flaw arises from unsafe usage of sprintf() when processing user-supplied CAPTCHA data via the FILECODE parameter in /goform/formLogin. A remote unauthenticated attacker can exploit this to execute arbitrary code with root privileges on the device. (DoS) It may be in a state. The D-Link DIR-605L is D-Link's first cloud router, designed for home and small office networks

The Dell 2350dn is a monochrome laser printer. A vulnerability exists in the Dell 2350dn printer from Dell (China) Co., Ltd. that could allow an attacker to obtain sensitive information.

The BL-AC2100 is a Wi-Fi 6 wireless router. Shenzhen Bilian Electronics Co., Ltd.'s BL-AC2100 has a binary vulnerability that could allow an attacker to gain server privileges.

The Honeywell PD43 is an industrial-grade label printer. The Honeywell PD43, manufactured by Honeywell (China) Co., Ltd., has a weak password vulnerability that could allow attackers to obtain sensitive information.

The D-Link DI-500WF is a panel-mounted wireless access point. The D-Link DI-500WF, manufactured by D-Link Electronics (Shanghai) Co., Ltd., contains a binary vulnerability that could allow an attacker to execute arbitrary commands.

An issue was discovered in Couchbase Sync Gateway before 3.2.6. In sgcollect_info_options.log and sync_gateway.log, there are cleartext passwords in redacted and unredacted output. Couchbase, Inc. of Sync Gateway Contains a vulnerability in the transmission of important information in clear text.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/Wan6to4TunnelCfgRpm.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service (DoS) condition. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer. TP-LINK Technologies of TL-WR841N A buffer error vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state

A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WzdWlanSiteSurveyRpm_AP.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service (DoS) condition. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer. TP-LINK Technologies of TL-WR841N A buffer error vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state

A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WlanNetworkRpm_APC.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service (DoS) condition. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer. TP-LINK Technologies of TL-WR841N The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state

A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WlanNetworkRpm_AP.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service (DoS) condition.  The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer. TP-LINK Technologies of TL-WR841N The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state

A vulnerability has been found in TP-Link TL-WR841N v11, TL-WR842ND v2 and TL-WR494N v3. The vulnerability exists in the /userRpm/WlanNetworkRpm.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service (DoS) condition. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer. TP-LINK Technologies of TL-WR841N The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state

Totolink X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in the sub_4184C0 function via the tz parameter. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request. TOTOLINK of x6000r Firmware contains a command injection vulnerability.Information may be obtained and information may be tampered with. The TOTOLINK X6000R, a wireless router released by China's TOTOLINK Electronics, supports WiFi 6 technology, offering high concurrent connections and dual-band transmission capabilities. Detailed vulnerability details are currently unavailable

Shenzhen Jixiang Tengda Technology Co., Ltd. (Tenda) is a high-tech enterprise specializing in the research and development, production, sales, and service of network communication equipment. A denial of service vulnerability exists in the Tenda HG10, a device manufactured by Shenzhen Jixiang Tengda Technology Co., Ltd., that could be exploited by an attacker to cause a denial of service.

Vicon Industries specializes in the development and production of security and surveillance solutions. A weak password vulnerability exists in Vicon Industries' IQinVision software, allowing attackers to obtain sensitive information.

The D-Link DI-500WF is a panel-mounted wireless access point. The D-Link DI-500WF, manufactured by D-Link Electronics (Shanghai) Co., Ltd., has a command execution vulnerability that could allow an attacker to execute arbitrary commands.

Shenzhen Jixiang Tengda Technology Co., Ltd. (Tenda) is a high-tech enterprise specializing in the research and development, production, sales, and service of network communication equipment. Shenzhen Jixiang Tenda Technology Co., Ltd.'s HG7, HG9, HG10, and HG10C devices contain a command execution vulnerability that could allow an attacker to execute arbitrary commands.