VARIoT IoT vulnerabilities database

‌MOBOTIX Q22 is a 360-degree panoramic network camera. ‌MOBOTIX Q22 is a 360-degree panoramic network camera. MOBOTIX Q22 has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information.

AC8 is a dual-band three-gigabit wireless router suitable for fiber-optic homes within 1000 megabits, supporting gigabit ports, intelligent frequency selection, parental control and other functions. AC8 of Shenzhen Jixiang Tengda Technology Co., Ltd. has a binary vulnerability that can be exploited by attackers to cause a denial of service.

MOBOTIX M1 is a camera. MOBOTIX M1 has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information.

MOBOTIX P25 is a high-performance smart network camera. MOBOTIX P25 has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information.

Fuhong Technology Co., Ltd. was established in 1991. It has always been committed to the development and manufacture of image monitoring systems with professional R&D and perfect sales services as its core orientation. Its product systems include environmental monitoring and mobile monitoring, and it achieves comprehensive security protection with the vision of system integration and solutions. Fuhong Technology Co., Ltd. IP Network Camera has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

BL-LTE300 is a home router. Shenzhen Bilian Electronics Co., Ltd. BL-LTE300 has a binary vulnerability that can be exploited by attackers to cause a denial of service.

A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644) and classified as critical. Affected by this issue is the function cgiSysUplinkCheckSet of the file /bin/httpd. The manipulation of the argument hostIp1/hostIp2 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of W12 firmware and i24 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by improper handling of cgiSysUplinkCheckSet. Attackers can exploit this vulnerability to execute arbitrary code

A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). It has been rated as critical. This issue affects the function cgiSysScheduleRebootSet of the file /bin/httpd. The manipulation of the argument rebootDate leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of W12 firmware and i24 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Attackers can exploit this vulnerability to execute code and control the affected device

A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). It has been declared as critical. This vulnerability affects the function cgiPingSet of the file /bin/httpd. The manipulation of the argument pingIP leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of W12 firmware and i24 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. No detailed vulnerability details are provided at present

Topsec Technology Group Co., Ltd. is a high-tech enterprise focusing on network security and cloud computing solutions. ‌ Topsec Technology Group Co., Ltd.'s Internet behavior management system has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.

TOTOLINK X18 v9.1.0cu.2024_B20220329 has an unauthorized arbitrary command execution in the enable parameter' of the sub_41105C function of cstecgi .cgi. TOTOLINK of x18 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK X18 is a wireless router produced by TOTOLINK, which provides high-speed and stable wireless network connection. Attackers can exploit this vulnerability to execute arbitrary commands

A vulnerability was found in Tenda AC15 up to 15.03.05.19 and classified as critical. This issue affects the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument mac leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC15 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the parameter mac of the function fromSetWirelessRepeat in the file /goform/WifiExtraSet failing to correctly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

A vulnerability has been found in D-Link DWR-M961 1.1.36 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formStaticDHCP of the component Authorization Interface. The manipulation of the argument Hostname leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.1.49 is able to address this issue. It is recommended to upgrade the affected component. D-Link Systems, Inc. of DWR-M961 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DWR-M961 is a router from D-Link, a Chinese company. D-Link DWR-M961 has a buffer overflow vulnerability. The vulnerability is caused by the failure of the parameter Hostname in the file /boafrm/formStaticDHCP to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

An improper authentication control vulnerability exists in AiCloud. This vulnerability can be triggered by a crafted request, potentially leading to unauthorized execution of functions. Refer to the 'ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information. ‌AiCloud is a cloud service launched by ASUS, which aims to provide easy access to data in devices connected to the router, such as USB or PC, and provides functions such as uploading, downloading, online music playback, online document browsing, sharing links to Facebook, and setting Smart Sync cloud synchronization

A stored cross-site scripting (XSS) vulnerability in the upnp.htm page of the web Interface in TP-Link WR841N v14/v14.6/v14.8 <= Build 241230 Rel. 50788n allows remote attackers to inject arbitrary JavaScript code via the port mapping description. This leads to an execution of the JavaScript payload when the upnp page is loaded. TP-LINK Technologies of wr841n Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanMTU2. Shenzhen Tenda Technology Co.,Ltd. of AC10 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. Tenda AC10 is a home wireless router that provides stable and fast network connection. The vulnerability is caused by the fact that the AdvSetMacMtuWan function does not effectively check the input data length when processing the wanMTU2 parameter. No detailed vulnerability details are currently provided

Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanSpeed2. Shenzhen Tenda Technology Co.,Ltd. of AC10 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The vulnerability is caused by the wanSpeed2 parameter in AdvSetMacMtuWan failing to properly verify the length of the input data. Attackers can exploit this vulnerability to cause a denial of service

An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x41dda8. D-Link Systems, Inc. of DIR-823X A code injection vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-832x is a wireless router from D-Link, a Chinese company. D-Link DIR-832x has a code injection vulnerability, which is caused by the function 0x41dda8 failing to properly filter special characters and commands in the constructed command. Attackers can exploit this vulnerability to execute arbitrary commands

An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x417234. D-Link Systems, Inc. of DIR-823X The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-823X is a wireless router from D-Link, a Chinese company. D-Link DIR-832x has a command injection vulnerability, which is caused by the failure of function 0x417234 to properly filter special characters and commands in constructing commands. Attackers can exploit this vulnerability to execute arbitrary commands

An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the macaddr key value to the function 0x42232c. D-Link Systems, Inc. of DIR-823X The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-832x is a wireless router from D-Link of China. D-Link DIR-832x has a command injection vulnerability, which is caused by the failure of the macaddr key value and function 0x42232c to properly filter special characters and commands in constructing commands. Attackers can exploit this vulnerability to execute arbitrary commands