VARIoT IoT vulnerabilities database

AC11 is a dual-band wireless router developed by Shenzhen Jixiang Tengda Technology Co., Ltd., which is specially designed for large-scale households and is suitable for use in 200M and above fiber optic homes. Tenda AC11 has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service.

D-Link DIR-615 is a wireless router made by D-Link in Taiwan. D-Link DIR-615 has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Thycotic Password Reset Server before 5.3.0 allows credential disclosure. Attackers can use vulnerabilities to disclose credentials

RM1800-35(V3) is a router product launched by Maipu Communication Technology Co., Ltd. Maipu Communication Technology Co., Ltd. RM1800-35 (V3) has a weak password vulnerability. Attackers can use the vulnerability to obtain sensitive information.

** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet. ** Not supported ** This is a vulnerability in an unsupported product. PowerLogic EGX100 and PowerLogic EGX300 Is vulnerable to input validation.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Information Exposure vulnerability in Samsung Notes prior to version 4.2.04.27 allows attacker to access s pen latency information. Samsung Notes There is a vulnerability in the insecure storage of important information.Information may be obtained

A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service via a specially crafted HTTP packet. ** Not supported ** This is a vulnerability in an unsupported product. PowerLogic EGX100 and PowerLogic EGX300 Is vulnerable to input validation.Denial of service (DoS) It may be put into a state. Schneider Electric PowerLogic is an industrial control equipment of French Schneider Electric (Schneider Electric). Provide improved power factor to improve power quality, eliminate power failures, thereby protecting the network, devices and operators. Schneider Electric PowerLogic EGX100 and EGX100 have an input validation error vulnerability

Information Exposure vulnerability in SmartThings prior to version 1.7.64.21 allows attacker to access user information via log. SmartThings There is a vulnerability in the insecure storage of important information.Information may be obtained

Improper authentication vulnerability in Tizen bluetooth-frwk prior to Firmware update JUN-2021 Release allows bluetooth attacker to take over the user's bluetooth device without user awareness. Tizen bluetooth-frwk Contains an authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

An improper input validation vulnerability in sflacfd_get_frm() in libsflacextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. Android Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Samsung libsapeextractor library is a component of Samsung mobile devices. Samsung libsapeextractor library has an input validation error vulnerability

An improper input validation vulnerability in sdfffd_parse_chunk_FVER() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. Android Contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Samsung libsdffextractor library is a component of Samsung mobile devices. Samsung libsdffextractor library has an input validation error vulnerability

An improper input validation vulnerability in sdfffd_parse_chunk_PROP() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. Android Contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Samsung libsdffextractor library is a component of Samsung mobile devices. Samsung libsdffextractor library has an input validation error vulnerability

An improper input validation vulnerability in sdfffd_parse_chunk_PROP() with Sample Rate Chunk in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. Android Is vulnerable to input validation.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Samsung libsdffextractor library is a component of Samsung mobile devices. Samsung libsdffextractor library has an input validation error vulnerability

An improper input validation vulnerability in scmn_mfal_read() in libsapeextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. Android Contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Samsung libsapeextractor library is a component of Samsung mobile devices. Samsung libsapeextractor library has an input validation error vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the HNAP_AUTH HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12065. D-Link DAP-1330 A classic buffer overflow vulnerability exists in the router. Zero Day Initiative To this vulnerability ZDI-CAN-12065 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-Link DAP-1330 is a WIFI device of China Taiwan D-Link (D-Link) company's network equipment

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the Cookie HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12028. D-Link DAP-1330 A stack-based buffer overflow vulnerability exists in the router. Zero Day Initiative To this vulnerability ZDI-CAN-12028 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-Link DAP-1330 is a WIFI device of China Taiwan D-Link (D-Link) company's network equipment

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12029. D-Link DAP-1330 A stack-based buffer overflow vulnerability exists in the router. Zero Day Initiative To this vulnerability ZDI-CAN-12029 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-Link DAP-1330 is a WIFI device of China Taiwan D-Link (D-Link) company's network equipment

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12066. D-Link DAP-1330 A classic buffer overflow vulnerability exists in the router. Zero Day Initiative To this vulnerability ZDI-CAN-12066 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-Link DAP-1330 is a WIFI device of China Taiwan D-Link (D-Link) company's network equipment

Prolink Technology Co., Ltd. is the world's leading supplier of network communication equipment. The Archer-C9 router has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.

Prolink Technology Co., Ltd. is the world's leading supplier of network communication equipment. The TL-WR843ND router has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.