VARIoT IoT vulnerabilities database

Linksys E8450 v1.2.00.360516 was discovered to contain a command injection vulnerability via wizard_status. (DoS) It may be in a state. Linksys E8450 is a router from Linksys, an American company. Attackers can exploit this vulnerability to cause arbitrary command execution

TOTOLINK A810R V4.1.2cu.5032_B20200407 was found to contain a command insertion vulnerability in downloadFile.cgi main function. This vulnerability allows an attacker to execute arbitrary commands by sending HTTP request. TOTOLINK of A810R Firmware contains a command injection vulnerability.Information may be obtained and information may be tampered with. TOTOLink A810R is a wireless dual-band router from China's TotoLink company

A vulnerability classified as critical has been found in Tenda AC15 15.13.07.13. This affects the function formSetDevNetName of the file /goform/SetDevNetName. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC15 The firmware contains a buffer error vulnerability, a stack-based buffer overflow vulnerability, and an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC15 has a buffer overflow vulnerability, which is caused by the parameter mac of the file /goform/SetDevNetName failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability, which was classified as critical, has been found in Tenda AC8, AC10 and AC18 16.03.10.20. Affected by this issue is some unknown functionality of the file /goform/telnet of the component HTTP Request Handler. The manipulation leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC8 firmware, AC10 firmware, AC18 The firmware has injection vulnerabilities, command injection vulnerabilities, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the file /goform/telnet failing to properly filter special characters and commands in the constructed command. Attackers can exploit this vulnerability to cause arbitrary command execution

TEW-635BRM is a network security firewall. TEW-635BRM of Beijing Trendwell Network Technology Co., Ltd. has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.

Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability. Affected by this vulnerability is the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime leads to stack-based buffer overflow. Shenzhen Tenda Technology Co.,Ltd. of AC8 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability. Affected by this vulnerability is the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedEndTime leads to stack-based buffer overflow. Shenzhen Tenda Technology Co.,Ltd. of AC8 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. No detailed vulnerability details are currently provided

Incorrect access control in Tenda AC1200 Smart Dual-Band WiFi Router Model AC6 v2.0 Firmware v15.03.06.50 allows attackers to bypass authentication via a crafted web request. Shenzhen Tenda Technology Co.,Ltd. of AC6 A lack of authentication vulnerability exists in the firmware.Information may be obtained and information may be tampered with. Tenda AC1200 has an access control error vulnerability, which is caused by incorrect access control. No detailed vulnerability details are currently provided

Tenda AC18 V15.03.05.19 was discovered to contain a command injection vulnerability via the usbName parameter in the formSetSambaConf function. Shenzhen Tenda Technology Co.,Ltd. of AC18 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. An attacker can exploit this vulnerability to cause arbitrary command execution

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the startIP parameter in the formSetPPTPServer function. Shenzhen Tenda Technology Co.,Ltd. of AC18 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC18 has a buffer overflow vulnerability. The vulnerability is caused by the startIP parameter of the formSetPPTPServer function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function. Shenzhen Tenda Technology Co.,Ltd. of AC18 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC18 has a buffer overflow vulnerability. The vulnerability is caused by the firewallEn parameter of the formSetFirewallCfg function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function. Shenzhen Tenda Technology Co.,Ltd. of AC18 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC18 has a buffer overflow vulnerability. The vulnerability is caused by the devName parameter of the formSetDeviceName function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the limitSpeedUp parameter in the formSetClientState function. Shenzhen Tenda Technology Co.,Ltd. of AC18 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC18 has a buffer overflow vulnerability. The vulnerability is caused by the limitSpeedUp parameter of the formSetClientState function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the funcpara1 parameter in the formSetCfm function. Shenzhen Tenda Technology Co.,Ltd. of AC18 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. There is a buffer overflow vulnerability in the Tenda AC18 15.03.05.19 version. The vulnerability is caused by the fact that the funcpara1 parameter of the formSetCfm function fails to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code or cause a denial of service

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function. Shenzhen Tenda Technology Co.,Ltd. of AC18 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda AC18 has a buffer overflow vulnerability. The vulnerability is caused by the speed_dir parameter of the formSetSpeedWan function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function. Shenzhen Tenda Technology Co.,Ltd. of AC18 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC18 has a buffer overflow vulnerability. The vulnerability is caused by the ssid parameter of the form_fast_setting_wifi_set function failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

An access control issue in the component formDMZ.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the DMZ service of the device via a crafted POST request. D-Link Systems, Inc. of DIR-816 A firmware vulnerability related to improper default permissions exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-816A2 is a router from D-Link, a Chinese company. D-Link DIR-816A2 has an access control error vulnerability, which is caused by improper access control of the formDMZ.cgi component

An access control issue in the component websURLFilterAddDel of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the filter settings of the device via a crafted POST request. D-Link Systems, Inc. of DIR-816 An incorrect authentication vulnerability exists in firmware.Information may be obtained. D-Link DIR-816A2 is a router from D-Link, a Chinese company. D-Link DIR-816A2 has an access control error vulnerability, which is caused by improper access control of the websURLFilterAddDel component

An information disclosure vulnerability in the component d_status.asp of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to access sensitive information via a crafted POST request. D-Link Systems, Inc. of DIR-816 A lack of authentication vulnerability exists in the firmware.Information may be obtained. D-Link DIR-816A2 is a router from D-Link, a Chinese company. D-Link DIR-816A2 has an information leakage vulnerability

An access control issue in the component form2alg.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the agl service of the device via a crafted POST request. D-Link Systems, Inc. of DIR-816 An incorrect authentication vulnerability exists in firmware.Information may be obtained. D-Link DIR-816A2 is a router from D-Link, a Chinese company. D-Link DIR-816A2 has an access control error vulnerability, which is caused by improper access control of the form2alg.cgi component