VARIoT IoT vulnerabilities database

A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This issue affects some unknown processing of the file /boafrm/formStats of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of ex1200t Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China's TOTOLINK Electronics. An attacker can exploit this vulnerability to launch an attack remotely, causing a buffer overflow

A vulnerability classified as critical was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This vulnerability affects unknown code of the file /boafrm/formSaveConfig of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of ex1200t The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a wireless router from TOTOLINK that provides convenient network connection and management functions. An attacker can exploit this vulnerability to remotely execute arbitrary code

A vulnerability classified as critical has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This affects an unknown part of the file /boafrm/formWirelessTbl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of ex1200t The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a wireless router provided by TOTOLINK. An attacker can use this vulnerability to remotely send malicious HTTP POST requests, causing a buffer overflow, thereby achieving a denial of service attack or executing arbitrary code

A vulnerability, which was classified as critical, has been found in D-Link DIR-632 FW103B08. Affected by this issue is the function get_pure_content of the component HTTP POST Request Handler. The manipulation of the argument Content-Length leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-632 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-632 is a router from D-Link of China. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

A vulnerability was found in D-Link DIR-619L 2.06B01 and classified as critical. Affected by this issue is the function form_macfilter. The manipulation of the argument mac_hostname_%d/sched_name_%d leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-619L The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-619L is a wireless router from D-Link of China. The vulnerability is caused by the form_macfilter method failing to properly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

A vulnerability has been found in D-Link DIR-619L 2.06B01 and classified as critical. Affected by this vulnerability is the function form_portforwarding of the file /goform/form_portforwarding. The manipulation of the argument ingress_name_%d/sched_name_%d/name_%d leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-619L The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DIR-619L is a wireless router designed for home and small office environments. It implements the IEEE 802.11n wireless standard and offers a maximum transmission rate of 300Mbps. This vulnerability occurs because the form_portforwarding method in the file /goform/form_portforwarding fails to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability, which was classified as critical, was found in Tenda FH1203 2.0.1.6. Affected is the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of fh1203 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the parameter lanMask of the fromadvsetlanip function in the file /goform/AdvSetLanip failing to correctly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

A vulnerability, which was classified as critical, has been found in Tenda FH1205 2.0.0.7. This issue affects the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of fh1205 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. tenda FH1205 is a dual-band wireless router for home users, with high cost performance and stable network performance. Attackers can use this vulnerability to trigger a buffer overflow by manipulating the parameter lanMask

A vulnerability classified as critical was found in Tenda FH1205 2.0.0.7(775). This vulnerability affects the function fromVirtualSer of the file /goform/VirtualSer. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of fh1205 The firmware contains a buffer error vulnerability, a stack-based buffer overflow vulnerability, and an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the fact that the parameter page of the VirtualSer function in the file /goform/VirtualSer fails to correctly verify the length of the input data. A remote attacker can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

A vulnerability classified as critical has been found in Tenda FH1201 1.2.0.14(408). This affects an unknown part of the file /goform/SafeMacFilter. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of fh1201 The firmware contains a buffer error vulnerability, a stack-based buffer overflow vulnerability, and an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the page parameter of the /goform/SafeMacFilter file failing to properly verify the length of the input data. A remote attacker can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

Xerox Altalink C8245 is a multi-function laser printer with high-speed printing, copying and scanning functions, suitable for small and medium-sized enterprises or office environments. Fujifilm Business Innovation (China) Co., Ltd. Xerox Altalink C8245 has a denial of service vulnerability, and attackers can exploit the vulnerability to cause printer service interruption.

DIR-823X (AX3000) is a dual-band wireless router that supports the WiFi 6 standard and has a dual-band concurrent rate of up to 3000Mbps. DIR-823X (AX3000) of D-Link Electronics (Shanghai) Co., Ltd. has a command execution vulnerability that can be exploited by attackers to execute commands.

DIR-823X (AX3000) is a dual-band wireless router that supports the WiFi 6 standard and has a dual-band concurrent rate of up to 3000Mbps. DIR-823X (AX3000) of D-Link Electronics (Shanghai) Co., Ltd. has a command execution vulnerability that can be exploited by attackers to execute commands.

RG-EW1200G is a home wireless router suitable for use in flat homes, villas, small shops and SOHO offices. RG-EW1200G of Beijing Xingwang Ruijie Network Technology Co., Ltd. has a command execution vulnerability, which can be exploited by attackers to obtain server permissions.

LOYTEC LINX-202 is a building automation server, mainly used in building automation systems. Delta Electronics (Dongguan) Co., Ltd. LOYTEC LINX-202 has a weak password vulnerability, which can be exploited by attackers to log in to the system and obtain sensitive information.

Xerox Altalink B415 is a multi-function laser printer with printing, copying, scanning and faxing functions. Fujifilm Business Innovation (China) Co., Ltd. Xerox Altalink B415 has a denial of service vulnerability, and attackers can exploit the vulnerability to cause printer service interruption.

e-STUDIO3008A is an A3-sized black-and-white digital multifunction machine with printing, copying and scanning functions. Toshiba (China) Co., Ltd. Shanghai Branch e-STUDIO3008A has a weak password vulnerability, which can be exploited by attackers to log in to the system and obtain sensitive information.

H3C Magic NX15000 10G Wi-Fi 6 Router is a high-end router for users and groups who pursue full-house coverage and high-quality networks. H3C Magic NX15000 10G Wi-Fi 6 Router of H3C Technologies Co., Ltd. has an information leakage vulnerability, which can be exploited by attackers to obtain sensitive information.

The DIOT SCADA with MQTT plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'diot' shortcode in all versions up to, and including, 1.0.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress plugin is an application plugin. The WordPress DIOT SCADA with MQTT plugin has a cross-site scripting vulnerability. The vulnerability is caused by the lack of effective filtering and escaping of user-supplied data in the application

In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege. Tenable Agent is a vulnerability scanner developed by the US company Tenable. Detailed vulnerability details are not available at this time