VARIoT IoT vulnerabilities database

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not sanitize the input parameters in specific GET requests. This could allow an authenticated remote attacker to execute arbitrary code with root privileges. Siemens SENTRON 7KT PAC1260 Data Manager is a device used for power monitoring and energy consumption management by Siemens, Germany

Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.90.7 allows local attackers to write arbitrary files with the privilege of Galaxy Store.

Improper access control in Galaxy Watch prior to SMR Apr-2025 Release 1 allows local attackers to access sensitive information of Galaxy watch. Samsung Galaxy Watch is a smartwatch that provides multiple features, including fitness tracking, notifications, and mobile payments. The vulnerability is due to improper access control. Attackers can exploit this vulnerability to obtain sensitive information

A vulnerability was found in Tenda AC7 15.03.06.44. It has been rated as critical. Affected by this issue is the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument pptp_server_start_ip/pptp_server_end_ip leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. of AC7 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability was found in Tenda AC1206 15.03.06.23. It has been classified as critical. Affected is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid/timeZone leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. of ac1206 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. AC1206 is a high-performance wireless router designed for broadband users of 200M and above. The vulnerability is caused by the form_fast_setting_wifi_set function of the /goform/fast_setting_wifi_set file not performing a valid boundary check on the input of the ssid or timeZone parameters, resulting in a buffer overflow. No detailed vulnerability details are currently provided

HPE (China) Co., Ltd. is a company mainly engaged in the research and development, production and manufacturing of computer hardware, software and its peripherals, and operates related electronic products. HPE OfficeConnect Switch 1820 48G PoE+ (370W) J9984A of HPE (China) Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

ZAVIO F531 and ZAVIO F511W have an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information.

Shenzhen Yichen Technology Co., Ltd. is an all-round company integrating R&D, production and sales, focusing on high-end equipment manufacturing and technology research and development in the network communication industry. Shenzhen Yichen Technology Co., Ltd. JCG router has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Wuxi Xinjie Electric Co., Ltd. is a listed company that focuses on the research and development and application of industrial automation products. Wuxi Xinjie Electric Co., Ltd. Xinjie XS3-26T4 PLC has an industrial control equipment vulnerability, which can be exploited by attackers to cause denial of service.

SP C261SFNw is a color laser multifunction printer launched by Ricoh. Ricoh (China) Investment Co., Ltd. SP C261SFNw has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

DCP-1610W series wireless black and white laser multifunction printer. Brother (China) Commercial Co., Ltd. DCP-1610W series has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

RICOH MP C4504ex is a printer product. RICOH MP C4504ex of Ricoh (China) Investment Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

e-STUDIO2020AC is a printer. Toshiba e-STUDIO2020AC has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

TP-LINK TL-WR841ND is a wireless router from TP-LINK of China. TP-LINK TL-WR841ND has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

AC6 is an 11ac dual-band wireless router designed for 100M fiber homes. AC6 of Shenzhen Jixiang Tengda Technology Co., Ltd. has a binary vulnerability that can be exploited by attackers to cause a denial of service.

A vulnerability, which was classified as critical, has been found in Tenda RX3 16.03.13.11. This issue affects the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of RX3 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Attackers can exploit this vulnerability to cause a denial of service or execute arbitrary code

A vulnerability classified as critical was found in TOTOLINK A6000R 1.0.1-B20201211.2000. Affected by this vulnerability is the function apcli_cancel_wps of the file /usr/lib/lua/luci/controller/mtkwifi.lua. The manipulation leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of a6000r The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A6000R is a wireless router with excellent performance. No detailed vulnerability details are currently provided

A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects some unknown processing of the file /goform/wrlwpsset. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. of FH1202 There are unspecified vulnerabilities in the firmware.Information may be tampered with. Attackers can use this vulnerability to launch remote attacks to gain access rights

A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been declared as critical. This vulnerability affects unknown code of the file /goform/VirSerDMZ of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. of FH1202 There are unspecified vulnerabilities in the firmware.Information may be tampered with. No detailed vulnerability details are currently available

A vulnerability classified as problematic was found in Tenda W18E 16.01.0.11. Affected by this vulnerability is the function formSetAccountList of the file /goform/setModules. The manipulation of the argument Password leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of w18e An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Attackers can exploit this vulnerability to cause the program to crash