VARIoT IoT vulnerabilities database

HP Color LaserJet Pro MFP M479fdw is a wireless color laser printer. HP Color LaserJet Pro MFP M479fdw of HP Trading (Shanghai) Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

CL4NX-Jplus is a smart barcode printer. SATO CL4NX-JPlus has a weak password vulnerability that can be exploited by attackers to obtain sensitive information.

A buffer overflow vulnerability has been discovered in Tenda Ac15 V15.13.07.13. The vulnerability occurs when the webCgiGetUploadFile function calls the socketRead function to process HTTP request messages, resulting in the overwriting of a buffer on the stack. Shenzhen Tenda Technology Co.,Ltd. of AC15 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

An issue in TOTOLINK x18 v.9.1.0cu.2024_B20220329 allows a remote attacker to execute arbitrary code via the sub_410E54 function of the cstecgi.cgi. TOTOLINK of x18 A code injection vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK X18 is a Gigabit router from China's Jiong Electronics Company. TOTOLINK X18 has a code execution vulnerability. The vulnerability originates from sub_410E54 of cstecgi.cgi, and attackers can exploit the vulnerability to execute arbitrary commands

A vulnerability, which was classified as problematic, has been found in Tenda AC23 16.03.07.52. This issue affects some unknown processing of the file /goform/VerAPIMant of the component API Interface. The manipulation of the argument getuid leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of ac23 A vulnerability exists in firmware related to improper shutdown and release of resources.Service operation interruption (DoS) It may be in a state. AC23 is a wireless router that provides high-speed wireless network connection. The vulnerability is caused by the improper processing of getuid parameters by the /goform/VerAPIMant component. An attacker can use this vulnerability to send specially crafted requests to cause a denial of service

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could exploit this vulnerability to execute arbitrary commands with root privileges. Dell PowerProtect Data Domain is a data protection storage device launched by Dell Technologies. It is built on the Data Domain platform and is designed to build a network resilience foundation and achieve rapid data recovery. The vulnerability is caused by insufficient access control granularity

A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function ShutdownSetAdd of the file /goform/ShutdownSetAdd. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC10 The firmware contains a buffer error vulnerability, a stack-based buffer overflow vulnerability, and an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC10 is a home wireless router that provides wireless network connection and management functions. The vulnerability stems from the improper processing of the list parameter by the ShutdownSetAdd function in the /goform/ShutdownSetAdd file. An attacker can exploit this vulnerability to launch a remote attack, achieve a stack overflow, and then execute arbitrary code

AC8 is a dual-band 3G wireless router suitable for fiber-optic homes within 1000M, supporting Gigabit ports, intelligent frequency selection, parental control and other functions. Shenzhen Jixiang Tengda Technology Co., Ltd. AC8 router has a binary vulnerability that can be exploited by attackers to cause a denial of service.

HP LaserJet MFP M132nw is a multifunctional black and white laser printer. HP LaserJet MFP M132nw of HP Trading (Shanghai) Co., Ltd. has a command execution vulnerability, which can be exploited by attackers to execute arbitrary printer commands.

Schneider M340 is a high-performance mid-range PLC platform launched by Schneider Electric. Schneider M340 of Schneider Electric (China) Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Maipu Communication Technology Co., Ltd. is a leading provider of network products and solutions in China. Maipu Multi-Service Fusion Gateway of Maipu Communication Technology Co., Ltd. has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

ZTE Corporation is a leading global provider of integrated communications solutions. ZTE Corporation's ZTE-IAD voice gateway has a weak password vulnerability that can be exploited by attackers to obtain sensitive information.

D-LINK DI-8100 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_net_asp function via the remot_ip parameter. D-Link Systems, Inc. of di-8100 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DI-8100 is a wireless broadband router designed for small and medium-sized network environments by China's D-Link Corporation. The vulnerability is caused by the remot_ip parameter in the ipsec_net_asp function failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

D-LINK DI-8100 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_road_asp function via the host_ip parameter. D-Link Systems, Inc. of di-8100 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DI-8100 is a wireless broadband router designed for small and medium-sized network environments by D-Link, a Chinese company. The vulnerability is caused by the host_ip parameter in the ipsec_road_asp function failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Canon is a Japanese company dedicated to imaging, optics and office automation products, including cameras, camcorders, copiers, fax machines, image scanners and printers. Canon vb-c60 camera has a remote control backdoor vulnerability, allowing attackers to send a get request with specific parameters to image.cgi without identity authentication, and then control the camera up and down, left and right, and adjust the focus.

Netgear Inc WNR854T 1.5.2 (North America) contains a stack-based buffer overflow vulnerability in the parse_st_header function due to use of a request header parameter in a strncpy where size is determined based on the input specified. By sending a specially crafted packet, an attacker can take control of the program counter and hijack control flow of the program to execute arbitrary system commands. of netgear WNR854T A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR WNR854T is a wireless router from NETGEAR. NETGEAR WNR854T 1.5.2 version has a buffer overflow vulnerability. The vulnerability is caused by the parse_st_header function failing to correctly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Netgear WNR854T 1.5.2 (North America) contains a stack-based buffer overflow vulnerability in the SetDefaultConnectionService function due to an unconstrained use of sscanf. The vulnerability allows for control of the program counter and can be utilized to achieve arbitrary code execution. (DoS) It may be in a state. NETGEAR WNR854T is a wireless router from NETGEAR. The vulnerability is caused by the SetDefaultConnectionService function failing to properly verify the length of the input data

In Netgear WNR854T 1.5.2 (North America), the UPNP service is vulnerable to command injection in the function addmap_exec which parses the NewInternalClient parameter of the AddPortMapping SOAPAction into a system call without sanitation. An attacker can send a specially crafted SOAPAction request for AddPortMapping via the router's WANIPConn1 service to achieve arbitrary command execution. of netgear WNR854T A code injection vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR WNR854T is a wireless router from NETGEAR. NETGEAR WNR854T 1.5.2 version has a command execution vulnerability, which is caused by the addmap_exec function failing to properly filter special characters and commands in constructing commands

Netgear WNR854T 1.5.2 (North America) is vulnerable to Arbitrary command execution in cmd.cgi which allows for the execution of system commands via the web interface. of netgear WNR854T A code injection vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR WNR854T is a wireless router from NETGEAR. NETGEAR WNR854T 1.5.2 version has a command execution vulnerability, which is caused by the cmd.cgi file failing to properly filter special characters and commands in constructing commands

Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter get_email. After which, they can visit the send_log.cgi endpoint which uses the parameter in a system call to achieve command execution. of netgear WNR854T A code injection vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR WNR854T is a wireless router from NETGEAR. The vulnerability is caused by the failure of the nvram parameter of the get_email function in the post.cgi file to properly filter special characters and commands in the constructed command. Attackers can exploit this vulnerability to cause arbitrary command execution