VARIoT IoT vulnerabilities database

Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter wan_hostname and forcing a reboot. This will result in command injection. of netgear WNR854T A code injection vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR WNR854T is a wireless router from NETGEAR. The vulnerability is caused by the failure of the nvram parameter of wan_hostname to properly filter special characters and commands in constructing commands. Attackers can exploit this vulnerability to cause arbitrary command execution

Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter pppoe_peer_mac and forcing a reboot. This will result in command injection. of netgear WNR854T A code injection vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR WNR854T is a wireless router from NETGEAR. The vulnerability is caused by the failure of the nvram parameter of the pppoe_peer_mac function in the post.cgi file to properly filter special characters and commands in the constructed command. Attackers can exploit this vulnerability to cause arbitrary command execution

In Netgear WNR854T 1.5.2 (North America), the UPNP service (/usr/sbin/upnp) is vulnerable to stack-based buffer overflow in the M-SEARCH Host header. of netgear WNR854T Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR WNR854T is a wireless router from NETGEAR. The vulnerability is caused by the UPNP service failing to properly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability was found in Tenda FH1202 1.2.0.14(408) and classified as critical. This issue affects some unknown processing of the file /goform/SysToolDDNS of the component Web Management Interface. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of FH1202 There are unspecified vulnerabilities in the firmware.Information may be tampered with. No detailed vulnerability details are currently available

A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. This vulnerability affects unknown code of the file /goform/SysToolChangePwd of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of FH1202 There are unspecified vulnerabilities in the firmware.Information may be tampered with. No detailed vulnerability details are currently available

A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14(408). This affects an unknown part of the file /goform/qossetting of the component Web Management Interface. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of FH1202 There are unspecified vulnerabilities in the firmware.Information may be tampered with. Attackers can exploit this vulnerability to gain unauthorized access or modification to the affected device

A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). Affected by this issue is some unknown functionality of the file /default.cfg. The manipulation of the argument these leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of FH1202 There are unspecified vulnerabilities in the firmware.Information may be obtained. The vulnerability is caused by improper access control caused by the operation of the parameter 'these' in the file /default.cfg. Attackers can exploit this vulnerability to perform remote attacks

A vulnerability classified as critical was found in Tenda FH1202 1.2.0.14(408). Affected by this vulnerability is an unknown functionality of the file /goform/AdvSetWrlsafeset of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of FH1202 There are unspecified vulnerabilities in the firmware.Information may be tampered with. No detailed vulnerability details are currently available

A vulnerability classified as critical has been found in Tenda FH1202 1.2.0.14(408). Affected is an unknown function of the file /goform/AdvSetWrlmacfilter of the component Web Management Interface. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of FH1202 There are unspecified vulnerabilities in the firmware.Information may be tampered with. No detailed vulnerability details are available at this time

A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects some unknown processing of the file /goform/AdvSetWrlGstset of the component Web Management Interface. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. of FH1202 There are unspecified vulnerabilities in the firmware.Information may be tampered with. No detailed vulnerability details are currently available

A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been declared as critical. This vulnerability affects unknown code of the file /goform/AdvSetWrl of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. of FH1202 There are unspecified vulnerabilities in the firmware.Information may be tampered with. No detailed vulnerability details are currently available

A vulnerability classified as problematic has been found in TRENDnet TEW-637AP and TEW-638APB 1.2.7/1.3.0.106. This affects the function sub_41DED0 of the file /bin/goahead of the component HTTP Request Handler. The manipulation leads to null pointer dereference. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. TRENDnet of TEW-637AP firmware and TEW-638APB The firmware has NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state

A vulnerability was found in TRENDnet TEW-818DRU 1.0.14.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /usr/sbin/httpd of the component HTTP Request Handler. The manipulation leads to denial of service. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. TRENDnet of TEW-818DRU A vulnerability exists in firmware related to improper shutdown and release of resources.Service operation interruption (DoS) It may be in a state

A vulnerability has been found in TOTOLINK A3000RU up to 5.9c.5185 and classified as problematic. This vulnerability affects unknown code of the file /cgi-bin/ExportIbmsConfig.sh of the component IBMS Configuration File Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of A3000RU The firmware contains vulnerabilities related to improper permission settings and access control.Information may be obtained. TOTOLINK A3000RU is a wireless router from China's Jiweng Electronics (TOTOLINK) company. No detailed vulnerability details are currently provided

TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Command Injection in /bin/boa via bandstr. TOTOLINK of A3002R The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3002R is a wireless router from China's TOTOLINK Electronics. TOTOLINK A3002R has a command injection vulnerability, which is caused by the failure of bandstr to properly filter special characters and commands in constructing commands. Attackers can use this vulnerability to execute arbitrary commands

An issue in TOTOLINK A3100R V4.1.2cu.5247_B20211129 allows a remote attacker to execute arbitrary code via the setWebWlanIdx of the file /lib/cste_modules/wireless.so. TOTOLINK of A3100R The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3100R is a series of wireless routers from China's TOTOLINK Electronics. TOTOLINK A3100R has a code execution vulnerability, which is caused by setWebWlanIdx failing to properly filter special characters and commands in constructing commands

Tenda W6_S v1.0.0.4_510 has a Buffer Overflow vulnerability in the set_local_time function, which allows remote attackers to cause web server crash via parameter time passed to the binary through a POST request. Shenzhen Tenda Technology Co.,Ltd. of W6-S Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. Tenda W6_S has a buffer overflow vulnerability

Tenda W6_S v1.0.0.4_510 has a Buffer Overflow vulnerability in the setcfm function, which allows remote attackers to cause web server crash via parameter funcpara1 passed to the binary through a POST request. Shenzhen Tenda Technology Co.,Ltd. of W6-S Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. ‌Tenda W6-S is a 300Mbps wireless panel AP designed for large households such as homes, hotels, and villas. It can provide stable wireless network coverage and low-latency network experience‌‌. Tenda W6-S has a buffer overflow vulnerability. The vulnerability is caused by the setcfm function failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to cause a denial of service

Netgear DC112A V1.0.0.64 has an OS command injection vulnerability in the usb_adv.cgi, which allows remote attackers to execute arbitrary commands via parameter "deviceName" passed to the binary through a POST request. (DoS) It may be in a state. Netgear DC112A is a wireless router

An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiDDoS version 5.4.0, version 5.3.2 and below, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, version 4.6.0, version 4.5.0, version 4.4.2 and below, FortiDDoS-CM version 5.3.0, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, FortiVoice version 6.0.6 and below, FortiRecorder version 6.0.3 and below and FortiMail version 6.4.1 and below, version 6.2.4 and below, version 6.0.9 and below may allow a remote, unauthenticated attacker to obtain potentially sensitive software-version information by reading a JavaScript file. FortiMail , FortiDDoS , FortiVoice Unspecified vulnerabilities exist in multiple Fortinet products.Information may be obtained