VARIoT IoT vulnerabilities database
| VAR-202106-1586 | CVE-2021-25384 | Android Input confirmation vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
An improper input validation vulnerability in sdfffd_parse_chunk_PROP() with Sample Rate Chunk in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. Android Is vulnerable to input validation.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Samsung libsdffextractor library is a component of Samsung mobile devices.
Samsung libsdffextractor library has an input validation error vulnerability
| VAR-202106-1585 | CVE-2021-25383 | Android Buffer Overflow Vulnerability in Linux |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
An improper input validation vulnerability in scmn_mfal_read() in libsapeextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. Android Contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Samsung libsapeextractor library is a component of Samsung mobile devices.
Samsung libsapeextractor library has an input validation error vulnerability
| VAR-202107-0892 | CVE-2021-34829 | D-Link DAP-1330 Classic buffer overflow vulnerability in routers |
CVSS V2: 8.3 CVSS V3: 8.8 Severity: HIGH |
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the HNAP_AUTH HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12065. D-Link DAP-1330 A classic buffer overflow vulnerability exists in the router. Zero Day Initiative To this vulnerability ZDI-CAN-12065 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-Link DAP-1330 is a WIFI device of China Taiwan D-Link (D-Link) company's network equipment
| VAR-202107-0893 | CVE-2021-34830 | D-Link DAP-1330 Stack-based buffer overflow vulnerability in routers |
CVSS V2: 8.3 CVSS V3: 8.8 Severity: HIGH |
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the Cookie HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12028. D-Link DAP-1330 A stack-based buffer overflow vulnerability exists in the router. Zero Day Initiative To this vulnerability ZDI-CAN-12028 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-Link DAP-1330 is a WIFI device of China Taiwan D-Link (D-Link) company's network equipment
| VAR-202107-0890 | CVE-2021-34827 | D-Link DAP-1330 Stack-based buffer overflow vulnerability in routers |
CVSS V2: 8.3 CVSS V3: 8.8 Severity: HIGH |
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12029. D-Link DAP-1330 A stack-based buffer overflow vulnerability exists in the router. Zero Day Initiative To this vulnerability ZDI-CAN-12029 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-Link DAP-1330 is a WIFI device of China Taiwan D-Link (D-Link) company's network equipment
| VAR-202107-0891 | CVE-2021-34828 | D-Link DAP-1330 Classic buffer overflow vulnerability in routers |
CVSS V2: 8.3 CVSS V3: 8.8 Severity: HIGH |
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12066. D-Link DAP-1330 A classic buffer overflow vulnerability exists in the router. Zero Day Initiative To this vulnerability ZDI-CAN-12066 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-Link DAP-1330 is a WIFI device of China Taiwan D-Link (D-Link) company's network equipment
| VAR-202106-2207 | No CVE | Three Xinhua systems have weak password vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
ER3100, ER5200G2, ER3260G2, ER3200G2, ER8300G2 are router products of New H3C Technology Co., Ltd.
More than three systems in Xinhua have weak password vulnerabilities, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2208 | No CVE | TP-LINK TL-WR1042ND router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Prolink Technology Co., Ltd. is the world's leading supplier of network communication equipment.
The TL-WR1042ND router has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.
| VAR-202106-2209 | No CVE | TP-LINK TL-WR949N router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Prolink Technology Co., Ltd. is the world's leading supplier of network communication equipment.
The TL-WR949N router has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.
| VAR-202106-2210 | No CVE | TP-LINK TL-WR843ND router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Prolink Technology Co., Ltd. is the world's leading supplier of network communication equipment.
The TL-WR843ND router has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.
| VAR-202106-2211 | No CVE | TP-LINK TL-WA801ND router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Prolink Technology Co., Ltd. is the world's leading supplier of network communication equipment.
The TL-WA801ND router has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.
| VAR-202106-2212 | No CVE | TP-LINK TL-WR749N router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Prolink Technology Co., Ltd. is the world's leading supplier of network communication equipment.
The TL-WR749N router has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.
| VAR-202106-2213 | No CVE | Phicomm router K3 has an arbitrary file reading vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Phicomm Data Communication Technology Co., Ltd. was established in 2009 and is a technologically innovative enterprise that provides users with smart products and cloud services in the field of smart homes.
Phicomm router K3 has an arbitrary file reading vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2214 | No CVE | TP-LINK TD-W8901G router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
TP-LINK is the world's leading supplier of network communication equipment.
The TD-W8901G router has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.
| VAR-202106-2215 | No CVE | Shenzhen Zhibotong Electronics Co., Ltd. smart router MT7620N has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Shenzhen Zhibotong Electronics Co., Ltd. (hereinafter referred to as Zhibotong) was founded in 2010 and won the national high-tech enterprise and Shenzhen high-tech enterprise. It is a network communication equipment and overall solution integrating R&D, production, sales and service. Provider.
Shenzhen Zhibotong Electronics Co., Ltd. smart router MT7620N has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2216 | No CVE | Phicomm router K3C has an arbitrary file reading vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Phicomm Data Communication Technology Co., Ltd. was established in 2009 and is a technologically innovative enterprise that provides users with smart products and cloud services in the field of smart homes.
Phicomm router K3C has an arbitrary file reading vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2217 | No CVE | TP-LINK Archer-C7 router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Prolink Technology Co., Ltd. is the world's leading supplier of network communication equipment.
The Archer-C7 router has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.
| VAR-202106-2218 | No CVE | TP-LINK TL-WR720N router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Prolink Technology Co., Ltd. is the world's leading supplier of network communication equipment.
The TL-WR720N router has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.
| VAR-202106-2219 | No CVE | TP-LINK Archer-C1900 router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Prolink Technology Co., Ltd. is the world's leading supplier of network communication equipment.
The Archer-C1900 router has a weak password vulnerability. Attackers can use the vulnerability to log in to the system background and perform unauthorized operations.
| VAR-202106-2220 | No CVE | TP-LINK TL-WR743ND router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Prolink Technology Co., Ltd. is the world's leading supplier of network communication equipment.
The TL-WR743ND router has a weak password vulnerability. Attackers can use the vulnerability to log in to the system background and perform unauthorized operations.