VARIoT IoT vulnerabilities database

Quick control configuration software is a monitoring software used in industrial power and other fields. There is a binary loophole in the quick control configuration software. An attacker can use the vulnerability to send constructed data, causing the operating environment to crash and exit.

Quick control configuration software is a monitoring software used in industrial power and other fields. The quick control configuration software has an information disclosure vulnerability. Attackers can use the vulnerability to delete the password field in the project file, bypass the password protection, and decrypt the entire project, resulting in the leakage of confidential information in the configuration project, such as the network topology in the industrial control network, PLC device IP and other information.

Autotop Technology Co., Ltd. (hereinafter referred to as “Atop Technology”), the company's products with independent intellectual property rights cover programmable controllers, man-machine interfaces, configuration software, etc. There is an information disclosure vulnerability in the NATouch touch screen configuration software of Autotech. Attackers can use vulnerabilities to obtain sensitive information.

WiSCADA industrial configuration software is a cross-platform 3D industrial configuration software product that supports Windows, Android and IOS. Weilian Technology WiSCADA has a directory traversal vulnerability. Attackers can use this vulnerability to obtain sensitive information.

WiSCADA industrial configuration software is a cross-platform 3D industrial configuration software product that supports Windows, Android and IOS. Weilian Technology WiSCADA has a directory traversal vulnerability. Attackers can use this vulnerability to obtain sensitive information.

WiSCADA industrial configuration software is a cross-platform 3D industrial configuration software product that supports Windows, Android and IOS. Weilian Technology WiSCADA has a denial of service vulnerability. Attackers can use this vulnerability to cause the program to crash.

WiSCADA industrial configuration software is a cross-platform 3D industrial configuration software product that supports Windows, Android and IOS. Weilian Technology WiSCADA has a denial of service vulnerability. Attackers can use this vulnerability to cause the program to crash.

WiSCADA industrial configuration software is a cross-platform 3D industrial configuration software product that supports Windows, Android and IOS. Weilian Technology WiSCADA has a denial of service vulnerability. Attackers can use this vulnerability to cause the program to crash.

WiSCADA industrial configuration software is a cross-platform 3D industrial configuration software product that supports Windows, Android and IOS. Weilian Technology WiSCADA has a denial of service vulnerability. Attackers can use this vulnerability to cause the program to crash.

WiSCADA industrial configuration software is a cross-platform 3D industrial configuration software product that supports Windows, Android and IOS. Weilian Technology WiSCADA has a denial of service vulnerability. Attackers can use this vulnerability to cause the program to crash.

WiSCADA industrial configuration software is a cross-platform 3D industrial configuration software product that supports Windows, Android and IOS. Weilian Technology WiSCADA has an information disclosure vulnerability. Attackers can use this vulnerability to obtain sensitive information.

Archer C5 is a wireless router product. TP-LINK Archer C5 has a weak password vulnerability. Attackers can use vulnerabilities to log in to the background of the system to obtain sensitive information.

Command Injection in Tenda G0 routers with firmware versions v15.11.0.6(9039)_CN and v15.11.0.5(5876)_CN , and Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted action/setDebugCfg request. This occurs because the "formSetDebugCfg" function executes glibc's system function with untrusted input. Tenda G0 is a router of China Tenda (Tenda) company. No detailed vulnerability details are currently provided

Command Injection in Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted "action/umountUSBPartition" request. This occurs because the "formSetUSBPartitionUmount" function executes the "doSystemCmd" function with untrusted input. The Tenda G1 and G3 are routers from the Chinese company Tenda

Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site request forgery (CSRF) vulnerability. An attacker can enable remote access, change passwords, and perform other actions through misconfigured requests, entries, and headers. Multilaser Router AC1200 is a router of Multilaser company

An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/addassignment route, a very long text entry for the"'s_ip" and "s_mac" fields could lead to a Stack-Based Buffer Overflow and overwrite the return address. D-Link DIR-816 A2 Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-Link DIR-816 is a wireless AC750 dual-band router. The handler function of /goform/addassignment in D-Link DIR-816 A2 1.10 B05 has a stack buffer overflow vulnerability. Attackers can use this vulnerability to cause the router to crash through long text input in the s_ip and s_mac fields

An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/addRouting route. This could lead to Command Injection via Shell Metacharacters. D-Link DIR-816 A2 Has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-Link DIR-816 is a wireless AC750 dual-band router

Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"qosIndex "request. This occurs because the "formQOSRuleDel" function directly passes the parameter "qosIndex" to strcpy without limit. Tenda G1 and G3 are routers of China Tenda (Tenda) company

Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"portMappingIndex "request. This occurs because the "formDelPortMapping" function directly passes the parameter "portMappingIndex" to strcpy without limit. The Tenda G1 and G3 are routers from the Chinese company Tenda

Buffer Overflow in Tenda G1 and G3 routers with firmware version V15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"IPMacBindIndex "request. This occurs because the "formIPMacBindDel" function directly passes the parameter "IPMacBindIndex" to strcpy without limit. The Tenda G1 and G3 are routers from the Chinese company Tenda