VARIoT IoT vulnerabilities database

The api/ZRFirmware/set_time_zone interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the zonename parameter. Anlianbao WT-1 is a 4G router that integrates wired and wireless router access, and secure Internet access. An Lianbao WF-1 router has a command execution vulnerability, which can be exploited by attackers to gain server management rights

The api/ZRIGMP/set_MLD_PROXY interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the MLD_PROXY_WAN_CONNECT parameter. Anlianbao WT-1 is a 4G router that integrates wired and wireless router access, and secure Internet access. An Lianbao WF-1 router has a command execution vulnerability, which can be exploited by attackers to gain server management rights

The api/ZRIptv/setIptvInfo interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the iptv_vlan parameter. Anlianbao WT-1 is a 4G router that integrates wired and wireless router access, and secure Internet access. An Lianbao WF-1 router has a command execution vulnerability, which can be exploited by attackers to gain server management rights

The api/ZRIGMP/set_IGMP_PROXY interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the IGMP_PROXY_WAN_CONNECT parameter. Anlianbao WT-1 is a 4G router that integrates wired and wireless router access, and secure Internet access. An Lianbao WF-1 router has a command execution vulnerability, which can be exploited by attackers to gain server management rights

The api/zrDm/set_ZRElink interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the bssaddr, abiaddr, devtoken, devid, elinksync, or elink_proc_enable parameter. Anlianbao WT-1 is a 4G router that integrates wired and wireless router access, and secure Internet access. An Lianbao WF-1 router has a command execution vulnerability, which can be exploited by attackers to gain server management rights

The api/zrDm/set_zrDm interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the dm_enable, AppKey, or Pwd parameter. Anlianbao WT-1 is a 4G router that integrates wired and wireless router access, and secure Internet access. An Lianbao WF-1 router has a command execution vulnerability, which can be exploited by attackers to gain server management rights

The api/ZRAndlink/set_ZRAndlink interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the iandlink_proc_enable parameter. Anlianbao WT-1 is a 4G router that integrates wired and wireless router access, and secure Internet access. An Lianbao WF-1 router has a command execution vulnerability, which can be exploited by attackers to gain server management rights

China Mobile An Lianbao WF-1 router v1.0.1 is affected by an OS command injection vulnerability in the web interface /api/ZRUsb/pop_usb_device component. (DoS) It may be in a state. Anlianbao WT-1 is a 4G router that integrates wired and wireless router access, and secure Internet access. An Lianbao WF-1 router has a command execution vulnerability, which can be exploited by attackers to gain server management rights

China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /api/ZRMesh/set_ZRMesh which receives parameters by POST request, and the parameter mesh_enable and mesh_device have a command injection vulnerability. An attacker can use the vulnerability to execute remote commands. (DoS) It may be in a state. Anlianbao WT-1 is a 4G router that integrates wired and wireless router access, and secure Internet access. An Lianbao WF-1 router has a command execution vulnerability, which can be exploited by attackers to gain server management rights

China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ZRMacClone/mac_addr_clone receives parameters by POST request, and the parameter macType has a command injection vulnerability. An attacker can use the vulnerability to execute remote commands. (DoS) It may be in a state. Anlianbao WT-1 is a 4G router that integrates wired and wireless router access, and secure Internet access. An Lianbao WF-1 router has a command execution vulnerability, which can be exploited by attackers to gain server management rights

China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /api/ZRRuleFilter/set_firewall_level which receives parameters by POST request, and the parameter firewall_level has a command injection vulnerability. An attacker can use the vulnerability to execute remote commands. (DoS) It may be in a state. Anlianbao WT-1 is a 4G router that integrates wired and wireless router access, and secure Internet access. An Lianbao WF-1 router has a command execution vulnerability, which can be exploited by attackers to gain server management rights

DD-WRT is a Linux-based wireless routing software, released based on GPLV2. DD-WRT has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service.

Netgear AC1750 R6400v2 is a Wi-Fi router. Netgear AC1750 R6400v2 has a denial of service vulnerability. Attackers can use the loopholes to send carefully constructed data packets (pointing to a specific destination address) to cause the target router and its upper carrier's router to cause a denial of service.

Tenda AC23 is a hundred yuan router. Tenda AC23 has a denial of service vulnerability. Attackers can use the loopholes to send carefully constructed data packets (pointing to a specific destination address) to cause the target router and its upper carrier's router to cause a denial of service.

OpenWRT is a highly modular, highly automated embedded Linux system with powerful network components and scalability, and is often used in industrial control equipment, telephones, small robots, smart homes, routers, and VOIP devices. OpenWrt has a denial of service vulnerability that an attacker can exploit to cause a denial of service.

The File Firewall before 2.8.0 for ownCloud Server does not properly enforce file-type restrictions for public shares. The following products and versions are affected: Owncloud File Firewall prior to 2.8.0

A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause a user to perform an unintended action on the target device when using the HTTP web interface.

A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts HTTP network traffic between a user and the device.

A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts Telnet network traffic between a user and the device.

Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, contains an Information Disclosure vulnerability. A locally authenticated high privileged Cyber Recovery user may potentially exploit this vulnerability leading to the takeover of the notification email account. This vulnerability stems from configuration errors in network systems or products during operation. Thereby taking over the notification email account