VARIoT IoT vulnerabilities database

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the errorpage request parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-11856. D-Link, established in 1986, was listed on the Taiwan Stock Exchange in October 1994 City, the first listed network company in Taiwan Province of China, sold globally under the self-created D-Link brand, with more than 100 products Countries

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the getpage parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-10932. D-Link DAP-2020 is a WiFi range extender from D-Link in Taiwan. TCP (Transmission Control Protocol, Transmission Control Protocol) is a connection-oriented, reliable, byte stream-based transport layer communication protocol, defined by IETF RFC 793

EA8100 is a router product of Linksys. Linksys router EA8100 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service attack.

Shenzhen Jixiang Tengda Technology Co., Ltd. was founded in 1999. It is a professional supplier of network communication equipment and solutions. It is also a high-tech enterprise integrating R&D, production, supply, sales and service. Tenda AC9 and AC15 have a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

Shenzhen Jixiang Tengda Technology Co., Ltd. was founded in 1999. It is a professional supplier of network communication equipment and solutions. It is also a high-tech enterprise integrating R&D, production, supply, sales and service. Tenda AC9 and AC15 have a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

Shenzhen Jixiang Tengda Technology Co., Ltd. was founded in 1999. It is a professional supplier of network communication equipment and solutions. It is also a high-tech enterprise integrating R&D, production, supply, sales and service. Tenda AC9 and AC15 have a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

Shenzhen Jixiang Tengda Technology Co., Ltd. was founded in 1999. It is a professional supplier of network communication equipment and solutions. It is also a high-tech enterprise integrating R&D, production, supply, sales and service. Tenda AC9 and AC15 have a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

Shenzhen Jixiang Tengda Technology Co., Ltd. was founded in 1999. It is a professional supplier of network communication equipment and solutions. It is also a high-tech enterprise integrating R&D, production, supply, sales and service. Tenda AC9 and AC15 have a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

The business scope of Shenzhen Meikexing Communication Technology Co., Ltd. includes: technical development of computer wireless local area network products, computer software and hardware, communication equipment, electronic products, and network security equipment. The Mercuery X18G router has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service.

A vulnerability with the Border Gateway Protocol (BGP) for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to cause a routing process to crash, which could lead to a denial of service (DoS) condition. This vulnerability is due to an issue with the installation of routes upon receipt of a BGP update. An attacker could exploit this vulnerability by sending a crafted BGP update to an affected device. A successful exploit could allow the attacker to cause the routing process to crash, which could cause the device to reload. This vulnerability applies to both Internal BGP (IBGP) and External BGP (EBGP). Note: The Cisco implementation of BGP accepts incoming BGP traffic from explicitly configured peers only. To exploit this vulnerability, an attacker would need to send a specific BGP update message over an established TCP connection that appears to come from a trusted BGP peer. Cisco Nexus 9000 Series Fabric Switch Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state. No detailed vulnerability details are currently provided

A vulnerability in the Link Layer Discovery Protocol (LLDP) for Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, adjacent attacker to disable switching on a small form-factor pluggable (SFP) interface. This vulnerability is due to incomplete validation of the source of a received LLDP packet. An attacker could exploit this vulnerability by sending a crafted LLDP packet on an SFP interface to an affected device. A successful exploit could allow the attacker to disable switching on the SFP interface, which could disrupt network traffic. Nexus 9000 Series Fabric Switch There is an access control vulnerability in.Denial of service (DoS) It may be put into a state

This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 prior to Archer C7(US)_V5_210125 and Archer A7(US)_V5_200220 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue results from the lack of proper filtering of IPv6 SSH connections. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-12309. Zero Day Initiative To this vulnerability ZDI-CAN-12309 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. TP-Link Archer A7 is a network router device

A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to improper token validation on a specific API endpoint. An attacker could exploit this vulnerability by sending a crafted request to the affected API. A successful exploit could allow the attacker to receive a token with administrator-level privileges that could be used to authenticate to the API on affected MSO and managed Cisco Application Policy Infrastructure Controller (APIC) devices. Cisco ACI Multi-Site Orchestrator (MSO) Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco Application Policy Infrastructure Controller (APIC) is an automated infrastructure deployment and governance solution from Cisco

Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific information, create diagnostic files, and make limited configuration changes. For more information about these vulnerabilities, see the Details section of this advisory. Cisco Application Services Engine There is a vulnerability in the lack of authentication for critical features.Information may be obtained and information may be tampered with

Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific information, create diagnostic files, and make limited configuration changes. For more information about these vulnerabilities, see the Details section of this advisory. Cisco Application Services Engine There is a vulnerability in the lack of authentication for critical features.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco Application Services Engine is a set of common platforms used by Cisco to deploy Cisco data center applications

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 AC1750 1.0.15 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of MAC addresses by the tdpServer endpoint. A crafted TCP message can write stack pointers to the stack. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-12306

Weak encryption in the Quick Pairing mode in the eWeLink mobile application (Android application V4.9.2 and earlier, iOS application V4.9.1 and earlier) allows physically proximate attackers to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during the pairing process. eWeLink Mobile applications contain vulnerabilities in the use of cryptographic algorithms.Information may be obtained

Youhua Router WR350 is a router. Youhua Router WR350 has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service attack.

DIR-846 is a router of D-Link. The D-Link DIR-846 router has a command execution vulnerability, which can be exploited by an attacker to gain control of the server.

IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denial of service due to an issue processing messages. IBM X-Force ID: 191747. IBM MQ Appliance is an all-in-one device from IBM of the United States for rapid deployment of enterprise-level messaging middleware. There is a security vulnerability in the IBM MQ Appliance. Attackers can use this vulnerability to trigger a fatal error through the AMQP channel of the IBM MQ appliance, thereby triggering a denial of service