VARIoT IoT vulnerabilities database

A CWE-200: Information Exposure vulnerability exists in Easergy T300, Firmware V1.5.2 and prior, which could allow an attacker to pack or unpack the archive with the firmware for the controller and modules using the usual tar archiver resulting in an information exposure. Easergy T300 There is an information leakage vulnerability in.Information may be obtained. Schneider Electric Easergy T300 is a remote terminal unit used in the electric power industry from Schneider Electric in France

A CWE-787: Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (Firmware version 4.3 and prior), which may cause a Denial of Service when specific TCP/IP crafted packets are sent to the Modicon M218 Logic Controller. Modicon M218 Logic Controller Is vulnerable to out-of-bounds writes.Service operation interruption (DoS) It may be put into a state. Schneider Electric Modicon M218 Logic Controller is a programmable logic controller of French Schneider Electric (Schneider Electric) company

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. A crafted gui_region in a string table file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the web server. Was ZDI-CAN-9756. Zero Day Initiative To this vulnerability ZDI-CAN-9756 Was numbered.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R6700 is a wireless router made by NETGEAR. The vulnerability stems from the failure of the program to correctly verify the data length before copying the user-supplied data to the stack-based fixed buffer

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the UPnP service, which listens on TCP port 5000 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9643. NETGEAR R6700 A stack-based buffer overflow vulnerability exists in the router. Zero Day Initiative To this vulnerability ZDI-CAN-9643 Was numbered.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R6700 is a wireless router from NETGEAR

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of URLs. The issue results from the lack of proper routing of URLs. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-9618. NETGEAR R6700 A router contains an access control vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-9618 Was numbered.Information may be obtained

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of firmware updates. The issue results from the lack of proper validation of the firmware image prior to performing an upgrade. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9648. Zero Day Initiative To this vulnerability ZDI-CAN-9648 Was numbered.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R6700 is a wireless router made by NETGEAR. NETGEAR R6700 V1.0.4.84_10.0.58 has a verification problem in the firmware update processing process, which is caused by the program's failure to correctly verify the firmware image before the update

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-9768. NETGEAR R6700 The router is vulnerable to integer overflow. Zero Day Initiative To this vulnerability ZDI-CAN-9768 Was numbered.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. There is a security vulnerability in NETGEAR R6700 V1.0.4.84_10.0.58, which is caused by the program's failure to correctly verify the data submitted by the user

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000. A crafted UPnP message can be used to bypass authentication. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-9642. Zero Day Initiative To this vulnerability ZDI-CAN-9642 Was numbered.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R6700 is a wireless router made by NETGEAR. The vulnerability stems from improper design or implementation in the code development process of network systems or products

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the encryption of firmware update images. The issue results from the use of an inappropriate encryption algorithm. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9649. Zero Day Initiative To this vulnerability ZDI-CAN-9649 Was numbered.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the web server. Was ZDI-CAN-9767. NETGEAR R6700 A heap-based buffer overflow vulnerability exists in the router. Zero Day Initiative To this vulnerability ZDI-CAN-9767 Was numbered.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R6700 is a wireless router made by NETGEAR

This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-9647. NETGEAR R6700 A router contains a certificate validation vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-9647 Was numbered.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R6700 is a wireless router made by NETGEAR. The file download (HTTPS) in NETGEAR R6700 V1.0.4.84_10.0.58 has a trust management vulnerability, which is caused by the program's failure to correctly verify the server's certificate

R6400v2 router is a smart WiFi router. The R6400v2 router has a command execution vulnerability, and an attacker can use this vulnerability to download arbitrary commands.

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action st_dev_connect, st_dev_disconnect, or st_dev_rconnect with a sufficiently long wan_type key. TRENDnet TEW-827DRU The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. TRENDnet TEW-827DRU is a wireless router of American Trend Network (TRENDnet) company. Attackers can use this vulnerability to execute arbitrary code

In uftpd before 2.12, handle_CWD in ftpcmd.c mishandled the path provided by the user, causing a NULL pointer dereference and denial of service, as demonstrated by a CWD /.. command. uftpd To NULL A vulnerability exists regarding pointer dereference.Service operation interruption (DoS) It may be put into a state. uftpd is a Linux FTP/TFTP server. The vulnerability stems from the failure of handle_CWD in ftpcmd.c in uftpd to correctly handle the path provided by the user. An attacker can use the CWD /.. command to exploit this vulnerability to cause a denial of service

D-link DSL-2750U ISL2750UEME3.V1E devices allow approximately 90 seconds of access to the control panel, after a restart, before MAC address filtering rules become active. D-link DSL-2750U ISL2750UEME3.V1E Devices are vulnerable to lack of authentication for critical features.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DSL-2750U is a wireless router made by D-Link in Taiwan. There is an access control error vulnerability in the D-link DSL-2750U ISL2750UEME3.V1E version

TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action pppoe_connect, ru_pppoe_connect, or dhcp_connect with the key wan_ifname (or wan0_dns), allowing an authenticated user to run arbitrary commands on the device. TRENDnet TEW-827DRU On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. TRENDnet TEW-827DRU is a wireless router of American Trend Network (TRENDnet) company. TRENDnet TEW-827DRU 2.06B04 and earlier versions have a command injection vulnerability in the apply.cgi file

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action set_sta_enrollee_pin_wifi1 (or set_sta_enrollee_pin_wifi0) with a sufficiently long wps_sta_enrollee_pin key. TRENDnet TEW-827DRU The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. TRENDnet TEW-827DRU is a wireless router of American Trend Network (TRENDnet) company. Attackers can use this vulnerability to execute arbitrary code

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action wifi_captive_portal_login with a sufficiently long REMOTE_ADDR key. TRENDnet TEW-827DRU The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. TRENDnet TEW-827DRU is a wireless router of American Trend Network (TRENDnet) company. Attackers can use this vulnerability to execute arbitrary code

If Apache TomEE is configured to use the embedded ActiveMQ broker, and the broker URI includes the useJMX=true parameter, a JMX port is opened on TCP port 1099, which does not include authentication. This affects Apache TomEE 8.0.0-M1 - 8.0.1, Apache TomEE 7.1.0 - 7.1.2, Apache TomEE 7.0.0-M1 - 7.0.7, Apache TomEE 1.0.0 - 1.7.5. Apache TomEE There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Apache TomEE is a lightweight Java EE application server from the Apache Software Foundation. An authorization issue vulnerability exists in Apache TomEE. Attackers can use this vulnerability to open the JMX port by sending a specially crafted request using the ‘useJMX=true’ parameter

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action auto_up_fw (or auto_up_lp) with a sufficiently long update_file_name key. TRENDnet TEW-827DRU The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. TRENDnet TEW-827DRU is a wireless router of American Trend Network (TRENDnet) company. Attackers can use this vulnerability to execute arbitrary code