VARIoT IoT vulnerabilities database

A vulnerability has been found in TOTOLINK A702R 4.0.0-B20230721.1521 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formIpQoS of the component HTTP POST Request Handler. The manipulation of the argument mac leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of A702R The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK A702R is a wireless router manufactured by the Chinese company TOTOLINK, primarily used for home network connectivity and signal coverage. This vulnerability could allow an attacker to execute arbitrary code or cause the device to crash

A vulnerability, which was classified as critical, was found in TOTOLINK A702R 4.0.0-B20230721.1521. Affected is an unknown function of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation of the argument ip6addr leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of A702R The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. The TOTOLINK A702R is a wireless router manufactured by China's Jiweng Electronics (TOTOLINK), primarily used for home network connectivity and signal coverage. An attacker could exploit this vulnerability to cause a denial of service or execute arbitrary code

A vulnerability was found in Tenda AC20 16.03.08.05. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. of AC20 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda AC20 is a dual-band wireless router that supports IPv6. It features a triple-core 1GHz main control chip and six 6dBi external antennas, achieving a maximum wireless transmission rate of 2033Mbps. The Tenda AC20 suffers from a buffer overflow vulnerability caused by a flaw in the parameter list handling of an unspecified function in the /goform/SetStaticRouteCfg file. An attacker could exploit this vulnerability to cause a denial of service or execute arbitrary code

Tenda AC8V4 V16.03.34.06` was discovered to contain heap overflow at /goform/GetParentControlInfo.The manipulation of the argument `mac` leads to heap-based buffer overflow. The Tenda AC8V4 is a wireless router from the Chinese company Tenda. An attacker could exploit this vulnerability to corrupt memory, causing a system crash and disrupting service operations

Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/WifiGuestSet. The manipulation of the argument `shareSpeed` leads to stack-based buffer overflow. The Tenda AC8V4 is a wireless router from the Chinese company Tenda. Detailed vulnerability details are currently unavailable

Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/saveParentControlInfo. The manipulation of the argument time leads to stack-based buffer overflow. The Tenda AC8V4 is a wireless router manufactured by the Chinese company Tenda. Detailed vulnerability details are not currently available

Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/SetSysTimeCfg. The manipulation of the argument `timeZone` and `timeType` leads to stack-based buffer overflow. Shenzhen Tenda Technology Co.,Ltd. An attacker could exploit this vulnerability to cause the application to crash

Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/fast_setting_wifi_set. The manipulation of the argument `timeZone` leads to stack-based buffer overflow. Shenzhen Tenda Technology Co.,Ltd. Detailed vulnerability details are not currently available

A Reflected cross-site scripting (XSS) vulnerability exists in the SMA100 series web interface, allowing a remote unauthenticated attacker to potentially execute arbitrary JavaScript code. SonicWALL of SMA500v firmware, SMA210 firmware, SMA410 Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

A Heap-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution. SonicWALL of SMA500v firmware, SMA210 firmware, SMA410 A heap-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state

A Stack-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution. SonicWALL of SMA500v firmware, SMA210 firmware, SMA410 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A vulnerability has been found in Tenda AC23 16.03.07.52 and classified as critical. Affected by this vulnerability is the function sub_46C940 of the file /goform/setMacFilterCfg of the component httpd. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of ac23 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

ioLogik E1210 is an Ethernet I/O module that supports daisy chain topology and is mainly used in industrial automation, equipment monitoring and other scenarios. ioLogik E1210 of Mosa Technology (Shanghai) Co., Ltd. has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. Affected is the function formSetMacFilterCfg of the file /goform/setMacFilterCfg of the component httpd. The manipulation of the argument deviceList leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. of AC7 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the function formSetMacFilterCfg in the file /goform/setMacFilterCfg failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748. This vulnerability affects the function ckeckKeepAlive of the file wireless.so of the component MQTT Packet Handler. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of t6 The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK T6 is a wireless dual-band router released by China's Jiong Electronics (TOTOLINK). It supports the MQTT protocol and Telnet service. The TOTOLINK T6 has a command injection vulnerability caused by the ckeckKeepAlive function in the wireless.so file failing to properly sanitize special characters and commands in constructed commands. No detailed vulnerability details are currently available

A vulnerability was found in D-Link DIR-513 up to 20190831. It has been declared as critical. This vulnerability affects the function formSetWanDhcpplus of the file /goform/formSetWanDhcpplus. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. This vulnerability only affects products that are no longer supported by the maintainer. The D-Link DIR-513 is a portable wireless router featuring a slim design and ease of use. It supports IEEE 802.11n and 802.11g/b standards and offers a maximum transmission rate of 300Mbps. An attacker could exploit this vulnerability by remotely sending specially crafted data to trigger the buffer overflow, resulting in a denial of service or arbitrary code execution

The iBall Baton iB-WRB303N is a wireless router. The iBall Baton iB-WRB303N has an information disclosure vulnerability that could allow an attacker to obtain sensitive information.

In Netgear RAX30 V1.0.10.94_3, the USERLIMIT_GLOBAL option is set to 0 in multiple bftpd-related configuration files. This can cause DoS attacks when unlimited users are connected. NETGEAR RAX30 is a dual-band wireless router from NETGEAR. NETGEAR RAX30 V1.0.10.94_3 has a security vulnerability that can be exploited by attackers to cause a denial of service attack

A vulnerability classified as critical has been found in D-Link DIR‑817L up to 1.04B01. This affects the function lxmldbc_system of the file ssdpcgi. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The D-Link DIR-817L is a home-grade dual-band wireless router released by D-Link. It supports the IEEE 802.11ac standard and features dual-band concurrent functionality (2.4GHz/5GHz), with a maximum wireless transmission rate of 750Mbps. The D-Link DIR-817L suffers from a command injection vulnerability caused by the lxmldbc_system function in the ssdpcgi file failing to properly sanitize special characters and commands in constructed commands. No detailed vulnerability details are currently available

In Netgear RAX30 V1.0.10.94, a PHP-FPM misconfiguration vulnerability is caused by not following the specification to only limit FPM to .php extensions. An attacker may exploit this by uploading malicious scripts disguised with alternate extensions and tricking the web server into executing them as PHP, bypassing security mechanisms based on file extension filtering. This may lead to remote code execution (RCE), information disclosure, or full system compromise. of netgear RAX30 Firmware has an unrestricted upload of dangerous file types vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR RAX30 is a dual-band wireless router from NETGEAR