VARIoT IoT vulnerabilities database

In Modem, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01672601; Issue ID: MSV-4623.

In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01672598; Issue ID: MSV-4622.

In ims service, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01671924; Issue ID: MSV-4620.

A vulnerability was determined in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function formSysRunCmd of the file /goform/SysRunCmd. This manipulation of the argument getui causes buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. Attackers can exploit this vulnerability to trigger a buffer overflow by constructing malicious parameters, thereby achieving remote code execution

A vulnerability has been found in Tenda AC8 16.03.34.06. This impacts an unknown function of the file /goform/DatabaseIniSet. The manipulation of the argument Time leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The Tenda AC8 is a dual-band gigabit wireless router from Tenda, designed for home and small office environments. The Tenda AC8 contains a buffer overflow vulnerability stemming from a failure to properly validate the input length when manipulating the Time parameter in the /goform/DatabaseIniSet file. An attacker could exploit this vulnerability to execute arbitrary code or cause a system crash

A vulnerability was identified in Tenda AC21 16.03.08.16. This vulnerability affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument startIp leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. An attacker could exploit this vulnerability to remotely manipulate the parameter, triggering a buffer overflow that could then execute arbitrary code or cause system crashes

A security vulnerability has been detected in Tenda AC23 16.03.07.52. Affected is the function saveParentControlInfo of the file /goform/saveParentControlInfo. Such manipulation of the argument Time leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The Tenda AC23 is a dual-band wireless router for home use, designed for large homes with excellent coverage and high-speed transmission. It supports 802.11ac Wave2 technology and boasts a maximum concurrent dual-band speed of 2033Mbps. This vulnerability stems from the fact that the parameter Time in the file /goform/saveParentControlInfo fails to properly validate the length of the input data. Attackers could exploit this vulnerability to execute arbitrary code or cause a denial-of-service attack

A weakness has been identified in Tenda AC23 16.03.07.52. This impacts the function formSetVirtualSer of the file /goform/SetVirtualServerCfg. This manipulation of the argument list causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. The Tenda AC23 is a dual-band wireless router for home use, designed for large homes with excellent coverage and high-speed transmission. It supports 802.11ac Wave2 technology and boasts a maximum concurrent dual-band speed of 2033Mbps. This vulnerability stems from the fact that the `formSetVirtualSer` function parameter `list` in the file `/goform/SetVirtualServerCfg` fails to properly validate the length of the input data. Attackers could exploit this vulnerability to execute arbitrary code or cause a denial-of-service attack

A vulnerability was found in Tenda A15 15.13.07.13. Affected is the function fromSetWirelessRepeat of the file /goform/openNetworkGateway. The manipulation of the argument wpapsk_crypto2_4g results in buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used. The Tenda A15 is a wireless router device manufactured by Tenda. An attacker could exploit this vulnerability to remotely trigger a buffer overflow and execute arbitrary code

/etc/timezone can be Arbitrarily Written.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both network access controllers from Azure Access Technology, Inc., a US-based company. Both Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 contain an out-of-bounds write vulnerability. This vulnerability stems from the fact that `/etc/timezone` can be written to arbitrarily. Detailed vulnerability information is not currently available

/etc/avahi/services/z9.service can be Arbitrarily Written.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both network access controllers from Azure Access Technology, Inc., a US-based company. Both Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 contain an out-of-bounds write vulnerability. This vulnerability stems from the fact that `/etc/avahi/services/z9.service` can be written to arbitrarily. Detailed vulnerability information is not currently available

Denial of Service Due to SlowLoris.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both network access controllers from Azure Access Technology, Inc., a US-based company. Both Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 contain a denial-of-service vulnerability stemming from their susceptibility to the SlowLoris attack. An attacker could exploit this vulnerability to cause a denial-of-service attack

Web UI Malfunction when setting unexpected locale via API.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both network access controllers from Azure Access Technology, Inc., a US-based company. Both Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 contain a security vulnerability that attackers could exploit to cause web UI malfunctions

Multiple Devices are Sharing the Same Secrets for SDKSocket (TCP/5000).This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both network access controllers from Azure Access Technology, Inc., a US-based company. A security vulnerability exists in both Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4. Detailed vulnerability information is not currently available

Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the timeZone parameter in the form_fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. The Tenda AX-1803 is a wireless router manufactured by Tenda, a Chinese company. Version 1.0.0.1 of the Tenda AX-1803 contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `timeZone` parameter in the `form_fast_setting_wifi_set` function fails to properly validate the length of the input data

Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow via the deviceId parameter in the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g parameter in the sub_421CF0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. The TOTOLINK A7000R is a wireless router launched by TOTOLINK Electronics Co., Ltd. in China. It supports WiFi 7 technology and is suitable for home or small business network environments. This vulnerability stems from the fact that the ssid5g parameter in the sub_421CF0 function fails to properly validate the length of the input data

Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_422880 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. The TOTOLINK LR350 is a 4G LTE wireless router launched by TOTOLINK Electronics, a Chinese company. It supports converting 4G signals to wired signals and is suitable for home and office use. The TOTOLINK LR350 contains a stack buffer overflow vulnerability. This vulnerability stems from the fact that the ssid parameter in the sub_422880 function fails to properly validate the length of the input data

Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_42396C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. The TOTOLINK LR350 is a 4G LTE wireless router launched by TOTOLINK Electronics, a Chinese company. It supports converting 4G signals to wired signals and is suitable for home and office use. The TOTOLINK LR350 contains a stack buffer overflow vulnerability. This vulnerability stems from the fact that the ssid parameter in the sub_42396C function fails to properly validate the length of the input data

Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the wifiOff parameter in the sub_4232EC function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. The TOTOLINK LR350 is a 4G LTE wireless router launched by TOTOLINK Electronics, a Chinese company. It supports converting 4G signals to wired signals and is suitable for home and office use. This vulnerability stems from the fact that the wifiOff parameter in the sub_4232EC function fails to properly validate the length of the input data