VARIoT IoT vulnerabilities database

NETGEAR RAX5 (AX1600 WiFi Router) v1.0.2.26 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function. of netgear RAX50 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR RAX5 is a wireless router from NETGEAR. Attackers can exploit this vulnerability to execute arbitrary commands

NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function. of netgear RAX50 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR RAX5 is a wireless router from NETGEAR. An attacker can exploit this vulnerability to execute arbitrary commands

NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function. of netgear RAX50 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR RAX5 is a wireless router from NETGEAR. An attacker can exploit this vulnerability to execute arbitrary commands

NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function. of netgear RAX50 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR RAX5 is a wireless router from NETGEAR. The vulnerability is caused by improper processing of the ifname parameter in the apcli_do_enr_pin_wps function. Attackers can exploit this vulnerability to launch attacks, causing the system to be damaged or controlled

NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function. of netgear RAX50 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR RAX5 is a wireless router from NETGEAR. An attacker can exploit this vulnerability to execute arbitrary commands

Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet function. Shenzhen Tenda Technology Co.,Ltd. of AC9 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. No detailed vulnerability details are currently provided

A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input showSyslog leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of A720R There are unspecified vulnerabilities in the firmware.Information may be obtained. TOTOLINK A720R is a wireless router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause information leakage

A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi of the component Config Handler. The manipulation of the argument topicurl with the input getInitCfg/getSysStatusCfg leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of A720R There are unspecified vulnerabilities in the firmware.Information may be obtained. TOTOLINK A720R is a wireless router from China's TOTOLINK Electronics. TOTOLINK A720R has an access control error vulnerability, which is caused by improper processing of the parameter topicurl in the file /cgi-bin/cstecgi.cgi. Attackers can exploit this vulnerability to cause information leakage

A vulnerability was found in TOTOLINK A720R 4.1.5cu.374 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/cstecgi.cgi of the component Log Handler. The manipulation of the argument topicurl with the input clearDiagnosisLog/clearSyslog/clearTracerouteLog leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of A720R There are unspecified vulnerabilities in the firmware.Information may be tampered with. TOTOLINK A720R is a wireless router from China's TOTOLINK Electronics. No detailed vulnerability details are currently provided

A vulnerability has been found in TOTOLINK A720R 4.1.5cu.374 and classified as critical. This vulnerability affects unknown code of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input RebootSystem leads to missing authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of A720R The firmware contains vulnerabilities related to authentication and lack of authentication for critical functions.Service operation interruption (DoS) It may be in a state. TOTOLINK A720R is a wireless router of China's TOTOLINK Electronics. TOTOLINK A720R has an improper authentication vulnerability, which is caused by improper processing of the parameter topicurl in the file /cgi-bin/cstecgi.cgi. No detailed vulnerability details are provided at present

In Modem, there is a possible permission bypass due to improper certificate validation. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with User execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01334347; Issue ID: MSV-2772. media tech's nr16 , NR17 , NR17R Exists in a certificate validation vulnerability.Information may be obtained

In Modem, there is a possible information disclosure due to incorrect error handling. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01513293; Issue ID: MSV-2741. LR12A , LR13 , NR15 There are vulnerabilities in the encryption strength of multiple MediaTek products, including:Information may be obtained

In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00650610; Issue ID: MSV-2933. media tech's NR15 Exists in a reachable assertiveness vulnerability.Service operation interruption (DoS) It may be in a state

AC6 is an 11ac dual-band wireless router designed for 100M fiber homes. AC6 of Shenzhen Jixiang Tengda Technology Co., Ltd. has a binary vulnerability that can be exploited by attackers to cause a denial of service.

NBR800G is a router for Internet behavior management. Beijing Xingwang Ruijie Network Technology Co., Ltd. NBR800G has an arbitrary file write vulnerability, which can be exploited by attackers to obtain server permissions.

AC6 is an 11ac dual-band wireless router designed for 100M fiber homes. AC6 of Shenzhen Jixiang Tengda Technology Co., Ltd. has a binary vulnerability that can be exploited by attackers to cause a denial of service.

AG515 is a high-performance gateway device suitable for small and medium-sized enterprises and large office environments. AG515 of Beijing Xingwang Ruijie Network Technology Co., Ltd. has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.

NUUO is a company specializing in the production of Network Video Recorders (NVRs). NUUO Network Video Recorder has a logic flaw vulnerability that can be exploited by attackers to modify account passwords without authorization.

Brother DCP-L2540DW is a multi-function laser/LED printer. Brother (China) Commercial Co., Ltd. Brother DCP-L2540DW series has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Advantech WebAccess is an HMI/SCADA monitoring software completely based on IE browser. Advantech WebAccess of Advantech Technology (China) Co., Ltd. has a file upload vulnerability, which can be exploited by attackers to gain control of the server.