VARIoT IoT vulnerabilities database

Lack of input validation/sanitization in the 'ate' management service in the Tenda RX2 Pro 16.03.30.14 allows an unauthorized remote attacker to gain root shell access to the device by sending a crafted UDP packet to the 'ate' service when it is enabled. Authentication is not needed. Shenzhen Tenda Technology Co.,Ltd. of RX2 Pro Firmware contains an access control vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda RX2 Pro is a high-performance WiFi 6 signal amplifier from China's Tenda. No detailed vulnerability details are currently provided

Use of weak credentials in the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated attacker to authenticate to the telnet service by calculating the root password based on easily-obtained device information. The password is based on the last two digits/octets of the MAC address. Shenzhen Tenda Technology Co.,Ltd. of RX2 Pro A vulnerability exists in the firmware that involves insecure storage of sensitive information.Information may be obtained and information may be tampered with. Tenda RX2 Pro is a high-performance WiFi 6 signal amplifier from China's Tenda

Reuse of a static AES key and initialization vector for encrypted traffic to the 'ate' management service of the Tenda RX2 Pro 16.03.30.14 allows an attacker to decrypt, replay, and/or forge traffic to the service. Shenzhen Tenda Technology Co.,Ltd. of RX2 Pro The firmware has a cryptographic strength vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda RX2 Pro is a high-performance WiFi 6 signal amplifier from China's Tenda. Tenda RX2 Pro 16.03.30.14 version has a security bypass vulnerability that can be exploited by attackers to cause decryption, replay, or forged traffic

Lack of input validation/sanitization in the 'setLanCfg' API endpoint in httpd in the Tenda RX2 Pro 16.03.30.14 allows a remote attacker that is authorized to the web management portal to gain root shell access to the device by sending a crafted web request. This is persistent because the command injection is saved in the configuration of the device. Shenzhen Tenda Technology Co.,Ltd. of RX2 Pro Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda RX2 Pro is a high-performance WiFi 6 signal amplifier from China's Tenda. Tenda RX2 Pro has an input validation error vulnerability, which stems from the lack of input validation in the setLanCfg API endpoint. Attackers can exploit this vulnerability to gain root shell access

Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetNetCheckTools function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of W20E Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. No detailed vulnerability details are currently available

Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the level parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of W20E Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. No detailed vulnerability details are currently available

Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the enable parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of W20E Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. No detailed vulnerability details are currently available

Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the module parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of W20E Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. No detailed vulnerability details are currently available

TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the msg_process function via the Url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. TOTOLINK CA300-PoE is a wireless access point of China's Jiong Electronics (TOTOLINK) company

TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the recvUpgradeNewFw function via the fwUrl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. TOTOLINK of CA300-PoE Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK CA300-PoE is a wireless access point of China's Jiong Electronics (TOTOLINK) company

TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. TOTOLINK of CA300-PoE Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK CA300-PoE is a wireless access point from China's TOTOLINK Electronics

TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the msg_process function via the Port parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. TOTOLINK CA300-PoE is a wireless access point from China's TOTOLINK Electronics

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the msg_process function via the Url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. TOTOLINK CA600-PoE is an outdoor wireless AP/CPE device from China's TOTOLINK Electronics. No detailed vulnerability details are currently provided

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. TOTOLINK of CA600-PoE Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK CA600-PoE is an outdoor wireless AP/CPE device from China's TOTOLINK Electronics. No detailed vulnerability details are currently provided

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the recvUpgradeNewFw function via the fwUrl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. TOTOLINK of CA600-PoE Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK CA600-PoE is an outdoor wireless AP/CPE device from China's TOTOLINK Electronics. No detailed vulnerability details are currently provided

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. TOTOLINK CA600-PoE is an outdoor wireless AP/CPE device from China's TOTOLINK Electronics. No detailed vulnerability details are currently provided

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. TOTOLINK CA600-PoE is an outdoor wireless AP/CPE device from China's TOTOLINK Electronics. No detailed vulnerability details are currently provided

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. TOTOLINK CA600-PoE is an outdoor wireless AP/CPE device from China's TOTOLINK Electronics. No detailed vulnerability details are currently provided

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the msg_process function via the Port parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. TOTOLINK CA600-PoE is an outdoor wireless AP/CPE device from China's TOTOLINK Electronics. No detailed vulnerability details are currently provided

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the version parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. TOTOLINK CA600-PoE is an outdoor wireless AP/CPE device from China's TOTOLINK Electronics. No detailed vulnerability details are currently provided