VARIoT IoT vulnerabilities database

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the svn parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. TOTOLINK of CA600-PoE Firmware contains a command injection vulnerability.Information may be obtained and information may be tampered with. TOTOLINK CA600-PoE is an outdoor wireless AP/CPE device from China's TOTOLINK Electronics. No detailed vulnerability details are currently provided

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the magicid parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. TOTOLINK CA600-PoE is an outdoor wireless AP/CPE device from China's TOTOLINK Electronics. No detailed vulnerability details are currently provided

TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setUploadUserData function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. TOTOLINK of cp900 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK CPE CP900 is an outdoor wireless CPE device from China's TOTOLINK Electronics. No detailed vulnerability details are currently provided

TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url or magicid parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. TOTOLINK of cp900 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK CPE CP900 is an outdoor wireless CPE device from China's TOTOLINK Electronics. No detailed vulnerability details are currently provided

TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setApRebootScheCfg function via the hour or minute parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. TOTOLINK of cp900 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK CPE CP900 is an outdoor wireless CPE device from China's TOTOLINK Electronics. No detailed vulnerability details are currently provided

TOTOLINK CP900 V6.3c.1144_B20190715 was found to contain a command injection vulnerability in the setUpgradeUboot function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. TOTOLINK of cp900 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK CP900 is a wireless router from China's TOTOLINK Electronics. No detailed vulnerability details are currently provided

D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in iptablesWebsFilterRun, which allows remote attackers to execute arbitrary commands via shell. D-Link Systems, Inc. of DIR-816 A2 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-816 A2 is a wireless router from D-Link, a Chinese company. D-Link DIR-816 A2 has a command injection vulnerability, which is caused by iptablesWebsFilterRun failing to properly filter special characters and commands in constructed commands. No detailed vulnerability details are currently available

A vulnerability was found in Netgear EX6200 1.0.3.94. It has been declared as critical. This vulnerability affects the function sub_54340. The manipulation of the argument host leads to buffer overflow. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way. of netgear EX6200 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the sub_54340 function parameter host failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability was found in Netgear EX6200 1.0.3.94. It has been classified as critical. This affects the function sub_54014. The manipulation of the argument host leads to buffer overflow. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. of netgear EX6200 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the sub_54014 function parameter host failing to correctly verify the length of the input data. Attackers can use this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability was found in Netgear EX6200 1.0.3.94 and classified as critical. Affected by this issue is the function sub_503FC. The manipulation of the argument host leads to buffer overflow. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. of netgear EX6200 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR EX6200 is a wireless network signal extender from NETGEAR. The vulnerability is caused by the sub_503FC function parameter host failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability has been found in Netgear EX6200 1.0.3.94 and classified as critical. Affected by this vulnerability is the function sub_47F7C. The manipulation of the argument host leads to buffer overflow. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. of netgear EX6200 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR EX6200 is a wireless network signal extender from NETGEAR. The vulnerability is caused by the sub_47F7C function parameter host failing to correctly verify the length of the input data. Attackers can use this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability, which was classified as critical, was found in Netgear EX6200 1.0.3.94. Affected is the function sub_41940. The manipulation of the argument host leads to buffer overflow. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. of netgear EX6200 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR EX6200 is a wireless network signal extender from NETGEAR. The vulnerability is caused by the sub_41940 function parameter host failing to correctly verify the length of the input data. Attackers can use this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability, which was classified as critical, has been found in Netgear EX6200 1.0.3.94. This issue affects the function sub_3D0BC. The manipulation of the argument host leads to buffer overflow. The attack may be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way. of netgear EX6200 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR EX6200 is a wireless network signal extender from NETGEAR. The vulnerability is caused by the sub_3D0BC function parameter host failing to correctly verify the length of the input data. Attackers can use this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability has been found in Netgear EX6200 1.0.3.94 and classified as critical. This vulnerability affects the function sub_3C8EC. The manipulation of the argument host leads to buffer overflow. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way. of netgear EX6200 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR EX6200 is a wireless network signal extender from NETGEAR. The vulnerability is caused by the sub_3C8EC function parameter host failing to correctly verify the length of the input data. Attackers can use this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability, which was classified as critical, was found in Netgear EX6200 1.0.3.94. This affects the function sub_3C03C. The manipulation of the argument host leads to buffer overflow. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. of netgear EX6200 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR EX6200 is a wireless network signal extender from NETGEAR. The vulnerability is caused by the sub_3C03C function parameter host failing to correctly verify the length of the input data. Attackers can use this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability, which was classified as critical, has been found in Netgear EX6120 1.0.3.94. Affected by this issue is the function sub_30394. The manipulation of the argument host leads to buffer overflow. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. of netgear EX6120 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR EX6120 is a wireless extender from NETGEAR. The vulnerability is caused by the sub_30394 function parameter host failing to correctly verify the length of the input data. Attackers can use this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability classified as critical was found in Netgear EX6120 1.0.0.68. Affected by this vulnerability is the function fwAcosCgiInbound. The manipulation of the argument host leads to buffer overflow. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. of netgear EX6120 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR EX6120 is a wireless extender from NETGEAR. The vulnerability is caused by the failure of the parameter host of the fwAcosCgiInbound function to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface, which in specific conditions could potentially enable a remote unauthenticated attacker to cause the appliance to make requests to an unintended location. SonicWALL of SMA1000 A server-side request forgery vulnerability exists in the firmware.Information may be obtained and information may be tampered with

A vulnerability was found in Netgear WG302v2 up to 5.2.9 and classified as critical. Affected by this issue is the function ui_get_input_value. The manipulation of the argument host leads to command injection. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. of netgear wg302v2 The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR WG302v2 is a wireless access point from NETGEAR. NETGEAR WG302v2 has a command injection vulnerability, which is caused by the failure of the ui_get_input_value function parameter host to properly filter special characters and commands in constructing commands. No detailed vulnerability details are currently available

A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been rated as critical. Affected by this issue is the function sub_435E04. The manipulation of the argument host leads to command injection. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. of netgear jwnr2000v2 The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR JWNR2000v2 has a command injection vulnerability, which is caused by the sub_435E04 function parameter host failing to properly filter special characters and commands in the constructed command. No detailed vulnerability details are currently available