VARIoT IoT vulnerabilities database

Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via serverName2. Shenzhen Tenda Technology Co.,Ltd. of AC10 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the serverName2 parameter in AdvSetMacMtuWan failing to properly verify the length of the input data. Attackers can exploit this vulnerability to cause a denial of service

Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via serviceName2. Shenzhen Tenda Technology Co.,Ltd. of AC10 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC10 is a high-performance router with Gigabit ports for both WAN and LAN ports. There is a buffer overflow vulnerability in Tenda AC10 AdvSetMacMtuWan, which can be exploited by attackers to submit special requests and cause a denial of service attack

An unauthenticated attacker can obtain EV charger energy consumption information of other users. Growatt Cloud Applications is a monitoring platform of China's Growatt

Unauthenticated attackers can query information about total energy consumed by EV chargers of arbitrary users. Growatt New Energy of Cloud portal Exists in a user-controlled key authentication evasion vulnerability.Information may be obtained. Growatt Cloud Applications is a monitoring platform of China's Growatt

Unauthenticated attackers can send configuration settings to device and possible perform physical actions remotely (e.g., on/off). Growatt New Energy of Cloud portal contains a vulnerability related to external control of system configuration or settings.Information is tampered with and service operation is interrupted (DoS) It may be in a state. Growatt Cloud Applications is a monitoring platform of China's Growatt

Unauthenticated attackers can query an API endpoint and get device details. Growatt New Energy of Cloud portal Exists in a user-controlled key authentication evasion vulnerability.Information may be obtained. Growatt Cloud Applications is a monitoring platform of China's Growatt

Unauthenticated attackers can add devices of other users to their scenes (or arbitrary scenes of other arbitrary users). Growatt Cloud Applications is a monitoring platform of China's Growatt

An unauthenticated attacker can obtain a list of smart devices by knowing a valid username. Growatt New Energy of Cloud portal Exists in a user-controlled key authentication evasion vulnerability.Information may be obtained. Growatt Cloud Applications is a monitoring platform of China's Growatt

An unauthenticated attacker can obtain a user's plant list by knowing the username. Growatt Cloud Applications is a monitoring platform of China's Growatt

Unauthenticated attackers can obtain restricted information about a user's smart device collections (i.e., "rooms"). Growatt Cloud Applications is a monitoring platform of China's Growatt

An unauthenticated attacker can get users' emails by knowing usernames. A password reset email will be sent in response to this unsolicited request. Growatt New Energy of Cloud portal Exists in a user-controlled key authentication evasion vulnerability.Information may be obtained. Growatt Cloud Applications is a monitoring platform of China's Growatt. Growatt Cloud Applications 3.6.0 and earlier versions have an authorization bypass vulnerability that can be exploited by unauthenticated attackers to obtain user emails by knowing the username, resulting in the sending of password reset emails

Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via mac2. Shenzhen Tenda Technology Co.,Ltd. of AC10 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC10 has a buffer overflow vulnerability, which is caused by the mac2 parameter in AdvSetMacMtuWan failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the pin parameter in the function setWiFiWpsConfig. TOTOLINK of n600r A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N600R is a wireless router produced by China's TOTOLINK Electronics. TOTOLINK N600R has a buffer overflow vulnerability. The vulnerability is caused by the pin parameter in the setWiFiWpsConfig function failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to cause a denial of service

Totolink N600R v4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the macCloneMac parameter in the setWanConfig function. TOTOLINK of n600r A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N600R is a wireless router produced by China's TOTOLINK Electronics. TOTOLINK N600R has a buffer overflow vulnerability. The vulnerability is caused by the macCloneMac parameter in the setWanConfig function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3_1.0.15 was discovered to contain a command injection vulnerability via the groupname at the /boafrm/formDiskCreateGroup. EDIMAX Technology of BR-6478AC V3 Firmware contains a command injection vulnerability.Information may be obtained and information may be tampered with. Edimax BR-6478AC is a dual-band Gigabit router from China's Edimax. Edimax BR-6478AC has a command execution vulnerability, which is caused by the groupname parameter in /boafrm/formDiskCreateGroup failing to properly filter special characters and commands in the constructed command. Attackers can exploit this vulnerability to cause arbitrary command execution

The TOTOLINK A810R V4.1.2cu.5182_B20201026 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter. TOTOLINK of A810R The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A810R is a wireless dual-band router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to execute arbitrary commands

TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in the downloadFile.cgi. TOTOLINK A800R is a wireless router produced by China's TOTOLINK Electronics. No detailed vulnerability details are currently provided

HP Ink Tank Wireless 410 series is a color inkjet multifunction printer that integrates printing, copying, scanning and wireless functions. HP Ink Tank Wireless 410 series has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information.

A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been rated as critical. This issue affects the function auth_asp of the file /auth.asp of the component jhttpd. The manipulation of the argument callback leads to stack-based buffer overflow. The attack needs to be approached within the local network. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of di-8100 The firmware contains a buffer error vulnerability, a stack-based buffer overflow vulnerability, and an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DI-8100 is a broadband router designed by D-Link for small and medium-sized network environments. D-Link DI-8100 has a stack buffer overflow vulnerability. No detailed vulnerability details are currently available

CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could lead to loss of confidentiality when a malicious user, having physical access, sets the radio in factory default mode where the product does not correctly initialize all data. Schneider Electric Trio Q Licensed Data Radio is a radio produced by Schneider Electric of France. Schneider Electric Trio Q Licensed Data Radio has an information leakage vulnerability. The vulnerability is caused by insecure resource initialization. Attackers can exploit this vulnerability to obtain sensitive information