VARIoT IoT vulnerabilities database

DCP-1610W series wireless black and white laser multifunction printer. Brother (China) Commercial Co., Ltd. DCP-1610W series has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

A vulnerability, which was classified as critical, has been found in Tenda RX3 16.03.13.11. This issue affects the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of RX3 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Attackers can exploit this vulnerability to cause a denial of service or execute arbitrary code

A vulnerability classified as critical was found in TOTOLINK A6000R 1.0.1-B20201211.2000. Affected by this vulnerability is the function apcli_cancel_wps of the file /usr/lib/lua/luci/controller/mtkwifi.lua. The manipulation leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of a6000r The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A6000R is a wireless router with excellent performance. No detailed vulnerability details are currently provided

A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects some unknown processing of the file /goform/wrlwpsset. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. of FH1202 There are unspecified vulnerabilities in the firmware.Information may be tampered with. Attackers can use this vulnerability to launch remote attacks to gain access rights

A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been declared as critical. This vulnerability affects unknown code of the file /goform/VirSerDMZ of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. of FH1202 There are unspecified vulnerabilities in the firmware.Information may be tampered with. No detailed vulnerability details are currently available

A vulnerability classified as problematic was found in Tenda W18E 16.01.0.11. Affected by this vulnerability is the function formSetAccountList of the file /goform/setModules. The manipulation of the argument Password leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of w18e An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Attackers can exploit this vulnerability to cause the program to crash

HP Color LaserJet Pro MFP M479fdw is a wireless color laser printer. HP Color LaserJet Pro MFP M479fdw of HP Trading (Shanghai) Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

CL4NX-Jplus is a smart barcode printer. SATO CL4NX-JPlus has a weak password vulnerability that can be exploited by attackers to obtain sensitive information.

A buffer overflow vulnerability has been discovered in Tenda Ac15 V15.13.07.13. The vulnerability occurs when the webCgiGetUploadFile function calls the socketRead function to process HTTP request messages, resulting in the overwriting of a buffer on the stack. Shenzhen Tenda Technology Co.,Ltd. of AC15 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

An issue in TOTOLINK x18 v.9.1.0cu.2024_B20220329 allows a remote attacker to execute arbitrary code via the sub_410E54 function of the cstecgi.cgi. TOTOLINK of x18 A code injection vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK X18 is a Gigabit router from China's Jiong Electronics Company. TOTOLINK X18 has a code execution vulnerability. The vulnerability originates from sub_410E54 of cstecgi.cgi, and attackers can exploit the vulnerability to execute arbitrary commands

A vulnerability, which was classified as problematic, has been found in Tenda AC23 16.03.07.52. This issue affects some unknown processing of the file /goform/VerAPIMant of the component API Interface. The manipulation of the argument getuid leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of ac23 A vulnerability exists in firmware related to improper shutdown and release of resources.Service operation interruption (DoS) It may be in a state. AC23 is a wireless router that provides high-speed wireless network connection. The vulnerability is caused by the improper processing of getuid parameters by the /goform/VerAPIMant component. An attacker can use this vulnerability to send specially crafted requests to cause a denial of service

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could exploit this vulnerability to execute arbitrary commands with root privileges. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software. Dell PowerProtect Data Domain is a data protection storage device launched by Dell Technologies. It is built on the Data Domain platform and is designed to build a network resilience foundation and achieve rapid data recovery. The vulnerability is caused by insufficient access control granularity

A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function ShutdownSetAdd of the file /goform/ShutdownSetAdd. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC10 The firmware contains a buffer error vulnerability, a stack-based buffer overflow vulnerability, and an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC10 is a home wireless router that provides wireless network connection and management functions. The vulnerability stems from the improper processing of the list parameter by the ShutdownSetAdd function in the /goform/ShutdownSetAdd file. An attacker can exploit this vulnerability to launch a remote attack, achieve a stack overflow, and then execute arbitrary code

HP LaserJet MFP M132nw is a multifunctional black and white laser printer. HP LaserJet MFP M132nw of HP Trading (Shanghai) Co., Ltd. has a command execution vulnerability, which can be exploited by attackers to execute arbitrary printer commands.

AC8 is a dual-band 3G wireless router suitable for fiber-optic homes within 1000M, supporting Gigabit ports, intelligent frequency selection, parental control and other functions. Shenzhen Jixiang Tengda Technology Co., Ltd. AC8 router has a binary vulnerability that can be exploited by attackers to cause a denial of service.

Schneider M340 is a high-performance mid-range PLC platform launched by Schneider Electric. Schneider M340 of Schneider Electric (China) Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

ZTE Corporation is a leading global provider of integrated communications solutions. ZTE Corporation's ZTE-IAD voice gateway has a weak password vulnerability that can be exploited by attackers to obtain sensitive information.

Maipu Communication Technology Co., Ltd. is a leading provider of network products and solutions in China. Maipu Multi-Service Fusion Gateway of Maipu Communication Technology Co., Ltd. has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

D-LINK DI-8100 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_net_asp function via the remot_ip parameter. D-Link Systems, Inc. of di-8100 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DI-8100 is a wireless broadband router designed for small and medium-sized network environments by China's D-Link Corporation. The vulnerability is caused by the remot_ip parameter in the ipsec_net_asp function failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

D-LINK DI-8100 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_road_asp function via the host_ip parameter. D-Link Systems, Inc. of di-8100 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DI-8100 is a wireless broadband router designed for small and medium-sized network environments by D-Link, a Chinese company. The vulnerability is caused by the host_ip parameter in the ipsec_road_asp function failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service