VARIoT IoT vulnerabilities database
| VAR-202404-0248 | CVE-2023-49074 | TP-LINK AC1350 has an unspecified vulnerability (CNVD-2024-20286) |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
TP-LINK AC1350 is a router from China's TP-LINK company.
TP-LINK AC1350 has a security vulnerability that can be exploited by an attacker to cause a reset to factory settings through a series of specially crafted network requests.
| VAR-202404-0331 | CVE-2023-48724 | TP-LINK AC1350 Denial of Service Vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
TP-LINK AC1350 is a router from China's TP-LINK company.
TP-LINK AC1350 has a security vulnerability that can be exploited by attackers to cause a denial of service on the device's web interface via a specially crafted HTTP POST request.
| VAR-202404-1155 | No CVE | Beijing Xingwang Ruijie Network Technology Co., Ltd. RG-UAC 6000-E50C has a command execution vulnerability |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
Ruijie Networks, founded in 2003, is an industry-leading provider of network infrastructure and solutions.
RG-UAC 6000-E50C of Beijing Xingwang Ruijie Network Technology Co., Ltd. has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.
| VAR-202404-0250 | CVE-2023-49134 | TP-LINK AC1350/N300 Command Execution Vulnerability |
CVSS V2: 7.6 CVSS V3: - Severity: HIGH |
TP-LINK AC1350/N300 is a router from TP-LINK of China.
TP-LINK AC1350/N300 has a security vulnerability, which can be exploited by an attacker to execute arbitrary commands through a series of specially crafted network requests.
| VAR-202404-0249 | CVE-2023-49133 | TP-LINK AC1350 and N300 command injection vulnerability |
CVSS V2: 7.6 CVSS V3: - Severity: HIGH |
TP-LINK AC1350/N300 is a router from TP-LINK of China.
TP-LINK AC1350 and TP-LINK N300 have a command injection vulnerability. The vulnerability is caused by the tddpd enable_test_mode function failing to properly filter special characters and commands in constructing commands. Attackers can exploit this vulnerability to cause arbitrary command execution.
| VAR-202404-0371 | CVE-2023-49913 | TP-LINK AC1350 has an unspecified vulnerability (CNVD-2024-20287) |
CVSS V2: 8.3 CVSS V3: - Severity: HIGH |
TP-LINK AC1350 is a router from China's TP-LINK company.
TP-LINK AC1350 has a security vulnerability that can be exploited by an attacker to cause remote code execution through a series of specially crafted HTTP requests.
| VAR-202404-0124 | CVE-2024-3882 | Tenda W30E fromRouteStatic function buffer overflow vulnerability |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
A vulnerability was found in Tenda W30E 1.0.1.25(633). It has been classified as critical. Affected is the function fromRouteStatic of the file /goform/fromRouteStatic. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260916. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. The vulnerability is caused by the parameter page of the fromRouteStatic function of /goform/fromRouteStatic failing to correctly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack
| VAR-202404-0125 | CVE-2024-3881 | Tenda W30E frmL7PlotForm function stack buffer overflow vulnerability |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
A vulnerability was found in Tenda W30E 1.0.1.25(633) and classified as critical. This issue affects the function frmL7PlotForm of the file /goform/frmL7ProtForm. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260915. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Tenda W30E is a wireless router developed by Tenda. The device provides wireless network connection and Internet access.
In Tenda W30E 1.0.1.25(633) version, there is a stack buffer overflow vulnerability in the frmL7PlotForm function of the /goform/frmL7ProtForm file. The vulnerability is caused by improper processing of the incoming parameter page. A remote attacker can exploit this vulnerability to execute arbitrary code
| VAR-202404-0181 | CVE-2024-3880 | Tenda W30E Command Injection Vulnerability |
CVSS V2: 6.5 CVSS V3: 6.3 Severity: MEDIUM |
A vulnerability has been found in Tenda W30E 1.0.1.25(633) and classified as critical. This vulnerability affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-260914 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Tenda W30E is a wireless router device that provides Internet access, wireless coverage and other functions.
In the 1.0.1.25(633) version of Tenda W30E, the formWriteFacMac function of the /goform/WriteFacMac file has a command injection vulnerability, which can be exploited by attackers to execute arbitrary commands
| VAR-202404-0080 | CVE-2024-3879 | Tenda W30E formSetCfm function stack buffer overflow vulnerability |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
A vulnerability, which was classified as critical, was found in Tenda W30E 1.0.1.25(633). This affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260913 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Tenda W30E is a wireless router developed by Tenda, mainly used to provide stable network connections for homes and small offices.
There is a stack buffer overflow vulnerability in the formSetCfm function of the /goform/setcfm file in Tenda W30E 1.0.1.25(633) version. An attacker can exploit this vulnerability to cause a stack overflow by remotely manipulating the funcpara1 parameter
| VAR-202404-0164 | CVE-2024-3874 | Tenda W20E Stack Buffer Overflow Vulnerability |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
A vulnerability was found in Tenda W20E 15.11.0.6. It has been declared as critical. This vulnerability affects the function formSetRemoteWebManage of the file /goform/SetRemoteWebManage. The manipulation of the argument remoteIP leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260908. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Tenda W20E is a wireless router developed by Tenda, mainly used to provide wireless network connection and management functions. Attackers can exploit this vulnerability to execute arbitrary code
| VAR-202404-0086 | CVE-2024-23486 | Buffalo radio LAN Multiple vulnerabilities in routers |
CVSS V2: - CVSS V3: 6.5 Severity: Medium |
Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the product's login page may obtain configured credentials. None
| VAR-202404-0085 | CVE-2024-26023 | Buffalo radio LAN Multiple vulnerabilities in routers |
CVSS V2: - CVSS V3: 6.8 Severity: Medium |
OS command injection vulnerability in BUFFALO wireless LAN routers allows a logged-in user to execute arbitrary OS commands. None
| VAR-202404-0795 | No CVE | Ruijie NBR108G-P gateway has information leakage vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Ruijie Networks is a professional network manufacturer with a full range of network equipment product lines and solutions including switches, routers, software, security firewalls, wireless products, storage, etc.
Ruijie NBR108G-P gateway has an information leakage vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202404-0165 | CVE-2023-50821 | Siemens SIMATIC WinCC Denial of Service Vulnerability (CNVD-2024-17302) |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
SIMATIC PCS 7 is a process control system. SIMATIC WinCC is an automated supervisory control and data acquisition (SCADA) system. SIMATIC WinCC Runtime Professional is a visualization runtime platform for operators to control and monitor machines and equipment.
Siemens SIMATIC WinCC has a denial of service vulnerability, which is caused by the affected product failing to properly validate the input provided in the login dialog box. An attacker could exploit this vulnerability to cause a denial of service.
| VAR-202404-0059 | CVE-2024-280016 | NEC Aterm Multiple vulnerabilities in series |
CVSS V2: - CVSS V3: 4.3 Severity: Medium |
None
| VAR-202404-0055 | CVE-2024-280013 | NEC Aterm Multiple vulnerabilities in series |
CVSS V2: - CVSS V3: 4.3 Severity: Medium |
None
| VAR-202404-0058 | CVE-2024-280015 | NEC Aterm Multiple vulnerabilities in series |
CVSS V2: - CVSS V3: 6.8 Severity: Medium |
None
| VAR-202404-0057 | CVE-2024-280010 | NEC Aterm Multiple vulnerabilities in series |
CVSS V2: - CVSS V3: 6.5 Severity: Medium |
None
| VAR-202404-0056 | CVE-2024-280011 | NEC Aterm Multiple vulnerabilities in series |
CVSS V2: - CVSS V3: 4.3 Severity: Medium |
None