VARIoT IoT vulnerabilities database
| VAR-202411-0467 | CVE-2024-51024 | D-Link DIR-823G SetWanSettings function command injection vulnerability |
CVSS V2: 7.7 CVSS V3: 8.0 Severity: HIGH |
D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection vulnerability via the HostName parameter in the SetWanSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. D-Link DIR-823G is a wireless router from D-Link, a Chinese company
| VAR-202411-0986 | CVE-2024-51022 | NETGEAR XR300 bridge_wireless_main.cgi component ssid parameter buffer overflow vulnerability |
CVSS V2: 5.5 CVSS V3: 5.7 Severity: MEDIUM |
Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the ssid parameter in bridge_wireless_main.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. NETGEAR XR300 is a wireless router from NETGEAR.
NETGEAR XR300 v1.0.3.78 has a buffer overflow vulnerability. The vulnerability is caused by the ssid parameter in the bridge_wireless_main.cgi component failing to properly verify the length of the input data
| VAR-202411-0353 | CVE-2024-51020 | NETGEAR R7000P usbISP_detail_edit.cgi component buffer overflow vulnerability |
CVSS V2: 5.5 CVSS V3: 5.7 Severity: MEDIUM |
Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the apn parameter at usbISP_detail_edit.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. NETGEAR R7000P is a wireless router from NETGEAR. The vulnerability is caused by the apn parameter in the usbISP_detail_edit.cgi component failing to properly verify the length of the input data
| VAR-202411-0627 | CVE-2024-51019 | NETGEAR R7000P pppoe.cgi component buffer overflow vulnerability |
CVSS V2: 5.5 CVSS V3: 5.7 Severity: MEDIUM |
Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pppoe_localnetmask parameter at pppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. NETGEAR R7000P is a wireless router from NETGEAR. The vulnerability is caused by the pppoe_localnetmask parameter in the pppoe.cgi component failing to properly verify the length of the input data
| VAR-202411-0331 | CVE-2024-51018 | NETGEAR R7000P pptp.cgi component buffer overflow vulnerability |
CVSS V2: 5.5 CVSS V3: 5.7 Severity: MEDIUM |
Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. NETGEAR R7000P is a wireless router from NETGEAR. The vulnerability is caused by the pptp_user_netmask parameter in the pptp.cgi component failing to properly verify the length of the input data
| VAR-202411-0332 | CVE-2024-51017 | NETGEAR R7000P l2tp.cgi component buffer overflow vulnerability |
CVSS V2: 5.5 CVSS V3: 5.7 Severity: MEDIUM |
Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the l2tp_user_netmask parameter at l2tp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. NETGEAR R7000P is a wireless router from NETGEAR. The vulnerability is caused by the l2tp_user_netmask parameter in the l2tp.cgi component failing to properly verify the length of the input data
| VAR-202411-1772 | CVE-2024-51016 | NETGEAR XR300 usb_approve.cgi component buffer overflow vulnerability |
CVSS V2: 5.5 CVSS V3: 5.7 Severity: MEDIUM |
Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the addName%d parameter in usb_approve.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. NETGEAR XR300 is a wireless router from NETGEAR. The vulnerability is caused by the addName%d parameter in the usb_approve.cgi component failing to properly verify the length of the input data
| VAR-202411-0329 | CVE-2024-51015 | NETGEAR R7000P Command Injection Vulnerability |
CVSS V2: 5.5 CVSS V3: 5.7 Severity: MEDIUM |
Netgear R7000P v1.3.3.154 was discovered to contain a command injection vulnerability via the device_name2 parameter at operation_mode.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. NETGEAR R7000P is a wireless router from NETGEAR. The vulnerability is caused by the device_name2 parameter in the operation_mode.cgi component failing to properly filter special characters and commands in the constructed command
| VAR-202411-1099 | CVE-2024-51014 | NETGEAR XR300 bridge_wireless_main.cgi component ssid_an parameter buffer overflow vulnerability |
CVSS V2: 5.5 CVSS V3: 5.7 Severity: MEDIUM |
Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the ssid_an parameter in bridge_wireless_main.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. NETGEAR XR300 is a wireless router from NETGEAR.
NETGEAR XR300 v1.0.3.78 has a security vulnerability. The vulnerability is caused by a buffer overflow vulnerability in the ssid_an parameter in the bridge_wireless_main.cgi component
| VAR-202411-0330 | CVE-2024-51013 | NETGEAR R7000P wireless.cgi component buffer overflow vulnerability |
CVSS V2: 5.5 CVSS V3: 5.7 Severity: MEDIUM |
Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the RADIUSAddr%d_wla parameter at wireless.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. NETGEAR R7000P is a wireless router from NETGEAR. The vulnerability is caused by the RADIUSAddr%d_wla parameter in the wireless.cgi component failing to properly verify the length of the input data
| VAR-202411-0626 | CVE-2024-51012 | NETGEAR R8500 ipv6_fix.cgi component ipv6_pri_dns parameter buffer overflow vulnerability |
CVSS V2: 5.5 CVSS V3: 5.7 Severity: MEDIUM |
Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the ipv6_pri_dns parameter at ipv6_fix.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. NETGEAR R8500 is a wireless router from NETGEAR. The vulnerability is caused by the failure of the ipv6_pri_dns parameter in the ipv6_fix.cgi component to properly verify the length of the input data
| VAR-202411-0607 | CVE-2024-51009 | NETGEAR R8500 ether.cgi component command injection vulnerability |
CVSS V2: 7.7 CVSS V3: 8.0 Severity: HIGH |
Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at ether.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. NETGEAR R8500 is a wireless router from NETGEAR. The vulnerability is caused by the wan_gateway parameter in the ether.cgi component failing to properly filter special characters and commands in constructing commands
| VAR-202411-0466 | CVE-2024-51008 | NETGEAR XR300 wiz_dyn.cgi component command injection vulnerability |
CVSS V2: 7.7 CVSS V3: 8.0 Severity: HIGH |
Netgear XR300 v1.0.3.78 was discovered to contain a command injection vulnerability in the system_name parameter at wiz_dyn.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. NETGEAR XR300 is a wireless router from NETGEAR. The vulnerability is caused by the system_name parameter in the wiz_dyn.cgi component failing to properly filter special characters and commands in the constructed command
| VAR-202411-1757 | CVE-2024-51007 | NETGEAR XR300 wireless.cgi component buffer overflow vulnerability |
CVSS V2: 5.5 CVSS V3: 5.7 Severity: MEDIUM |
Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the passphrase parameter at wireless.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. NETGEAR XR300 is a wireless router from NETGEAR.
NETGEAR XR300 v1.0.3.78 has a buffer overflow vulnerability. The vulnerability is caused by the passphrase parameter in the wireless.cgi component failing to properly verify the length of the input data
| VAR-202411-0528 | CVE-2024-51006 | NETGEAR R8500 ipv6_tunnel function buffer overflow vulnerability |
CVSS V2: 5.5 CVSS V3: 5.7 Severity: MEDIUM |
Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the ipv6_static_ip parameter in the ipv6_tunnel function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. NETGEAR R8500 is a wireless router from NETGEAR.
NETGEAR R8500 v1.0.2.160 has a buffer overflow vulnerability. The vulnerability is caused by the ipv6_static_ip parameter in the ipv6_tunnel function failing to properly verify the length of the input data
| VAR-202411-1028 | CVE-2024-51005 | NETGEAR R8500 usb_remote_smb_conf.cgi component command injection vulnerability |
CVSS V2: 7.7 CVSS V3: 8.0 Severity: HIGH |
Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the share_name parameter at usb_remote_smb_conf.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. NETGEAR R8500 is a wireless router from NETGEAR. The vulnerability is caused by the failure of share_name in the usb_remote_smb_conf.cgi component to properly filter special characters and commands in constructing commands
| VAR-202411-1064 | CVE-2024-51004 | NETGEAR R8500/R7000P usb_device.cgi component buffer overflow vulnerability |
CVSS V2: 5.5 CVSS V3: 5.7 Severity: MEDIUM |
Netgear R8500 v1.0.2.160 and R7000P v1.3.3.154 were discovered to multiple stack overflow vulnerabilities in the component usb_device.cgi via the cifs_user, read_access, and write_access parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted POST request. NETGEAR R8500/R7000P is a wireless router from NETGEAR. The vulnerability is caused by the failure of cifs_user, read_access, and write_access in the usb_device.cgi component to properly verify the length of the input data
| VAR-202411-0575 | CVE-2024-51001 | NETGEAR R8500 ddns.cgi component buffer overflow vulnerability |
CVSS V2: 5.5 CVSS V3: 5.7 Severity: MEDIUM |
Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the sysDNSHost parameter at ddns.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. NETGEAR R8500 is a wireless router from NETGEAR. The vulnerability is caused by the sysDNSHost parameter in the ddns.cgi component failing to properly verify the length of the input data
| VAR-202411-1014 | CVE-2024-51000 | NETGEAR R8500 wireless.cgi component buffer overflow vulnerability |
CVSS V2: 5.5 CVSS V3: 5.7 Severity: MEDIUM |
Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component wireless.cgi via the opmode, opmode_an, and opmode_an_2 parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted POST request. NETGEAR R8500 is a wireless router from NETGEAR.
NETGEAR R8500 v1.0.2.160 has a buffer overflow vulnerability. The vulnerability is caused by the failure of the opmode, opmode_an, and opmode_an_2 parameters in the wireless.cgi component to properly verify the length of the input data
| VAR-202411-1088 | CVE-2024-50999 | NETGEAR R8500 password.cgi component command injection vulnerability |
CVSS V2: 5.5 CVSS V3: 5.7 Severity: MEDIUM |
Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the sysNewPasswd parameter at password.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. NETGEAR R8500 is a wireless router from NETGEAR. The vulnerability is caused by the sysNewPasswd parameter in the password.cgi component failing to properly filter special characters and commands in the constructed command