VARIoT IoT vulnerabilities database

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the key parameter in the SetWLanRadioSecurity function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. D-Link DIR-878 is a wireless router. D-Link DIR-882 is a dual-band wireless router

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the ExternalPort, InternalPort, ProtocolNumber, and LocalIPAddress parameters in the SetVirtualServerSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. D-Link DIR-878 is a wireless router. D-Link DIR-882 is a dual-band wireless router

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the LocalIPAddress, TCPPorts, and UDPPorts parameters in the SetPortForwardingSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. D-Link DIR-878 is a wireless router. D-Link DIR-882 is a dual-band wireless router

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the SSID parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. D-Link DIR-878 is a wireless router. D-Link DIR-882 is a dual-band wireless router

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the MacAddress parameter in the SetMACFilters2 function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. D-Link DIR-878 is a wireless router. D-Link DIR-882 is a dual-band wireless router

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the IPAddress parameter in the SetGuestZoneRouterSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. D-Link DIR-878 is a wireless router. D-Link DIR-882 is a dual-band wireless router

The affected product is vulnerable to an attacker being able to use commands without providing a password which may allow an attacker to leak information. Elvaco M-Bus Metering Gateway CMe3100 is an M-Bus metering gateway for fixed networks from Elvaco. There is an access control error vulnerability in the 1.12.1 version of Elvaco M-Bus Metering Gateway CMe3100

The affected product is vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute code. Elvaco M-Bus Metering Gateway CMe3100 is an M-Bus metering gateway for fixed networks from Elvaco

The affected product is vulnerable to a cross-site scripting attack which may allow an attacker to bypass authentication and takeover admin accounts. Elvaco M-Bus Metering Gateway CMe3100 is an M-Bus metering gateway for fixed networks from Elvaco

The affected product is vulnerable due to insufficiently protected credentials, which may allow an attacker to impersonate Elvaco and send false information. Elvaco M-Bus Metering Gateway CMe3100 is an M-Bus metering gateway for fixed networks from Elvaco. There is a security vulnerability in the 1.12.1 version of Elvaco M-Bus Metering Gateway CMe3100. The vulnerability is caused by insufficient credential protection

Tenda G3 v15.01.0.5(2848_755)_EN was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root. Tenda G3 is a QosVpn router from China's Tenda company

Mitsubishi PLC FX5UJ is a micro programmable controller. Mitsubishi Electric Mitsubishi PLC FX5UJ has a buffer overflow vulnerability. Attackers can exploit this vulnerability to modify the length field of the transmission control program data packet, causing the workstation to be unable to read the control program content.

The D-LINK DAR-7000-20 Internet Behavior Audit Gateway is a network behavior management and audit device for enterprise network environments. The D-LINK DAR-7000-20 Internet Behavior Audit Gateway of D-Link Electronics (Shanghai) Co., Ltd. has a command execution vulnerability, which can be exploited by attackers to obtain server permissions.

In TP-Link TL-WDR7660 v1.0, the guestRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. TP-LINK TL-WDR7660 is a Gigabit router from TP-LINK of China. TP-LINK TL-WDR7660 version 1.0 has a buffer overflow vulnerability. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

In TP-Link TL-WDR7660 1.0, the rtRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. TP-LINK TL-WDR7660 is a Gigabit router from TP-LINK of China. TP-LINK TL-WDR7660 version 1.0 has a buffer overflow vulnerability. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used. MB CONNECT LINE of mbnet.mini Products from multiple vendors, such as firmware, have vulnerabilities related to encryption strength.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost. helmholz of myrex24 v2 virtual server Unspecified vulnerabilities exist in products from multiple vendors.Service operation interruption (DoS) It may be in a state

Netgear R7000 1.0.11.136 is vulnerable to Command Injection in RMT_invite.cgi via device_name2 parameter. of netgear R7000 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR R7000 is a wireless router from NETGEAR. Attackers can exploit this vulnerability to cause arbitrary command execution

Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28, and Netgear EX3700 v1.0.0.96 are vulnerable to command injection in operating_mode.cgi via the ap_mode parameter. of netgear EX3700 firmware, EX6100 firmware, EX6120 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Netgear EX6120 v1.0.0.68 is vulnerable to Command Injection in genie_fix2.cgi via the wan_dns1_pri parameter. of netgear EX6120 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR EX6120 is a wireless extender from NETGEAR. Attackers can exploit this vulnerability to cause arbitrary command execution