VARIoT IoT vulnerabilities database

FH451 is a 450Mbps home wireless router launched by Tenda. Shenzhen Jixiang Tenda Technology Co., Ltd. FH451 has a binary vulnerability that can be exploited by attackers to cause a denial of service.

H3C NX54 is a Gigabit dual-band router that supports Wi-Fi 6 (802.11ax) protocol. H3C NX54 of H3C Technologies Co., Ltd. has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been rated as critical. This issue affects the function formRoute of the file /boafrm/formRoute. The manipulation of the argument subnet leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK A3002R is a wireless router produced by China's TOTOLINK Electronics Company. TOTOLINK A3002R has a stack buffer overflow vulnerability. The vulnerability is caused by the failure of the parameter subnet in the file /boafrm/formRoute to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been declared as critical. This vulnerability affects the function formWlanMultipleAP of the file /boafrm/formWlanMultipleAP. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK A3002R is a wireless router produced by China's TOTOLINK Electronics. The vulnerability is caused by the parameter submit-url in the file /boafrm/formWlanMultipleAP failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been classified as critical. This affects the function formWlSiteSurvey of the file /boafrm/formWlSiteSurvey. The manipulation of the argument wlanif leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK A3002R is a wireless router from China's TOTOLINK Electronics. TOTOLINK A3002R has a command injection vulnerability, which is caused by the parameter wlanif in the file /boafrm/formWlSiteSurvey failing to properly filter special characters and commands in the constructed command. No detailed vulnerability details are currently available

H3C NX15 is a home wireless router. H3C NX15 of H3C Technologies Co., Ltd. has a command execution vulnerability, and attackers can exploit the vulnerability to execute commands.

DI-8200 is an enterprise-level router from China's D-Link. D-Link DI-8200 has a command injection vulnerability that can be exploited by attackers to execute arbitrary commands.

H3C NX15 is a home wireless router. H3C NX15 of H3C Technologies Co., Ltd. has an unauthorized access vulnerability. Attackers can use this vulnerability to log in to telnet and obtain system permissions.

Quanxun Huiju Network Technology (Beijing) Co., Ltd. was established in 2013. iKuai is the company's product brand, and iKuic is the company's overseas product brand. iKuai of Quanxun Huiju Network Technology (Beijing) Co., Ltd. has an arbitrary file read vulnerability, and attackers can exploit the vulnerability to obtain sensitive information.

H3C NX15 is a home wireless router. H3C NX15 of H3C Technologies Co., Ltd. has a command execution vulnerability, and attackers can exploit the vulnerability to execute commands.

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. This vulnerability affects unknown code of the file /boafrm/formIpv6Setup of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK X15 is a network wireless extender from China's TOTOLINK Electronics. TOTOLINK X15 has a buffer overflow vulnerability, which is caused by the parameter submit-url in the file /boafrm/formIpv6Setup failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability was found in TOTOLINK N300RH 6.1c.1390_B20191101 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formPortFw of the component HTTP POST Message Handler. The manipulation of the argument service_type leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of N300RH The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N300RH is a long-distance wireless router from China's TOTOLINK Electronics. TOTOLINK N300RH has a buffer overflow vulnerability, which is caused by the parameter service_type in the file /boafrm/formPortFw failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability, which was classified as critical, was found in TOTOLINK X15 1.0.0-B20230714.1105. Affected is an unknown function of the file /boafrm/formIPv6Addr of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK X15 is a network wireless extender from China's TOTOLINK Electronics. TOTOLINK X15 has a buffer overflow vulnerability, which is caused by the parameter submit-url in the file /boafrm/formIPv6Addr failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

LB-LINK X26 is a ‌Wi-Fi 5 wireless router‌. Shenzhen Bilian Electronics Co., Ltd. LB-LINK X26 has a command execution vulnerability, and attackers can exploit the vulnerability to execute commands.

EG3000CE is a new generation of high-performance integrated gateway. Beijing Xingwang Ruijie Network Technology Co., Ltd. EG3000CE has an information leakage vulnerability, and attackers can exploit the vulnerability to obtain sensitive information.

HL-L2360D series is a multi-function all-in-one printer. Brother (China) Commercial Co., Ltd. HL-L2360D series has a weak password vulnerability, which can be exploited by attackers to log in to the system and obtain sensitive information.

ACTi provides a full range of surveillance products - IP cameras, video management systems, video wall systems, mobile applications, IoT devices and access control systems. ACTIACTI video surveillance has an arbitrary file read vulnerability that can be exploited by attackers to obtain sensitive information.

Chengdu Zhenshi Technology Development Co., Ltd. is a high-tech research enterprise focusing on intelligent video, computer vision and artificial intelligence. Chengdu Zhenshi Technology Development Co., Ltd.'s high-definition license plate recognition camera has a weak password vulnerability, which can be exploited by attackers to log in to the system and obtain sensitive information.

A vulnerability, which was classified as critical, was found in D-Link DIR-619L 2.06B01. This affects the function formSetWizard1 of the file /goform/formSetWizard1. The manipulation of the argument curTime leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link DIR-619L is a wireless router designed for home and small office environments. It adopts the IEEE 802.11n wireless standard and has a maximum transmission rate of 300Mbps. D-Link DIR-619L /goform/formSetWizard1 has a stack overflow vulnerability. The vulnerability is caused by improper memory buffer operation restrictions. Remote attackers can use this vulnerability to submit special requests, which can cause the application to crash or execute arbitrary code in the application context

A vulnerability, which was classified as critical, has been found in D-Link DIR-619L 2.06B01. Affected by this issue is the function formSetEnableWizard of the file /goform/formSetEnableWizard. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link DIR-619L is a wireless router designed for home and small office environments. It adopts the IEEE 802.11n wireless standard and has a maximum transmission rate of 300Mbps. D-Link DIR-619L /goform/formSetEnableWizard has a stack overflow vulnerability. The vulnerability is caused by improper memory buffer operation restrictions. Remote attackers can use this vulnerability to submit special requests, which can cause the application to crash or execute arbitrary code in the application context