VARIoT IoT vulnerabilities database

A vulnerability was found in Tenda AC7 15.03.06.44. The affected element is an unknown function of the file /goform/WifiMacFilterSet. Performing manipulation of the argument wifi_chkHz results in stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made public and could be used. of AC7 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability stems from the failure of the wifi_chkHz parameter in the file /goform/WifiMacFilterSet to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service

A vulnerability has been found in Tenda AC7 15.03.06.44. Impacted is an unknown function of the file /goform/SetUpnpCfg. Such manipulation of the argument upnpEn leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. of AC7 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability stems from the failure of the upnpEn parameter in the file /goform/SetUpnpCfg to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A flaw has been found in Tenda AC7 15.03.06.44. This issue affects some unknown processing of the file /goform/SetDDNSCfg. This manipulation of the argument ddnsEn causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used. The Tenda AC7 is a wireless router from the Chinese company Tenda. This vulnerability stems from the failure of the ddnsEn parameter in the /goform/SetDDNSCfg file to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability was detected in Tenda AC7 15.03.06.44. This vulnerability affects unknown code of the file /goform/AdvSetLanip. The manipulation of the argument lanIp results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC7 The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability stems from the failure to properly sanitize special characters and commands in the lanIp parameter in the file /goform/AdvSetLanip. An attacker could exploit this vulnerability to execute arbitrary commands

The COMELIT IPCAM768ZA is a webcam. The COMELIT IPCAM768ZA has a weak password vulnerability that attackers could exploit to obtain sensitive information.

The Cisco SPA514G is an IP telephony-enabled device featuring four voice lines, a Gigabit Ethernet switch (2 ports), PoE power, and an LCD display. The Cisco SPA514G contains an unauthorized access vulnerability that could be exploited by attackers to obtain sensitive information.

Chung-Chi Technology Co., Ltd., founded in 1986, offers a series of industry-leading DOCSIS (Domain-Oriented Broadband Access Network) equipment and related network products. A weak password vulnerability exists in Chung-Chi Technology Co., Ltd.'s NUX-6374R device, which attackers could exploit to obtain sensitive information.

The RG-MA2862 is a gigabit dual-band router. The RG-MA2862 router, manufactured by Beijing Star-Net Ruijie Networks Technology Co., Ltd., contains a command execution vulnerability that attackers could exploit to execute arbitrary commands.

The COMELIT IPCAM723A is a webcam. The COMELIT IPCAM723A has a weak password vulnerability that attackers could exploit to obtain sensitive information.

An out-of-bounds read vulnerability exists in VS6ComFile!load_link_inf of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution. None. Fuji Electric V-SFT is a human-machine interface (HMI) configuration software developed by Fuji Electric, primarily used for touchscreen interface design, PDF document viewing, video playback, and alarm message management in industrial automation. This vulnerability stems from the VS6ComFile component's load_link_inf function failing to properly validate the length of input data

A security vulnerability has been detected in TOTOLINK N600R up to 4.3.0cu.7866_B20220506. This impacts the function setWiFiBasicConfig of the file /cgi-bin/cstecgi.cgi of the component HTTP Request Handler. Such manipulation of the argument wepkey leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. TOTOLINK of n600r The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK N600R is a dual-band wireless router released by the Korean brand TOTOLINK in 2013. It supports concurrent operation in the 2.4GHz and 5GHz bands and offers a maximum wireless transmission rate of 300Mbps. The TOTOLINK N600R suffers from a buffer overflow vulnerability caused by the wepkey parameter in the /cgi-bin/cstecgi.cgi file failing to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability was found in Tenda CH22 1.0.0.1. This affects the function formSafeEmailFilter of the file /goform/SafeEmailFilter. Performing manipulation of the argument page results in memory corruption. The attack is possible to be carried out remotely. The exploit has been made public and could be used. of ch22 A buffer error vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability stems from the failure of the formSafeEmailFilter function in the file /goform/SafeEmailFilter to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service

A security vulnerability has been detected in Tenda CH22 up to 1.0.0.1. This issue affects the function formWrlsafeset of the file /goform/AdvSetWrlsafeset of the component HTTP Request Handler. The manipulation of the argument mit_ssid_index leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. Shenzhen Tenda Technology Co.,Ltd. of ch22 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability stems from the failure of the mit_ssid_index parameter of the formWrlsafeset function in the file /goform/AdvSetWrlsafeset to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A security vulnerability has been detected in D-Link DI-7001 MINI 24.04.18B1. The affected element is an unknown function of the file /dbsrv.asp. Such manipulation of the argument str leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. D-Link Corporation of DI-7001MINI-8G The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DI-7001 MINI is a multi-function smart gateway from D-Link, a Chinese company. The D-Link DI-7001 MINI suffers from a buffer overflow vulnerability caused by improper bounds checking in the /dbsrv.asp file. An attacker could exploit this vulnerability to execute arbitrary code or cause the application to crash

A weakness has been identified in D-Link DI-7001 MINI 24.04.18B1. Impacted is an unknown function of the file /upgrade_filter.asp. This manipulation of the argument path causes os command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. D-Link Corporation of DI-7001MINI-8G The firmware contains a command injection vulnerability. OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DI-7001 MINI is a multi-function smart gateway from D-Link, a Chinese company. The D-Link DI-7001 MINI suffers from an operating system command injection vulnerability that could allow an attacker to execute arbitrary code on the system

A security flaw has been discovered in Tenda AC15 15.03.05.18. Affected is an unknown function of the file /goform/saveAutoQos. Performing manipulation of the argument enable results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. Shenzhen Tenda Technology Co.,Ltd. of AC15 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability stems from the failure of the enable parameter in the file /goform/saveAutoQos to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability was identified in Tenda AC15 15.03.05.18. This impacts an unknown function of the file /goform/setNotUpgrade. Such manipulation of the argument newVersion leads to stack-based buffer overflow. The attack may be launched remotely. The exploit is publicly available and might be used. The Tenda AC15 is a dual-band wireless router launched by Shenzhen Jixiang Tengda Technology Co., Ltd. in October 2015. It supports the 802.11ac protocol and is designed primarily for home networking environments. This vulnerability stems from the failure of the parameter "newVersion" in the file "/goform/setNotUpgrade" to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability was determined in Tenda AC15 15.03.05.18. This affects an unknown function of the file /goform/fast_setting_pppoe_set. This manipulation of the argument Password causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. Shenzhen Tenda Technology Co.,Ltd. of AC15 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability could allow an attacker to execute arbitrary code or cause a denial of service

A vulnerability was found in Tenda AC15 15.03.05.18. The impacted element is an unknown function of the file /goform/SetDDNSCfg of the component POST Parameter Handler. The manipulation of the argument ddnsEn results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used. of AC15 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. in October 2015. It supports the 802.11ac protocol and is designed primarily for home networking environments. This vulnerability stems from the failure of the parameter ddnsEn in the file /goform/SetDDNSCfg to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability has been found in Tenda AC20 up to 16.03.08.12. The affected element is the function sscanf of the file /goform/fast_setting_wifi_set. The manipulation of the argument timeZone leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. of AC20 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Detailed vulnerability details are currently unavailable