VARIoT IoT vulnerabilities database

Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromSetSysTime function via the ntpServer parameter. Shenzhen Tenda Technology Co.,Ltd. of AX3 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. The Tenda AX3 is a dual-band gigabit wireless router for home use, launched by Tenda Technology. It supports the Wi-Fi 6 (802.11ax) standard and emphasizes high-performance network coverage and stable connections. This vulnerability stems from the fact that the ntpServer parameter in the fromSetSysTime function fails to properly validate the length of the input data. Attackers can exploit this vulnerability to cause a denial-of-service attack

D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formSysCmd function via the submit-url parameter. D-Link Systems, Inc. of DIR-619L An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. The D-Link DIR-619L is a home wireless router from D-Link, designed for home and small office environments. It utilizes the IEEE 802.11n wireless standard and offers a maximum transmission rate of 300Mbps. This vulnerability stems from the failure of the submit-url parameter in the formSysCmd function to properly validate the length of input data. An attacker could exploit this vulnerability to cause a denial of service

D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formWlanSetup function via the parameter f_wds_wepKey. D-Link Systems, Inc. of DIR-619L An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. The D-Link DIR-619L is a home wireless router from D-Link, designed for home and small office environments. It utilizes the IEEE 802.11n wireless standard and offers a maximum transmission rate of 300Mbps. This vulnerability stems from the failure of the f_wds_wepKey parameter in the formWlanSetup function to properly validate the length of input data. An attacker could exploit this vulnerability to cause a denial of service

The HP Photosmart 6520 is an all-in-one printer. The HP Photosmart 6520 has an unauthorized access vulnerability that could allow an attacker to obtain sensitive information.

The RICOH MP 6054 is a black-and-white digital multifunction printer. The RICOH MP 6054 has a weak password vulnerability that could allow attackers to log into the system and obtain sensitive information.

The HP LaserJet Pro MFP M225dn is a multifunction laser printer. The HP LaserJet Pro MFP M225dn has a weak password vulnerability that could allow attackers to log into the system and obtain sensitive information.

The HP Photosmart d110a is an all-in-one printer. The HP Photosmart d110a has an unauthorized access vulnerability that could allow an attacker to obtain sensitive information.

A vulnerability was found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /etc_ro/shadow of the component MD5 Hash Handler. Performing manipulation results in hard-coded credentials. The attack needs to be approached locally. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The exploit has been made public and could be used. of AC10 The firmware contains vulnerabilities related to the use of hard-coded passwords and vulnerabilities related to the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A security flaw has been discovered in TOTOLINK A720R 4.1.5cu.630_B20250509. This issue affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument desc results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited. TOTOLINK of A720R The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK A702R is a wireless router manufactured by the Chinese company TOTOLINK, primarily used for home network connectivity and signal coverage. The TOTOLINK A702R suffers from a buffer overflow vulnerability caused by a failure to properly validate the length of input data in the desc parameter. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service

Tenda AC15 v15.03.05.19_multi_TD01 has a stack overflow via the list parameter in the fromSetIpMacBind function. Shenzhen Tenda Technology Co.,Ltd. of AC15 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. in October 2015. It supports the 802.11ac protocol and is designed primarily for home networking environments. The Tenda AC15 suffers from a stack buffer overflow vulnerability caused by the fromSetIpMacBind function's failure to properly validate the length of input data. An attacker could exploit this vulnerability to cause a denial of service

A vulnerability has been found in Tenda M3 1.0.0.12. Affected by this vulnerability is the function formGetMasterPassengerAnalyseData of the file /goform/getMasterPassengerAnalyseData. The manipulation of the argument Time leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of m3 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A flaw has been found in Tenda M3 1.0.0.12. Affected is the function formQuickIndex of the file /goform/QuickIndex. Executing manipulation of the argument PPPOEPassword can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used. Shenzhen Tenda Technology Co.,Ltd. of m3 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A vulnerability was detected in Tenda i22 1.0.0.3(4687). This impacts the function formWeixinAuthInfoGet of the file /goform/wxportalauth. Performing manipulation of the argument Type results in stack-based buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used. Shenzhen Tenda Technology Co.,Ltd. of i22 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

The NVR-110D-A is a member of the NVR-D series network video recorders from Uniview Technologies. Zhejiang Uniview Technology Co., Ltd.'s NVR-110D-A has an unauthorized access vulnerability that could allow attackers to obtain sensitive information.

Shenzhen Tongwei Digital Technology Co., Ltd. is a provider of video surveillance products and system solutions, integrating R&D, production, sales, and service. Shenzhen Tongwei Digital Technology Co., Ltd.'s web camera has a weak password vulnerability that could allow attackers to log into the system and obtain sensitive information.

The Netis WF2880 is a wireless router from the Chinese company Netis. The Netis WF2880 has a denial of service vulnerability that could be exploited by an attacker to cause a denial of service.

The AC10 is a high-performance router designed with gigabit ports on both the WAN and LAN ports. The Tenda AC10 contains a binary vulnerability that could be exploited to cause a denial of service.

The AC10 is a high-performance router designed with gigabit ports on both the WAN and LAN ports. The Tenda AC10 contains a binary vulnerability that could be exploited to cause a denial of service.

The AC8 is a dual-band, triple-gigabit wireless router suitable for homes with fiber optic connections up to 1000Mbps. It supports gigabit ports, intelligent frequency band optimization, and parental controls. The Tenda AC8 contains a binary vulnerability that could be exploited to cause a denial of service.

The ECU-1051 is an industrial IoT cloud-based intelligent communication gateway. Advantech Technology (China) Co., Ltd.'s ECU-1051 has a logic flaw that could allow attackers to obtain sensitive information.