VARIoT IoT vulnerabilities database

Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command injection vulnerability via the cmdinput parameter at ip/goform/formexeCommand. Tenda FH1206 is a wireless router from China's Tenda company. The vulnerability is caused by the cmdinput parameter of ip/goform/formexeCommand failing to properly filter special characters and commands in the constructed command. Attackers can exploit this vulnerability to execute arbitrary commands on the system

D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21294. D-Link G416 is a wireless router from D-Link, a Chinese company. D-Link G416 has a code execution vulnerability, which is caused by the application failing to properly filter special elements in the constructed code segment

D-Link DIR-3040 prog.cgi websSecurityHandler Memory Leak Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of D-Link DIR-3040 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the prog.cgi program, which handles HNAP requests made to the lighttpd webserver listening on ports 80 and 443. The issue results from the lack of proper memory management when processing HTTP cookie values. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-21668. D-Link DIR-3040 is a router of D-Link, a Chinese company. It provides the function of connecting to the network. The vulnerability is caused by not releasing or failing to release dynamically allocated heap memory

D-Link DIR-2640 HTTP Referer Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640-US routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within prog.cgi, which handles HNAP requests made to the lighttpd webserver listening on TCP ports 80 and 443. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21853. D-Link DIR-2640 is a high-power Wi-Fi router from D-Link, a Chinese company. D-Link DIR-2640 has a buffer overflow vulnerability. The vulnerability is caused by the program failing to properly verify the length of the input data

D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21235. D-Link DIR-2150 is a wireless router from D-Link, a Chinese company. D-Link DIR-2150 has a code execution vulnerability, which is caused by the application failing to properly filter special elements in the constructed code segment

EG2000CE is an intelligent router. EG2000CE of Beijing Xingwang Ruijie Network Technology Co., Ltd. has a command execution vulnerability, which can be exploited by attackers to obtain server permissions.

ER5100G2 is a new generation enterprise-class Gigabit wired router. H3C ER5100G2 system management has a command execution vulnerability, which can be exploited by attackers to obtain server permissions.

EG3210 is a multi-service security gateway. Beijing Xingwang Ruijie Network Technology Co., Ltd. EG3210 has a command execution vulnerability, which can be exploited by attackers to gain control of the server.

Shenzhen Tongwei Digital Technology Co., Ltd. is an international provider of video security products and system solutions integrating R&D, production, sales and services. Shenzhen Tongwei Digital Technology Co., Ltd. InVid Tech has a weak password vulnerability, which attackers use to log in to the system backend and obtain sensitive information.

Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution.

The Yakong Giant SCADA Monitoring Platform is a high-end industrial automation full-configuration monitoring software suitable for "all-trusted" industrial control systems. It supports the joint use of all mainstream trusted CPUs, operating systems, PLC devices, and databases. The Yakong Giant SCADA Monitoring Platform of Beijing Yakong Technology Development Co., Ltd. has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in information exposure, revealing sensitive information. Additionally, a threat actor could potentially modify and delete the data in a remote database. An attack would only affect the HMI design time, not runtime. Rockwell Automation FactoryTalk View SE is an industrial automation system view interface from Rockwell Automation of the United States

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in D-Link DAR-7000-40 V31R02B1413C. Affected is an unknown function of the file interface/sysmanage/licenseauthorization.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264528. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. D-Link DAR-7000-40 is an Internet behavior audit gateway of D-Link, a Chinese company. D-Link DAR-7000-40 has a command execution vulnerability, which is caused by the incorrect verification of the file extension by the interface/sysmanage/license authorization.php script. Attackers can use this vulnerability to upload malicious PHP scripts and execute arbitrary PHP code on the system

Quantum 140CPU65150PL is a Unity processor in the Schneider Electric series. It combines the standard functions of a PLC with the diagnostic functions of a network server and uses an RJ-45 connection for communication. Schneider Electric (China) Co., Ltd. Quantum 140CPU65150PL has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

EG3210 is a new generation of multi-service security gateway in the RG-EG3200 series. It is a comprehensive gateway device designed for small and medium-sized network egress. Ruijie Networks Co., Ltd. EG3210 has a command execution vulnerability, which can be exploited by attackers to execute commands.

Beijing Yakong Technology Development Co., Ltd. is a high-tech enterprise of industrial automation and information software platform established in 1997. Beijing Yakong Technology Development Co., Ltd. KingPortal development system has information leakage vulnerability, which can be exploited by attackers to obtain sensitive information.

A client-side enforcement of server-side security in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 allows attacker to execute unauthorized code or commands via HTTP requests. fortinet's FortiSandbox Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests. fortinet's FortiVoice Exists in a user-controlled key authentication evasion vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected application contains a hidden configuration item to enable debug functionality. This could allow an authenticated local attacker to gain insight into the internal configuration of the deployment. SIMATIC RTLS Locating Manager is used to configure, operate, and maintain SIMATIC RTLS devices, which is a real-time wireless location system that provides location solutions

A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain a stack overflow vulnerability while parsing specially strings as argument for one of the application binaries. This could allow an attacker to execute code in the context of the current process. Simcenter Nastran is a finite element method solver. Siemens Simcenter Nastran has a stack buffer overflow vulnerability