VARIoT IoT vulnerabilities database

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. D-Link DNS-320L firmware, dns-120 firmware, dnr-202l firmware etc. D-Link Systems, Inc. The product contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument user with the input messagebus leads to hard-coded credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259283. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. D-Link DNS-320L firmware, dns-120 firmware, dnr-202l firmware etc. D-Link Systems, Inc. The product contains a vulnerability related to the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco Small Business is a switch of Cisco. The vulnerability is caused by the lack of effective filtering and escaping of user-supplied data by the application

Tenda AX1803 v1.0.0.1 contains a stack overflow via the serverName parameter in the function fromAdvSetMacMtuWan. Shenzhen Tenda Technology Co.,Ltd. of ax1803 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Tenda AX1803 v1.0.0.1 contains a stack overflow via the serviceName parameter in the function fromAdvSetMacMtuWan. Shenzhen Tenda Technology Co.,Ltd. of ax1803 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the failure of the serviceName parameter in the function fromAdvSetMacMtuWan to correctly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

SQL injection vulnerability exists in GetDIAE_usListParameters. Delta Electronics DIAEnergie is an industrial energy management system launched by Delta Electronics in Taiwan, China. Delta Electronics DIAEnergie GetDIAE_usList has a SQL injection vulnerability, which can be exploited by attackers to view, add, modify or delete information in the backend database

Memory corruption when there is failed unmap operation in GPU. 315 5g iot modem firmware, 9206 lte modem firmware, APQ8017 Multiple Qualcomm products, such as firmware, contain vulnerabilities related to use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Memory corruption while processing finish_sign command to pass a rsp buffer. 315 5g iot firmware, APQ8017 firmware, APQ8037 Multiple Qualcomm products such as firmware have a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Memory corruption in SPS Application while requesting for public key in sorter TA. 315 5g iot firmware, 9205 lte firmware, APQ8017 Several Qualcomm products, such as firmware, contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. IBM X-Force ID: 281607

Dlink Dir-3040us A1 1.20b03a hotfix is vulnerable to Buffer Overflow. Any user having read/write access to ftp server can write directly to ram causing buffer overflow if file or files uploaded are greater than available ram. Ftp server allows change of directory to root which is one level up than root of usb flash directory. During upload ram is getting filled and causing system resource exhaustion (no free memory) which causes system to crash and reboot. D-Link Dir-3040us is a router. D-Link Dir-3040us has a denial of service vulnerability that can be exploited by an attacker to cause the system to crash and reboot

Technicolor TC8715D TC8715D-01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T devices allow a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via User name in dyn_dns.asp. Technicolor TC8715D is a wireless router from the French company Technicolor. Technicolor TC8715D TC8715D-01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T has a cross-site scripting vulnerability, which can be exploited by attackers to obtain sensitive information such as user cookies

Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the deviceMac parameter of the addWifiMacFilter function. Tenda FH1203 is a wireless router from China's Tenda company. The vulnerability is caused by the deviceMac parameter of the addWifiMacFilter method failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the page parameter of the fromAddressNat function. Tenda FH1202 is a wireless router from China's Tenda company. The vulnerability is caused by the page parameter of the fromAddressNat method failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the time parameter of the saveParentControlInfo function. Tenda FH1202 is a wireless router from China's Tenda company. The vulnerability is caused by the time parameter of the saveParentControlInfo method failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TP-Link TP-Link EX20v AX1800, Tp-Link Archer C5v AC1200, Tp-Link TD-W9970, Tp-Link TD-W9970v3, TP-Link VX220-G2u, TP-Link VN020-G2u allows authenticated OS Command Injection.This issue affects TP-Link EX20v AX1800, Tp-Link Archer C5v AC1200, Tp-Link TD-W9970, Tp-Link TD-W9970v3 : through 20240328. Also  the vulnerability continues in the TP-Link VX220-G2u and TP-Link VN020-G2u models due to the products not being produced and supported. TP-LINK AX1500 is a modem from China's TP-LINK company. Attackers can exploit this vulnerability to cause arbitrary command execution

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the formSetDeviceName function. Tenda FH1202 is a wireless router from China's Tenda company. The vulnerability is caused by the deviceId parameter of the formSetDeviceName method failing to properly validate the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceMac parameter of the addWifiMacFilter function. Tenda FH1202 is a wireless router from China's Tenda company. The vulnerability is caused by the deviceMac parameter of the addWifiMacFilter method failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability located in the deviceName parameter of the formSetDeviceName function. Tenda FH1202 is a wireless router from China's Tenda company. The vulnerability is caused by the deviceName parameter of the formSetDeviceName method failing to properly validate the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the addWifiMacFilter function. Tenda FH1202 is a wireless router from China's Tenda company. The vulnerability is caused by the deviceId parameter of the addWifiMacFilter method failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service