VARIoT IoT vulnerabilities database
| VAR-202401-2391 | CVE-2023-31001 |
CVSS V2: - CVSS V3: 5.5 Severity: MEDIUM |
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254653.
| VAR-202401-1368 | CVE-2023-51123 | D-Link DIR-815 Code Execution Vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
An issue discovered in D-Link dir815 v.1.01SSb08.bin allows a remote attacker to execute arbitrary code via a crafted POST request to the service parameter in the soapcgi_main function of the cgibin binary component. D-Link DIR-815 is a wireless router made by China D-Link Company.
D-Link DIR-815 has a code execution vulnerability. The vulnerability is due to the application's failure to properly filter special elements that construct code segments
| VAR-202401-0687 | CVE-2023-51127 |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
FLIR AX8 thermal sensor cameras up to and including 1.46.16 are vulnerable to Directory Traversal due to improper access restriction. This vulnerability allows an unauthenticated, remote attacker to obtain arbitrary sensitive file contents by uploading a specially crafted symbolic link file.
| VAR-202401-0404 | CVE-2023-51126 |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to run arbitrary commands via the value parameter.
| VAR-202401-2029 | CVE-2023-31488 | Cisco Systems Cisco IronPort Email Security Appliance Software and Cisco Secure Email Gateway Vulnerability in |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Hyland Perceptive Filters releases before 2023-12-08 (e.g., 11.4.0.2647), as used in Cisco IronPort Email Security Appliance Software, Cisco Secure Email Gateway, and various non-Cisco products, allow attackers to trigger a segmentation fault and execute arbitrary code via a crafted document. (DoS) It may be in a state
| VAR-202401-2636 | CVE-2023-37932 |
CVSS V2: - CVSS V3: 6.5 Severity: MEDIUM |
An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in FortiVoiceEntreprise version 7.0.0 and before 6.4.7 allows an authenticated attacker to read arbitrary files from the system via sending crafted HTTP or HTTPS requests
| VAR-202401-0266 | CVE-2023-51970 | Tenda AX1803 buffer overflow vulnerability (CNVD-2024-02216) |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv. Tenda AX1803 is a dual-band Gigabit WIFI6 router from China's Tenda Company. This vulnerability is caused by the iptv.stb.mode parameter of the formSetIptv method failing to correctly verify the length of the input data. An attacker can use this vulnerability to execute arbitrary code on the system or Lead to denial of service attacks
| VAR-202401-2614 | CVE-2023-51969 |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function getIptvInfo.
| VAR-202401-1359 | CVE-2023-51968 | Tenda AX1803 adv.iptv.stballvlans parameter buffer overflow vulnerability in getIptvInfo method |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function getIptvInfo. Tenda AX1803 is a dual-band Gigabit WIFI6 router from China's Tenda Company. This vulnerability is caused by the adv.iptv.stballvlans parameter of the getIptvInfo method failing to correctly verify the length of the input data. A remote attacker can use this vulnerability to execute arbitrary code on the system. or result in a denial of service attack
| VAR-202401-2417 | CVE-2023-51967 |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function getIptvInfo.
| VAR-202401-2496 | CVE-2023-51962 | Tenda AX1803 setIptvInfo method iptv.stb.mode parameter buffer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AX1803 is a dual-band Gigabit WIFI6 router from China's Tenda company.
There is a buffer overflow vulnerability in the Tenda AX1803 v1.0.0.1 version. The vulnerability is caused by the iptv.stb.mode parameter of the setIptvInfo method failing to correctly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack.
| VAR-202401-2495 | CVE-2023-51965 |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function setIptvInfo.
| VAR-202401-2371 | CVE-2023-51964 |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function setIptvInfo.
| VAR-202401-2419 | CVE-2023-51963 |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function setIptvInfo.
| VAR-202401-0723 | CVE-2023-51960 | Tenda AX1803 buffer overflow vulnerability (CNVD-2024-02210) |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formGetIptv. Tenda AX1803 is a dual-band Gigabit WIFI6 router from China's Tenda Company. This vulnerability is caused by the iptv.city.vlan parameter of the formGetIptv method failing to correctly verify the length of the input data. An attacker can use this vulnerability to execute arbitrary code on the system or Lead to denial of service attacks
| VAR-202401-0357 | CVE-2023-51959 | Tenda AX1803 buffer overflow vulnerability (CNVD-2024-02209) |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formGetIptv. Tenda AX1803 is a dual-band Gigabit WIFI6 router from China's Tenda Company. This vulnerability is caused by the adv.iptv.stbpvid parameter of the formGetIptv method failing to correctly verify the length of the input data. An attacker can use this vulnerability to execute arbitrary code on the system or Lead to denial of service attacks
| VAR-202401-0722 | CVE-2023-51958 | Tenda AX1803 buffer overflow vulnerability (CNVD-2024-02212) |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formGetIptv. Tenda AX1803 is a dual-band Gigabit WIFI6 router from China's Tenda Company. This vulnerability is caused by the iptv.stb.port parameter of the formGetIptv method failing to correctly verify the length of the input data. An attacker can use this vulnerability to execute arbitrary code on the system or Lead to denial of service attacks
| VAR-202401-0658 | CVE-2023-51957 | Tenda AX1803 buffer overflow vulnerability (CNVD-2024-02211) |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formGetIptv. Tenda AX1803 is a dual-band Gigabit WIFI6 router from China's Tenda Company. This vulnerability is caused by the iptv.stb.mode parameter of the formGetIptv method failing to correctly verify the length of the input data. An attacker can use this vulnerability to execute arbitrary code on the system or Lead to denial of service attacks
| VAR-202401-0720 | CVE-2023-51956 | Tenda AX1803 buffer overflow vulnerability (CNVD-2024-02215) |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formSetIptv. Tenda AX1803 is a dual-band Gigabit WIFI6 router from China's Tenda Company. This vulnerability is caused by the iptv.city.vlan parameter of the formSetIptv method failing to correctly verify the length of the input data. An attacker can use this vulnerability to execute arbitrary code on the system or Lead to denial of service attacks
| VAR-202401-0796 | CVE-2023-51955 | Tenda AX1803 buffer overflow vulnerability (CNVD-2024-02213) |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formSetIptv. Tenda AX1803 is a dual-band Gigabit WIFI6 router from China's Tenda Company. This vulnerability is caused by the adv.iptv.stballvlans parameter of the formSetIptv method failing to correctly verify the length of the input data. An attacker can use this vulnerability to execute arbitrary code on the system or Lead to denial of service attacks