VARIoT IoT vulnerabilities database

A stack-based buffer overflow was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices, leading to arbitrary command execution. This occurs because of lack of length validation during an sscanf of a user-entered scale field in the RTSP playback function of davinci. TRENDnet TV-IP1314PI is a wireless network camera from the American Trend Network (TRENDnet) company. TRENDnet TV-IP1314PI has a buffer overflow vulnerability

A vulnerability was found in Totolink NR1800X 9.1.0u.6279_B20210910 and classified as critical. Affected by this issue is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249854 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK NR1800X is an excellent 5G NR indoor Wi-Fi and SIP CPE from the Chinese company Zeon Electronics (TOTOLINK). Designed to provide fast and easy deployment of NR fixed data services to homes and offices. Totolink NR1800X version 9.1.0u.6279_B20210910 has a buffer overflow vulnerability. The vulnerability originates from the failure of the function loginAuth in the file /cgi-bin/cstecgi.cgi to correctly verify the length of the input data. A remote attacker can exploit this vulnerability on the system. Execute arbitrary code or cause a denial of service attack

A vulnerability has been found in Totolink N350RT 9.3.5u.6139_B202012 and classified as critical. Affected by this vulnerability is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249853 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK N350RT is a small home router from China's Zeon Electronics (TOTOLINK) company. A remote attacker can exploit this vulnerability on the system. Execute arbitrary code or cause a denial of service attack

Under certain conditions, Internet Communication Manager (ICM) or SAP Web Dispatcher - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22_EXT, WEBDISP 7.22_EXT, WEBDISP 7.53, WEBDISP 7.54, could allow an attacker to access information which would otherwise be restricted causing high impact on confidentiality. SAP of SAP NetWeaver Exists in unspecified vulnerabilities.Information may be obtained

TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel.

A vulnerability, which was classified as critical, was found in Totolink N350RT 9.3.5u.6139_B202012. Affected is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-249852. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of n350rt A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N350RT is a small home router from China's Zeon Electronics (TOTOLINK) company. This vulnerability originates from the failure of the password parameter of the loginAuth function in the /cgi-bin/cstecgi.cgi page to correctly verify the length of the input data. A remote attacker can use this vulnerability to execute arbitrary code on the system. or result in a denial of service attack

A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. This issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249863. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of N200RE The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been classified as critical. Affected is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249864. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of N200RE The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been declared as critical. Affected by this vulnerability is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249865 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of N200RE The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A vulnerability has been found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. This vulnerability affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument host_time leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249862 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of N200RE The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N200RE is a router made by China Zeon Electronics (TOTOLINK) Company. TOTOLINK N200RE 9.3.5u.6139_B20201216 version has an operating system command injection vulnerability. The vulnerability originates from the failure of the host_time parameter of the NTPSyncWithHost function of the /cgi-bin/cstecgi.cgi page to correctly filter special characters, commands, etc. in the constructed command. An attacker could exploit this vulnerability to cause arbitrary command execution

A vulnerability, which was classified as critical, has been found in Totolink N350RT 9.3.5u.6139_B20201216. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument v8 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249770 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of n350rt An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N350RT is a small home router from China's Zeon Electronics (TOTOLINK) company. TOTOLINK N350RT version 9.3.5u.6139_B20201216 has a buffer overflow vulnerability. The vulnerability originates from the failure of the parameter v8 of the main function in the file /cgi-bin/cstecgi.cgi?action=login to correctly verify the length of the input data. A remote attacker This vulnerability can be exploited to execute arbitrary code on the system or cause a denial of service attack

A vulnerability classified as critical was found in Totolink X2000R_V2 2.0.0-B20230727.10434. This vulnerability affects the function formTmultiAP of the file /bin/boa. The manipulation leads to buffer overflow. VDB-249742 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of x2000r An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK X2000R is a wireless router made by China Zeon Electronics (TOTOLINK) Company. A remote attacker can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

Buffer Overflow vulnerability in Tenda i29 versions 1.0 V1.0.0.5 and 1.0 V1.0.0.2, allows remote attackers to cause a denial of service (DoS) via the pingIp parameter in the pingSet function. Shenzhen Tenda Technology Co.,Ltd. of i29 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. Tenda i29 has a buffer overflow vulnerability. This vulnerability is caused by the pingIp parameter in the pingSet function failing to correctly verify the length of the input data

Tenda AX3 v16.03.12.11 was discovered to contain a remote code execution (RCE) vulnerability via the list parameter at /goform/SetNetControlList. Tenda Ax3 is an Ax1800 Gigabit port dual-band Wifi 6 wireless router from China's Tenda Company

In bluetooth service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07933038; Issue ID: MSV-559. Google of Android Products from multiple vendors, such as the following, contain out-of-bounds write vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

In modem EMM, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01183647; Issue ID: MOLY01183647 (MSV-963). LR13 , NR15 , nr16 A number of MediaTek products, including the following, contain vulnerabilities related to input validation.Service operation interruption (DoS) It may be in a state

In Modem IMS Call UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161830; Issue ID: MOLY01161830 (MSV-894). media tech's NR15 , nr16 , NR17 Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state

In Modem IMS Stack, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161837; Issue ID: MOLY01161837 (MSV-892). media tech's NR15 , nr16 , NR17 contains a buffer error vulnerability and an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state

In Modem IMS SMS UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00730807; Issue ID: MOLY00730807. media tech's NR15 , nr16 , NR17 Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state

In Modem IMS Stack, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161803; Issue ID: MOLY01161803 (MSV-893). LR13 , NR15 , nr16 A number of MediaTek products, including the following, contain out-of-bounds write vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state