VARIoT IoT vulnerabilities database
| VAR-202312-1774 | CVE-2023-51094 | Tenda M3 TendaTelnet method command execution vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda M3 V1.0.0.12(4856) was discovered to contain a Command Execution vulnerability via the function TendaTelnet. Tenda M3 is an access control controller produced by China Tenda Company. This vulnerability is caused by the failure of the TendaTelnet method to correctly filter special characters and commands in constructed commands
| VAR-202312-1592 | CVE-2023-51093 |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function fromSetLocalVlanInfo.
| VAR-202312-0938 | CVE-2023-51092 | Tenda M3 upgrade method buffer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function upgrade. Tenda M3 is an access control controller produced by China Tenda Company. This vulnerability is caused by the upgrade method failing to correctly verify the length of the input data. A remote attacker can use this vulnerability to execute arbitrary code on the system or cause a denial of service. attack
| VAR-202312-1107 | CVE-2023-51091 |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function R7WebsSecurityHandler.
| VAR-202312-1775 | CVE-2023-51090 |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function formGetWeiXinConfig.
| VAR-202312-1438 | CVE-2023-51095 | Tenda M3 formDelWlRfPolicy method buffer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function formDelWlRfPolicy. Tenda M3 is an access control controller produced by China Tenda Company. This vulnerability is caused by the formDelWlRfPolicy method failing to correctly verify the length of the input data. A remote attacker can use this vulnerability to execute arbitrary code on the system or cause a denial of service. attack
| VAR-202312-0781 | CVE-2023-49954 |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address.
| VAR-202312-0729 | CVE-2023-7095 | TOTOLINK of A7100RU Classic buffer overflow vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
A vulnerability, which was classified as critical, has been found in Totolink A7100RU 7.4cu.2313_B20191024. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248942 is the identifier assigned to this vulnerability. TOTOLINK of A7100RU Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A7100RU is a wireless router made by China Zeon Electronics (TOTOLINK) Company. The vulnerability is caused by the failure of the parameter flag in the file /cgi-bin/cstecgi.cgi?action=login to correctly verify the length of the input data. A remote attacker can exploit this vulnerability. The vulnerability could execute arbitrary code on the system or lead to a denial of service attack
| VAR-202312-1968 | CVE-2023-5962 | plural Moxa Inc. Vulnerabilities in the use of cryptographic algorithms in products |
CVSS V2: 6.8 CVSS V3: 6.5 Severity: MEDIUM |
A weak cryptographic algorithm vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. This vulnerability can help an attacker compromise the confidentiality of sensitive data. This vulnerability may lead an attacker to get unexpected authorization. ioLogik e1210 firmware, ioLogik e1211 firmware, ioLogik e1212 firmware etc. Moxa Inc. The product contains vulnerabilities in the use of cryptographic algorithms.Information may be obtained. MOXA ioLogik E1200 Series is a series of general-purpose controllers and I/O devices from China's MOXA company.
MOXA ioLogik E1200 Series has an encryption vulnerability that can be exploited by attackers to obtain sensitive information
| VAR-202312-1760 | CVE-2023-5961 | plural Moxa Inc. Cross-site request forgery vulnerability in product |
CVSS V2: 10.0 CVSS V3: 8.8 Severity: HIGH |
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. An attacker can exploit this vulnerability to trick a client into making an unintentional request to the web server, which will be treated as an authentic request. This vulnerability may lead an attacker to perform operations on behalf of the victimized user. ioLogik e1210 firmware, ioLogik e1211 firmware, ioLogik e1212 firmware etc. Moxa Inc. The product contains a cross-site request forgery vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. MOXA ioLogik E1200 Series is a series of general-purpose controllers and I/O devices from China's MOXA company
| VAR-202312-1594 | CVE-2023-51022 | TOTOLINK of ex1800t Firmware vulnerabilities |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘langFlag’ parameter of the setLanguageCfg interface of the cstecgi .cgi. TOTOLINK of ex1800t There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1800T is a Wi-Fi range extender from China's Zeon Electronics (TOTOLINK) company.
TOTOLINK EX1800T has a command execution vulnerability. This vulnerability stems from the failure of the langFlag parameter of the setLanguageCfg interface of cstecgi.cgi to correctly filter special characters, commands, etc. in the constructed command. An attacker could exploit this vulnerability to execute arbitrary commands on the system
| VAR-202312-0941 | CVE-2023-51021 | TOTOLINK of ex1800t Firmware vulnerabilities |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘merge’ parameter of the setRptWizardCfg interface of the cstecgi .cgi. TOTOLINK of ex1800t There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1800T is a Wi-Fi range extender from China's TOTOLINK Electronics. The vulnerability is caused by the fact that the merge parameter of the setRptWizardCfg interface of cstecgi.cgi fails to properly filter special characters and commands in the constructed command. Attackers can exploit this vulnerability to execute arbitrary commands on the system
| VAR-202312-1262 | CVE-2023-51020 | TOTOLINK of ex1800t Firmware vulnerabilities |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘langType’ parameter of the setLanguageCfg interface of the cstecgi .cgi. TOTOLINK of ex1800t There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1800T is a Wi-Fi range extender from China's TOTOLINK Electronics. An attacker can exploit this vulnerability to execute arbitrary commands on the system
| VAR-202312-1976 | CVE-2023-51019 | TOTOLINK of ex1800t Firmware vulnerabilities |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘key5g’ parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi. TOTOLINK of ex1800t There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1800T is a Wi-Fi range extender from China's TOTOLINK Electronics. The vulnerability is caused by the key5g parameter of the setWiFiExtenderConfig interface of cstecgi.cgi failing to properly filter special characters and commands in the constructed command. An attacker can exploit this vulnerability to execute arbitrary commands on the system
| VAR-202312-2148 | CVE-2023-51018 | TOTOLINK of ex1800t Firmware vulnerabilities |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘opmode’ parameter of the setWiFiApConfig interface of the cstecgi .cgi. TOTOLINK of ex1800t There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1800T is a Wi-Fi range extender from China's TOTOLINK Electronics. The vulnerability is caused by the opmode parameter of the setWiFiApConfig interface of cstecgi.cgi failing to properly filter special characters and commands in the constructed command. An attacker can exploit this vulnerability to execute arbitrary commands on the system
| VAR-202312-0768 | CVE-2023-51017 | TOTOLINK of ex1800t Firmware vulnerabilities |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanIp parameter’ of the setLanConfig interface of the cstecgi .cgi. TOTOLINK of ex1800t There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1800T is a Wi-Fi range extender from China's Zeon Electronics (TOTOLINK) company.
There is a command execution vulnerability in the TOTOLINK EX1800T lanIp parameter. This vulnerability stems from the failure of the lanIp parameter of the setLanConfig interface of cstecgi.cgi to correctly filter special characters, commands, etc. in the constructed command. An attacker could exploit this vulnerability to execute arbitrary commands on the system
| VAR-202312-1440 | CVE-2023-51016 | TOTOLINK of ex1800t Command injection vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the setRebootScheCfg interface of the cstecgi .cgi. TOTOLINK of ex1800t Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1800T is a Wi-Fi range extender from China's TOTOLINK Electronics
| VAR-202312-1975 | CVE-2023-51028 | TOTOLINK EX1800T Command Execution Vulnerability (CNVD-2024-31498) |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK EX1800T 9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the apcliChannel parameter of the setWiFiExtenderConfig interface of the cstecgi.cgi. TOTOLINK EX1800T is a Wi-Fi range extender from China's TOTOLINK Electronics
| VAR-202312-2147 | CVE-2023-51027 | TOTOLINK EX1800T setWiFiExtenderConfig interface command execution vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘apcliAuthMode’ parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi. TOTOLINK EX1800T is a Wi-Fi range extender from China's TOTOLINK Electronics. The vulnerability is caused by the apcliAuthMode parameter of the setWiFiExtenderConfig interface of cstecgi.cgi failing to properly filter special characters and commands in constructed commands. An attacker can exploit this vulnerability to execute arbitrary commands on the system
| VAR-202312-0767 | CVE-2023-51026 | TOTOLINK EX1800T setRebootScheCfg interface command execution vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘hour’ parameter of the setRebootScheCfg interface of the cstecgi .cgi. TOTOLINK EX1800T is a Wi-Fi range extender from China's TOTOLINK Electronics. The vulnerability is caused by the hour parameter of the setRebootScheCfg interface of cstecgi.cgi failing to properly filter special characters and commands in the constructed command. An attacker can exploit this vulnerability to execute arbitrary commands on the system