VARIoT IoT vulnerabilities database

TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to an unauthorized arbitrary command execution in the ‘admuser’ parameter of the setPasswordCfg interface of the cstecgi .cgi. TOTOLINK EX1800T is a Wi-Fi range extender from China's TOTOLINK Electronics. The vulnerability is caused by the admuser parameter of the setPasswordCfg interface of cstecgi.cgi failing to properly filter special characters and commands in the constructed command. An attacker can exploit this vulnerability to execute arbitrary commands on the system

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘tz’ parameter of the setNtpCfg interface of the cstecgi .cgi. TOTOLINK EX1800T is a Wi-Fi range extender from China's TOTOLINK Electronics. The vulnerability is caused by the tz parameter of the setNtpCfg interface of cstecgi.cgi failing to properly filter special characters and commands in the constructed command. An attacker can exploit this vulnerability to execute arbitrary commands on the system

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the ‘host_time’ parameter of the NTPSyncWithHost interface of the cstecgi .cgi. TOTOLINK EX1800T is a Wi-Fi range extender from China's Zeon Electronics (TOTOLINK) company. TOTOLINK EX1800T v9.1.0cu.2112_B20220316 version has a command execution vulnerability. The vulnerability stems from the failure of the host_time parameter of the NTPSyncWithHost interface of cstecgi.cgi to correctly filter special characters, commands, etc. in the constructed command

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the rebootTime parameter in the sysScheduleRebootSet function. Tenda i29 is a wireless router made by China Tenda Company. This vulnerability is caused by the rebootTime parameter of the sysScheduleRebootSet method failing to correctly verify the length of the input data. A remote attacker can use this vulnerability to execute arbitrary code on the system or cause a denial of service attack

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the pingSet function. Tenda i29 is a wireless router made by China Tenda Company. This vulnerability is caused by the failure of the pingSet method to correctly filter special characters, commands, etc. in the constructed command. An attacker could exploit this vulnerability to cause arbitrary command execution

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the bandwidth parameter in the wifiRadioSetIndoor function. Tenda i29 is a wireless router made by China Tenda Company. Tenda i29 has a buffer overflow vulnerability. This vulnerability is caused by the bandwidth parameter of the wifiRadioSetIndoor method failing to correctly verify the length of the input data. A remote attacker can use this vulnerability to execute arbitrary code on the system or cause a denial of service attack

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysTimeInfoSet function. Tenda i29 is a wireless router from the Chinese company Tenda. Tenda i29 has a buffer overflow vulnerability. This vulnerability is caused by the time parameter of the sysTimeInfoSet method failing to correctly verify the length of the input data. A remote attacker can use this vulnerability to execute arbitrary code on the system or cause a denial of service attack

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysLogin function. Tenda i29 is a wireless router from the Chinese company Tenda. Tenda i29 has a buffer overflow vulnerability. This vulnerability is caused by the time parameter of the sysLogin method failing to correctly verify the length of the input data. A remote attacker can use this vulnerability to execute arbitrary code on the system or cause a denial of service attack

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the lanGw parameter in the lanCfgSet function. Tenda i29 is a wireless router made by China Tenda Company. This vulnerability is caused by the lanGw parameter of the lanCfgSet method failing to correctly verify the length of the input data. A remote attacker can use this vulnerability to execute arbitrary code on the system or cause a denial of service attack

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the ip parameter in the spdtstConfigAndStart function. Tenda i29 is a wireless router from the Chinese company Tenda. Tenda i29 has a buffer overflow vulnerability. This vulnerability is caused by the ip parameter of the spdtstConfigAndStart method failing to correctly verify the length of the input data. A remote attacker can use this vulnerability to execute arbitrary code on the system or cause a denial of service attack

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the sysScheduleRebootSet function. Tenda i29 is a wireless router made by China Tenda Company. The vulnerability is caused by the failure of the sysScheduleRebootSet method to correctly filter special characters, commands, etc. in the constructed command. An attacker could exploit this vulnerability to cause arbitrary command execution

Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process. Users are recommended to upgrade to version 1.5.4, which fixes this issue.

A session hijacking vulnerability has been detected in the Imou Life application affecting version 6.7.0. This vulnerability could allow an attacker to hijack user accounts due to the QR code functionality not properly filtering codes when scanning a new device and directly running WebView without prompting or displaying it to the user. This vulnerability could trigger phishing attacks.

Out-of-bouds read vulnerability in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file.

Stack-based buffer overflow in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file.

TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from improper authentication. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-19899

An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this vulnerability an attacker has to replace an existing API server e.g. through Man-in-the-Middle attacks. building integration system video engine , bosch video management system , Bosch BVMS Viewer etc. multiple Robert Bosch GmbH There are unspecified vulnerabilities in the product.Service operation interruption (DoS) It may be in a state

A vulnerability, which was classified as critical, was found in Totolink A7100RU 7.4cu.2313_B20191024. Affected is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag with the input ie8 leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248268. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of A7100RU Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A7100RU is a wireless router made by China Zeon Electronics (TOTOLINK) Company. Totolink A7100RU 7.4cu.2313_B20191024 version has a buffer overflow vulnerability. A remote attacker can use this vulnerability to execute arbitrary code on the system or Lead to denial of service attacks

A Command Injection vulnerability exists in NETGEAR WNR2000v4 version 1.0.0.70. When using HTTP for SOAP authentication, command execution occurs during the process after successful authentication. of netgear WNR2000 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR WNR2000 is a wireless router made by NETGEAR. This vulnerability is caused by the application's failure to correctly filter special characters and commands in constructed commands. An attacker could exploit this vulnerability to cause arbitrary command execution

Home Assistant is open source home automation software. Prior to version 2023.12.3, the login page discloses all active user accounts to any unauthenticated browsing request originating on the Local Area Network. Version 2023.12.3 contains a patch for this issue. When starting the Home Assistant 2023.12 release, the login page returns all currently active user accounts to browsing requests from the Local Area Network. Tests showed that this occurs when the request is not authenticated and the request originated locally, meaning on the Home Assistant host local subnet or any other private subnet. The rationale behind this is to make the login more user-friendly and an experience better aligned with other applications that have multiple user-profiles. However, as a result, all accounts are displayed regardless of them having logged in or not and for any device that navigates to the server. This disclosure is mitigated by the fact that it only occurs for requests originating from a LAN address. But note that this applies to the local subnet where Home Assistant resides and to any private subnet that can reach it