VARIoT IoT vulnerabilities database

Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE. 315 5g iot modem firmware, 9205 lte modem firmware, AQT1000 Multiple Qualcomm products such as firmware contain a buffer error vulnerability.Information may be obtained

Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments. 315 5g iot modem firmware, 9205 lte modem firmware, 9206 lte modem Several Qualcomm products, such as firmware, contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Memory corruption in MPP performance while accessing DSM watermark using external memory address. 315 5g iot modem firmware, 9205 lte modem firmware, 9206 lte modem Several Qualcomm products, such as firmware, contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Memory Corruption in SPS Application while exporting public key in sorter TA. 315 5g iot modem firmware, 9205 lte modem firmware, APQ8017 Multiple Qualcomm products such as firmware have a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01130204; Issue ID: MOLY01130204 (MSV-849)

In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01138453 (MSV-861)

In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01128524 (MSV-846)

In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01130183 (MSV-850)

In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01139296 (MSV-860)

In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01130256; Issue ID: MOLY01130256 (MSV-848)

In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_415534 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution vulnerability. TOTOLINK of x6000r Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK X6000R is a wireless router made by China Zeon Electronics (TOTOLINK) Company. TOTOLINK X6000R has a command execution vulnerability. The vulnerability stems from the failure of the sub_415534 function to correctly filter special characters, commands, etc. in the constructed command. An attacker could exploit this vulnerability to cause arbitrary command execution

An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the command parameter of the setting/setTracerouteCfg component. TOTOLINK of x6000r Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. X6000R is a wireless router made by China's TOTOLINK company. Zeon Electronics (Shenzhen) Co., Ltd. X6000R has a command execution vulnerability. The vulnerability is caused by the failure of the command parameter of the setting/setTracerouteCfg component to correctly filter special characters, commands, etc. in the constructed command

An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the hostName parameter of the switchOpMode component. TOTOLINK of x6000r Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK X6000R is a wireless router made by China Zeon Electronics (TOTOLINK) Company. TOTOLINK X6000R has a command execution vulnerability. The vulnerability stems from the failure of the hostName parameter of the switchOpMode component to correctly filter special characters, commands, etc. in the constructed command. An attacker could exploit this vulnerability to cause arbitrary command execution

An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the IP parameter of the setDiagnosisCfg component. TOTOLINK of x6000r Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK X6000R is a wireless router made by China Zeon Electronics (TOTOLINK) Company. TOTOLINK X6000R has a command execution vulnerability. The vulnerability stems from the failure of the IP parameter of the setDiagnosisCfg component to correctly filter special characters, commands, etc. in the constructed command. An attacker could exploit this vulnerability to cause arbitrary command execution

D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at hedwig.cgi. D-Link Systems, Inc. (DoS) It may be in a state. D-Link GO-RT-AC750 is a wireless dual-band simple router from China D-Link. in the constructed command. An attacker can use this vulnerability to execute arbitrary commands on the system

Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/WifiMacFilterSet. Shenzhen Tenda Technology Co.,Ltd. of i6 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda i6 is a wireless access point from the Chinese company Tenda. The vulnerability is caused by a boundary error in the component /goform/WifiMacFilterSet when processing untrusted input. A remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/wifiSSIDget. Shenzhen Tenda Technology Co.,Ltd. of i6 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda i6 is a wireless access point from the Chinese company Tenda. The vulnerability is caused by a boundary error in the component /goform/wifiSSIDget when processing untrusted input. A remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. TOTOLINK X6000R is a wireless router made by China Zeon Electronics (TOTOLINK) Company. TOTOLINK X6000R V9.4.0cu.852_B20230719 version has a command execution vulnerability. The vulnerability is caused by the enable parameter of the sub_4119A0 function failing to correctly filter special characters, commands, etc. in the constructed command. An attacker could exploit this vulnerability to cause arbitrary command execution

In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. TOTOLINK X6000R is a wireless router made by China Zeon Electronics (TOTOLINK) Company. TOTOLINK X6000R V9.4.0cu.852_B20230719 version has a command execution vulnerability. The vulnerability is caused by the failure of the user parameter of the sub_4119A0 function to correctly filter special characters, commands, etc. in the constructed command. An attacker could exploit this vulnerability to cause arbitrary command execution

In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. TOTOLINK X6000R is a wireless router made by China Zeon Electronics (TOTOLINK) Company. TOTOLINK X6000R V9.4.0cu.852_B20230719 version has a command execution vulnerability. The vulnerability is caused by the informEnable parameter of the sub_4119A0 function failing to correctly filter special characters, commands, etc. in the constructed command. An attacker could exploit this vulnerability to cause arbitrary command execution