VARIoT IoT vulnerabilities database
| VAR-202310-1821 | No CVE | Directory traversal vulnerability exists in Pulian Technology Co., Ltd. TL-ER6120G |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
TL-ER6120G is a router of TP-LINK.
The TL-ER6120G of Pulian Technology Co., Ltd. has a directory traversal vulnerability. An attacker can use this vulnerability to obtain sensitive information and download sensitive files.
| VAR-202310-2736 | No CVE | There is a file upload vulnerability in the IVMS-7200 video surveillance management system of Hangzhou Hikvision Digital Technology Co., Ltd. |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
IVMS-7200 is a mobile video surveillance management system.
There is a file upload vulnerability in the IVMS-7200 video surveillance management system of Hangzhou Hikvision Digital Technology Co., Ltd. An attacker can use the vulnerability to gain system permissions.
| VAR-202310-2339 | No CVE | Weak password vulnerabilities exist in multiple cameras of Sony (China) Co., Ltd. |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
IPELA ENGINE IP Cameras SNC-CH160, SNC-CH210, SNC-RS86P, DH-160, DH-120, SNC-ER550 are surveillance equipment owned by Sony.
Many Sony cameras have weak password vulnerabilities that attackers can use to gain web management rights.
| VAR-202310-2563 | CVE-2023-45303 | ThingsBoard, Inc. of ThingsBoard Injection vulnerability in |
CVSS V2: - CVSS V3: 8.8 Severity: HIGH |
ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute (for content sent to the /api/admin/settings endpoint). ThingsBoard, Inc. of ThingsBoard There is an injection vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202310-2272 | CVE-2023-44807 | D-Link Systems, Inc. of DIR-820L Out-of-bounds write vulnerability in firmware |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the cancelPing function. D-Link Systems, Inc. of DIR-820L The firmware contains an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202310-0558 | CVE-2023-43284 | D-Link DIR-846 Code Execution Vulnerability |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
D-Link Wireless MU-MIMO Gigabit AC1200 Router DIR-846 100A53DBR-Retail devices allow an authenticated remote attacker to execute arbitrary code via an unspecified manipulation of the QoS POST parameter. D-Link DIR-846 is a wireless router made by China D-Link Company.
D-Link DIR-846 has a code execution vulnerability that allows an attacker to execute arbitrary code
| VAR-202310-2740 | CVE-2023-43260 |
CVSS V2: - CVSS V3: 6.1 Severity: MEDIUM |
Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the admin panel.
| VAR-202310-2570 | CVE-2023-44839 | D-Link DIR-823G Encryption parameter buffer overflow vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Encryption parameter in the SetWLanRadioSecurity function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. D-Link DIR-823G is a wireless router made by China D-Link Company. The vulnerability is caused by incorrect boundary checking of the SetWLanRadioSecurity function
| VAR-202310-1860 | CVE-2023-44838 | D-Link DIR-823G TXPower parameter buffer overflow vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the TXPower parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. D-Link DIR-823G is a wireless router made by China D-Link Company. The vulnerability is caused by incorrect bounds checking of the SetWLanRadioSettings function
| VAR-202310-2728 | CVE-2023-44837 | D-Link DIR-823G Password parameter buffer overflow vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Password parameter in the SetWanSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. D-Link DIR-823G is a wireless router made by China D-Link Company. The vulnerability is caused by incorrect bounds checking of the SetWanSettings function
| VAR-202310-2270 | CVE-2023-44836 | D-Link DIR-823G SSID parameter buffer overflow vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the SSID parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. D-Link DIR-823G is a wireless router made by China D-Link Company. The vulnerability is caused by incorrect bounds checking of the SetWLanRadioSettings function
| VAR-202310-2164 | CVE-2023-44835 | D-Link DIR-823G Mac Parameter Buffer Overflow Vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Mac parameter in the SetParentsControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. D-Link DIR-823G is a wireless router made by China D-Link Company. This vulnerability is due to incorrect boundary checking of the SetParentsControlInfo function
| VAR-202310-1970 | CVE-2023-44834 | D-Link DIR-823G StartTime parameter buffer overflow vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the StartTime parameter in the SetParentsControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. D-Link DIR-823G is a wireless router made by China D-Link Company. This vulnerability is due to incorrect boundary checking of the SetParentsControlInfo function
| VAR-202310-2064 | CVE-2023-44833 | D-Link DIR-823G GuardInt parameter buffer overflow vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the GuardInt parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. D-Link DIR-823G is a wireless router made by China D-Link Company. The vulnerability is caused by incorrect boundary checking of the SetWLanRadioSettings function
| VAR-202310-1746 | CVE-2023-44832 | D-Link DIR-823G MacAddress Parameter Buffer Overflow Vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the MacAddress parameter in the SetWanSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. D-Link DIR-823G is a wireless router made by China D-Link Company. The vulnerability is caused by incorrect bounds checking of the SetWanSettings function
| VAR-202310-2470 | CVE-2023-44831 | D-Link DIR-823G Type Parameter Buffer Overflow Vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Type parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. D-Link DIR-823G is a wireless router made by China D-Link Company. The vulnerability is caused by incorrect bounds checking of the SetWLanRadioSettings function
| VAR-202310-2369 | CVE-2023-44830 | D-Link DIR-823G EndTime parameter buffer overflow vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the EndTime parameter in the SetParentsControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. D-Link DIR-823G is a wireless router made by China D-Link Company. This vulnerability is due to incorrect boundary checking of the SetParentsControlInfo function
| VAR-202310-2571 | CVE-2023-44829 | D-Link DIR-823G SetDeviceSettings function buffer overflow vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the AdminPassword parameter in the SetDeviceSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. D-Link DIR-823G is a wireless router made by China D-Link Company
| VAR-202310-1861 | CVE-2023-44828 | D-Link DIR-823G buffer overflow vulnerability (CNVD-2024-04955) |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the CurrentPassword parameter in the CheckPasswdSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. D-Link DIR-823G is a wireless router made by China D-Link Company. This vulnerability is caused by the CurrentPassword parameter of the CheckPasswdSettings method failing to correctly verify the length of the input data
| VAR-202310-0004 | CVE-2023-43261 |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.