VARIoT IoT vulnerabilities database
| VAR-202310-2248 | CVE-2023-4929 | plural Moxa Inc. Vulnerability related to insufficient data integrity verification in products |
CVSS V2: - CVSS V3: 8.8 Severity: HIGH |
All firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. This vulnerability results from insufficient checks on firmware updates or upgrades, potentially allowing malicious users to manipulate the firmware and gain control of devices. nport 5150ai-m12-ct-t firmware, nport 5250ai-m12-ct-t firmware, nport 5150ai-m12-t firmware etc. Moxa Inc. The product contains a vulnerability related to insufficient data integrity verification.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202310-2416 | CVE-2023-28571 | Out-of-bounds read vulnerability in multiple Qualcomm products |
CVSS V2: - CVSS V3: 5.5 Severity: MEDIUM |
Information disclosure in WLAN HOST while processing the WLAN scan descriptor list during roaming scan. APQ8064AU firmware, CSRB31024 firmware, QCA6390 Multiple Qualcomm products, such as firmware, contain an out-of-bounds read vulnerability.Information may be obtained
| VAR-202310-2426 | CVE-2023-24849 | Vulnerabilities in multiple Qualcomm products |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Information Disclosure in data Modem while parsing an FMTP line in an SDP message. 315 5g iot modem firmware, 9206 lte modem firmware, 9207 lte modem Unspecified vulnerabilities exist in multiple Qualcomm products, including firmware.Information may be obtained
| VAR-202310-2659 | CVE-2023-24848 | Vulnerabilities in multiple Qualcomm products |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value. 315 5g iot modem firmware, 9206 lte modem firmware, 9207 lte modem Unspecified vulnerabilities exist in multiple Qualcomm products, including firmware.Information may be obtained
| VAR-202310-2020 | CVE-2023-22385 | Out-of-bounds write vulnerability in multiple Qualcomm products |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Memory Corruption in Data Modem while making a MO call or MT VOLTE call. 315 5g iot modem firmware, 9205 lte modem firmware, 9206 lte modem Several Qualcomm products, such as firmware, contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202310-2661 | CVE-2023-22382 | Vulnerabilities in multiple Qualcomm products |
CVSS V2: - CVSS V3: 8.2 Severity: HIGH |
Weak configuration in Automotive while VM is processing a listener request from TEE. APQ8064AU firmware, MSM8996AU firmware, QAM8295P Unspecified vulnerabilities exist in multiple Qualcomm products, including firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202308-3352 | CVE-2023-20819 | Out-of-bounds write vulnerability in multiple MediaTek products |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
In CDMA PPP protocol, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: MOLY01068234; Issue ID: ALPS08010003. LR11 , LR12A , LR13 A number of MediaTek products, including the following, contain out-of-bounds write vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202310-0001 | CVE-2023-5322 | D-Link Systems, Inc. of dar-7000 in the firmware SQL Injection vulnerability |
CVSS V2: 5.8 CVSS V3: 4.7 Severity: MEDIUM |
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20151231. It has been rated as critical. Affected by this issue is some unknown functionality of the file /sysmanage/edit_manageadmin.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240992. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. D-Link Systems, Inc. of dar-7000 The firmware has SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202309-2871 | No CVE | There is a command execution vulnerability in Shenzhen Smart Lighting Information Technology Co., Ltd. Smart Lighting IPTV gateway |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
Shenzhen Smart Light Information Technology Co., Ltd. is an emerging high-tech company integrating R&D, production and sales.
There is a command execution vulnerability in the Smart Lighting IPTV gateway of Shenzhen Smart Lighting Information Technology Co., Ltd. An attacker can use this vulnerability to gain control of the server.
| VAR-202309-2874 | CVE-2023-43869 | D-Link Systems, Inc. of DIR-619L Out-of-bounds write vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 9.8 Severity: CRITICAL |
D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWAN_Wizard56 function. D-Link Systems, Inc. of DIR-619L An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-619L is a wireless router. This vulnerability is due to incorrect bounds checking of the formSetWAN_Wizard56 function. An attacker could exploit this vulnerability to cause a denial of service
| VAR-202309-2360 | CVE-2023-44023 | Tenda of AC10U Buffer error vulnerability in firmware |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function. Tenda of AC10U A buffer error vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202309-2434 | CVE-2023-44022 | Tenda of AC10U Buffer error vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function. Tenda of AC10U A buffer error vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC10U is a wireless router made by the Chinese company Tenda.
Tenda AC10U has a buffer overflow vulnerability. This vulnerability is caused by the speed_dir parameter in the formSetSpeedWan function failing to correctly verify the length of the input data. An attacker can use this vulnerability to execute arbitrary code on the system or cause a denial of service attack
| VAR-202309-2192 | CVE-2023-44021 | Tenda of AC10U Buffer error vulnerability in firmware |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the formSetClientState function. Tenda of AC10U A buffer error vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202309-2435 | CVE-2023-44020 | Tenda of AC10U Buffer error vulnerability in firmware |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the security parameter in the formWifiBasicSet function. Tenda of AC10U A buffer error vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202309-1941 | CVE-2023-44019 | Tenda of AC10U Buffer error vulnerability in firmware |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the mac parameter in the GetParentControlInfo function. Tenda of AC10U A buffer error vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202309-2113 | CVE-2023-44018 | Tenda of AC10U Buffer error vulnerability in firmware |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the domain parameter in the add_white_node function. Tenda of AC10U A buffer error vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202309-1942 | CVE-2023-44017 | Tenda of AC10U Buffer error vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function. Tenda of AC10U A buffer error vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC10U is a router product running Tenda AC10U firmware. This product provides remote access, multiple network interfaces, high-speed transmission and other functions.
Tenda AC10U has a stack overflow vulnerability. An attacker can exploit this vulnerability to launch a remote attack, obtain sensitive information or execute arbitrary code, thereby causing a denial of service to the system
| VAR-202309-2025 | CVE-2023-44016 | Tenda of AC10U Buffer error vulnerability in firmware |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function. Tenda of AC10U A buffer error vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202309-1781 | CVE-2023-44015 | Tenda of AC10U Buffer error vulnerability in firmware |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the schedEndTime parameter in the setSchedWifi function. Tenda of AC10U A buffer error vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202309-2269 | CVE-2023-44014 | Tenda of AC10U Buffer error vulnerability in firmware |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain multiple stack overflows in the formSetMacFilterCfg function via the macFilterType and deviceList parameters. Tenda of AC10U A buffer error vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state