VARIoT IoT vulnerabilities database

ASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. An authenticated remote attacker can exploit the exported OpenVPN configuration to execute an externally-controlled format string attack, resulting in sensitivity information leakage, or forcing the device to reset and permanent denial of service.

DIR-852 is a router product of D-X Electronic Equipment (Shanghai) Co., Ltd. There is an unauthorized access vulnerability in DIR-852 of D-X Electronic Equipment (Shanghai) Co., Ltd. An attacker can use the vulnerability to obtain sensitive information.

Dlink DIR-818LW is a 750M 11AC dual-band Gigabit cloud router. The wireless speed greatly exceeds 11N and can provide a high-speed wireless network environment of up to 750Mbps. D-X Electronic Equipment (Shanghai) Co., Ltd. DIR-818LW has a command execution vulnerability. An attacker can use the vulnerability to execute arbitrary commands through malicious HTTP requests, thereby gaining control of the server.

DIR-822 A1 is a wireless cloud router. D-X Electronic Equipment (Shanghai) Co., Ltd. DIR-822 A1 has a command execution vulnerability. An attacker can use the vulnerability to gain control of the server.

DIR-822 A1 is a wireless cloud router. D-X Electronic Equipment (Shanghai) Co., Ltd. DIR-822 A1 has a command execution vulnerability. An attacker can use the vulnerability to gain control of the server.

DIR-816L is a router product of D-X Electronic Equipment (Shanghai) Co., Ltd. D-X Electronic Equipment (Shanghai) Co., Ltd. DIR-816L has an unauthorized access vulnerability that allows attackers to exploit the vulnerability to obtain sensitive information.

DIR-852 is a router product of D-X Electronic Equipment (Shanghai) Co., Ltd. There is an unauthorized access vulnerability in DIR-852 of D-X Electronic Equipment (Shanghai) Co., Ltd. An attacker can use the vulnerability to obtain sensitive information.

DIR-816L is a router product of D-X Electronic Equipment (Shanghai) Co., Ltd. D-X Electronic Equipment (Shanghai) Co., Ltd. DIR-816L has an unauthorized access vulnerability that allows attackers to exploit the vulnerability to obtain sensitive information.

TOTOLINK WA300-PoE is a high-performance in-wall wireless AP. Zeon Electronics (Shenzhen) Co., Ltd.'s WA300-PoE has a command execution vulnerability, which an attacker can exploit to gain control of the server.

DIR-816L is a router product of D-X Electronic Equipment (Shanghai) Co., Ltd. D-X Electronic Equipment (Shanghai) Co., Ltd. DIR-816L has a binary vulnerability that can be exploited by attackers to cause denial of service.

Maipu Communication Technology Co., Ltd. was established in 1993 and is a leading domestic supplier of network products and solutions. Maipu Telecom Technology Co., Ltd.'s MPSec MSG4000 security gateway has an arbitrary file download vulnerability that allows attackers to exploit the vulnerability to obtain sensitive information.

China Mobile Smart Home Gateway H2-3 is a general gateway device of China Mobile Communications. China Mobile Communications Co., Ltd.'s smart home gateway H2-3 has a command execution vulnerability. An attacker can use the vulnerability to gain server control permissions.

Contiki-NG is an operating system for internet-of-things devices. In versions 4.9 and prior, when a packet is received, the Contiki-NG network stack attempts to start the periodic TCP timer if it is a TCP packet with the SYN flag set. But the implementation does not first verify that a full TCP header has been received. Specifically, the implementation attempts to access the flags field from the TCP buffer in the following conditional expression in the `check_for_tcp_syn` function. For this reason, an attacker can inject a truncated TCP packet, which will lead to an out-of-bound read from the packet buffer. As of time of publication, a patched version is not available. As a workaround, one can apply the changes in Contiki-NG pull request #2510 to patch the system.

Contiki-NG is an operating system for internet-of-things devices. In versions 4.9 and prior, when processing the various IPv6 header fields during IPHC header decompression, Contiki-NG confirms the received packet buffer contains enough data as needed for that field. But no similar check is done before decompressing the IPv6 address. Therefore, up to 16 bytes can be read out of bounds on the line with the statement `memcpy(&ipaddr->u8[16 - postcount], iphc_ptr, postcount);`. The value of `postcount` depends on the address compression used in the received packet and can be controlled by the attacker. As a result, an attacker can inject a packet that causes an out-of-bound read. As of time of publication, a patched version is not available. As a workaround, one can apply the changes in Contiki-NG pull request #2509 to patch the system.

CPE4600AA is a routing device. Applied Electro Magnetics Private Limited CPE4600AA has a weak password vulnerability. An attacker can use the vulnerability to gain WEB system permissions.

SQL injection vulnerability in Vtiger CRM v.7.5.0 allows a remote authenticated attacker to escalate privileges via the getQueryColumnsList function in ReportRun.php.

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modified URL, potentially enabling them to modify system configuration settings.

The GR-1200W router is a wireless enterprise-level routing device produced by H3C Technology Co., Ltd. (H3C). There is a binary vulnerability in the GR-1200W of H3C Technology Co., Ltd., which can be used by attackers to gain server permissions.

A vulnerability has been identified in Spectrum Power 7 (All versions < V23Q3). The affected product assigns improper access rights to the update script. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges. Siemens' Spectrum Power 7 Contains a vulnerability in improper permission assignment for critical resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Spectrum Power 7 provides basic components for SCADA, communications and data modeling for control and monitoring systems. Suites of applications can be added to optimize network and generation management in all areas of energy management

Tianrongxin load balancing system can provide users with a complete set of data center solutions, including link load balancing and server load balancing in a single data center, as well as global load balancing in multiple data centers. There is an information leakage vulnerability in the load balancing system of Beijing Tianrongxin Technology Co., Ltd. An attacker can use the vulnerability to obtain sensitive information.