VARIoT IoT vulnerabilities database
![](/static/front/logo.webp)
VAR-202309-0276 | CVE-2023-40357 | plural TP-LINK Technologies In the product OS Command injection vulnerability |
CVSS V2: 7.7 CVSS V3: 8.0 Severity: HIGH |
Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX50 firmware versions prior to 'Archer AX50(JP)_V1_230529', Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504', Archer AX10 firmware versions prior to 'Archer AX10(JP)_V1.2_230508', and Archer AX11000 firmware versions prior to 'Archer AX11000(JP)_V1_230523'. TP-LINK Technologies The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TP-LINK Archer is a series of routers from China TP-LINK Company. This vulnerability is caused by the application's failure to properly filter special characters, commands, etc. that construct commands
VAR-202309-0277 | CVE-2023-38563 | TP-LINK Technologies of Archer C1200 firmware and Archer C9 in the firmware OS Command injection vulnerability |
CVSS V2: - CVSS V3: 8.8 Severity: HIGH |
Archer C1200 firmware versions prior to 'Archer C1200(JP)_V2_230508' and Archer C9 firmware versions prior to 'Archer C9(JP)_V3_230508' allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. (DoS) It may be in a state
VAR-202309-0275 | CVE-2023-36489 | plural TP-LINK Technologies In the product OS Command injection vulnerability |
CVSS V2: - CVSS V3: 8.8 Severity: HIGH |
Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: TL-WR802N firmware versions prior to 'TL-WR802N(JP)_V4_221008', TL-WR841N firmware versions prior to 'TL-WR841N(JP)_V14_230506', and TL-WR902AC firmware versions prior to 'TL-WR902AC(JP)_V3_230506'. TP-LINK Technologies of TL-WR902AC firmware, TL-WR802N firmware, TL-WR841N The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202309-1992 | CVE-2023-30725 |
CVSS V2: - CVSS V3: 5.5 Severity: MEDIUM |
Improper authentication in LocalProvier of Gallery prior to version 14.5.01.2 allows attacker to access the data in content provider.
VAR-202309-2411 | CVE-2023-30724 |
CVSS V2: - CVSS V3: 3.3 Severity: LOW |
Improper authentication in GallerySearchProvider of Gallery prior to version 14.5.01.2 allows attacker to access search history.
VAR-202309-1933 | No CVE | TP-LINK TL-WR841N has a binary vulnerability |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
TP-LINK TL-WR841N is a classic 11n wireless router under TP-Link.
There is a binary vulnerability in TP-LINK TL-WR841N, which can be used by attackers to cause denial of service attacks.
VAR-202309-2095 | No CVE | Zhuhai Pantum Printing Technology Co., Ltd. Pantum M6700DW Series has a logic defect vulnerability |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
Zhuhai Pantum Printing Technology Co., Ltd. is an enterprise that masters the core technology of printers and independent intellectual property rights, and integrates R&D, design, production and sales of printers, consumables and text printing output solutions.
Zhuhai Pantum Printing Technology Co., Ltd. Pantum M6700DW Series has a logic flaw vulnerability, which can be exploited by attackers to obtain sensitive information.
VAR-202309-0548 | CVE-2023-20250 |
CVSS V2: - CVSS V3: 7.2 Severity: HIGH |
A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device.
This vulnerability is due to improper validation of requests that are sent to the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary code with root privileges on an affected device. To exploit this vulnerability, the attacker must have valid Administrator credentials on the affected device
VAR-202309-2843 | No CVE | Mosa Technology (Shanghai) Co., Ltd. NPort 5210A has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Mosa Technology (Shanghai) Co., Ltd. is a company whose business scope includes technology development, technical consulting, and technical services in the field of communication equipment.
Mosa Technology (Shanghai) Co., Ltd. NPort 5210A has a weak password vulnerability. An attacker can use this vulnerability to log in to the system and obtain sensitive information.
VAR-202309-2430 | No CVE | Zhuhai Pantum Printing Technology Co., Ltd. M7160DW has an arbitrary file reading vulnerability |
CVSS V2: 3.3 CVSS V3: - Severity: LOW |
M7160DW is a monochrome laser all-in-one machine that supports printing, copying and scanning functions, and can be connected via USB, wired network, LAN and WIFI.
The M7160DW of Zhuhai Pantum Printing Technology Co., Ltd. has an arbitrary file reading vulnerability. Attackers can use this vulnerability to arbitrarily read files in the printer's file system without authorization.
VAR-202309-0795 | CVE-2021-40546 | Shenzhen Tenda Technology Co.,Ltd. of AC6 Improper Shutdown and Release of Resources in Firmware Vulnerability |
CVSS V2: 6.1 CVSS V3: 4.9 Severity: MEDIUM |
Tenda AC6 US_AC6V4.0RTL_V02.03.01.26_cn.bin allows attackers (who have the administrator password) to cause a denial of service (device crash) via a long string in the wifiPwd_5G parameter to /goform/setWifi. Shenzhen Tenda Technology Co.,Ltd. of AC6 A vulnerability exists in firmware related to improper shutdown and release of resources.Service operation interruption (DoS) It may be in a state.
Tenda AC6 has a denial of service vulnerability. This vulnerability results from incorrect processing of input error messages
VAR-202309-2249 | CVE-2023-33021 | Use of freed memory vulnerability in multiple Qualcomm products |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
Memory corruption in Graphics while processing user packets for command submission. APQ8064AU firmware, AQT1000 firmware, AR8035 Multiple Qualcomm products, such as firmware, contain vulnerabilities related to use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202309-1991 | CVE-2023-33020 | Vulnerabilities in multiple Qualcomm products |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA during CSA IE. 9206 lte firmware, APQ8017 firmware, APQ8052 Unspecified vulnerabilities exist in multiple Qualcomm products, including firmware.Service operation interruption (DoS) It may be in a state
VAR-202309-2076 | CVE-2023-33019 | Vulnerabilities in multiple Qualcomm products |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA IE. 9206 lte firmware, APQ8017 firmware, APQ8052 Unspecified vulnerabilities exist in multiple Qualcomm products, including firmware.Service operation interruption (DoS) It may be in a state
VAR-202309-1995 | CVE-2023-28565 | Out-of-bounds write vulnerability in multiple Qualcomm products |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
Memory corruption in WLAN HAL while handling command streams through WMI interfaces. 9205 lte firmware, APQ8017 firmware, APQ8064AU Several Qualcomm products, such as firmware, contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202309-2499 | CVE-2023-28564 | Out-of-bounds write vulnerability in multiple Qualcomm products |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
Memory corruption in WLAN HAL while passing command parameters through WMI interfaces. AQT1000 firmware, AR8031 firmware, AR9380 Several Qualcomm products, such as firmware, contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202309-2506 | CVE-2023-21654 | Out-of-bounds write vulnerability in multiple Qualcomm products |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
Memory corruption in Audio during playback session with audio effects enabled. APQ8096AU firmware, AQT1000 firmware, MDM9150 Several Qualcomm products, such as firmware, contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202309-1841 | CVE-2023-28072 | Dell's Alienware Command Center Untrusted Data Deserialization Vulnerability in |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
Dell Alienware Command Center, versions prior to 5.5.51.0, contain a deserialization of untrusted data vulnerability. A local malicious user could potentially send specially crafted requests to the .NET Remoting server to run arbitrary code on the system. (DoS) It may be in a state
VAR-202309-2836 | No CVE | There is a binary vulnerability in Shenzhen Anjubao Electronics Co., Ltd.'s Wanbaoze p12 camera |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
The Wanbaoze p12 camera is a camera product of Shenzhen Anjubao Electronics Co., Ltd.
Shenzhen Anjubao Electronics Co., Ltd.'s Wanbaoze p12 camera has a binary vulnerability that attackers can exploit to cause a denial of service.
VAR-202309-0018 | CVE-2023-4711 | D-Link Systems, Inc. of dar-8000-10 in the firmware OS Command injection vulnerability |
CVSS V2: 4.6 CVSS V3: 5.0 Severity: MEDIUM |
A vulnerability, which was classified as critical, has been found in D-Link DAR-8000-10 up to 20230819. Affected by this issue is some unknown functionality of the file /log/decodmail.php. The manipulation of the argument file leads to os command injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-238574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. D-Link Systems, Inc. of dar-8000-10 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state