VARIoT IoT vulnerabilities database

TOTOLINK A810R V4.1.2cu.5182_B20201026 was discovered to contain a hardcoded password for the telnet service in product.ini. TOTOLINK of A810R A vulnerability exists in the firmware related to the use of hardcoded passwords.Information may be obtained and information may be tampered with. TOTOLINK A810R is a wireless dual-band router from China's TOTOLINK Electronics. TOTOLINK A810R V4.1.2cu.5182_B20201026 has a trust management vulnerability, which is caused by a hard-coded password in product.ini. Attackers can exploit this vulnerability to cause authentication errors

TOTOLINK A810R V4.1.2cu.5182_B20201026 was discovered to contain a stack overflow via the startTime and endTime parameters in setParentalRules function. TOTOLINK of A810R A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A810R is a wireless dual-band router from China's TOTOLINK Electronics. TOTOLINK A810R V4.1.2cu.5182_B20201026 has a buffer overflow vulnerability. The vulnerability is caused by the startTime and endTime parameters in the setParentalRules function failing to correctly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in the cstecgi.cgi. TOTOLINK of A810R Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A810R is a wireless dual-band router from China's TOTOLINK Electronics. The vulnerability is caused by cstecgi.cgi failing to correctly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a pre-auth remote command execution vulnerability in the NTPSyncWithHost function through the hostTime parameter. a800r firmware, A810R firmware, A830R firmware etc. TOTOLINK The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a pre-auth buffer overflow vulnerability in the setNoticeCfg function through the IpTo parameter. a800r firmware, A810R firmware, A830R firmware etc. TOTOLINK The product contains a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 contain a pre-auth buffer overflow vulnerability in the setNoticeCfg function through the IpForm parameter. a800r firmware, A810R firmware, A830R firmware etc. TOTOLINK The product contains a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

TOSHIBA e-STUDIO4508A is a high-performance black-and-white digital multifunction printer suitable for office environments, providing printing, copying and scanning functions. ‌ TOSHIBA e-STUDIO4508A has a weak password vulnerability that can be exploited by attackers to obtain sensitive information.

Beijing Zhixin Microelectronics Technology Co., Ltd. is a high-tech enterprise focusing on the field of microelectronics. Beijing Zhixin Microelectronics Technology Co., Ltd.'s intelligent fusion terminal has an industrial control equipment vulnerability, which can be exploited by attackers to obtain server permissions.

Founded in 2016, Netshi Technology Co., Ltd. is a high-tech enterprise focusing on the research, development, production and sales of data communication network equipment. Netshi Technology Co., Ltd.'s W1 series routers have an unauthorized access vulnerability that attackers can exploit to obtain sensitive information.

‌MOBOTIX Q22 is a 360-degree panoramic network camera. ‌MOBOTIX Q22 is a 360-degree panoramic network camera. MOBOTIX Q22 has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information.

MOBOTIX S14 is a camera. MOBOTIX S14 has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information.

MOBOTIX D22 is a camera. MOBOTIX D22 has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information.

BL-LTE300 is a home router. Shenzhen Bilian Electronics Co., Ltd. BL-LTE300 has a binary vulnerability that can be exploited by attackers to cause a denial of service.

MOBOTIX M1 is a camera. MOBOTIX M1 has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information.

A15 is a dual-band 3G wireless router suitable for fiber-optic homes within 1000M. Shenzhen Jixiang Tengda Technology Co., Ltd. A15 has a binary vulnerability that can be exploited by attackers to cause a denial of service.

MOBOTIX D10 is a high-performance smart network camera. MOBOTIX D10 has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information.

Fuhong Technology Co., Ltd. was established in 1991. It has always been committed to the development and manufacture of image monitoring systems with professional R&D and perfect sales services as its core orientation. Its product systems include environmental monitoring and mobile monitoring, and it achieves comprehensive security protection with the vision of system integration and solutions. Fuhong Technology Co., Ltd. IP Network Camera has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

MOBOTIX P25 is a high-performance smart network camera. MOBOTIX P25 has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information.

Beijing Yakong Technology Development Co., Ltd. is a high-tech enterprise of industrial automation and information software platform, focusing on independent research and development, marketing and service of domestic industrial software. Beijing Yakong Technology Development Co., Ltd. kingh5stream has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

AC8 is a dual-band three-gigabit wireless router suitable for fiber-optic homes within 1000 megabits, supporting gigabit ports, intelligent frequency selection, parental control and other functions. AC8 of Shenzhen Jixiang Tengda Technology Co., Ltd. has a binary vulnerability that can be exploited by attackers to cause a denial of service.