VARIoT IoT vulnerabilities database

A vulnerability classified as critical has been found in TOTOLINK CA300-PoE 6.2c.884. This affects the function QuickSetting of the file ap.so. The manipulation of the argument hour/minute leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK CA300-PoE is a wireless access point from China's TOTOLINK Electronics. There is a command injection vulnerability in the TOTOLINK CA300-PoE ap.so file. The vulnerability is caused by the failure of the hour/minute parameter of the file ap.so to properly filter special characters and commands in the construction command. Attackers can exploit this vulnerability to cause arbitrary command execution

A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been declared as critical. Affected by this vulnerability is the function setUpgradeFW of the file upgrade.so. The manipulation of the argument FileName leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK CA300-PoE is a wireless access point from China's TOTOLINK Electronics. The TOTOLINK CA300-PoE upgrade.so file has a command injection vulnerability, which is caused by the parameter FileName of the file upgrade.so failing to properly filter special characters and commands in the constructed command. Attackers can exploit this vulnerability to cause arbitrary command execution

A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been classified as critical. Affected is the function SetWLanApcliSettings of the file wps.so. The manipulation of the argument PIN leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK CA300-PoE is a wireless access point from China's TOTOLINK Electronics. There is a command injection vulnerability in the wps.so file of TOTOLINK CA300-PoE. The vulnerability is caused by the failure of the parameter PIN of the file wps.so to properly filter the special characters and commands of the constructed command. Attackers can exploit this vulnerability to cause arbitrary command execution

A vulnerability was found in D-Link DIR-619L 2.06B01 and classified as critical. This issue affects the function formAdvanceSetup of the file /goform/formAdvanceSetup. The manipulation of the argument webpage leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link DIR-619L is a wireless router from D-Link, a Chinese company. There is a stack buffer overflow vulnerability in the D-Link DIR-619L /formAdvanceSetup file, which is caused by incorrect boundary checking. An attacker can exploit this vulnerability to cause a buffer overflow, execute arbitrary code on the system, or cause the application to crash

A vulnerability has been found in D-Link DIR-619L 2.06B01 and classified as critical. This vulnerability affects the function formSetWAN_Wizard51 of the file /goform/formSetWAN_Wizard51. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link DIR-619L is a wireless router from D-Link, a Chinese company. An attacker can exploit this vulnerability to overflow the buffer, execute arbitrary code on the system, or cause the application to crash

A vulnerability, which was classified as critical, was found in D-Link DIR-619L 2.06B01. This affects the function formAutoDetecWAN_wizard4 of the file /goform/formAutoDetecWAN_wizard4. The manipulation of the argument curTime leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link DIR-619L is a wireless router from D-Link of China. The D-Link DIR-619L /formAutoDetecWAN_wizard4 file has a stack buffer overflow vulnerability, which is caused by incorrect bounds checking in the function formAutoDetecWAN_wizard4 of the file /goform/formAutoDetecWAN_wizard4. An attacker can exploit this vulnerability to overflow the buffer, execute arbitrary code on the system, or cause the application to crash

A vulnerability, which was classified as critical, has been found in D-Link DIR-619L 2.06B01. Affected by this issue is the function formSetWANType_Wizard5 of the file /goform/formSetWANType_Wizard5. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link DIR-619L is a wireless router from D-Link, a Chinese company. D-Link DIR-619L has a stack buffer overflow vulnerability, which is caused by incorrect bounds checking in the function formSetWANType_Wizard5 of the file /goform/formSetWANType_Wizard5. An attacker can exploit this vulnerability to cause a buffer overflow, execute arbitrary code on the system, or cause the application to crash

DI-500WF-WT is a wireless network coverage device produced by D-Link of China. D-Link DI-500WF-WT has a command execution vulnerability, which can be exploited by attackers to execute commands.

A vulnerability classified as critical has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formIpv6Setup of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

HP LaserJet Pro MFP M126nw is a black and white laser all-in-one printer. HP LaserJet Pro MFP M126nw of HP Trading (Shanghai) Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to log in to the system and obtain sensitive information.

H3C N12 is a wireless router of H3C, a Chinese company. H3C N12 of H3C Technologies Co., Ltd. has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

L6490 is a series of printer products. Epson (China) Co., Ltd. L6490 has a logic defect vulnerability, which can be exploited by attackers to reset the password.

H3C NX54 is a Gigabit dual-band router that supports Wi-Fi 6 (802.11ax) protocol. H3C NX54 of H3C Technologies Co., Ltd. has a command execution vulnerability, which can be exploited by attackers to execute commands.

PX4 is an open source autopilot. PX4 has a logic flaw vulnerability that can be exploited by attackers to cause an oscillation loop, causing the device to repeatedly collide with obstacles, resulting in a denial of service.

HP Color LaserJet MFP M476dw is a color laser multifunction printer. HP Color LaserJet MFP M476dw of HP Trading (Shanghai) Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to log in to the system and obtain sensitive information.

H3C NX54 is a Gigabit dual-band router that supports Wi-Fi 6 (802.11ax) protocol. H3C NX54 of H3C Technologies Co., Ltd. has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

FH451 is a 450Mbps home wireless router launched by Tenda. Shenzhen Jixiang Tenda Technology Co., Ltd. FH451 has a binary vulnerability that can be exploited by attackers to cause a denial of service.

HP Color LaserJet M254nw is a color laser printer. HP Color LaserJet M254nw of HP Trading (Shanghai) Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to log in to the system and obtain sensitive information.

DI-8200 is an enterprise-level router from China's D-Link. D-Link DI-8200 has a command injection vulnerability that can be exploited by attackers to execute arbitrary commands.

H3C NX15 is a home wireless router. H3C NX15 of H3C Technologies Co., Ltd. has an unauthorized access vulnerability. Attackers can use this vulnerability to log in to telnet and obtain system permissions.