s4ndw1ch136/IOT-vuln-reports

Releases0

Stars6

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-38894 ↗	Jun 24, 2024Monday, 24 June 2024, 21:15	5.3 MEDIUM	—
WAVLINK WN551K1 found a command injection vulnerability through the IP parameter of /cgi-bin/touchlist_sync.cgi.
CVE-2024-38892 ↗	Jun 24, 2024Monday, 24 June 2024, 21:15	6.5 MEDIUM	—
An issue in Wavlink WN551K1 allows a remote attacker to obtain sensitive information via the ExportAllSettings.sh component.
CVE-2024-38902 ↗	Jun 24, 2024Monday, 24 June 2024, 21:15	9.8 CRITICAL	—
H3C Magic R230 V100R002 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.
CVE-2024-38897 ↗	Jun 24, 2024Monday, 24 June 2024, 21:15	5.3 MEDIUM	—
WAVLINK WN551K1'live_check.shtml enables attackers to obtain sensitive router information.
CVE-2024-38896 ↗	Jun 24, 2024Monday, 24 June 2024, 21:15	5.3 MEDIUM	—
WAVLINK WN551K1 found a command injection vulnerability through the start_hour parameter of /cgi-bin/nightled.cgi.
CVE-2024-38895 ↗	Jun 24, 2024Monday, 24 June 2024, 21:15	5.3 MEDIUM	—
WAVLINK WN551K1'live_mfg.shtml enables attackers to obtain sensitive router information.
CVE-2024-38903 ↗	Jun 24, 2024Monday, 24 June 2024, 21:15	4.1 MEDIUM	—
H3C Magic R230 V100R002's udpserver opens port 9034, allowing attackers to execute arbitrary commands.
CVE-2024-37643 ↗	Jun 14, 2024Friday, 14 June 2024, 16:15	8.8 HIGH	—
TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow vulnerability via the submit-url parameter at /formPasswordAuth .
CVE-2024-37645 ↗	Jun 14, 2024Friday, 14 June 2024, 16:15	8.8 HIGH	—
TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow vulnerability via the submit-url parameter at /formSysLog .
CVE-2024-37642 ↗	Jun 14, 2024Friday, 14 June 2024, 16:15	9.1 CRITICAL	—
TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a command injection vulnerability via the ipv4_ping, ipv6_ping parameter at /formSystemCheck .
CVE-2024-37641 ↗	Jun 14, 2024Friday, 14 June 2024, 16:15	8.8 HIGH	—
TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow via the submit-url parameter at /formNewSchedule
CVE-2024-37644 ↗	Jun 14, 2024Friday, 14 June 2024, 15:15	8.8 HIGH	—
TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.
CVE-2024-37640 ↗	Jun 14, 2024Friday, 14 June 2024, 14:15	8.8 HIGH	—
TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the function setWiFiEasyGuestCfg.
CVE-2024-37637 ↗	Jun 14, 2024Friday, 14 June 2024, 14:15	9.8 CRITICAL	—
TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the function setWizardCfg.
CVE-2024-37639 ↗	Jun 14, 2024Friday, 14 June 2024, 14:15	8.8 HIGH	—
TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via eport in the function setIpPortFilterRules.
CVE-2024-37632 ↗	Jun 13, 2024Thursday, 13 June 2024, 19:15	9.8 CRITICAL	—
TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the password parameter in function loginAuth .
CVE-2024-37633 ↗	Jun 13, 2024Thursday, 13 June 2024, 19:15	8.8 HIGH	—
TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiGuestCfg
CVE-2024-37634 ↗	Jun 13, 2024Thursday, 13 June 2024, 19:15	9.8 CRITICAL	—
TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiEasyCfg.
CVE-2024-37635 ↗	Jun 13, 2024Thursday, 13 June 2024, 19:15	9.8 CRITICAL	—
TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiBasicCfg
CVE-2024-37631 ↗	Jun 13, 2024Thursday, 13 June 2024, 19:15	8.8 HIGH	—
TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the File parameter in function UploadCustomModule.
CVE-2024-37630 ↗	Jun 13, 2024Thursday, 13 June 2024, 18:15	8.8 HIGH	—
D-Link DIR-605L v2.13B01 was discovered to contain a hardcoded password vulnerability in /etc/passwd, which allows attackers to log in as root.
CVE-2024-36782 ↗	Jun 3, 2024Monday, 3 June 2024, 21:15	9.8 CRITICAL	—
TOTOLINK CP300 V2.0.4-B20201102 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.
CVE-2024-36783 ↗	Jun 3, 2024Monday, 3 June 2024, 20:15	9.8 CRITICAL	—
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection via the host_time parameter in the NTPSyncWithHost function.
CVE-2024-35403 ↗	May 28, 2024Tuesday, 28 May 2024, 17:15	2.7 LOW	—
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function setIpPortFilterRules
CVE-2024-35401 ↗	May 28, 2024Tuesday, 28 May 2024, 17:15	5.9 MEDIUM	—
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.
CVE-2024-35400 ↗	May 28, 2024Tuesday, 28 May 2024, 15:15	5.3 MEDIUM	—
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function SetPortForwardRules
CVE-2024-35399 ↗	May 28, 2024Tuesday, 28 May 2024, 15:15	8.8 HIGH	—
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the password parameter in the function loginAuth
CVE-2024-35398 ↗	May 28, 2024Tuesday, 28 May 2024, 15:15	9.8 CRITICAL	—
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function setMacFilterRules.
CVE-2024-35397 ↗	May 28, 2024Tuesday, 28 May 2024, 15:15	8.8 HIGH	—
TOTOLINK CP900L v4.1.5cu.798_B20221228 weas discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2024-35388 ↗	May 24, 2024Friday, 24 May 2024, 19:15	8.8 HIGH	—
TOTOLINK NR1800X v9.1.0u.6681_B20230703 was discovered to contain a stack overflow via the password parameter in the function urldecode
CVE-2024-35387 ↗	May 24, 2024Friday, 24 May 2024, 18:15	9.8 CRITICAL	—
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth.
CVE-2024-35396 ↗	May 24, 2024Friday, 24 May 2024, 16:15	9.8 CRITICAL	—
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password for telnet in /web_cste/cgi-bin/product.ini, which allows attackers to log in as root.
CVE-2024-35395 ↗	May 24, 2024Friday, 24 May 2024, 16:15	8.8 HIGH	—
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.
CVE-2024-35099 ↗	May 14, 2024Tuesday, 14 May 2024, 15:39	9.8 CRITICAL	—
TOTOLINK LR350 V9.3.5u.6698_B20230810 was discovered to contain a stack overflow via the password parameter in the function loginAuth.
CVE-2024-34308 ↗	May 14, 2024Tuesday, 14 May 2024, 15:38	8.8 HIGH	—
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the function urldecode.