VARIoT IoT vulnerabilities database

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "ssid" parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function. plural Tenda The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The AC series is a router product from Tenda. httpd is one of the HTTP server components. The following products and versions are affected: Tenda AC7 V15.03.06.44_CN; AC9 V15.03.05.19(6318)_CN; AC10 V15.03.06.23_CN; AC15 V15.03.05.19_CN; AC18 V15.03.05.19 (6318)_CN version

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceList' parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function. plural Tenda The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. TendaAC7 and others are wireless router products of Tenda. Httpd is one of the HTTP server components. A buffer overflow vulnerability exists in httpd in several Tenda products that an attacker can exploit to cause a denial of service (covering the return value of a function). The following products and versions are affected: Tenda AC7 V15.03.06.44_CN; AC9 V15.03.05.19(6318)_CN; AC10 V15.03.06.23_CN; AC15 V15.03.05.19_CN; AC18 V15.03.05.19 (6318)_CN version

An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. They allow remote code execution via shell metacharacters in the usbName field to the __fastcall function with a POST request. plural Tenda The product contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TendaAC9, AC15 and AC18 are all wireless router products from Tenda. Security flaws exist in Tenda AC9, AC15, and AC18. The following products and versions are affected: Tenda AC9 V15.03.05.19(6318)_CN version; AC15 V15.03.05.19_CN version; AC18 V15.03.05.19(6318)_CN version

ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root account with the tTn3+Z@!Sr0O+ password hash in the etc/default.cfg file. ZyXEL VMG3312-B10B The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. VMG3312-B10B is a Wireless N VDSL2 4-port gateway with USB launched by ZyXEL. ZyXEL VMG3312-B10B is a modem device from ZyXEL Technology Company. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a heap-based buffer overflow vulnerability in the router's web server -- httpd. While processing the 'mac' parameter for a post request, the value is directly used in a strcpy to a variable placed on the heap, which can leak sensitive information or even hijack program control flow. plural Tenda The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TendaAC7 and others are wireless router products of Tenda. Httpd is one of the HTTP server components. The following products and versions are affected: Tenda AC7 V15.03.06.44_CN; AC9 V15.03.05.19(6318)_CN; AC10 V15.03.06.23_CN; AC15 V15.03.05.19_CN; AC18 V15.03.05.19 (6318)_CN version

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'startIp' and 'endIp' parameters for a post request, each value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function. plural Tenda The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. TendaAC7 and others are wireless router products of Tenda. Httpd is one of the HTTP server components. A buffer overflow vulnerability exists in httpd in several Tenda products that an attacker can exploit to cause a denial of service (the return address of the override function). The following products and versions are affected: Tenda AC7 V15.03.06.44_CN; AC9 V15.03.05.19(6318)_CN; AC10 V15.03.06.23_CN; AC15 V15.03.05.19_CN; AC18 V15.03.05.19 (6318)_CN version

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceMac' parameter for a post request, the value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function. plural Tenda The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. TendaAC7 and others are wireless router products of Tenda. Httpd is one of the HTTP server components. A buffer overflow vulnerability exists in httpd in several Tenda products that an attacker can exploit to cause a denial of service (the return address of the override function). The following products and versions are affected: Tenda AC7 V15.03.06.44_CN; AC9 V15.03.05.19(6318)_CN; AC10 V15.03.06.23_CN; AC15 V15.03.05.19_CN; AC18 V15.03.05.19 (6318)_CN version

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'ntpServer' parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function. plural Tenda The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. TendaAC7 and others are wireless router products of Tenda. Httpd is one of the HTTP server components. A buffer overflow vulnerability exists in httpd in several Tenda products that an attacker can exploit to cause a denial of service (the return address of the override function). The following products and versions are affected: Tenda AC7 V15.03.06.44_CN; AC9 V15.03.05.19(6318)_CN; AC10 V15.03.06.23_CN; AC15 V15.03.05.19_CN; AC18 V15.03.05.19 (6318)_CN version

The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and G6 HPE servers allows local disclosure of privileged information. This issue was resolved in previously provided firmware updates as follows. The HPE Windows firmware installer was updated in the system ROM updates which also addressed the original Spectre/Meltdown set of vulnerabilities. At that time, the Windows firmware installer was also updated in the versions of HPE Integrated Lights-Out 2, 3, and 4 (iLO 2, 3, and 4) listed in the security bulletin. The updated HPE Windows firmware installer was released in the system ROM and HPE Integrated Lights-Out (iLO) releases documented in earlier HPE Security Bulletins: HPESBHF03805, HPESBHF03835, HPESBHF03831. Windows-based systems that have already been updated to the system ROM or iLO versions described in these security bulletins require no further action. plural HPE The product contains an information disclosure vulnerability. Vendors report this vulnerability HPESBHF03805 , HPESBHF03835 , HPESBHF03831 Published as.Information may be obtained. HPE Integrated Lights-Out is a set of remote control solutions from Hewlett Packard Enterprise (HPE). This solution enables remote monitoring and operation and maintenance of IT assets such as servers. A local attacker could exploit this vulnerability to obtain sensitive information

FameView configuration software is a high-performance configuration monitoring software company independently developed by Beijing Jiekong Company, which is a collection of years of engineering application and service experience based on Windows operating system. There is a weak password vulnerability in Beijing Jiekong FameView configuration software. Attackers can log in to the system with weak passwords and start and stop tasks at will

Improper input validation leads to buffer overwrite in the WLAN function that handles WMI commands in Snapdragon Mobile in version SD 845, SD 850, SDA660. Snapdragon Mobile Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-120487384, A-117119000, A-117118976, A-117118295, A-117119172, A-122473270, A-109678120, A-111093019, A-111092813, A-111089816, A-111092945, A-111092919, A-111091938, A-111093762, A-111093242, A-111090373, A-111092814, A-111093763, A-111093243, A-111089817, A-111092400, A-111090534, A-111091378, A-111092946, A-111093022, A-111093244, A-111092888, A-111093280, A-111092401, A-111093259, A-111090535, A-112279580, A-112279127, A-119049704, A-119052960, A-114042276, A-117118499, A-117119174, A-117119152, A-117118789, A-122472377, A-120483842, A-122472139 and A-122473145. Qualcomm SD 845, SD 850 and SDA660 are all central processing unit (CPU) products of Qualcomm (Qualcomm). WLAN is one of the wireless local area network components. A local attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service

Buffer overflow can happen in WLAN module due to lack of validation of the input length in Snapdragon Mobile in version SD 845, SD 850, SDA660. Snapdragon Mobile Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-120487384, A-117119000, A-117118976, A-117118295, A-117119172, A-122473270, A-109678120, A-111093019, A-111092813, A-111089816, A-111092945, A-111092919, A-111091938, A-111093762, A-111093242, A-111090373, A-111092814, A-111093763, A-111093243, A-111089817, A-111092400, A-111090534, A-111091378, A-111092946, A-111093022, A-111093244, A-111092888, A-111093280, A-111092401, A-111093259, A-111090535, A-112279580, A-112279127, A-119049704, A-119052960, A-114042276, A-117118499, A-117119174, A-117119152, A-117118789, A-122472377, A-120483842, A-122472139 and A-122473145. Qualcomm SD 845, SD 850 and SDA660 are all central processing unit (CPU) products of Qualcomm (Qualcomm). WLAN is one of the wireless local area network components. A local attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service

Lack of input validation while copying to buffer in WLAN will lead to a buffer overflow in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660. Snapdragon Mobile Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-120487384, A-117119000, A-117118976, A-117118295, A-117119172, A-122473270, A-109678120, A-111093019, A-111092813, A-111089816, A-111092945, A-111092919, A-111091938, A-111093762, A-111093242, A-111090373, A-111092814, A-111093763, A-111093243, A-111089817, A-111092400, A-111090534, A-111091378, A-111092946, A-111093022, A-111093244, A-111092888, A-111093280, A-111092401, A-111093259, A-111090535, A-112279580, A-112279127, A-119049704, A-119052960, A-114042276, A-117118499, A-117119174, A-117119152, A-117118789, A-122472377, A-120483842, A-122472139 and A-122473145. Qualcomm SD 835, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) for mobile devices. WLAN is one of the wireless local area network components. A local attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service. The following products (for mobile devices) are affected: Qualcomm SD 835; SD 845; SD 850; SDA660

Improper input validation leads to buffer overflow while processing network list offload command in WLAN function in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660. Snapdragon Mobile Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-120487384, A-117119000, A-117118976, A-117118295, A-117119172, A-122473270, A-109678120, A-111093019, A-111092813, A-111089816, A-111092945, A-111092919, A-111091938, A-111093762, A-111093242, A-111090373, A-111092814, A-111093763, A-111093243, A-111089817, A-111092400, A-111090534, A-111091378, A-111092946, A-111093022, A-111093244, A-111092888, A-111093280, A-111092401, A-111093259, A-111090535, A-112279580, A-112279127, A-119049704, A-119052960, A-114042276, A-117118499, A-117119174, A-117119152, A-117118789, A-122472377, A-120483842, A-122472139 and A-122473145. Qualcomm SD 835, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) for mobile devices. A local attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service. The following products (for mobile devices) are affected: Qualcomm SD 835; SD 845; SD 850; SDA660

When the buffer length passed is very large, bounds check could be bypassed leading to potential buffer overwrite in Snapdragon Mobile in version SD 845. Snapdragon Mobile Contains an integer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-120487384, A-117119000, A-117118976, A-117118295, A-117119172, A-122473270, A-109678120, A-111093019, A-111092813, A-111089816, A-111092945, A-111092919, A-111091938, A-111093762, A-111093242, A-111090373, A-111092814, A-111093763, A-111093243, A-111089817, A-111092400, A-111090534, A-111091378, A-111092946, A-111093022, A-111093244, A-111092888, A-111093280, A-111092401, A-111093259, A-111090535, A-112279580, A-112279127, A-119049704, A-119052960, A-114042276, A-117118499, A-117119174, A-117119152, A-117118789, A-122472377, A-120483842, A-122472139 and A-122473145. Qualcomm SD 845 is a central processing unit (CPU) product of Qualcomm (Qualcomm). WLAN is one of the wireless local area network components. A buffer overflow vulnerability exists in the WLAN in the Qualcomm SD 845 (for mobile devices). A local attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service

Buffer overwrite can happen in WLAN function while processing set pdev parameter command due to lack of input validation in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version IPQ4019, IPQ8064, IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, QCA9531, QCA9558, QCA9563, QCA9880, QCA9886, QCA9980, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016. Snapdragon Automobile , Snapdragon Mobile , Snapdragon Wear Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-120487384, A-117119000, A-117118976, A-117118295, A-117119172, A-122473270, A-109678120, A-111093019, A-111092813, A-111089816, A-111092945, A-111092919, A-111091938, A-111093762, A-111093242, A-111090373, A-111092814, A-111093763, A-111093243, A-111089817, A-111092400, A-111090534, A-111091378, A-111092946, A-111093022, A-111093244, A-111092888, A-111093280, A-111092401, A-111093259, A-111090535, A-112279580, A-112279127, A-119049704, A-119052960, A-114042276, A-117118499, A-117119174, A-117119152, A-117118789, A-122472377, A-120483842, A-122472139 and A-122473145. Qualcomm IPQ4019 and so on are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. WLAN is one of the wireless local area network components. A buffer overflow vulnerability exists in WLAN in several Qualcomm Snapdragon products. The vulnerability is caused by the program not performing input validation correctly. A local attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service

Buffer overwrite can occur when the legacy rates count received from the host is not checked against the maximum number of legacy rates in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDX20. Snapdragon Automobile , Snapdragon Mobile , Snapdragon Wear Contains a buffer error vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-120487384, A-117119000, A-117118976, A-117118295, A-117119172, A-122473270, A-109678120, A-111093019, A-111092813, A-111089816, A-111092945, A-111092919, A-111091938, A-111093762, A-111093242, A-111090373, A-111092814, A-111093763, A-111093243, A-111089817, A-111092400, A-111090534, A-111091378, A-111092946, A-111093022, A-111093244, A-111092888, A-111093280, A-111092401, A-111093259, A-111090535, A-112279580, A-112279127, A-119049704, A-119052960, A-114042276, A-117118499, A-117119174, A-117119152, A-117118789, A-122472377, A-120483842, A-122472139 and A-122473145. Qualcomm MDM9206, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. WLAN is one of the wireless local area network components. A buffer overflow vulnerability exists in WLAN in several Qualcomm Snapdragon products. A local attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service

Buffer overflow if the length of passphrase is more than 32 when setting up secure NDP connection in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660. Snapdragon Mobile Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-120487384, A-117119000, A-117118976, A-117118295, A-117119172, A-122473270, A-109678120, A-111093019, A-111092813, A-111089816, A-111092945, A-111092919, A-111091938, A-111093762, A-111093242, A-111090373, A-111092814, A-111093763, A-111093243, A-111089817, A-111092400, A-111090534, A-111091378, A-111092946, A-111093022, A-111093244, A-111092888, A-111093280, A-111092401, A-111093259, A-111090535, A-112279580, A-112279127, A-119049704, A-119052960, A-114042276, A-117118499, A-117119174, A-117119152, A-117118789, A-122472377, A-120483842, A-122472139 and A-122473145. Qualcomm SD 835, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) for mobile devices. WLAN is one of the wireless local area network components. A local attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service. The following products (for mobile devices) are affected: Qualcomm SD 835; SD 845; SD 850; SDA660

Lack of check of buffer size before copying in a WLAN function can lead to a buffer overflow in Snapdragon Mobile in version SD 845, SD 850. Snapdragon Mobile Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-120487384, A-117119000, A-117118976, A-117118295, A-117119172, A-122473270, A-109678120, A-111093019, A-111092813, A-111089816, A-111092945, A-111092919, A-111091938, A-111093762, A-111093242, A-111090373, A-111092814, A-111093763, A-111093243, A-111089817, A-111092400, A-111090534, A-111091378, A-111092946, A-111093022, A-111093244, A-111092888, A-111093280, A-111092401, A-111093259, A-111090535, A-112279580, A-112279127, A-119049704, A-119052960, A-114042276, A-117118499, A-117119174, A-117119152, A-117118789, A-122472377, A-120483842, A-122472139 and A-122473145. Both Qualcomm SD 845 and SD 850 are central processing unit (CPU) products of Qualcomm (Qualcomm). WLAN is one of the wireless local area network components. A local attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service

Improper input validation leads to buffer overwrite in the WLAN function that handles WLAN roam buffer in Snapdragon Mobile in version SD 845. Snapdragon Mobile Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-120487384, A-117119000, A-117118976, A-117118295, A-117119172, A-122473270, A-109678120, A-111093019, A-111092813, A-111089816, A-111092945, A-111092919, A-111091938, A-111093762, A-111093242, A-111090373, A-111092814, A-111093763, A-111093243, A-111089817, A-111092400, A-111090534, A-111091378, A-111092946, A-111093022, A-111093244, A-111092888, A-111093280, A-111092401, A-111093259, A-111090535, A-112279580, A-112279127, A-119049704, A-119052960, A-114042276, A-117118499, A-117119174, A-117119152, A-117118789, A-122472377, A-120483842, A-122472139 and A-122473145. Qualcomm SD 845 is a central processing unit (CPU) product of Qualcomm (Qualcomm). WLAN is one of the wireless local area network components. A local attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service