VARIoT IoT vulnerabilities database

In ProtocolMiscHwConfigChangeAdapter::GetData() of protocolmiscadapter.cpp, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation. Google Pixel is a smartphone produced by Google in the United States. There is a buffer overflow vulnerability in Google Pixel. The vulnerability is caused by the lack of boundary check in protocolmiscmiscadapter.cpp of protocolmiscHwConfigChangeAdapter::GetData. Attackers can exploit this vulnerability to cause out-of-bounds reading

In mm_GetMobileIdIndexForNsUpdate of mm_GmmPduCodec.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Google of Android Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Google Pixel is a smartphone produced by Google in the United States. Google Pixel has a buffer overflow vulnerability. The vulnerability is caused by incorrect boundary checking in mm_GetMobileIdIndexForNsUpdate of mm_GmmPduCodec.c. Attackers can exploit this vulnerability to cause out-of-bounds write

In lwis_device_event_states_clear_locked of lwis_event.c, there is a possible privilege escalation due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Google of Android contains a double free vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Google Pixel is a smartphone produced by Google in the United States

Sharp and Toshiba Tec MFPs improperly validate input data in URI data registration, resulting in a stored cross-site scripting vulnerability. If crafted input is stored by an administrative user, malicious script may be executed on the web browsers of other victim users. Potential impacts vary depending on the vulnerability, but may include the following: * Crafted HTTP Processing the request causes the product to hang (( CVE-2024-42420 , CVE-2024-43424 , CVE-2024-45829 ) * Crafted HTTP Processing the request allows access to files inside the product (( CVE-2024-45842 ) * Settings registered by a user without administrator privileges API is used (( CVE-2024-47005 ) * Of the product Web The page authentication mechanism is bypassed. (( CVE-2024-48870 )

Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, resulting in a reflected cross-site scripting vulnerability. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser. Potential impacts vary depending on the vulnerability, but may include the following: * Crafted HTTP Processing the request causes the product to hang (( CVE-2024-42420 , CVE-2024-43424 , CVE-2024-45829 ) * Crafted HTTP Processing the request allows access to files inside the product (( CVE-2024-45842 ) * Settings registered by a user without administrator privileges API is used (( CVE-2024-47005 ) * Of the product Web The page authentication mechanism is bypassed. (( CVE-2024-48870 )

Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow contamination of unintended data to HTTP response headers. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser. Potential impacts vary depending on the vulnerability, but may include the following: * Crafted HTTP Processing the request causes the product to hang (( CVE-2024-42420 , CVE-2024-43424 , CVE-2024-45829 ) * Crafted HTTP Processing the request allows access to files inside the product (( CVE-2024-45842 ) * Settings registered by a user without administrator privileges API is used (( CVE-2024-47005 ) * Of the product Web The page authentication mechanism is bypassed. (( CVE-2024-48870 )

Sharp and Toshiba Tec MFPs improperly process HTTP authentication requests, resulting in an authentication bypass vulnerability. Potential impacts vary depending on the vulnerability, but may include the following: * Crafted HTTP Processing the request causes the product to hang (( CVE-2024-42420 , CVE-2024-43424 , CVE-2024-45829 ) * Crafted HTTP Processing the request allows access to files inside the product (( CVE-2024-45842 ) * Settings registered by a user without administrator privileges API is used (( CVE-2024-47005 ) * Of the product Web The page authentication mechanism is bypassed. (( CVE-2024-47406 ) * A crafted image showing the product URL If you access Web Arbitrary script execution on the browser (( CVE-2024-47549 , CVE-2024-47801 ) * By inputting specially crafted input into the product by a user with administrator privileges, arbitrary scripts can be executed on the web browser of other users who access the product. (( CVE-2024-48870 )

Sharp and Toshiba Tec MFPs provide configuration related APIs. They are expected to be called by administrative users only, but insufficiently restricted. A non-administrative user may execute some configuration APIs. Potential impacts vary depending on the vulnerability, but may include the following: * Crafted HTTP Processing the request causes the product to hang (( CVE-2024-42420 , CVE-2024-43424 , CVE-2024-45829 ) * Crafted HTTP Processing the request allows access to files inside the product (( CVE-2024-45842 ) * Settings registered by a user without administrator privileges API is used (( CVE-2024-47005 ) * Of the product Web The page authentication mechanism is bypassed. (( CVE-2024-47406 ) * A crafted image showing the product URL If you access Web Arbitrary script execution on the browser (( CVE-2024-47549 , CVE-2024-47801 ) * By inputting specially crafted input into the product by a user with administrator privileges, arbitrary scripts can be executed on the web browser of other users who access the product. (( CVE-2024-48870 )

Sharp and Toshiba Tec MFPs improperly process URI data in HTTP PUT requests resulting in a path Traversal vulnerability. Unintended internal files may be retrieved when processing crafted HTTP requests. Potential impacts vary depending on the vulnerability, but may include the following: * Crafted HTTP Processing the request causes the product to hang (( CVE-2024-42420 , CVE-2024-43424 , CVE-2024-45829 ) * Crafted HTTP Processing the request allows access to files inside the product (( CVE-2024-45842 ) * Settings registered by a user without administrator privileges API is used (( CVE-2024-47005 ) * Of the product Web The page authentication mechanism is bypassed. (( CVE-2024-47406 ) * A crafted image showing the product URL If you access Web Arbitrary script execution on the browser (( CVE-2024-47549 , CVE-2024-47801 ) * By inputting specially crafted input into the product by a user with administrator privileges, arbitrary scripts can be executed on the web browser of other users who access the product. (( CVE-2024-48870 )

Sharp and Toshiba Tec MFPs provide the web page to download data, where query parameters in HTTP requests are improperly processed and resulting in an Out-of-bounds Read vulnerability. Crafted HTTP requests may cause affected products crashed. Potential impacts vary depending on the vulnerability, but may include the following: * Crafted HTTP Processing the request causes the product to hang (( CVE-2024-42420 , CVE-2024-43424 , CVE-2024-45829 ) * Crafted HTTP Processing the request allows access to files inside the product (( CVE-2024-45842 ) * Settings registered by a user without administrator privileges API is used (( CVE-2024-47005 ) * Of the product Web The page authentication mechanism is bypassed. (( CVE-2024-47406 ) * A crafted image showing the product URL If you access Web Arbitrary script execution on the browser (( CVE-2024-47549 , CVE-2024-47801 ) * By inputting specially crafted input into the product by a user with administrator privileges, arbitrary scripts can be executed on the web browser of other users who access the product. (( CVE-2024-48870 )

Sharp and Toshiba Tec MFPs improperly process HTTP request headers, resulting in an Out-of-bounds Read vulnerability. Crafted HTTP requests may cause affected products crashed. Potential impacts vary depending on the vulnerability, but may include the following: * Crafted HTTP Processing the request causes the product to hang (( CVE-2024-42420 , CVE-2024-43424 , CVE-2024-45829 ) * Crafted HTTP Processing the request allows access to files inside the product (( CVE-2024-45842 ) * Settings registered by a user without administrator privileges API is used (( CVE-2024-47005 ) * Of the product Web The page authentication mechanism is bypassed. (( CVE-2024-47406 ) * A crafted image showing the product URL If you access Web Arbitrary script execution on the browser (( CVE-2024-47549 , CVE-2024-47801 ) * By inputting specially crafted input into the product by a user with administrator privileges, arbitrary scripts can be executed on the web browser of other users who access the product. (( CVE-2024-48870 )

Sharp and Toshiba Tec MFPs contain multiple Out-of-bounds Read vulnerabilities, due to improper processing of keyword search input and improper processing of SOAP messages. Crafted HTTP requests may cause affected products crashed. Potential impacts vary depending on the vulnerability, but may include the following: * Crafted HTTP Processing the request causes the product to hang (( CVE-2024-42420 , CVE-2024-43424 , CVE-2024-45829 ) * Crafted HTTP Processing the request allows access to files inside the product (( CVE-2024-45842 ) * Settings registered by a user without administrator privileges API is used (( CVE-2024-47005 ) * Of the product Web The page authentication mechanism is bypassed. (( CVE-2024-47406 ) * A crafted image showing the product URL If you access Web Arbitrary script execution on the browser (( CVE-2024-47549 , CVE-2024-47801 ) * By inputting specially crafted input into the product by a user with administrator privileges, arbitrary scripts can be executed on the web browser of other users who access the product. (( CVE-2024-48870 )

A vulnerability was found in Tenda RX9 Pro 22.03.02.20. It has been rated as critical. This issue affects the function sub_424CE0 of the file /goform/setMacFilterCfg of the component POST Request Handler. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of rx9 pro An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda RX9 Pro is a high-performance wireless router that provides stable and fast network connection services. Remote attackers can exploit this vulnerability to launch attacks and potentially execute arbitrary code

Wuhan Tianyu Information Industry Co., Ltd Tianyu CPE Router CommonCPExCPETS_v3.2.468.11.04_P4 was discovered to contain a command injection vulnerability via the component at_command.asp. Tianyu CPE Router is a wireless router from China's Tianyu company

A vulnerability, which was classified as critical, has been found in Tenda RX9 and RX9 Pro 22.03.02.20. Affected by this issue is the function sub_4337EC of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of rx9 pro An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the list parameter in the sub_4337EC function of the /goform/SetNetControlList page failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability classified as critical was found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. Affected by this vulnerability is the function sub_42EA38 of the file /goform/SetVirtualServerCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of rx9 pro An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the list parameter in the sub_42EA38 function of the /goform/SetVirtualServerCfg page failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability classified as critical has been found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. Affected is the function sub_42EEE0 of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of rx9 pro An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the list parameter in the sub_42EEE0 function of the /goform/SetStaticRouteCfg page failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. AC15 firmware, AC7 firmware, ac10u firmware etc. The product has NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state

IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. IBM of Multiplatforms for IBM CICS Transaction Gateway There are vulnerabilities in inadequate protection of credentials.Information may be obtained

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-49294. Reason: This candidate is a reservation duplicate of CVE-2023-49294. Notes: All CVE users should reference CVE-2023-49294 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Sangoma of Asterisk and certified asterisk Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state