VARIoT IoT vulnerabilities database

On the Vonage VDV-23 115 3.2.11-0.9.40 home router, sending a long string of characters in the loginPassword and/or loginUsername field to goform/login causes the router to reboot. Vonage VDV-23 Home routers contain a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. VonageVDV-23115 is a routing repeater from Vonage Corporation of the United States. A security vulnerability exists in the Vonage VDV-231153.2.11-0.9.40 release

Huawei iReader app before 8.0.2.301 has an arbitrary file deletion vulnerability due to the lack of input validation. An attacker can exploit this vulnerability to delete specific files from the SD card. Huawei iReader The application contains an input validation vulnerability.Information may be tampered with. Huawei iReader is a built-in e-book reading application for Huawei mobile phones produced by China's Huawei (Huawei)

Huawei iReader app before 8.0.2.301 has an input validation vulnerability due to insufficient validation on the URL used for loading network data. An attacker can control app access and load malicious websites created by the attacker, and the code in webpages would be loaded and run. Huawei iReader The application contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows local attackers to escalate privileges on vulnerable installations of Huawei Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the handling of plugins. The issue results from the storage of plugins in an insecure location. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current user. Huawei iReader is a built-in e-book reading application for Huawei mobile phones produced by China's Huawei (Huawei)

Huawei iReader app before 8.0.2.301 has a path traversal vulnerability due to insufficient validation on file storage paths. An attacker can exploit this vulnerability to store downloaded malicious files in an arbitrary directory. Huawei iReader The application contains a path traversal vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the handling of the onChapPack function. Huawei iReader is a built-in e-book reading application for Huawei mobile phones produced by China's Huawei (Huawei)

Tiandi Weiye Technology Co., Ltd. is an Internet of Things company whose main business is the research and development, production and sales of video surveillance products. With "Horizon as the World" as its corporate mission, it is a national enterprise technology center and a national and local joint engineering laboratory. There is an information disclosure vulnerability in Tiandiweiye Network Camera, which is due to failure to properly control camera permissions. The attacker directly obtains the system username and password by sending a specific data packet.

The Snap7 Server version 1.4.1 can be crashed when the ItemCount field of the ReadVar or WriteVar functions of the S7 protocol implementation in Snap7 are provided with unexpected input, thus resulting in denial of service attack. Snap7 The server contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Snap7 is an open source multi-platform Ethernet communications suite for local connectivity to PLCs. Snap7 Server is one of the server components. There is a security vulnerability in Snap7 Server version 1.4.1. An attacker could exploit the vulnerability to cause a denial of service (crash)

picoTCP (versions 1.7.0 - 1.5.0) is vulnerable to stack buffer overflow resulting in code execution or denial of service attack. picoTCP Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. picoTCP is a modular open source TCP / IP protocol stack designed for embedded systems and the Internet of Things

An information disclosure vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10001 can allow for a user to retrieve sensitive information without authentication. FoscamC1IndoorHDCamera is a wireless HD IP camera from China Foscam. An information disclosure vulnerability exists in FoscamC1IndoorHDCamera

RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to insufficient input validation, a remote attacker could exploit these vulnerabilities by sending specially crafted SS7 related packets to the target devices. Successful exploit will cause out-of-bounds read and possibly crash the system. plural Huawei The product contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. HuaweiRP200 and TE series are both Huawei's integrated desktop telepresence products and high-definition video conferencing terminal products for high-end customers. A cross-border read vulnerability exists in several Huawei products due to the device's failure to fully verify user input. A remote attacker exploits the vulnerability by constructing a special SS7-related message to cause the device to cross-border reading and system crash. The Huawei RP200 and others are all products of China's Huawei (Huawei). Huawei RP200 is an all-in-one video conference device. TE30 is a video conferencing terminal. The vulnerability is caused by insufficient verification input in the program. The following products and versions are affected: Huawei RP200 V500R002C00 Version, V600R006C00 Version; TE30 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version

RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to insufficient input validation, a remote attacker could exploit these vulnerabilities by sending specially crafted SS7 related packets to the target devices. Successful exploit will cause out-of-bounds read and possibly crash the system. plural Huawei The product contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. HuaweiRP200 and TE series are both Huawei's integrated desktop telepresence products and high-definition video conferencing terminal products for high-end customers. A cross-border read vulnerability exists in several Huawei products due to the device's failure to fully verify user input. A remote attacker exploits the vulnerability by constructing a special SS7-related message to cause the device to cross-border reading and system crash. The Huawei RP200 and others are all products of China's Huawei (Huawei). Huawei RP200 is an all-in-one video conference device. TE30 is a video conferencing terminal. The vulnerability is caused by insufficient verification input in the program. The following products and versions are affected: Huawei RP200 V500R002C00 Version, V600R006C00 Version; TE30 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version

RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to insufficient input validation, a remote attacker could exploit these vulnerabilities by sending specially crafted SS7 related packets to the target devices. Successful exploit will cause out-of-bounds read and possibly crash the system. plural Huawei The product contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. HuaweiRP200 and TE series are both Huawei's integrated desktop telepresence products and high-definition video conferencing terminal products for high-end customers. A cross-border read vulnerability exists in several Huawei products due to the device's failure to fully verify user input. A remote attacker exploits the vulnerability by constructing a special SS7-related message to cause the device to cross-border reading and system crash. The Huawei RP200 and others are all products of China's Huawei (Huawei). Huawei RP200 is an all-in-one video conference device. TE30 is a video conferencing terminal. The vulnerability is caused by insufficient verification input in the program. The following products and versions are affected: Huawei RP200 V500R002C00 Version, V600R006C00 Version; TE30 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version

ME906s-158 earlier than ME906S_Installer_13.1805.10.3 versions has a privilege elevation vulnerability. An attacker could exploit this vulnerability to modify the configuration information containing malicious files and trick users into executing the files, resulting in the execution of arbitrary code. ME906s-158 Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiME906S-158 is a notebook computer from Huawei. Huawei ME906S Products are prone to a local privilege-escalation vulnerability. Local attackers may exploit this issue to gain elevated privileges

The camera driver of MTK platform in Huawei smart phones with software of versions earlier than Nice-AL00C00B155 has a arbitrary memory write vulnerability.Due to the insufficient input verification, an attacker tricks a user into installing a malicious application which has special privilege and sends a specific parameter to the driver of the smart phone, causing privilege escalation. Huawei Smartphone software MTK The platform contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei Enjoy 6 is a smartphone from China's Huawei company. There is an arbitrary address write vulnerability in the Huawei mobile phone driver using the MTK platform. The vulnerability was caused by the device failing to adequately verify user input

Huawei smart phones with software earlier than VIE-L09C40B360 versions have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege; the APP can send a specific parameter to the smart phone, causing the smartphone restart or arbitrary code execution. Huawei Smartphone software contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiVIE-L09 is a smartphone from Huawei

The camera driver of MTK platform in Huawei smart phones with software of versions earlier than Nice-AL00C00B155 has a buffer overflow vulnerability.Due to the insufficient input verification, an attacker tricks a user into installing a malicious application which has special privilege and sends a specific parameter to the driver of the smart phone, causing privilege escalation. Huawei Smartphone software MTK The platform contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei Enjoy 6 is a smartphone from China's Huawei company. A buffer overflow vulnerability exists in the Huawei mobile phone driver using the MTK platform. The vulnerability was caused by the device failing to adequately verify user input

Huawei DP300, V500R002C00, RP200, V600R006C00, TE30, V100R001C10, V500R002C00,V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00,V600R006C00, TE60, V100R001C10, V500R002C00, V600R006C00, TX50,V500R002C00, V600R006C00 have a buffer overflow vulnerability. An attacker may send specially crafted HTTP messages to the affected products. Due insufficient input validation of three different parameters in the messages, successful exploit may cause some service abnormal. plural Huawei The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei DP300, RP200, TE series and TX50 are Huawei's integrated desktop telepresence products and high-definition video conferencing terminal products for high-end customers. A buffer overflow vulnerability exists in several Huawei products because the device failed to adequately verify the parameters in the message. The exploit exploited this vulnerability through a carefully constructed HTTP message to cause some service exceptions. The Huawei DP300 and others are all products of China's Huawei (Huawei). DP300 is a video conferencing terminal. RP200 is a video conferencing all-in-one device. The following products and versions are affected: Huawei DP300 V500R002C00 Version; RP200 V600R006C00 Version; TE30 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00 Version, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TX50 V500R002C00 version, V600R006C00 version

Huawei Smartphones with software LON-L29DC721B186 have a denial of service vulnerability. An attacker could make an loop exit condition that cannot be reached by sending the crafted 3GPP message. Successful exploit could cause the device to reboot. Huawei Smartphone software is vulnerable to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. HuaweiLON-L29D is a smartphone from Huawei. Huawei LON-L29D is a smart phone product of China Huawei (Huawei)

Huawei DP300, V500R002C00, RP200, V600R006C00, TE30, V100R001C10, V500R002C00,V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00,V600R006C00, TE60, V100R001C10, V500R002C00, V600R006C00, TX50,V500R002C00, V600R006C00 have a buffer overflow vulnerability. An attacker may send specially crafted HTTP messages to the affected products. Due insufficient input validation of three different parameters in the messages, successful exploit may cause some service abnormal. plural Huawei The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei DP300, RP200, TE series and TX50 are Huawei's integrated desktop telepresence products and high-definition video conferencing terminal products for high-end customers. A buffer overflow vulnerability exists in several Huawei products because the device failed to adequately verify the parameters in the message. The exploit exploited this vulnerability through a carefully constructed HTTP message to cause some service exceptions. The Huawei DP300 and others are all products of China's Huawei (Huawei). DP300 is a video conferencing terminal. RP200 is a video conferencing all-in-one device. The following products and versions are affected: Huawei DP300 V500R002C00 Version; RP200 V600R006C00 Version; TE30 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00 Version, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TX50 V500R002C00 version, V600R006C00 version

Huawei smart phones with software earlier than VIE-L09C40B360 versions have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege; the APP can send a specific parameter to the smart phone, causing the smartphone restart or arbitrary code execution. Huawei Smartphone software contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiVIE-L09 is a smartphone from Huawei

OceanStor 5800 V3 with software V300R002C00 and V300R002C10, OceanStor 6900 V3 V300R001C00 has an information leakage vulnerability. Products use TLS1.0 to encrypt. Attackers can exploit TLS1.0's vulnerabilities to decrypt data to obtain sensitive information. The Huawei OceanStor 5800 and the OceanStor 6900 are both Huawei's storage systems for mid- to high-end storage. The vulnerability is due to the transmission encryption of the product using TLS 1.0