VARIoT IoT vulnerabilities database

TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the country parameter at setting/delStaticDhcpRules

Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs. Caddy Exists in an open redirect vulnerability.Information may be obtained and information may be tampered with

An access control issue in Wavlink WL-WN530HG4 M30HG4.V5030.201217 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials

The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality. EMUI and HarmonyOS There is a vulnerability in the lack of authentication for critical features.Information may be obtained

The multi-screen collaboration module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. EMUI and HarmonyOS Exists in unspecified vulnerabilities.Information may be obtained

The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality. EMUI and HarmonyOS There is a vulnerability in the lack of authentication for critical features.Information may be obtained

The Bluetooth module has an out-of-memory (OOM) vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. EMUI and HarmonyOS Exists in an out-of-bounds read vulnerability.Information may be obtained

The IHwAttestationService interface has a defect in authentication. Successful exploitation of this vulnerability may affect data confidentiality. EMUI and HarmonyOS There is an authentication vulnerability in.Information may be obtained

The IHwAntiMalPlugin interface lacks permission verification. Successful exploitation of this vulnerability can lead to filling problems (batch installation of applications). EMUI and HarmonyOS contains an improper permissions retention vulnerability.Information may be tampered with

The geofencing kernel code does not verify the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access. EMUI and HarmonyOS contains a vulnerability related to improper validation of quantities specified in inputs.Information may be obtained

The HwContacts module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data integrity. EMUI and HarmonyOS Exists in unspecified vulnerabilities.Information may be tampered with

The geofencing kernel code has a vulnerability of not verifying the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access. EMUI and HarmonyOS contains a vulnerability related to improper validation of quantities specified in inputs.Information may be obtained

The Bluetooth module has an OOM vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. EMUI and HarmonyOS Exists in an out-of-bounds read vulnerability.Information may be obtained

The bundle management module lacks permission verification in some APIs. Successful exploitation of this vulnerability may restore the pre-installed apps that have been uninstalled. EMUI and HarmonyOS contains an improper permissions retention vulnerability.Information may be tampered with

The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality. EMUI and HarmonyOS There is a vulnerability in the lack of authentication for critical features.Information may be obtained

The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality. EMUI and HarmonyOS There is a vulnerability in the lack of authentication for critical features.Information may be obtained

The phone-PC collaboration module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality and integrity. HarmonyOS Exists in unspecified vulnerabilities.Information may be obtained and information may be tampered with

The AMS module has a vulnerability of lacking permission verification in APIs.Successful exploitation of this vulnerability may affect data confidentiality. EMUI and HarmonyOS Exists in unspecified vulnerabilities.Information may be obtained

The SystemUI has a vulnerability in permission management. Successful exploitation of this vulnerability may cause users to receive broadcasts from malicious apps, conveying false alarm information about external storage devices. EMUI and HarmonyOS contains an improper permissions retention vulnerability.Information may be tampered with

A command injection vulnerability in the serverIp parameter in the function updateWifiInfo of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. TOTOLINK T8 Contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK T8 is a wireless dual-band router primarily used for network connectivity and data transmission