VARIoT IoT vulnerabilities database
| VAR-202212-0421 | CVE-2022-46327 | Huawei HarmonyOS Security hole |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Some smartphones have configuration issues. Successful exploitation of this vulnerability may cause privilege escalation, which results in system service exceptions
| VAR-202212-0590 | CVE-2022-41596 | Huawei of HarmonyOS and EMUI Untrusted Data Deserialization Vulnerability in |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
The system tool has inconsistent serialization and deserialization. Successful exploitation of this vulnerability will cause unauthorized startup of components. Huawei of HarmonyOS and EMUI There is a vulnerability in deserialization of untrusted data.Information may be tampered with
| VAR-202212-0790 | CVE-2022-20535 | Google of Android Vulnerability regarding observable inconsistencies in |
CVSS V2: 1.7 CVSS V3: 3.3 Severity: LOW |
In registerLocalOnlyHotspotSoftApCallback of WifiManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-233605242. Google of Android Exists in observable mismatch vulnerabilities.Information may be obtained. Google Pixel is a smartphone made by the American company Google.
Google Pixel has security flaw. An attacker can exploit this vulnerability to cause information leakage
| VAR-202212-0383 | CVE-2022-41599 | Huawei of HarmonyOS and EMUI Vulnerability in |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
The system service has a vulnerability that causes incorrect return values. Successful exploitation of this vulnerability may affect data confidentiality. Huawei of HarmonyOS and EMUI Exists in unspecified vulnerabilities.Information may be obtained
| VAR-202212-0388 | CVE-2022-32633 | MediaTek chip Security hole |
CVSS V2: - CVSS V3: 6.7 Severity: MEDIUM |
In Wi-Fi, there is a possible memory access violation due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441637; Issue ID: ALPS07441637.
| VAR-202212-0586 | CVE-2022-46314 | Huawei of HarmonyOS Vulnerability in |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
The IPC module has defects introduced in the design process. Successful exploitation of this vulnerability may affect system availability. Huawei of HarmonyOS Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state
| VAR-202212-0443 | CVE-2022-33268 | Out-of-bounds read vulnerability in multiple Qualcomm products |
CVSS V2: - CVSS V3: 8.2 Severity: HIGH |
Information disclosure due to buffer over-read in Bluetooth HOST while pairing and connecting A2DP. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables. APQ8009 firmware, APQ8017 firmware, AR8031 Multiple Qualcomm products, such as firmware, contain an out-of-bounds read vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state
| VAR-202212-0514 | CVE-2022-42507 | Google of Android Out-of-bounds write vulnerability in |
CVSS V2: 6.5 CVSS V3: 6.7 Severity: MEDIUM |
In ProtocolSimBuilder::BuildSimUpdatePb3gEntry of protocolsimbuilder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241388774References: N/A. Google of Android Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Google Pixel is a smart phone of Google (Google).
Google Pixel has a buffer overflow vulnerability. An attacker can exploit this vulnerability to remotely execute arbitrary code
| VAR-202212-2681 | No CVE | Weak password vulnerability exists in Infinova HD Network Mini Dome |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Infinova, founded in 1993, takes smart security as its core. It is a smart city, smart home solution provider and operation service provider, providing smart security, smart city, smart home, big data and Internet operation services for the world.
Infinova HD Network Mini Dome has a weak password vulnerability. Attackers can log in to the system background through the default password to obtain sensitive information.
| VAR-202212-0385 | CVE-2022-46321 | Huawei of HarmonyOS and EMUI Vulnerability in |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
The Wi-Fi module has a vulnerability in permission verification. Successful exploitation of this vulnerability may affect data confidentiality. Huawei of HarmonyOS and EMUI Exists in unspecified vulnerabilities.Information may be obtained
| VAR-202212-0384 | CVE-2022-46318 | Huawei of HarmonyOS and EMUI Vulnerability in |
CVSS V2: - CVSS V3: 5.3 Severity: MEDIUM |
The HAware module has a function logic error. Successful exploitation of this vulnerability will affect the account removal function in Settings. Huawei of HarmonyOS and EMUI Exists in unspecified vulnerabilities.Information may be tampered with
| VAR-202212-0440 | CVE-2022-20607 | Google of Android Out-of-bounds write vulnerability in |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
In the Pixel cellular firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with LTE authentication needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238914868References: N/A. Google of Android Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Google Pixel is a smart phone of Google (Google).
Google Pixel has a buffer overflow vulnerability. A remote attacker could exploit this vulnerability to execute arbitrary code
| VAR-202212-0613 | CVE-2022-46313 | Huawei of HarmonyOS Authentication vulnerability in |
CVSS V2: - CVSS V3: 5.3 Severity: MEDIUM |
The sensor privacy module has an authentication vulnerability. Successful exploitation of this vulnerability may cause unavailability of the smartphone's camera and microphone. Huawei of HarmonyOS There is an authentication vulnerability in.Service operation interruption (DoS) It may be in a state
| VAR-202212-0589 | CVE-2022-46311 | Huawei of HarmonyOS Vulnerability in using free memory in |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
The contacts component has a free (undefined) provider vulnerability. Successful exploitation of this vulnerability may affect data integrity. Huawei of HarmonyOS Exists in a vulnerability related to the use of freed memory.Information may be tampered with
| VAR-202212-0203 | CVE-2022-35508 | Proxmox pve-http-server Code problem vulnerability |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) are vulnerable to SSRF when proxying HTTP requests between pve(pmg)proxy and pve(pmg)daemon. An attacker with an unprivileged account can craft an HTTP request to achieve SSRF and file disclosure of any files on the server. Also, in Proxmox Mail Gateway, privilege escalation to the root@pam account is possible if the backup feature has ever been used, because backup files such as pmg-backup_YYYY_MM_DD_*.tgz have 0644 permissions and contain an authkey value. This is fixed in pve-http-server 4.1-3
| VAR-202212-0380 | CVE-2022-35507 | Proxmox pve-http-server Injection vulnerability |
CVSS V2: - CVSS V3: 7.1 Severity: HIGH |
A response-header CRLF injection vulnerability in the Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) web interface allows a remote attacker to set cookies for a victim's browser that are longer than the server expects, causing a client-side DoS. This affects Chromium-based browsers because they allow injection of response headers with %0d. This is fixed in pve-http-server 4.1-3
| VAR-202212-2684 | No CVE | ForceControl has a denial of service vulnerability (CNVD-2022-77992) |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Forcecontrol is a monitoring configuration software, mainly used for data acquisition and monitoring control.
There is a denial of service vulnerability in ForceControl, which can be exploited by attackers to cause denial of service.
| VAR-202212-0167 | CVE-2022-44929 | D-Link DVG-G5402SP Access Control Error Vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
An access control issue in D-Link DVG-G5402SP GE_1.03 allows unauthenticated attackers to escalate privileges via arbitrarily editing VoIP SIB profiles. D-Link DVG-G5402SP is a wireless router made by China D-Link Company
| VAR-202212-0172 | CVE-2022-44362 | Tenda i21 Buffer error vulnerability |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/AddSysLogRule
| VAR-202212-0070 | CVE-2022-45655 | Tenda AC6 form_fast_setting_wifi_set function buffer overflow vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the timeZone parameter in the form_fast_setting_wifi_set function. The Tenda AC6 is a dual-band wireless router from Tenda, supporting both 2.4GHz and 5GHz bands and achieving a maximum transmission rate of 1167Mbps. An attacker could exploit this vulnerability to cause a denial of service