Sign-up

VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202211-0998 CVE-2022-27513 of Citrix Systems  Citrix Gateway  and  Citrix Application Delivery Controller  Insufficient validation of data authenticity in firmware vulnerability CVSS V2: -
CVSS V3: 9.6
Severity: CRITICAL
Remote desktop takeover via phishing . of Citrix Systems Citrix Gateway and Citrix Application Delivery Controller Firmware contains insufficient validation of data authenticity.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202211-0377 CVE-2022-43545 Siemens'  7KG9501-0AA01-2AA1  firmware and  7KG9501-0AA31-2AA1  Firmware Input Validation Vulnerability CVSS V2: 10.0
CVSS V3: 8.8
Severity: HIGH
A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10). Affected devices do not properly validate the RecordType-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device. Siemens' 7KG9501-0AA01-2AA1 firmware and 7KG9501-0AA31-2AA1 There is an input validation vulnerability in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The POWER METER SICAM Q100 is a multifunctional device for detecting, reporting and analyzing measured values and events
VAR-202211-0749 CVE-2022-39069 ZTE  of  zaip-aie  In  SQL  Injection vulnerability CVSS V2: -
CVSS V3: 5.3
Severity: MEDIUM
There is a SQL injection vulnerability in ZTE ZAIP-AIE. Due to lack of input verification by the server, an attacker could trigger an attack by building malicious requests. Exploitation of this vulnerability could cause the leakage of the current table content
VAR-202211-0490 CVE-2022-26446 Reachable assertion vulnerability in multiple MediaTek products CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
In Modem 4G RRC, there is a possible system crash due to improper input validation. This could lead to remote denial of service, when concatenating improper SIB12 (CMAS message), with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00867883; Issue ID: ALPS07274118. LR12A , LR13 , NR15 A reachable assertion vulnerability exists in several MediaTek products.Service operation interruption (DoS) It may be in a state
VAR-202211-0360 CVE-2021-42205 Lenovo  of  Windows  for  elan miniport touchpad driver  Vulnerability in CVSS V2: -
CVSS V3: 4.7
Severity: MEDIUM
ELAN Miniport touchpad Windows driver before 24.21.51.2, as used in PC hardware from multiple manufacturers, allows local users to cause a system crash by sending a certain IOCTL request, because that request is handled twice. Lenovo of Windows for elan miniport touchpad driver Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state
VAR-202211-0362 CVE-2020-12509 badgermeter  of  moni::tool  Past traversal vulnerability in CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
In s::can moni::tools in versions below 4.2 an unauthenticated attacker could get any file from the device by path traversal in the camera-file module. badgermeter of moni::tool Exists in a past traversal vulnerability.Information may be obtained
VAR-202211-0414 CVE-2022-25743 Use of freed memory vulnerability in multiple Qualcomm products CVSS V2: -
CVSS V3: 8.4
Severity: HIGH
Memory corruption in graphics due to use-after-free while importing graphics buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables. APQ8009 firmware, APQ8009W firmware, APQ8017 Multiple Qualcomm products, such as firmware, contain vulnerabilities related to use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202211-0484 CVE-2022-25724 Classic buffer overflow vulnerability in multiple Qualcomm products CVSS V2: -
CVSS V3: 8.4
Severity: HIGH
Memory corruption in graphics due to buffer overflow while validating the user address in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables. APQ8009 firmware, APQ8009W firmware, APQ8017 Multiple Qualcomm products such as firmware have a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202211-1081 CVE-2022-33239 Infinite loop vulnerability in multiple Qualcomm products CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
Transient DOS due to loop with unreachable exit condition in WLAN firmware while parsing IPV6 extension header. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking. APQ8009 firmware, APQ8017 firmware, APQ8096AU Multiple Qualcomm products, including firmware, contain vulnerabilities related to infinite loops.Service operation interruption (DoS) It may be in a state
VAR-202211-0468 CVE-2022-33237 Out-of-bounds read vulnerability in multiple Qualcomm products CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
Transient DOS due to buffer over-read in WLAN firmware while processing PPE threshold. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking. AQT1000 firmware, AR8031 firmware, AR8035 Multiple Qualcomm products, such as firmware, contain an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state
VAR-202211-1051 CVE-2022-44554 Huawei HarmonyOS Security hole CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
The power module has a vulnerability in permission verification. Successful exploitation of this vulnerability may cause abnormal status of a module on the device
VAR-202211-1082 CVE-2022-44547 Huawei  of  HarmonyOS  and  EMUI  Vulnerability in using free memory in CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
The Display Service module has a UAF vulnerability. Successful exploitation of this vulnerability may affect the display service availability. Huawei of HarmonyOS and EMUI Exists in a vulnerability related to the use of freed memory.Service operation interruption (DoS) It may be in a state
VAR-202211-0327 CVE-2022-44553 Huawei HarmonyOS Security hole CVSS V2: -
CVSS V3: 5.3
Severity: MEDIUM
The HiView module has a vulnerability of not filtering third-party apps out when the HiView module traverses to invoke the system provider. Successful exploitation of this vulnerability may cause third-party apps to start periodically
VAR-202211-0633 CVE-2022-44546 Huawei  of  HarmonyOS  and  EMUI  Vulnerability in CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
The kernel module has the vulnerability that the mapping is not cleared after the memory is automatically released. Successful exploitation of this vulnerability may cause a system restart. Huawei of HarmonyOS and EMUI Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state
VAR-202211-0676 CVE-2022-44548 Huawei  of  HarmonyOS  and  EMUI  Vulnerability regarding improper default permissions in CVSS V2: -
CVSS V3: 4.3
Severity: MEDIUM
There is a vulnerability in permission verification during the Bluetooth pairing process. Successful exploitation of this vulnerability may cause the dialog box for confirming the pairing not to be displayed during Bluetooth pairing. Huawei of HarmonyOS and EMUI There is a vulnerability in improper default permissions.Information may be tampered with
VAR-202211-0397 CVE-2022-44559 Huawei HarmonyOS Code problem vulnerability CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
The AMS module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation
VAR-202211-0384 CVE-2022-44552 Huawei HarmonyOS Security hole CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
The lock screen module has defects introduced in the design process. Successful exploitation of this vulnerability may affect system availability
VAR-202211-0371 CVE-2022-44563 Huawei  of  HarmonyOS  and  EMUI  Race condition vulnerabilities in CVSS V2: -
CVSS V3: 5.9
Severity: MEDIUM
There is a race condition vulnerability in SD upgrade mode. Successful exploitation of this vulnerability may affect data confidentiality
VAR-202211-0326 CVE-2022-44562 Huawei  of  EMUI  and  HarmonyOS  Vulnerability in CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
The system framework layer has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation. Huawei of EMUI and HarmonyOS Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202211-0417 CVE-2022-44557 Huawei HarmonyOS Security hole CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
The SmartTrimProcessEvent module has a vulnerability of obtaining the read and write permissions on arbitrary system files. Successful exploitation of this vulnerability may affect data confidentiality