VARIoT IoT vulnerabilities database

Denial of service in WLAN HOST due to buffer over read while unpacking frames in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables. APQ8009 firmware, APQ8009W firmware, APQ8017 Multiple Qualcomm products, such as firmware, contain an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state

Dell BIOS versions contain an Insecure Automated Optimization vulnerability. A local authenticated malicious user could exploit this vulnerability by sending malicious input via SMI to obtain arbitrary code execution during SMM. Alienware m15 R6 firmware, ChengMing 3980 firmware, ChengMing 3988 Unspecified vulnerabilities exist in multiple Dell products, including firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Information disclosure in video due to buffer over-read while processing avi file in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables. APQ8053 firmware, AQT1000 firmware, MSM8953 Multiple Qualcomm products, such as firmware, contain an out-of-bounds read vulnerability.Information may be obtained

Information disclosure in WLAN due to improper validation of array index while parsing crafted ANQP action frames in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music. APQ8096AU firmware, AQT1000 firmware, AR8031 Multiple Qualcomm products, including firmware, contain vulnerabilities related to array index validation.Information may be obtained

Memory corruption in video module due to buffer overflow while processing WAV file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables. APQ8017 firmware, APQ8053 firmware, AQT1000 Multiple Qualcomm products such as firmware have a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Information disclosure in Bluetooth driver due to buffer over-read while reading l2cap length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables. APQ8009W firmware, APQ8017 firmware, APQ8053 Multiple Qualcomm products, such as firmware, contain an out-of-bounds read vulnerability.Information may be obtained

Memory corruption in video due to buffer overflow while parsing ps video clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables. APQ8009 firmware, APQ8009W firmware, APQ8017 Multiple Qualcomm products such as firmware have a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Memory corruption in display due to time-of-check time-of-use race condition during map or unmap in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables. APQ8053 firmware, AQT1000 firmware, MSM8953 For multiple Qualcomm products such as firmware, Time-of-check Time-of-use (TOCTOU) There is a race condition vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

In TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 in the shadow.sample file, root is hardcoded in the firmware. TOTOLINK of A3002R A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

In TOTOLINK A860R V4.1.2cu.5182_B20201027 in cstecgi.cgi, the acquired parameters are directly put into the system for execution without filtering, resulting in a command injection vulnerability. TOTOLINK of a860r There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK A860R is a dual-band wireless router with a maximum transmission rate of 1200Mbps. It utilizes 6-antenna dual-band concurrent technology and supports remote management via a mobile app. It is suitable for small and medium-sized businesses and home network environments. No detailed vulnerability details are currently available

In TOTOLINK A860R V4.1.2cu.5182_B20201027, the main function in downloadfile.cgi has a buffer overflow vulnerability. TOTOLINK of a860r Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK A860R is a dual-band wireless router with a maximum transmission rate of 1200Mbps. It utilizes 6-antenna dual-band concurrent technology and supports remote management via a mobile app. It is suitable for small and medium-sized businesses and home network environments. No detailed vulnerability details are currently available

A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the keytab files in FortiOS version 7.2.0, 7.0.0 through 7.0.5 and below 7.0.0 may allow an attacker in possession of the encrypted file to decipher it. fortinet's FortiOS Exists in unspecified vulnerabilities.Information may be obtained

TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable to Buffer Overflow via /bin/boa. TOTOLINK of A3002R Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state

In TOTOLINK A860R V4.1.2cu.5182_B20201027 there is a hard coded password for root in /etc/shadow.sample. TOTOLINK of a860r A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information may be obtained. The TOTOLINK A860R is a dual-band wireless router with a maximum transmission speed of 1200Mbps. It utilizes 6-antenna dual-band concurrent technology and supports remote management via a mobile app. It is suitable for small and medium-sized businesses and home network environments. No detailed vulnerability details have been provided

Dell BIOS contains a race condition vulnerability. A local attacker could exploit this vulnerability by sending malicious input via SMI in order to bypass security checks during SMM. Alienware m15 R6 firmware, ChengMing 3980 firmware, ChengMing 3988 For multiple Dell products such as firmware, Time-of-check Time-of-use (TOCTOU) There is a race condition vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

An improper neutralization of input during web page generation vulnerability [CWE-79] in the Webmail of FortiMail before 7.2.0 may allow an unauthenticated attacker to trigger a cross-site scripting (XSS) attack via sending specially crafted mail messages. fortinet's FortiMail Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, the getsinglepppuser function has a buffer overflow caused by sscanf. Shenzhen Tenda Technology Co.,Ltd. of G3 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

An improper privilege management vulnerability [CWE-269] in FortiADC versions 6.2.1 and below, 6.1.5 and below, 6.0.4 and below, 5.4.5 and below and 5.3.7 and below may allow a remote authenticated attacker with restricted user profile to modify the system files using the shell access. fortinet's FortiADC Exists in a permission management vulnerability.Information may be tampered with

Dell BIOS versions contain an Improper Authentication vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls. Alienware m15 R6 firmware, ChengMing 3980 firmware, ChengMing 3988 Authentication vulnerabilities exist in multiple Dell products, including firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information. fortinet's FortiAnalyzer and FortiManager Exists in unspecified vulnerabilities.Information may be obtained