VARIoT IoT vulnerabilities database

A improper verification of source of a communication channel in Fortinet FortiOS with IPS engine version 7.201 through 7.214, 7.001 through 7.113, 6.001 through 6.121, 5.001 through 5.258 and before 4.086 allows a remote and unauthenticated attacker to trigger the sending of "blocked page" HTML data to an arbitrary victim via crafted TCP requests, potentially flooding the victim. fortinet's FortiOS Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state

An improper neutralization of input during web page generation vulnerability [CWE-79] in the Webmail of FortiMail before 7.2.0 may allow an unauthenticated attacker to trigger a cross-site scripting (XSS) attack via sending specially crafted mail messages. fortinet's FortiMail Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable to Insecure Permissions via binary /bin/boa. TOTOLINK of A3002R A firmware vulnerability related to improper default permissions exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Dell BIOS versions contain an Improper Authentication vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls. Alienware m15 R6 firmware, ChengMing 3980 firmware, ChengMing 3988 Authentication vulnerabilities exist in multiple Dell products, including firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

In TOTOLINK A860R V4.1.2cu.5182_B20201027, the main function in downloadfile.cgi has a buffer overflow vulnerability. TOTOLINK of a860r Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK A860R is a dual-band wireless router with a maximum transmission rate of 1200Mbps. It utilizes 6-antenna dual-band concurrent technology and supports remote management via a mobile app. It is suitable for small and medium-sized businesses and home network environments. No detailed vulnerability details are currently available

A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the keytab files in FortiOS version 7.2.0, 7.0.0 through 7.0.5 and below 7.0.0 may allow an attacker in possession of the encrypted file to decipher it. fortinet's FortiOS Exists in unspecified vulnerabilities.Information may be obtained

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.2.0, version 6.4.0 through 6.4.9, version 7.0.0 through 7.0.5 may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack through the URI parameter via the Threat Feed IP address section of the Security Fabric External connectors. fortinet's FortiOS Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality. Huawei of EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Information may be obtained. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in Huawei HarmonyOS, which is caused by a configuration flaw

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability. Huawei of EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in Huawei HarmonyOS, which is caused by a configuration flaw

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability. Huawei of EMUI and HarmonyOS Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in Huawei HarmonyOS, which is caused by a configuration flaw

The iAware module has a vulnerability in managing malicious apps.Successful exploitation of this vulnerability will cause malicious apps to automatically start upon system startup. Huawei of EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system

The MPTCP module has the memory leak vulnerability. Successful exploitation of this vulnerability can cause memory leaks. Huawei of EMUI , HarmonyOS , Magic UI Contains a vulnerability regarding the lack of free memory after expiration.Service operation interruption (DoS) It may be in a state. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality. Huawei of EMUI and HarmonyOS Exists in unspecified vulnerabilities.Information may be obtained. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in Huawei HarmonyOS, which is caused by a configuration flaw

The location module has a vulnerability of bypassing permission verification.Successful exploitation of this vulnerability may cause privilege escalation. Huawei of EMUI and HarmonyOS Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

The HwChrService module has a vulnerability in permission control. Successful exploitation of this vulnerability may cause disclosure of user network information. Huawei of EMUI and HarmonyOS Exists in unspecified vulnerabilities.Information may be obtained

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability. Huawei of EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in Huawei HarmonyOS, which is caused by a configuration flaw

The HW_KEYMASTER module lacks the validity check of the key format. Successful exploitation of this vulnerability may result in out-of-bounds memory access. Huawei of EMUI and HarmonyOS There is an input validation vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. There is a buffer overflow vulnerability in HarmonyOS 2.0

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality. Huawei of EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Information may be obtained. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability. Huawei of EMUI and HarmonyOS Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state

Beijing Anbotong Technology Co., Ltd. is a provider of core system products and security services for visual network security. An unauthorized access vulnerability exists in the Anbotong application gateway, which can be exploited by attackers to obtain sensitive information.