VARIoT IoT vulnerabilities database
| VAR-202208-0486 | CVE-2021-42750 | ThingsBoard, Inc. of ThingsBoard Cross-site scripting vulnerability in |
CVSS V2: - CVSS V3: 4.8 Severity: MEDIUM |
A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the title of a rule node. ThingsBoard, Inc. of ThingsBoard Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Thingsboard is a Java-based platform for monitoring, management, and data collection of IOT devices by the Thingsboard team.
Thingsboard version 3.3.1 has a security vulnerability that can be exploited by an attacker to put a script payload into the name of the rule node when creating the rule node, and it will be executed in the editor. Thingsboard version 3.3.1 suffers from multiple persistent cross site scripting vulnerabilities.
#Steps
1. Create a new rule node (via the menu "Rule chains")
2. Put a javascript payload within the description e.g <script>alert('XSS')</script>
3. Save the node
4.
#Steps
1. Create a new rule node (via the menu "Rule chains")
2. Put a javascript payload within the name e.g <script>alert('XSS')</script>
3. Save the node
4
| VAR-202208-0485 | CVE-2021-42751 | ThingsBoard, Inc. of ThingsBoard Cross-site scripting vulnerability in |
CVSS V2: - CVSS V3: 4.8 Severity: MEDIUM |
A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the description of a rule node. ThingsBoard, Inc. of ThingsBoard Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Thingsboard is a Java-based platform for monitoring, management and data collection of IOT devices by the Thingsboard team.
Thingsboard version 3.3.1 has a security vulnerability that can be exploited by an attacker to put a script payload into the name of the rule node when creating the rule node, and it will be executed in the editor. Thingsboard version 3.3.1 suffers from multiple persistent cross site scripting vulnerabilities.
#Steps
1. Create a new rule node (via the menu "Rule chains")
2. Put a javascript payload within the description e.g <script>alert('XSS')</script>
3. Save the node
4.
#Steps
1. Create a new rule node (via the menu "Rule chains")
2. Put a javascript payload within the name e.g <script>alert('XSS')</script>
3. Save the node
4
| VAR-202208-0704 | CVE-2021-40034 | plural Huawei Product vulnerabilities |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
The video framework has the memory overwriting vulnerability caused by addition overflow. Successful exploitation of this vulnerability may affect the availability. Huawei of EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system
| VAR-202208-0392 | CVE-2022-24005 | TCL Technology of linkhub mesh wifi ac1200 Classic buffer overflow vulnerability in |
CVSS V2: - CVSS V3: 9.6 Severity: CRITICAL |
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the ap_steer binary. (DoS) It may be in a state
| VAR-202208-0666 | CVE-2022-37002 | plural Huawei Product vulnerabilities |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
The SystemUI module has a privilege escalation vulnerability. Successful exploitation of this vulnerability can cause malicious applications to pop up windows or run in the background. Huawei of EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in HUAWEI HarmonyOS 2.0
| VAR-202208-0562 | CVE-2022-37007 | plural Huawei Product out-of-bounds read vulnerability |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
The chinadrm module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may affect the availability. Huawei of EMUI , HarmonyOS , Magic UI Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in HUAWEI HarmonyOS 2.0
| VAR-202208-0390 | CVE-2022-24019 | TCL Technology of linkhub mesh wifi ac1200 Classic buffer overflow vulnerability in |
CVSS V2: - CVSS V3: 9.6 Severity: CRITICAL |
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the netctrl binary. (DoS) It may be in a state
| VAR-202208-0784 | CVE-2022-37004 | plural Huawei Product vulnerabilities |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
The Settings application has a vulnerability of bypassing the out-of-box experience (OOBE). Successful exploitation of this vulnerability may affect the availability. Huawei of EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in HUAWEI HarmonyOS 2.0
| VAR-202208-0391 | CVE-2022-24026 | TCL Technology of linkhub mesh wifi ac1200 Classic buffer overflow vulnerability in |
CVSS V2: - CVSS V3: 9.6 Severity: CRITICAL |
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the telnet_ate_monitor binary. (DoS) It may be in a state
| VAR-202208-0606 | CVE-2022-37001 | Huawei of HarmonyOS Vulnerability in |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
The diag-router module has a vulnerability in intercepting excessive long and short instructions. Successful exploitation of this vulnerability will cause the diag-router module to crash. Huawei of HarmonyOS Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in HUAWEI HarmonyOS 2.0
| VAR-202208-0379 | CVE-2022-24015 | TCL Technology of linkhub mesh wifi ac1200 Classic buffer overflow vulnerability in |
CVSS V2: - CVSS V3: 9.6 Severity: CRITICAL |
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the log_upload binary. (DoS) It may be in a state
| VAR-202208-0380 | CVE-2022-24022 | TCL Technology of linkhub mesh wifi ac1200 Classic buffer overflow vulnerability in |
CVSS V2: - CVSS V3: 9.6 Severity: CRITICAL |
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the pannn binary. (DoS) It may be in a state
| VAR-202208-0389 | CVE-2022-24012 | TCL Technology of linkhub mesh wifi ac1200 Classic buffer overflow vulnerability in |
CVSS V2: - CVSS V3: 9.6 Severity: CRITICAL |
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the fota binary. (DoS) It may be in a state
| VAR-202208-0393 | CVE-2022-24011 | TCL Technology of linkhub mesh wifi ac1200 Classic buffer overflow vulnerability in |
CVSS V2: - CVSS V3: 9.6 Severity: CRITICAL |
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the device_list binary. (DoS) It may be in a state
| VAR-202208-0394 | CVE-2022-24024 | TCL Technology of linkhub mesh wifi ac1200 Classic buffer overflow vulnerability in |
CVSS V2: - CVSS V3: 9.6 Severity: CRITICAL |
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the rtk_ate binary. (DoS) It may be in a state
| VAR-202208-0811 | CVE-2022-37003 | plural Huawei Inappropriate Default Permission Vulnerability in Products |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
The AOD module has a vulnerability in permission assignment. Successful exploitation of this vulnerability may cause permission escalation and unauthorized access to files. Huawei of EMUI , HarmonyOS , Magic UI There is a vulnerability in improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in HUAWEI HarmonyOS 2.0
| VAR-202208-0387 | CVE-2022-24010 | TCL Technology of linkhub mesh wifi ac1200 Classic buffer overflow vulnerability in |
CVSS V2: - CVSS V3: 9.6 Severity: CRITICAL |
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the cwmpd binary. (DoS) It may be in a state
| VAR-202208-0388 | CVE-2022-24014 | TCL Technology of linkhub mesh wifi ac1200 Classic buffer overflow vulnerability in |
CVSS V2: - CVSS V3: 9.6 Severity: CRITICAL |
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the logserver binary. (DoS) It may be in a state
| VAR-202208-0386 | CVE-2022-24029 | TCL Technology of linkhub mesh wifi ac1200 Classic buffer overflow vulnerability in |
CVSS V2: - CVSS V3: 9.6 Severity: CRITICAL |
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the rp-pppoe.so binary. (DoS) It may be in a state
| VAR-202208-0397 | CVE-2022-24017 | TCL Technology of linkhub mesh wifi ac1200 Classic buffer overflow vulnerability in |
CVSS V2: - CVSS V3: 9.6 Severity: CRITICAL |
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the miniupnpd binary. (DoS) It may be in a state