VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202208-0486 CVE-2021-42750 ThingsBoard, Inc.  of  ThingsBoard  Cross-site scripting vulnerability in CVSS V2: -
CVSS V3: 4.8
Severity: MEDIUM
A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the title of a rule node. ThingsBoard, Inc. of ThingsBoard Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Thingsboard is a Java-based platform for monitoring, management, and data collection of IOT devices by the Thingsboard team. Thingsboard version 3.3.1 has a security vulnerability that can be exploited by an attacker to put a script payload into the name of the rule node when creating the rule node, and it will be executed in the editor. Thingsboard version 3.3.1 suffers from multiple persistent cross site scripting vulnerabilities. #Steps 1. Create a new rule node (via the menu "Rule chains") 2. Put a javascript payload within the description e.g <script>alert('XSS')</script> 3. Save the node 4. #Steps 1. Create a new rule node (via the menu "Rule chains") 2. Put a javascript payload within the name e.g <script>alert('XSS')</script> 3. Save the node 4
VAR-202208-0485 CVE-2021-42751 ThingsBoard, Inc.  of  ThingsBoard  Cross-site scripting vulnerability in CVSS V2: -
CVSS V3: 4.8
Severity: MEDIUM
A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the description of a rule node. ThingsBoard, Inc. of ThingsBoard Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Thingsboard is a Java-based platform for monitoring, management and data collection of IOT devices by the Thingsboard team. Thingsboard version 3.3.1 has a security vulnerability that can be exploited by an attacker to put a script payload into the name of the rule node when creating the rule node, and it will be executed in the editor. Thingsboard version 3.3.1 suffers from multiple persistent cross site scripting vulnerabilities. #Steps 1. Create a new rule node (via the menu "Rule chains") 2. Put a javascript payload within the description e.g <script>alert('XSS')</script> 3. Save the node 4. #Steps 1. Create a new rule node (via the menu "Rule chains") 2. Put a javascript payload within the name e.g <script>alert('XSS')</script> 3. Save the node 4
VAR-202208-0704 CVE-2021-40034 plural  Huawei  Product vulnerabilities CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
The video framework has the memory overwriting vulnerability caused by addition overflow. Successful exploitation of this vulnerability may affect the availability. Huawei of EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system
VAR-202208-0392 CVE-2022-24005 TCL Technology  of  linkhub mesh wifi ac1200  Classic buffer overflow vulnerability in CVSS V2: -
CVSS V3: 9.6
Severity: CRITICAL
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the ap_steer binary. (DoS) It may be in a state
VAR-202208-0666 CVE-2022-37002 plural  Huawei  Product vulnerabilities CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
The SystemUI module has a privilege escalation vulnerability. Successful exploitation of this vulnerability can cause malicious applications to pop up windows or run in the background. Huawei of EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in HUAWEI HarmonyOS 2.0
VAR-202208-0562 CVE-2022-37007 plural  Huawei  Product out-of-bounds read vulnerability CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
The chinadrm module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may affect the availability. Huawei of EMUI , HarmonyOS , Magic UI Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in HUAWEI HarmonyOS 2.0
VAR-202208-0390 CVE-2022-24019 TCL Technology  of  linkhub mesh wifi ac1200  Classic buffer overflow vulnerability in CVSS V2: -
CVSS V3: 9.6
Severity: CRITICAL
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the netctrl binary. (DoS) It may be in a state
VAR-202208-0784 CVE-2022-37004 plural  Huawei  Product vulnerabilities CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
The Settings application has a vulnerability of bypassing the out-of-box experience (OOBE). Successful exploitation of this vulnerability may affect the availability. Huawei of EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in HUAWEI HarmonyOS 2.0
VAR-202208-0391 CVE-2022-24026 TCL Technology  of  linkhub mesh wifi ac1200  Classic buffer overflow vulnerability in CVSS V2: -
CVSS V3: 9.6
Severity: CRITICAL
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the telnet_ate_monitor binary. (DoS) It may be in a state
VAR-202208-0606 CVE-2022-37001 Huawei  of  HarmonyOS  Vulnerability in CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
The diag-router module has a vulnerability in intercepting excessive long and short instructions. Successful exploitation of this vulnerability will cause the diag-router module to crash. Huawei of HarmonyOS Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in HUAWEI HarmonyOS 2.0
VAR-202208-0379 CVE-2022-24015 TCL Technology  of  linkhub mesh wifi ac1200  Classic buffer overflow vulnerability in CVSS V2: -
CVSS V3: 9.6
Severity: CRITICAL
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the log_upload binary. (DoS) It may be in a state
VAR-202208-0380 CVE-2022-24022 TCL Technology  of  linkhub mesh wifi ac1200  Classic buffer overflow vulnerability in CVSS V2: -
CVSS V3: 9.6
Severity: CRITICAL
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the pannn binary. (DoS) It may be in a state
VAR-202208-0389 CVE-2022-24012 TCL Technology  of  linkhub mesh wifi ac1200  Classic buffer overflow vulnerability in CVSS V2: -
CVSS V3: 9.6
Severity: CRITICAL
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the fota binary. (DoS) It may be in a state
VAR-202208-0393 CVE-2022-24011 TCL Technology  of  linkhub mesh wifi ac1200  Classic buffer overflow vulnerability in CVSS V2: -
CVSS V3: 9.6
Severity: CRITICAL
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the device_list binary. (DoS) It may be in a state
VAR-202208-0394 CVE-2022-24024 TCL Technology  of  linkhub mesh wifi ac1200  Classic buffer overflow vulnerability in CVSS V2: -
CVSS V3: 9.6
Severity: CRITICAL
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the rtk_ate binary. (DoS) It may be in a state
VAR-202208-0811 CVE-2022-37003 plural  Huawei  Inappropriate Default Permission Vulnerability in Products CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
The AOD module has a vulnerability in permission assignment. Successful exploitation of this vulnerability may cause permission escalation and unauthorized access to files. Huawei of EMUI , HarmonyOS , Magic UI There is a vulnerability in improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in HUAWEI HarmonyOS 2.0
VAR-202208-0387 CVE-2022-24010 TCL Technology  of  linkhub mesh wifi ac1200  Classic buffer overflow vulnerability in CVSS V2: -
CVSS V3: 9.6
Severity: CRITICAL
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the cwmpd binary. (DoS) It may be in a state
VAR-202208-0388 CVE-2022-24014 TCL Technology  of  linkhub mesh wifi ac1200  Classic buffer overflow vulnerability in CVSS V2: -
CVSS V3: 9.6
Severity: CRITICAL
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the logserver binary. (DoS) It may be in a state
VAR-202208-0386 CVE-2022-24029 TCL Technology  of  linkhub mesh wifi ac1200  Classic buffer overflow vulnerability in CVSS V2: -
CVSS V3: 9.6
Severity: CRITICAL
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the rp-pppoe.so binary. (DoS) It may be in a state
VAR-202208-0397 CVE-2022-24017 TCL Technology  of  linkhub mesh wifi ac1200  Classic buffer overflow vulnerability in CVSS V2: -
CVSS V3: 9.6
Severity: CRITICAL
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the miniupnpd binary. (DoS) It may be in a state