VARIoT IoT vulnerabilities database
| VAR-202208-0172 | CVE-2022-33939 | CENTUM controller FCS Inadequate processing of communication packets in |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
CENTUM VP / CS 3000 controller FCS (CP31, CP33, CP345, CP401, and CP451) contains an issue in processing communication packets, which may lead to resource consumption. If this vulnerability is exploited, an attacker may cause a denial of service (DoS) condition in ADL communication by sending a specially crafted packet to the affected product. This vulnerability information is provided by the developer for the purpose of dissemination to product users
| VAR-202208-0354 | CVE-2022-36967 | Progress Software Corporation of ipswitch ws ftp server Cross-site scripting vulnerability in |
CVSS V2: - CVSS V3: 6.1 Severity: MEDIUM |
In Progress WS_FTP Server prior to version 8.7.3, multiple reflected cross-site scripting (XSS) vulnerabilities exist in the administrative web interface. It is possible for a remote attacker to inject arbitrary JavaScript into a WS_FTP administrator's web session. This would allow the attacker to execute code within the context of the victim's browser. There is a security vulnerability in Progress WS_FTP Server versions before 8.7.3
| VAR-202208-0295 | CVE-2022-23442 | FortiOS Vulnerability in |
CVSS V2: - CVSS V3: 4.3 Severity: MEDIUM |
An improper access control vulnerability [CWE-284] in FortiOS versions 6.2.0 through 6.2.11, 6.4.0 through 6.4.8 and 7.0.0 through 7.0.5 may allow an authenticated attacker with a restricted user profile to gather the checksum information about the other VDOMs via CLI commands. FortiOS Exists in unspecified vulnerabilities.Information may be obtained. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam
| VAR-202208-0231 | CVE-2022-22299 | plural Fortinet Product Format String Vulnerability |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC version 6.1.0 through 6.1.5, FortiADC version 6.2.0 through 6.2.1, FortiProxy version 1.0.0 through 1.0.7, FortiProxy version 1.1.0 through 1.1.6, FortiProxy version 1.2.0 through 1.2.13, FortiProxy version 2.0.0 through 2.0.7, FortiProxy version 7.0.0 through 7.0.1, FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.2, FortiMail version 6.4.0 through 6.4.5, FortiMail version 7.0.0 through 7.0.2 may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments. plural Fortinet The product contains a vulnerability in format strings.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Both Fortinet FortiOS and Fortinet FortiGate are products of Fortinet. Fortinet FortiOS is a security operating system dedicated to the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. Fortinet FortiGate is a network security platform. The platform provides functions such as firewall, antivirus and intrusion prevention (IPS), application control, antispam, wireless controller and WAN acceleration. Fortinet FortiGate and FortiOS have security vulnerabilities that can be exploited to run code via CLI format strings
| VAR-202208-0159 | CVE-2022-35919 | Minio Inc. of Minio Past traversal vulnerability in |
CVSS V2: - CVSS V3: 2.7 Severity: LOW |
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. In affected versions all 'admin' users authorized for `admin:ServerUpdate` can selectively trigger an error that in response, returns the content of the path requested. Any normal OS system would allow access to contents at any arbitrary paths that are readable by MinIO process. Users are advised to upgrade. Users unable to upgrade may disable ServerUpdate API by denying the `admin:ServerUpdate` action for your admin users via IAM policies. Minio Inc. of Minio Exists in a past traversal vulnerability.Information may be obtained
| VAR-202208-0142 | CVE-2022-26009 | TCL Technology of linkhub mesh wifi ac1200 Out-of-bounds write vulnerability in |
CVSS V2: 10.0 CVSS V3: 8.8 Severity: HIGH |
A stack-based buffer overflow vulnerability exists in the confsrv ucloud_set_node_location functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability. TCL Technology of linkhub mesh wifi ac1200 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TCL LinkHub Mesh Wi-Fi is a router of TCL company. The vulnerability stems from the lack of proper validation of user-provided data in the confsrv ucloud_set_node_location function. Attackers can exploit this vulnerability to execute arbitrary code on the system
| VAR-202208-0176 | CVE-2022-27660 | TCL Technology of linkhub mesh wifi ac1200 Vulnerability in |
CVSS V2: 7.8 CVSS V3: 9.3 Severity: CRITICAL |
A denial of service vulnerability exists in the confctl_set_guest_wlan functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability
| VAR-202208-0179 | CVE-2022-21201 | TCL Technology of linkhub mesh wifi ac1200 Out-of-bounds write vulnerability in |
CVSS V2: - CVSS V3: 8.8 Severity: HIGH |
A stack-based buffer overflow vulnerability exists in the confers ucloud_add_node_new functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability. TCL Technology of linkhub mesh wifi ac1200 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202208-0181 | CVE-2022-23103 | TCL Technology of linkhub mesh wifi ac1200 Out-of-bounds write vulnerability in |
CVSS V2: - CVSS V3: 8.8 Severity: HIGH |
A stack-based buffer overflow vulnerability exists in the confsrv confctl_set_app_language functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability. TCL Technology of linkhub mesh wifi ac1200 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202208-0164 | CVE-2022-25996 | TCL Technology of linkhub mesh wifi ac1200 Out-of-bounds write vulnerability in |
CVSS V2: - CVSS V3: 8.8 Severity: HIGH |
A stack-based buffer overflow vulnerability exists in the confsrv addTimeGroup functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability. TCL Technology of linkhub mesh wifi ac1200 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202208-0123 | CVE-2022-27178 | TCL Technology of linkhub mesh wifi ac1200 Vulnerability in |
CVSS V2: - CVSS V3: 9.6 Severity: CRITICAL |
A denial of service vulnerability exists in the confctl_set_wan_cfg functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability. (DoS) It may be in a state
| VAR-202208-0163 | CVE-2022-27630 | TCL Technology of linkhub mesh wifi ac1200 Vulnerability regarding information leakage in |
CVSS V2: 7.8 CVSS V3: 6.5 Severity: MEDIUM |
An information disclosure vulnerability exists in the confctl_get_master_wlan functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to information disclosure. An attacker can send packets to trigger this vulnerability. TCL LinkHub Mesh Wi-Fi is a router of TCL company
| VAR-202208-0158 | CVE-2022-37315 | graphql-go project of graphql-go Recursion control vulnerability in |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
graphql-go (aka GraphQL for Go) through 0.8.0 has infinite recursion in the type definition parser. graphql-go project of graphql-go Exists in a recursive control vulnerability.Service operation interruption (DoS) It may be in a state
| VAR-202208-0117 | CVE-2022-25668 | Double release vulnerability in multiple Qualcomm products |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Memory corruption in video driver due to double free while parsing ASF clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables. APQ8009 firmware, APQ8009W firmware, APQ8017 Multiple Qualcomm products, including firmware, contain a double release vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202208-0136 | CVE-2022-22059 | Out-of-bounds read vulnerability in multiple Qualcomm products |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
Memory corruption due to out of bound read while parsing a video file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile. APQ8017 firmware, APQ8053 firmware, AQT1000 Multiple Qualcomm products, such as firmware, contain an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202208-0141 | CVE-2022-22140 | TCL LinkHub Mesh Wi-Fi Operating System Command Injection Vulnerability |
CVSS V2: 10.0 CVSS V3: 9.6 Severity: CRITICAL |
An os command injection vulnerability exists in the confsrv ucloud_add_node functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability. (DoS) It may be in a state. TCL LinkHub Mesh Wi-Fi is a router of TCL company
| VAR-202208-0197 | CVE-2022-22062 | Out-of-bounds read vulnerability in multiple Qualcomm products |
CVSS V2: - CVSS V3: 9.1 Severity: CRITICAL |
An out-of-bounds read can occur while parsing a server certificate due to improper length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking. APQ8009 firmware, APQ8009W firmware, APQ8017 Multiple Qualcomm products, such as firmware, contain an out-of-bounds read vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state
| VAR-202208-0410 | CVE-2022-22080 | Out-of-bounds write vulnerability in multiple Qualcomm products |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
Improper validation of backend id in PCM routing process can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music. APQ8053 firmware, APQ8096AU firmware, AQT1000 Several Qualcomm products, such as firmware, contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202208-0078 | CVE-2022-27185 | TCL Technology of linkhub mesh wifi ac1200 Vulnerability in |
CVSS V2: 7.8 CVSS V3: 9.3 Severity: CRITICAL |
A denial of service vulnerability exists in the confctl_set_master_wlan functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability. TCL LinkHub Mesh Wi-Fi is a router of TCL company
| VAR-202208-0371 | CVE-2022-26346 | TCL Technology of linkhub mesh wifi ac1200 Vulnerability in |
CVSS V2: 8.3 CVSS V3: 9.6 Severity: CRITICAL |
A denial of service vulnerability exists in the ucloud_del_node functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability. (DoS) It may be in a state