VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202207-0263 CVE-2022-21769 Multiple MediaTek chips CCCI input validation error vulnerability (CNVD-2022-88289) CVSS V2: 2.1
CVSS V3: 4.4
Severity: MEDIUM
In CCCI, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06641673; Issue ID: ALPS06641687. MediaTek Inc. is the world's fourth-largest foundry semiconductor company. It is in a leading position in the markets of mobile terminals, smart home applications, wireless connection technology and Internet of Things products, with approximately 1.5 billion units a year End products with built-in MediaTek chips are available all over the world. Several MediaTek chips CCCIs have an input validation error vulnerability. The vulnerability stems from the lack of bounds checking in CCCI
VAR-202207-0203 CVE-2022-25659 Classic buffer overflow vulnerability in multiple Qualcomm products CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
Memory corruption due to buffer overflow while parsing MKV clips with invalid bitmap size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables. APQ8009 firmware, APQ8009W firmware, APQ8017 Multiple Qualcomm products such as firmware have a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202207-0402 CVE-2022-34596 Shenzhen Tenda Technology Co.,Ltd.  of  ax1803  in the firmware  OS  Command injection vulnerability CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function WanParameterSetting. Shenzhen Tenda Technology Co.,Ltd. of ax1803 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. An attacker could exploit this vulnerability to cause arbitrary command execution
VAR-202207-0199 CVE-2022-25658 Buffer error vulnerability in multiple Qualcomm products CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
Memory corruption due to incorrect pointer arithmetic when attempting to change the endianness in video parser function in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables. APQ8009 firmware, APQ8009W firmware, APQ8017 Multiple Qualcomm products such as firmware contain a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202207-0245 CVE-2022-21767 Bluetooth Buffer Overflow Vulnerability in Multiple MediaTek Chips (CNVD-2022-66252) CVSS V2: 8.3
CVSS V3: 8.8
Severity: HIGH
In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06784430; Issue ID: ALPS06784430. MediaTek Inc. is the world's fourth largest fab semiconductor company, with a leading position in mobile terminals, smart home applications, wireless connectivity technologies and IoT products, with approximately 1.5 billion units a year End products with built-in MediaTek chips are available worldwide. Several MediaTek chips have a buffer overflow vulnerability in Bluetooth that stems from a lack of bounds checking in Bluetooth. An attacker could exploit the vulnerability to escalate local privileges without requiring user interaction
VAR-202207-0325 CVE-2022-28935 Multiple TOTOLINK Product Command Injection Vulnerability CVSS V2: 6.5
CVSS V3: 7.2
Severity: HIGH
Totolink A830R V5.9c.4729_B20191112, Totolink A3100R V4.1.2cu.5050_B20200504, Totolink A950RG V4.1.2cu.5161_B20200903, Totolink A800R V4.1.2cu.5137_B20200730, Totolink A3000RU V5.9c.5185_B20201128, Totolink A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability
VAR-202207-0322 CVE-2022-21779 Google  of  Android  Out-of-bounds write vulnerability in CVSS V2: 4.6
CVSS V3: 6.7
Severity: MEDIUM
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704393. Google of Android Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. MediaTek Inc. is the world's fourth largest fab semiconductor company, with a leading position in mobile terminals, smart home applications, wireless connectivity technologies and IoT products, with approximately 1.5 billion units a year End products with built-in MediaTek chips are available worldwide. Several MediaTek chip WLAN drivers have an input validation error vulnerability. An attacker could exploit the vulnerability to escalate local privileges without requiring user interaction
VAR-202207-0317 CVE-2022-21768 Bluetooth Buffer Overflow Vulnerability in Multiple MediaTek Chips (CNVD-2022-66253) CVSS V2: 8.3
CVSS V3: 8.8
Severity: HIGH
In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06784351; Issue ID: ALPS06784351. MediaTek Inc. is the world's fourth largest fab semiconductor company, with a leading position in mobile terminals, smart home applications, wireless connectivity technologies and IoT products, with approximately 1.5 billion units a year End products with built-in MediaTek chips are available worldwide. Several MediaTek chips have a buffer overflow vulnerability in Bluetooth that stems from a lack of bounds checking in Bluetooth. An attacker could exploit the vulnerability to escalate local privileges without requiring user interaction
VAR-202207-0295 CVE-2022-20752 plural  Cisco  Observable inconsistency vulnerabilities in products CVSS V2: 5.0
CVSS V3: 5.3
Severity: MEDIUM
A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to perform a timing attack. This vulnerability is due to insufficient protection of a system password. An attacker could exploit this vulnerability by observing the time it takes the system to respond to various queries. A successful exploit could allow the attacker to determine a sensitive system password. Cisco Unity Connection is a voice message platform. The platform can utilize voice commands to make calls or listen to messages hands-free. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution
VAR-202207-0242 CVE-2022-20082 Multiple MediaTek Chip GPU Race Condition Vulnerabilities CVSS V2: 6.9
CVSS V3: 7.0
Severity: HIGH
In GPU, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07044730; Issue ID: ALPS07044730. MediaTek Inc. is the world's fourth-largest foundry semiconductor company. It is in a leading position in the market of mobile terminals, smart home applications, wireless connection technology and Internet of Things products, with about 1.5 billion units a year End products with built-in MediaTek chips are available all over the world. The vulnerability stems from the concurrent execution of incorrectly synchronized (race condition) shared resources in the GPU
VAR-202207-0244 CVE-2022-21766 Multiple MediaTek Chip CCCI Input Validation Error Vulnerabilities CVSS V2: 4.6
CVSS V3: 6.7
Severity: MEDIUM
In CCCI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06641673; Issue ID: ALPS06641653. MediaTek Inc. is the world's fourth largest fab semiconductor company, with a leading position in mobile terminals, smart home applications, wireless connectivity technologies and IoT products, with approximately 1.5 billion units a year End products with built-in MediaTek chips are available worldwide. A number of MediaTek chips CCCI have input validation error vulnerabilities. This vulnerability stems from the lack of boundary checking in CCCI
VAR-202207-0340 CVE-2022-32383 Tenda  of  ac23 ac2100  Out-of-bounds write vulnerability in firmware CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
Tenda AC23 v16.03.07.44 was discovered to contain a stack overflow via the AdvSetMacMtuWan function. Tenda of ac23 ac2100 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC23 is a dual-band Gigabit wireless router from Tenda, China. An attacker could exploit this vulnerability to execute arbitrary code
VAR-202207-0213 CVE-2022-20768 Cisco TelePresence Collaboration Endpoint  Vulnerability regarding information leakage from log files in CVSS V2: 3.5
CVSS V3: 4.9
Severity: MEDIUM
A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to access confidential information, some of which may contain personally identifiable information (PII). Note: To access the logs that are stored in the RoomOS Cloud, an attacker would need valid Administrator-level credentials. Both Cisco RoomOS Software and Cisco TelePresence Collaboration Endpoint Software are products of Cisco (Cisco). Cisco RoomOS Software is a suite of automated management software for Cisco devices. This software is mainly used to upgrade and manage the motherboard firmware of Cisco equipment
VAR-202207-0228 CVE-2022-20862 Cisco Unified Communications Manager  and  Cisco Unified Communications Manager Session Management Edition  Past traversal vulnerability in CVSS V2: 4.0
CVSS V3: 4.3
Severity: MEDIUM
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the operating system. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. Attackers can use this vulnerability to read arbitrary files on the host and obtain sensitive information
VAR-202207-0230 CVE-2022-22681 Synology Photo Station Authorization problem vulnerability CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
Session fixation vulnerability in access control management in Synology Photo Station before 6.8.16-3506 allows remote attackers to bypass security constraint via unspecified vectors
VAR-202207-0226 CVE-2022-20800 plural  Cisco  Cross-site scripting vulnerability in the product CVSS V2: 4.3
CVSS V3: 6.1
Severity: MEDIUM
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. plural Cisco A cross-site scripting vulnerability exists in the product.Information may be obtained and information may be tampered with. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution
VAR-202207-0291 CVE-2022-34597 Shenzhen Tenda Technology Co.,Ltd.  of  ax1806  in the firmware  OS  Command injection vulnerability CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability via the function WanParameterSetting. Shenzhen Tenda Technology Co.,Ltd. of ax1806 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability stems from the WanParameterSetting function failing to properly filter special characters, commands, etc. An attacker could exploit this vulnerability to cause arbitrary command execution
VAR-202207-0338 CVE-2022-21775 Google  of  Android  resource locking vulnerability in CVSS V2: 4.6
CVSS V3: 6.7
Severity: MEDIUM
In sched driver, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479032; Issue ID: ALPS06479032. Google of Android contains a resource locking vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. MediaTek Inc. is the world's fourth-largest foundry semiconductor company. It is in a leading position in the markets of mobile terminals, smart home applications, wireless connection technology and Internet of Things products, with approximately 1.5 billion units a year End products with built-in MediaTek chips are available all over the world
VAR-202207-0337 CVE-2022-21771 Race Condition Vulnerability in Multiple MediaTek Chip GED Drivers CVSS V2: 4.6
CVSS V3: 6.7
Severity: MEDIUM
In GED driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06641585; Issue ID: ALPS06641585. MediaTek Inc. is the world's fourth-largest foundry semiconductor company. It is in a leading position in the market of mobile terminals, smart home applications, wireless connection technology and Internet of Things products, with about 1.5 billion units a year End products with built-in MediaTek chips are available all over the world. A race condition vulnerability exists in several MediaTek chips. Attackers can exploit this vulnerability to elevate local privileges without user interaction
VAR-202207-0210 CVE-2022-22096 Out-of-bounds write vulnerability in multiple Qualcomm products CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
Memory corruption in Bluetooth HOST due to stack-based buffer overflow when when extracting data using command length parameter in Snapdragon Connectivity, Snapdragon Mobile. AQT1000 firmware, QCA6390 firmware, QCA6391 Several Qualcomm products, such as firmware, contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state