VARIoT IoT vulnerabilities database
| VAR-202206-0727 | CVE-2022-30923 | H3C of magic r100 Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTimingtimeWifiAndLed parameter at /goform/aspForm. H3C of magic r100 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. H3C Magic R100 is a router from H3C company. No detailed vulnerability details are currently provided
| VAR-202206-0501 | CVE-2022-30910 | H3C of magic r100 Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the GO parameter at /goform/aspForm. H3C of magic r100 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The H3C Magic R100 is a router from the Chinese company H3C. No detailed vulnerability details are currently provided
| VAR-202206-0508 | CVE-2022-30919 | H3C of magic r100 Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Edit_BasicSSID_5G parameter at /goform/aspForm. H3C of magic r100 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. H3C Magic R100 is a router from H3C company. A remote attacker can use this vulnerability to execute arbitrary code
| VAR-202206-0538 | CVE-2022-30916 | H3C of magic r100 Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTelnetDebug parameter at /goform/aspForm. H3C of magic r100 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. H3C Magic R100 is a router from H3C company. An attacker could exploit this vulnerability to execute arbitrary code
| VAR-202206-0818 | CVE-2022-1673 | WooCommerce Green Wallet Gateway WordPress Cross-site scripting vulnerability in plugins |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
The WooCommerce Green Wallet Gateway WordPress plugin before 1.0.2 does not escape the error_envision query parameter before outputting it to the page, leading to a Reflected Cross-Site Scripting vulnerability. Both WordPress and WordPress plugins are products of the WordPress Foundation. WordPress is a blogging platform developed using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. A WordPress plugin is an application plugin. The vulnerability stems from the plugin's failure to escape the error_envision query parameter. An attacker could exploit this vulnerability to cause a reflected cross-site scripting vulnerability
| VAR-202206-0670 | CVE-2022-30917 | H3C of magic r100 Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the AddWlanMacList parameter at /goform/aspForm. H3C of magic r100 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. H3C Magic R100 is a router from H3C company. An attacker can exploit this vulnerability to run arbitrary code in the context of the affected application
| VAR-202206-0535 | CVE-2022-30922 | H3C of magic r100 Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the EditWlanMacList parameter at /goform/aspForm. H3C of magic r100 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. H3C Magic R100 is a router from H3C company. No detailed vulnerability details are currently provided
| VAR-202206-0572 | CVE-2022-30926 | H3C of magic r100 Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the EditMacList parameter at /goform/aspForm. H3C of magic r100 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. H3C Magic R100 is a router from H3C company. No detailed vulnerability details are currently provided
| VAR-202206-0666 | CVE-2022-30912 | H3C of magic r100 Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateWanParams parameter at /goform/aspForm. H3C of magic r100 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. H3C Magic R100 is a router from H3C company.
H3C Magic R100 has a buffer overflow vulnerability, which can be exploited by a remote attacker to submit a special request to crash the application or execute arbitrary code in the context of the application
| VAR-202206-0658 | CVE-2022-30925 | H3C of magic r100 Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the AddMacList parameter at /goform/aspForm. H3C of magic r100 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. H3C Magic R100 is a router from H3C company. No detailed vulnerability details are currently provided
| VAR-202206-0656 | CVE-2022-30914 | H3C of magic r100 Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateMacClone parameter at /goform/aspForm. H3C of magic r100 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. H3C Magic R100 is a router from H3C company.
H3C Magic R100 has a buffer overflow vulnerability, which can be exploited by a remote attacker to submit a special request to crash the application or execute arbitrary code in the context of the application
| VAR-202206-0537 | CVE-2022-30915 | H3C of magic r100 Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateSnat parameter at /goform/aspForm. H3C of magic r100 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. H3C Magic R100 is a router from H3C company. No detailed vulnerability details are currently provided
| VAR-202206-0507 | CVE-2022-30920 | H3C of magic r100 Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Edit_BasicSSID parameter at /goform/aspForm. H3C of magic r100 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. H3C Magic R100 is a router from H3C company. No detailed vulnerability details are currently provided
| VAR-202206-0536 | CVE-2022-30924 | H3C of magic r100 Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the SetAPWifiorLedInfoById parameter at /goform/aspForm. H3C of magic r100 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. H3C Magic R100 is a router from H3C company. No detailed vulnerability details are currently provided
| VAR-202206-0472 | CVE-2022-30921 | H3C of magic r100 Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the SetMobileAPInfoById parameter at /goform/aspForm. H3C of magic r100 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. H3C Magic R100 is a router from H3C company. No detailed vulnerability details are currently provided
| VAR-202206-0995 | CVE-2022-30913 | H3C of magic r100 Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the ipqos_set_bandwidth parameter at /goform/aspForm. H3C of magic r100 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. H3C Magic R100 is a router from H3C company.
H3C Magic R100 has a buffer overflow vulnerability, which can be exploited by a remote attacker to submit a special request to crash the application or execute arbitrary code in the context of the application
| VAR-202206-0574 | CVE-2021-22131 | plural Fortinet FortiToken Vulnerability related to certificate validation in products |
CVSS V2: - CVSS V3: 5.4 Severity: MEDIUM |
A improper validation of certificate with host mismatch in Fortinet FortiTokenAndroid version 5.0.3 and below, Fortinet FortiTokeniOS version 5.2.0 and below, Fortinet FortiTokenWinApp version 4.0.3 and below allows attacker to retrieve information disclosed via man-in-the-middle attacks. Fortinet FortiTokenAndroid , Fortinet FortiTokeniOS , Fortinet FortiTokenWinApp Exists in a certificate validation vulnerability.Information may be obtained and information may be tampered with. Fortinet FortiToken Mobile is an Oath-compliant, event-based, and time-based one-time password (Otp) generator application from Fortinet, Inc., USA. Fortinet FortiToken Mobile has a security vulnerability that stems from improper certificate validation. A remote attacker could exploit this vulnerability to perform a MitM attack. The following products and versions are affected: FortiToken Mobile for Android versions 0.4.10 to 5.0.3, FortiToken Mobile for iOS versions 3.0.1 to 5.2.0, FortiToken Mobile for Windows versions 3.0.0 to 4.1.1
| VAR-202206-0609 | CVE-2022-30301 | FortiAP-U CLI Past traversal vulnerability in |
CVSS V2: - CVSS V3: 6.7 Severity: MEDIUM |
A path traversal vulnerability [CWE-22] in FortiAP-U CLI 6.2.0 through 6.2.3, 6.0.0 through 6.0.4, 5.4.0 through 5.4.6 may allow an admin user to delete and access unauthorized files and data via specifically crafted CLI commands. FortiAP-U CLI Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiAP-U is a controller used to manage wireless access point devices from Fortinet. A local attacker could exploit this vulnerability to access and delete otherwise inaccessible files on the system
| VAR-202206-0476 | CVE-2019-25062 | Sricam IP CCTV Camera Out-of-bounds Write Vulnerability (CNVD-2022-61890) |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
A vulnerability was found in Sricam IP CCTV Camera and classified as critical. This issue affects some unknown processing of the component Device Viewer. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
An out-of-bounds write vulnerability exists in Sricam Device Viewer
| VAR-202206-0500 | CVE-2022-30909 | H3C of magic r100 Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the CMD parameter at /goform/aspForm. H3C of magic r100 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. H3C Magic R100 is a router from H3C company.
H3C Magic R100 has a buffer overflow vulnerability, which can be exploited by a remote attacker to submit a special request to crash the application or execute arbitrary code in the context of the application