VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202206-0727 CVE-2022-30923 H3C  of  magic r100  Out-of-bounds write vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTimingtimeWifiAndLed parameter at /goform/aspForm. H3C of magic r100 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. H3C Magic R100 is a router from H3C company. No detailed vulnerability details are currently provided
VAR-202206-0501 CVE-2022-30910 H3C  of  magic r100  Out-of-bounds write vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the GO parameter at /goform/aspForm. H3C of magic r100 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The H3C Magic R100 is a router from the Chinese company H3C. No detailed vulnerability details are currently provided
VAR-202206-0508 CVE-2022-30919 H3C  of  magic r100  Out-of-bounds write vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Edit_BasicSSID_5G parameter at /goform/aspForm. H3C of magic r100 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. H3C Magic R100 is a router from H3C company. A remote attacker can use this vulnerability to execute arbitrary code
VAR-202206-0538 CVE-2022-30916 H3C  of  magic r100  Out-of-bounds write vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTelnetDebug parameter at /goform/aspForm. H3C of magic r100 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. H3C Magic R100 is a router from H3C company. An attacker could exploit this vulnerability to execute arbitrary code
VAR-202206-0818 CVE-2022-1673 WooCommerce Green Wallet Gateway WordPress  Cross-site scripting vulnerability in plugins CVSS V2: 4.3
CVSS V3: 6.1
Severity: MEDIUM
The WooCommerce Green Wallet Gateway WordPress plugin before 1.0.2 does not escape the error_envision query parameter before outputting it to the page, leading to a Reflected Cross-Site Scripting vulnerability. Both WordPress and WordPress plugins are products of the WordPress Foundation. WordPress is a blogging platform developed using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. A WordPress plugin is an application plugin. The vulnerability stems from the plugin's failure to escape the error_envision query parameter. An attacker could exploit this vulnerability to cause a reflected cross-site scripting vulnerability
VAR-202206-0670 CVE-2022-30917 H3C  of  magic r100  Out-of-bounds write vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the AddWlanMacList parameter at /goform/aspForm. H3C of magic r100 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. H3C Magic R100 is a router from H3C company. An attacker can exploit this vulnerability to run arbitrary code in the context of the affected application
VAR-202206-0535 CVE-2022-30922 H3C  of  magic r100  Out-of-bounds write vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the EditWlanMacList parameter at /goform/aspForm. H3C of magic r100 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. H3C Magic R100 is a router from H3C company. No detailed vulnerability details are currently provided
VAR-202206-0572 CVE-2022-30926 H3C  of  magic r100  Out-of-bounds write vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the EditMacList parameter at /goform/aspForm. H3C of magic r100 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. H3C Magic R100 is a router from H3C company. No detailed vulnerability details are currently provided
VAR-202206-0666 CVE-2022-30912 H3C  of  magic r100  Out-of-bounds write vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateWanParams parameter at /goform/aspForm. H3C of magic r100 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. H3C Magic R100 is a router from H3C company. H3C Magic R100 has a buffer overflow vulnerability, which can be exploited by a remote attacker to submit a special request to crash the application or execute arbitrary code in the context of the application
VAR-202206-0658 CVE-2022-30925 H3C  of  magic r100  Out-of-bounds write vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the AddMacList parameter at /goform/aspForm. H3C of magic r100 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. H3C Magic R100 is a router from H3C company. No detailed vulnerability details are currently provided
VAR-202206-0656 CVE-2022-30914 H3C  of  magic r100  Out-of-bounds write vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateMacClone parameter at /goform/aspForm. H3C of magic r100 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. H3C Magic R100 is a router from H3C company. H3C Magic R100 has a buffer overflow vulnerability, which can be exploited by a remote attacker to submit a special request to crash the application or execute arbitrary code in the context of the application
VAR-202206-0537 CVE-2022-30915 H3C  of  magic r100  Out-of-bounds write vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateSnat parameter at /goform/aspForm. H3C of magic r100 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. H3C Magic R100 is a router from H3C company. No detailed vulnerability details are currently provided
VAR-202206-0507 CVE-2022-30920 H3C  of  magic r100  Out-of-bounds write vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Edit_BasicSSID parameter at /goform/aspForm. H3C of magic r100 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. H3C Magic R100 is a router from H3C company. No detailed vulnerability details are currently provided
VAR-202206-0536 CVE-2022-30924 H3C  of  magic r100  Out-of-bounds write vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the SetAPWifiorLedInfoById parameter at /goform/aspForm. H3C of magic r100 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. H3C Magic R100 is a router from H3C company. No detailed vulnerability details are currently provided
VAR-202206-0472 CVE-2022-30921 H3C  of  magic r100  Out-of-bounds write vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the SetMobileAPInfoById parameter at /goform/aspForm. H3C of magic r100 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. H3C Magic R100 is a router from H3C company. No detailed vulnerability details are currently provided
VAR-202206-0995 CVE-2022-30913 H3C  of  magic r100  Out-of-bounds write vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the ipqos_set_bandwidth parameter at /goform/aspForm. H3C of magic r100 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. H3C Magic R100 is a router from H3C company. H3C Magic R100 has a buffer overflow vulnerability, which can be exploited by a remote attacker to submit a special request to crash the application or execute arbitrary code in the context of the application
VAR-202206-0574 CVE-2021-22131 plural  Fortinet FortiToken  Vulnerability related to certificate validation in products CVSS V2: -
CVSS V3: 5.4
Severity: MEDIUM
A improper validation of certificate with host mismatch in Fortinet FortiTokenAndroid version 5.0.3 and below, Fortinet FortiTokeniOS version 5.2.0 and below, Fortinet FortiTokenWinApp version 4.0.3 and below allows attacker to retrieve information disclosed via man-in-the-middle attacks. Fortinet FortiTokenAndroid , Fortinet FortiTokeniOS , Fortinet FortiTokenWinApp Exists in a certificate validation vulnerability.Information may be obtained and information may be tampered with. Fortinet FortiToken Mobile is an Oath-compliant, event-based, and time-based one-time password (Otp) generator application from Fortinet, Inc., USA. Fortinet FortiToken Mobile has a security vulnerability that stems from improper certificate validation. A remote attacker could exploit this vulnerability to perform a MitM attack. The following products and versions are affected: FortiToken Mobile for Android versions 0.4.10 to 5.0.3, FortiToken Mobile for iOS versions 3.0.1 to 5.2.0, FortiToken Mobile for Windows versions 3.0.0 to 4.1.1
VAR-202206-0609 CVE-2022-30301 FortiAP-U CLI  Past traversal vulnerability in CVSS V2: -
CVSS V3: 6.7
Severity: MEDIUM
A path traversal vulnerability [CWE-22] in FortiAP-U CLI 6.2.0 through 6.2.3, 6.0.0 through 6.0.4, 5.4.0 through 5.4.6 may allow an admin user to delete and access unauthorized files and data via specifically crafted CLI commands. FortiAP-U CLI Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiAP-U is a controller used to manage wireless access point devices from Fortinet. A local attacker could exploit this vulnerability to access and delete otherwise inaccessible files on the system
VAR-202206-0476 CVE-2019-25062 Sricam IP CCTV Camera Out-of-bounds Write Vulnerability (CNVD-2022-61890) CVSS V2: 7.2
CVSS V3: 7.8
Severity: HIGH
A vulnerability was found in Sricam IP CCTV Camera and classified as critical. This issue affects some unknown processing of the component Device Viewer. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. An out-of-bounds write vulnerability exists in Sricam Device Viewer
VAR-202206-0500 CVE-2022-30909 H3C  of  magic r100  Out-of-bounds write vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the CMD parameter at /goform/aspForm. H3C of magic r100 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. H3C Magic R100 is a router from H3C company. H3C Magic R100 has a buffer overflow vulnerability, which can be exploited by a remote attacker to submit a special request to crash the application or execute arbitrary code in the context of the application