VARIoT IoT vulnerabilities database
| VAR-202206-0351 | CVE-2022-21745 | Google of Android Vulnerability in using free memory in |
CVSS V2: 8.3 CVSS V3: 8.8 Severity: HIGH |
In WIFI Firmware, there is a possible memory corruption due to a use after free. This could lead to remote escalation of privilege, when devices are connecting to the attacker-controllable Wi-Fi hotspot, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06468872; Issue ID: ALPS06468872. Google of Android Exists in a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202206-0120 | CVE-2022-31757 | plural Huawei Product vulnerabilities |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
The setting module has a vulnerability of improper use of APIs. Successful exploitation of this vulnerability may affect data confidentiality. Huawei of EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Information may be obtained. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system
| VAR-202206-0119 | CVE-2022-31756 | plural Huawei Product vulnerabilities |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
The fingerprint sensor module has design defects. Successful exploitation of this vulnerability may affect data confidentiality. Huawei of EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Information may be obtained. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in HUAWEI HarmonyOS 2.0
| VAR-202206-0025 | CVE-2022-31753 | plural Huawei Product Format String Vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
The voice wakeup module has a vulnerability of using externally-controlled format strings. Successful exploitation of this vulnerability may affect system availability. Huawei of EMUI , HarmonyOS , Magic UI Exists in a format string vulnerability.Service operation interruption (DoS) It may be in a state. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in HUAWEI HarmonyOS 2.0
| VAR-202206-0024 | CVE-2022-31760 | plural Huawei Product vulnerabilities |
CVSS V2: 6.4 CVSS V3: 9.1 Severity: CRITICAL |
Dialog boxes can still be displayed even if the screen is locked in carrier-customized USSD services. Successful exploitation of this vulnerability may affect data integrity and confidentiality. Huawei of EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Information may be obtained and information may be tampered with. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in HarmonyOS 2.0. The vulnerability is due to the pop-up problem after the lock screen of the USSD service customized by the operator
| VAR-202206-0002 | CVE-2021-46811 | plural Huawei Inappropriate Default Permission Vulnerability in Products |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
HwSEServiceAPP has a vulnerability in permission management. Successful exploitation of this vulnerability may cause disclosure of the Card Production Life Cycle (CPLC) information. Huawei of EMUI , HarmonyOS , Magic UI There is a vulnerability in improper default permissions.Information may be obtained. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. Attackers can exploit this vulnerability to obtain CPLC information
| VAR-202206-0261 | CVE-2022-31751 | plural Huawei Product vulnerabilities |
CVSS V2: 4.9 CVSS V3: 5.5 Severity: MEDIUM |
The kernel emcom module has multi-thread contention. Successful exploitation of this vulnerability may affect system availability. Huawei of EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system
| VAR-202206-0260 | CVE-2022-31758 | HUAWEI HarmonyOS Competitive conditional vulnerability |
CVSS V2: 1.9 CVSS V3: 4.7 Severity: MEDIUM |
The kernel module has the race condition vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in HUAWEI HarmonyOS 2.0
| VAR-202206-0376 | CVE-2022-31755 | plural Huawei Product Improper Retention of Permissions Vulnerability |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
The communication module has a vulnerability of improper permission preservation. Successful exploitation of this vulnerability may affect system availability. Huawei of EMUI , HarmonyOS , Magic UI contains an improper permissions retention vulnerability.Service operation interruption (DoS) It may be in a state. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in HUAWEI HarmonyOS 2.0
| VAR-202206-2409 | No CVE | There is a DLL hijacking vulnerability in kingView of Beijing Asia Control Technology Development Co., Ltd. |
CVSS V2: 1.7 CVSS V3: - Severity: LOW |
KingView (KingView) is the first industrial configuration software product launched by Beijing Asia Control Technology Development Co., Ltd. in China.
There is a DLL hijacking vulnerability in KingView of Beijing Asia Control Technology Development Co., Ltd., and attackers can use this vulnerability to load malicious DLL files for command execution.
| VAR-202206-0375 | CVE-2022-31763 | Huawei of EMUI and HarmonyOS In NULL Pointer dereference vulnerability |
CVSS V2: 4.9 CVSS V3: 5.5 Severity: MEDIUM |
The kernel module has the null pointer and out-of-bounds array vulnerabilities. Successful exploitation of this vulnerability may affect system availability. Huawei of EMUI and HarmonyOS for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in HUAWEI HarmonyOS 2.0
| VAR-202206-0377 | CVE-2022-31762 | plural Huawei Product input verification vulnerabilities |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
The AMS module has a vulnerability in input validation. Successful exploitation of this vulnerability may cause privilege escalation. Huawei of EMUI , HarmonyOS , Magic UI There is an input validation vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in HUAWEI HarmonyOS 2.0
| VAR-202206-0263 | CVE-2021-46812 | Huawei of EMUI and HarmonyOS Vulnerability in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
The Device Manager has a vulnerability in multi-device interaction. Successful exploitation of this vulnerability may affect data integrity. Huawei of EMUI and HarmonyOS Exists in unspecified vulnerabilities.Information may be tampered with. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system
| VAR-202206-0259 | CVE-2021-46814 | plural Huawei Product out-of-bounds read vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
The video framework has an out-of-bounds memory read/write vulnerability. Successful exploitation of this vulnerability may affect system availability. Huawei of EMUI , HarmonyOS , Magic UI contains an out-of-bounds read vulnerability and an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system
| VAR-202206-0262 | CVE-2022-31759 | plural Huawei Product Uninitialized Pointer Access Vulnerability |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
AppLink has a vulnerability of accessing uninitialized pointers. Successful exploitation of this vulnerability may affect system availability. Huawei of EMUI , HarmonyOS , Magic UI Exists in an uninitialized pointer access vulnerability.Service operation interruption (DoS) It may be in a state. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in HUAWEI HarmonyOS 2.0
| VAR-202206-0322 | CVE-2021-42887 | TOTOLINK of ex1200t Firmware vulnerabilities |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm. TOTOLINK of ex1200t There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK
| VAR-202206-0054 | CVE-2021-42891 | TOTOLINK of ex1200t Vulnerability related to lack of authentication for critical functions in firmware |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization. TOTOLINK of ex1200t Firmware has a lack of authentication vulnerability for critical functionality.Information may be obtained. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK
| VAR-202206-0003 | CVE-2021-42889 | TOTOLINK of ex1200t Vulnerability related to lack of authentication for critical functions in firmware |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, wifiname, etc.) without authorization. TOTOLINK of ex1200t Firmware has a lack of authentication vulnerability for critical functionality.Information may be obtained. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK
| VAR-202206-0026 | CVE-2021-42885 | TOTOLINK of ex1200t in the firmware OS Command injection vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceMac of the file global.so which can control deviceName to attack. TOTOLINK of ex1200t The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK
| VAR-202206-0123 | CVE-2021-42888 | TOTOLINK of ex1200t in the firmware OS Command injection vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setLanguageCfg of the file global.so which can control langType to attack. TOTOLINK of ex1200t The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK