VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202206-0351 CVE-2022-21745 Google  of  Android  Vulnerability in using free memory in CVSS V2: 8.3
CVSS V3: 8.8
Severity: HIGH
In WIFI Firmware, there is a possible memory corruption due to a use after free. This could lead to remote escalation of privilege, when devices are connecting to the attacker-controllable Wi-Fi hotspot, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06468872; Issue ID: ALPS06468872. Google of Android Exists in a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202206-0120 CVE-2022-31757 plural  Huawei  Product vulnerabilities CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
The setting module has a vulnerability of improper use of APIs. Successful exploitation of this vulnerability may affect data confidentiality. Huawei of EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Information may be obtained. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system
VAR-202206-0119 CVE-2022-31756 plural  Huawei  Product vulnerabilities CVSS V2: 2.1
CVSS V3: 5.5
Severity: MEDIUM
The fingerprint sensor module has design defects. Successful exploitation of this vulnerability may affect data confidentiality. Huawei of EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Information may be obtained. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in HUAWEI HarmonyOS 2.0
VAR-202206-0025 CVE-2022-31753 plural  Huawei  Product Format String Vulnerability CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
The voice wakeup module has a vulnerability of using externally-controlled format strings. Successful exploitation of this vulnerability may affect system availability. Huawei of EMUI , HarmonyOS , Magic UI Exists in a format string vulnerability.Service operation interruption (DoS) It may be in a state. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in HUAWEI HarmonyOS 2.0
VAR-202206-0024 CVE-2022-31760 plural  Huawei  Product vulnerabilities CVSS V2: 6.4
CVSS V3: 9.1
Severity: CRITICAL
Dialog boxes can still be displayed even if the screen is locked in carrier-customized USSD services. Successful exploitation of this vulnerability may affect data integrity and confidentiality. Huawei of EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Information may be obtained and information may be tampered with. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in HarmonyOS 2.0. The vulnerability is due to the pop-up problem after the lock screen of the USSD service customized by the operator
VAR-202206-0002 CVE-2021-46811 plural  Huawei  Inappropriate Default Permission Vulnerability in Products CVSS V2: 5.0
CVSS V3: 5.3
Severity: MEDIUM
HwSEServiceAPP has a vulnerability in permission management. Successful exploitation of this vulnerability may cause disclosure of the Card Production Life Cycle (CPLC) information. Huawei of EMUI , HarmonyOS , Magic UI There is a vulnerability in improper default permissions.Information may be obtained. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. Attackers can exploit this vulnerability to obtain CPLC information
VAR-202206-0261 CVE-2022-31751 plural  Huawei  Product vulnerabilities CVSS V2: 4.9
CVSS V3: 5.5
Severity: MEDIUM
The kernel emcom module has multi-thread contention. Successful exploitation of this vulnerability may affect system availability. Huawei of EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system
VAR-202206-0260 CVE-2022-31758 HUAWEI HarmonyOS Competitive conditional vulnerability CVSS V2: 1.9
CVSS V3: 4.7
Severity: MEDIUM
The kernel module has the race condition vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in HUAWEI HarmonyOS 2.0
VAR-202206-0376 CVE-2022-31755 plural  Huawei  Product Improper Retention of Permissions Vulnerability CVSS V2: 2.1
CVSS V3: 5.5
Severity: MEDIUM
The communication module has a vulnerability of improper permission preservation. Successful exploitation of this vulnerability may affect system availability. Huawei of EMUI , HarmonyOS , Magic UI contains an improper permissions retention vulnerability.Service operation interruption (DoS) It may be in a state. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in HUAWEI HarmonyOS 2.0
VAR-202206-2409 No CVE There is a DLL hijacking vulnerability in kingView of Beijing Asia Control Technology Development Co., Ltd. CVSS V2: 1.7
CVSS V3: -
Severity: LOW
KingView (KingView) is the first industrial configuration software product launched by Beijing Asia Control Technology Development Co., Ltd. in China. There is a DLL hijacking vulnerability in KingView of Beijing Asia Control Technology Development Co., Ltd., and attackers can use this vulnerability to load malicious DLL files for command execution.
VAR-202206-0375 CVE-2022-31763 Huawei  of  EMUI  and  HarmonyOS  In  NULL  Pointer dereference vulnerability CVSS V2: 4.9
CVSS V3: 5.5
Severity: MEDIUM
The kernel module has the null pointer and out-of-bounds array vulnerabilities. Successful exploitation of this vulnerability may affect system availability. Huawei of EMUI and HarmonyOS for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in HUAWEI HarmonyOS 2.0
VAR-202206-0377 CVE-2022-31762 plural  Huawei  Product input verification vulnerabilities CVSS V2: 4.6
CVSS V3: 7.8
Severity: HIGH
The AMS module has a vulnerability in input validation. Successful exploitation of this vulnerability may cause privilege escalation. Huawei of EMUI , HarmonyOS , Magic UI There is an input validation vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in HUAWEI HarmonyOS 2.0
VAR-202206-0263 CVE-2021-46812 Huawei  of  EMUI  and  HarmonyOS  Vulnerability in CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
The Device Manager has a vulnerability in multi-device interaction. Successful exploitation of this vulnerability may affect data integrity. Huawei of EMUI and HarmonyOS Exists in unspecified vulnerabilities.Information may be tampered with. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system
VAR-202206-0259 CVE-2021-46814 plural  Huawei  Product out-of-bounds read vulnerability CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
The video framework has an out-of-bounds memory read/write vulnerability. Successful exploitation of this vulnerability may affect system availability. Huawei of EMUI , HarmonyOS , Magic UI contains an out-of-bounds read vulnerability and an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system
VAR-202206-0262 CVE-2022-31759 plural  Huawei  Product Uninitialized Pointer Access Vulnerability CVSS V2: 2.1
CVSS V3: 5.5
Severity: MEDIUM
AppLink has a vulnerability of accessing uninitialized pointers. Successful exploitation of this vulnerability may affect system availability. Huawei of EMUI , HarmonyOS , Magic UI Exists in an uninitialized pointer access vulnerability.Service operation interruption (DoS) It may be in a state. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in HUAWEI HarmonyOS 2.0
VAR-202206-0322 CVE-2021-42887 TOTOLINK  of  ex1200t  Firmware vulnerabilities CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm. TOTOLINK of ex1200t There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK
VAR-202206-0054 CVE-2021-42891 TOTOLINK  of  ex1200t  Vulnerability related to lack of authentication for critical functions in firmware CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization. TOTOLINK of ex1200t Firmware has a lack of authentication vulnerability for critical functionality.Information may be obtained. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK
VAR-202206-0003 CVE-2021-42889 TOTOLINK  of  ex1200t  Vulnerability related to lack of authentication for critical functions in firmware CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, wifiname, etc.) without authorization. TOTOLINK of ex1200t Firmware has a lack of authentication vulnerability for critical functionality.Information may be obtained. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK
VAR-202206-0026 CVE-2021-42885 TOTOLINK  of  ex1200t  in the firmware  OS  Command injection vulnerability CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceMac of the file global.so which can control deviceName to attack. TOTOLINK of ex1200t The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK
VAR-202206-0123 CVE-2021-42888 TOTOLINK  of  ex1200t  in the firmware  OS  Command injection vulnerability CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setLanguageCfg of the file global.so which can control langType to attack. TOTOLINK of ex1200t The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK