VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202205-1018 CVE-2022-21182 InHand Networks  of  InRouter302  Firmware vulnerabilities CVSS V2: 6.5
CVSS V3: 8.8
Severity: HIGH
A privilege escalation vulnerability exists in the router configuration import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability. InHand Networks of InRouter302 There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. InHand Networks InRouter Series is a series of routers from InHand Networks in the United States
VAR-202205-0972 CVE-2022-26020 InHand Networks  of  ir302  Vulnerability related to use of hardcoded credentials in firmware CVSS V2: 4.0
CVSS V3: 6.5
Severity: MEDIUM
An information disclosure vulnerability exists in the router configuration export functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability. InHand Networks InRouter Series is a series of routers from InHand Networks in the United States
VAR-202205-1028 CVE-2022-24910 InHand Networks  of  ir302  Classic buffer overflow vulnerability in firmware CVSS V2: 4.6
CVSS V3: 6.7
Severity: MEDIUM
A buffer overflow vulnerability exists in the httpd parse_ping_result API functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. InHand Networks of ir302 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. InHand Networks InRouter Series is a series of routers from InHand Networks in the United States
VAR-202205-1169 CVE-2022-26075 InHand Networks  of  ir302  in the firmware  OS  Command injection vulnerability CVSS V2: 9.0
CVSS V3: 8.8
Severity: HIGH
An OS command injection vulnerability exists in the console infactory_wlan functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. (DoS) It may be in a state. InHand Networks InRouter Series is a series of routers from InHand Networks in the United States
VAR-202205-1013 CVE-2021-33080 Vulnerability regarding deletion of sensitive information before storage or transfer in multiple Intel products CVSS V2: 4.6
CVSS V3: 6.8
Severity: MEDIUM
Exposure of sensitive system information due to uncleared debug information in firmware for some Intel(R) SSD DC, Intel(R) Optane(TM) SSD and Intel(R) Optane(TM) SSD DC Products may allow an unauthenticated user to potentially enable information disclosure or escalation of privilege via physical access. (DoS) It may be in a state
VAR-202205-0812 CVE-2021-33135 Intel SGX Linux kernel drivers Resource Management Error Vulnerability CVSS V2: 2.1
CVSS V3: 5.5
Severity: MEDIUM
Uncontrolled resource consumption in the Linux kernel drivers for Intel(R) SGX may allow an authenticated user to potentially enable denial of service via local access. Intel Software Guard Extensions (SGX) is a set of security-related instructions from Intel Corporation, which is built into some Intel CPUs. It provides hardware-based memory encryption to isolate application-specific code and data in memory. An authenticated user could exploit this vulnerability to implement a denial of service attack
VAR-202205-0956 CVE-2022-26007 InHand Networks InRouter302 Operating System Command Injection Vulnerability CVSS V2: 9.0
CVSS V3: 7.2
Severity: HIGH
An OS command injection vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability. (DoS) It may be in a state. InHand Networks InRouter Series is a series of routers from InHand Networks in the United States
VAR-202205-1012 CVE-2021-33077 Vulnerabilities in multiple Intel products CVSS V2: 4.6
CVSS V3: 6.8
Severity: MEDIUM
Insufficient control flow management in firmware for some Intel(R) SSD, Intel(R) Optane(TM) SSD and Intel(R) SSD DC Products may allow an unauthenticated user to potentially enable escalation of privilege via physical access. (DoS) It may be in a state
VAR-202205-0780 CVE-2022-21237 Buffer Error Vulnerability in Multiple Intel Products CVSS V2: 6.1
CVSS V3: 6.7
Severity: MEDIUM
Improper buffer access in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access. LAPBC510 firmware, LAPBC710 firmware, lapkc71f Multiple Intel products such as firmware contain a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202205-1000 CVE-2021-33078 Race Condition Vulnerability in Multiple Intel Products CVSS V2: 4.7
CVSS V3: 4.7
Severity: MEDIUM
Race condition within a thread in firmware for some Intel(R) Optane(TM) SSD and Intel(R) SSD DC Products may allow a privileged user to potentially enable denial of service via local access
VAR-202205-0782 CVE-2022-24382 Input validation vulnerability in multiple Intel products CVSS V2: 4.6
CVSS V3: 6.7
Severity: MEDIUM
Improper input validation in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access. LAPBC510 firmware, LAPBC710 firmware, lapkc71f Multiple Intel products such as firmware contain vulnerabilities related to input validation.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202205-1051 CVE-2021-33082 Vulnerability regarding deletion of sensitive information before storage or transfer in multiple Intel products CVSS V2: 2.1
CVSS V3: 4.6
Severity: MEDIUM
Sensitive information in resource not removed before reuse in firmware for some Intel(R) SSD and Intel(R) Optane(TM) SSD Products may allow an unauthenticated user to potentially enable information disclosure via physical access. optane ssd dc p4800x firmware, optane ssd dc p4801x firmware, optane ssd p5800x Multiple Intel products, such as firmware, contain vulnerabilities related to deletion of important information before storage or transfer.Information may be obtained
VAR-202205-0949 CVE-2021-33083 Authentication Vulnerability in Multiple Intel Products CVSS V2: 2.1
CVSS V3: 4.4
Severity: MEDIUM
Improper authentication in firmware for some Intel(R) SSD, Intel(R) Optane(TM) SSD, Intel(R) Optane(TM) SSD DC and Intel(R) SSD DC Products may allow an privileged user to potentially enable information disclosure via local access
VAR-202205-0948 CVE-2021-33075 Race Condition Vulnerability in Multiple Intel Products CVSS V2: 4.7
CVSS V3: 4.7
Severity: MEDIUM
Race condition in firmware for some Intel(R) Optane(TM) SSD, Intel(R) Optane(TM) SSD DC and Intel(R) SSD DC Products may allow a privileged user to potentially enable denial of service via local access
VAR-202205-0957 CVE-2022-30525 USG FLEX Operating system command injection vulnerability CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device
VAR-202205-1031 CVE-2022-26780 InHand Networks  of  ir302  Firmware Input Validation Vulnerability CVSS V2: 6.5
CVSS V3: 8.8
Severity: HIGH
Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input validation vulnerability exists in the `httpd`'s `user_define_init` function. Controlling the `user_define_timeout` nvram variable can lead to remote code execution. (DoS) It may be in a state. InHand Networks InRouter Series is a series of routers from InHand Networks in the United States
VAR-202205-1030 CVE-2022-26782 InHand Networks  of  ir302  Out-of-bounds write vulnerability in firmware CVSS V2: 6.5
CVSS V3: 8.8
Severity: HIGH
Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input validation vulnerability exists in the `httpd`'s `user_define_set_item` function. Controlling the `user_define_timeout` nvram variable can lead to remote code execution. InHand Networks of ir302 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. InHand Networks InRouter Series is a series of routers from InHand Networks in the United States
VAR-202205-0951 CVE-2022-29033 Siemens JT2GO and Siemens Teamcenter Visualization Buffer error vulnerability CVSS V2: 6.8
CVSS V3: 7.8
Severity: HIGH
A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library is vulnerable to uninitialized pointer free while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process. Siemens JT2GO and Teamcenter Visualization
VAR-202205-0952 CVE-2022-29028 Siemens JT2GO and Siemens Teamcenter Visualization Security hole CVSS V2: 4.3
CVSS V3: 5.5
Severity: MEDIUM
A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The Tiff_Loader.dll is vulnerable to infinite loop condition while parsing specially crafted TIFF files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. Siemens JT2GO and Teamcenter Visualization
VAR-202205-0683 CVE-2022-21128 Intel's  Intel Advisor  Vulnerability in privilege management in CVSS V2: 4.6
CVSS V3: 7.8
Severity: HIGH
Insufficient control flow management in the Intel(R) Advisor software before version 7.6.0.37 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel's Intel Advisor Exists in a permission management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Intel Advisor is a design and analysis tool developed by Intel Corporation for developing high-performance code