VARIoT IoT vulnerabilities database
| VAR-202205-1018 | CVE-2022-21182 | InHand Networks of InRouter302 Firmware vulnerabilities |
CVSS V2: 6.5 CVSS V3: 8.8 Severity: HIGH |
A privilege escalation vulnerability exists in the router configuration import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability. InHand Networks of InRouter302 There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. InHand Networks InRouter Series is a series of routers from InHand Networks in the United States
| VAR-202205-0972 | CVE-2022-26020 | InHand Networks of ir302 Vulnerability related to use of hardcoded credentials in firmware |
CVSS V2: 4.0 CVSS V3: 6.5 Severity: MEDIUM |
An information disclosure vulnerability exists in the router configuration export functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability. InHand Networks InRouter Series is a series of routers from InHand Networks in the United States
| VAR-202205-1028 | CVE-2022-24910 | InHand Networks of ir302 Classic buffer overflow vulnerability in firmware |
CVSS V2: 4.6 CVSS V3: 6.7 Severity: MEDIUM |
A buffer overflow vulnerability exists in the httpd parse_ping_result API functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. InHand Networks of ir302 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. InHand Networks InRouter Series is a series of routers from InHand Networks in the United States
| VAR-202205-1169 | CVE-2022-26075 | InHand Networks of ir302 in the firmware OS Command injection vulnerability |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
An OS command injection vulnerability exists in the console infactory_wlan functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. (DoS) It may be in a state. InHand Networks InRouter Series is a series of routers from InHand Networks in the United States
| VAR-202205-1013 | CVE-2021-33080 | Vulnerability regarding deletion of sensitive information before storage or transfer in multiple Intel products |
CVSS V2: 4.6 CVSS V3: 6.8 Severity: MEDIUM |
Exposure of sensitive system information due to uncleared debug information in firmware for some Intel(R) SSD DC, Intel(R) Optane(TM) SSD and Intel(R) Optane(TM) SSD DC Products may allow an unauthenticated user to potentially enable information disclosure or escalation of privilege via physical access. (DoS) It may be in a state
| VAR-202205-0812 | CVE-2021-33135 | Intel SGX Linux kernel drivers Resource Management Error Vulnerability |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
Uncontrolled resource consumption in the Linux kernel drivers for Intel(R) SGX may allow an authenticated user to potentially enable denial of service via local access. Intel Software Guard Extensions (SGX) is a set of security-related instructions from Intel Corporation, which is built into some Intel CPUs. It provides hardware-based memory encryption to isolate application-specific code and data in memory. An authenticated user could exploit this vulnerability to implement a denial of service attack
| VAR-202205-0956 | CVE-2022-26007 | InHand Networks InRouter302 Operating System Command Injection Vulnerability |
CVSS V2: 9.0 CVSS V3: 7.2 Severity: HIGH |
An OS command injection vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability. (DoS) It may be in a state. InHand Networks InRouter Series is a series of routers from InHand Networks in the United States
| VAR-202205-1012 | CVE-2021-33077 | Vulnerabilities in multiple Intel products |
CVSS V2: 4.6 CVSS V3: 6.8 Severity: MEDIUM |
Insufficient control flow management in firmware for some Intel(R) SSD, Intel(R) Optane(TM) SSD and Intel(R) SSD DC Products may allow an unauthenticated user to potentially enable escalation of privilege via physical access. (DoS) It may be in a state
| VAR-202205-0780 | CVE-2022-21237 | Buffer Error Vulnerability in Multiple Intel Products |
CVSS V2: 6.1 CVSS V3: 6.7 Severity: MEDIUM |
Improper buffer access in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access. LAPBC510 firmware, LAPBC710 firmware, lapkc71f Multiple Intel products such as firmware contain a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202205-1000 | CVE-2021-33078 | Race Condition Vulnerability in Multiple Intel Products |
CVSS V2: 4.7 CVSS V3: 4.7 Severity: MEDIUM |
Race condition within a thread in firmware for some Intel(R) Optane(TM) SSD and Intel(R) SSD DC Products may allow a privileged user to potentially enable denial of service via local access
| VAR-202205-0782 | CVE-2022-24382 | Input validation vulnerability in multiple Intel products |
CVSS V2: 4.6 CVSS V3: 6.7 Severity: MEDIUM |
Improper input validation in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access. LAPBC510 firmware, LAPBC710 firmware, lapkc71f Multiple Intel products such as firmware contain vulnerabilities related to input validation.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202205-1051 | CVE-2021-33082 | Vulnerability regarding deletion of sensitive information before storage or transfer in multiple Intel products |
CVSS V2: 2.1 CVSS V3: 4.6 Severity: MEDIUM |
Sensitive information in resource not removed before reuse in firmware for some Intel(R) SSD and Intel(R) Optane(TM) SSD Products may allow an unauthenticated user to potentially enable information disclosure via physical access. optane ssd dc p4800x firmware, optane ssd dc p4801x firmware, optane ssd p5800x Multiple Intel products, such as firmware, contain vulnerabilities related to deletion of important information before storage or transfer.Information may be obtained
| VAR-202205-0949 | CVE-2021-33083 | Authentication Vulnerability in Multiple Intel Products |
CVSS V2: 2.1 CVSS V3: 4.4 Severity: MEDIUM |
Improper authentication in firmware for some Intel(R) SSD, Intel(R) Optane(TM) SSD, Intel(R) Optane(TM) SSD DC and Intel(R) SSD DC Products may allow an privileged user to potentially enable information disclosure via local access
| VAR-202205-0948 | CVE-2021-33075 | Race Condition Vulnerability in Multiple Intel Products |
CVSS V2: 4.7 CVSS V3: 4.7 Severity: MEDIUM |
Race condition in firmware for some Intel(R) Optane(TM) SSD, Intel(R) Optane(TM) SSD DC and Intel(R) SSD DC Products may allow a privileged user to potentially enable denial of service via local access
| VAR-202205-0957 | CVE-2022-30525 | USG FLEX Operating system command injection vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device
| VAR-202205-1031 | CVE-2022-26780 | InHand Networks of ir302 Firmware Input Validation Vulnerability |
CVSS V2: 6.5 CVSS V3: 8.8 Severity: HIGH |
Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input validation vulnerability exists in the `httpd`'s `user_define_init` function. Controlling the `user_define_timeout` nvram variable can lead to remote code execution. (DoS) It may be in a state. InHand Networks InRouter Series is a series of routers from InHand Networks in the United States
| VAR-202205-1030 | CVE-2022-26782 | InHand Networks of ir302 Out-of-bounds write vulnerability in firmware |
CVSS V2: 6.5 CVSS V3: 8.8 Severity: HIGH |
Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input validation vulnerability exists in the `httpd`'s `user_define_set_item` function. Controlling the `user_define_timeout` nvram variable can lead to remote code execution. InHand Networks of ir302 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. InHand Networks InRouter Series is a series of routers from InHand Networks in the United States
| VAR-202205-0951 | CVE-2022-29033 | Siemens JT2GO and Siemens Teamcenter Visualization Buffer error vulnerability |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library is vulnerable to uninitialized pointer free while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process. Siemens JT2GO and Teamcenter Visualization
| VAR-202205-0952 | CVE-2022-29028 | Siemens JT2GO and Siemens Teamcenter Visualization Security hole |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The Tiff_Loader.dll is vulnerable to infinite loop condition while parsing specially crafted TIFF files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. Siemens JT2GO and Teamcenter Visualization
| VAR-202205-0683 | CVE-2022-21128 | Intel's Intel Advisor Vulnerability in privilege management in |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
Insufficient control flow management in the Intel(R) Advisor software before version 7.6.0.37 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel's Intel Advisor Exists in a permission management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Intel Advisor is a design and analysis tool developed by Intel Corporation for developing high-performance code