VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202205-0322 CVE-2022-28785 Google  of  Android  Out-of-bounds read vulnerability in CVSS V2: 2.1
CVSS V3: 5.5
Severity: MEDIUM
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic. Google of Android Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state. Samsung AviExtractor is a device extractor library for Samsung mobile devices. Samsung AviExtractor has a buffer overflow vulnerability. Attackers can exploit this vulnerability to cause a denial of service
VAR-202205-0501 CVE-2022-23443 Fortinet FortiSOAR  Vulnerability in CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
An improper access control in Fortinet FortiSOAR before 7.2.0 allows unauthenticated attackers to access gateway API data via crafted HTTP GET requests. Fortinet FortiSOAR Exists in unspecified vulnerabilities.Information may be obtained. FortiSOAR is a Security Orchestration, Automation and Response (SOAR) solution from Fortinet, USA
VAR-202205-0076 CVE-2022-28791 Samsung Galaxy Store InstallAgent Input Validation Error Vulnerability CVSS V2: 2.1
CVSS V3: 5.5
Severity: MEDIUM
Improper input validation vulnerability in InstallAgent in Galaxy Store prior to version 4.5.41.8 allows attacker to overwrite files stored in a specific path. The patch adds proper protection to prevent overwrite to existing files. Samsung Galaxy Store is an application store for Samsung mobile devices. The vulnerability is caused by incorrect input validation logic in InstallAgent
VAR-202205-0186 CVE-2022-28561 Shenzhen Tenda Technology Co.,Ltd.  of  AX12  Out-of-bounds write vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
There is a stack overflow vulnerability in the /goform/setMacFilterCfg function in the httpd service of Tenda ax12 22.03.01.21_cn router. An attacker can obtain a stable shell through a carefully constructed payload. Shenzhen Tenda Technology Co.,Ltd. of AX12 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AX12 is a dual-band Gigabit Wifi 6 wireless router from the Chinese company Tenda. The vulnerability stems from the fact that the /goform/setMacFilterCfg function in the httpd service does not properly verify the data boundary when performing operations on memory
VAR-202205-0363 CVE-2022-28793 Samsung Galaxy S22 StrongBox State Maintenance Error Vulnerability CVSS V2: 2.1
CVSS V3: 4.4
Severity: MEDIUM
Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch is applied in Galaxy S22 to prevent change of Android ROT after first initialization at boot time. Samsung Galaxy S22 is a smartphone product released by Samsung on February 9, 2022. Samsung Galaxy S22 StrongBox has a state maintenance error vulnerability, which stems from incorrect StrongBox state maintenance
VAR-202206-0251 CVE-2022-30425 Shenzhen Tenda Technology Co.,Ltd.  of  hg6  in the firmware  OS  Command injection vulnerability CVSS V2: 9.0
CVSS V3: 8.8
Severity: HIGH
Tenda Technology Co.,Ltd HG6 3.3.0-210926 was discovered to contain a command injection vulnerability via the pingAddr and traceAddr parameters. This vulnerability is exploited via a crafted POST request. Shenzhen Tenda Technology Co.,Ltd. of hg6 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. An attacker could exploit this vulnerability to cause arbitrary command execution. HG6 provides 4 LAN ports(1*GE,3*FE),a voice port to meet users' requirements for enjoying the Internet,HD IPTV and VoIP multi-service applications.The application suffers from an authenticated OS command injectionvulnerability. This can be exploited to inject and execute arbitraryshell commands through the 'pingAddr' and 'traceAddr' HTTP POST parametersin formPing, formPing6, formTracert and formTracert6 interfaces.Tested on: Boa/0.93.15
VAR-202205-0509 CVE-2021-43081 FortiOS  and  FortiProxy  Cross-site scripting vulnerability in CVSS V2: 4.3
CVSS V3: 6.1
Severity: MEDIUM
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.0.3 and below, 6.4.8 and below, 6.2.10 and below, 6.0.14 to 6.0.0. and in FortiProxy version 7.0.1 and below, 2.0.7 to 2.0.0 web filter override form may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests. FortiOS and FortiProxy Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Fortinet FortiProxy SSL VPN is an application software of the United States (Fortinet) company. An intrusion detection function is provided. Fortinet FortiProxy SSL VPN has a cross-site scripting vulnerability, which results from insufficient sanitization of user-supplied data, allowing remote attackers to steal potentially sensitive information, change the appearance of web pages, and perform phishing and drive-by download attacks
VAR-202205-0417 CVE-2021-43066 Fortinet FortiClientWindows  Vulnerability in leaking resources to the wrong area in CVSS V2: 4.6
CVSS V3: 7.8
Severity: HIGH
A external control of file name or path in Fortinet FortiClientWindows version 7.0.2 and below, version 6.4.6 and below, version 6.2.9 and below, version 6.0.10 and below allows attacker to escalate privilege via the MSI installer. Fortinet FortiClientWindows Exists in a vulnerability related to the leakage of resources to the wrong area.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202205-0408 CVE-2022-26116 FortiNAC  In  SQL  Injection vulnerability CVSS V2: 6.5
CVSS V3: 8.8
Severity: HIGH
Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerability [CWE-89] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters. FortiNAC for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a network access control solution from Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC versions 8.3.7 to 9.2.2 have a SQL injection vulnerability that stems from insufficient sanitization of user-supplied data. The vulnerability could be exploited by a remote user to send a specially crafted request to an affected application to execute arbitrary SQL commands in the application database. SQL commands
VAR-202205-0507 CVE-2022-28560 Shenzhen Tenda Technology Co.,Ltd.  of  AC9  Out-of-bounds write vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
There is a stack overflow vulnerability in the goform/fast_setting_wifi_set function in the httpd service of Tenda ac9 15.03.2.21_cn router. An attacker can obtain a stable shell through a carefully constructed payload. Shenzhen Tenda Technology Co.,Ltd. of AC9 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability stems from the fact that the goform/fast_setting_wifi_set function in the httpd service does not properly verify the data boundary when performing operations on memory
VAR-202205-0085 CVE-2022-22306 FortiOS  Certificate validation vulnerabilities in CVSS V2: 2.9
CVSS V3: 5.3
Severity: MEDIUM
An improper certificate validation vulnerability [CWE-295] in FortiOS 6.0.0 through 6.0.14, 6.2.0 through 6.2.10, 6.4.0 through 6.4.8, 7.0.0 may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the FortiGate and some peers such as private SDNs and external cloud platforms. FortiOS Exists in a certificate validation vulnerability.Information may be obtained. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam
VAR-202205-0084 CVE-2021-41032 FortiOS  Vulnerability in CVSS V2: 5.5
CVSS V3: 5.4
Severity: MEDIUM
An improper access control vulnerability [CWE-284] in FortiOS versions 6.4.8 and prior and 7.0.3 and prior may allow an authenticated attacker with a restricted user profile to gather sensitive information and modify the SSL-VPN tunnel status of other VDOMs using specific CLI commands. FortiOS Exists in unspecified vulnerabilities.Information may be obtained and information may be tampered with. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam
VAR-202205-0180 CVE-2021-41020 FortiIsolator  Vulnerability in CVSS V2: 6.5
CVSS V3: 8.8
Severity: HIGH
An improper access control vulnerability [CWE-284] in FortiIsolator versions 2.3.2 and below may allow an authenticated, non privileged attacker to regenerate the CA certificate via the regeneration URL. FortiIsolator Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202205-0017 CVE-2022-28573 of D-Link Japan Co., Ltd.  dir-823 pro  Command injection vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNTPserverSeting. This vulnerability allows attackers to execute arbitrary commands via the system_time_timezone parameter. of D-Link Japan Co., Ltd. dir-823 pro Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DIR-823-Pro is a router. The vulnerability stems from the failure to properly filter and construct command special characters, commands, etc. in the function SetNTPserverSeting
VAR-202205-0286 CVE-2021-25102 All In One WP Security & Firewall WordPress  Cross-site scripting vulnerability in plugins CVSS V2: 2.6
CVSS V3: 4.7
Severity: MEDIUM
The All In One WP Security & Firewall WordPress plugin before 4.4.11 does not validate, sanitise and escape the redirect_to parameter before using it to redirect user, either via a Location header, or meta url attribute, when the Rename Login Page is active, which could lead to an Arbitrary Redirect as well as Cross-Site Scripting issue. Exploitation of this issue requires the Login Page URL value to be known, which should be hard to guess, reducing the risk. All In One WP Security & Firewall WordPress A cross-site scripting vulnerability exists in the plugin.Information may be obtained and information may be tampered with. Both WordPress and WordPress plugins are products of the WordPress Foundation. WordPress is a blogging platform developed using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. A WordPress plugin is an application plugin. The redirect_to parameter is defined, an attacker can exploit this vulnerability to execute JavaScript code on the client
VAR-202205-0418 CVE-2020-23617 TOTOLINK  of  N200RE  firmware and  N100RE  Cross-site scripting vulnerability in firmware CVSS V2: 4.3
CVSS V3: 6.1
Severity: MEDIUM
A cross site scripting (XSS) vulnerability in the error page of Totolink N200RE and N100RE Routers 2.0 allows attackers to execute arbitrary web scripts or HTML via SCRIPT element. TOTOLINK of N200RE firmware and N100RE Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Totolink N200RE and Totolink N100RE are routers from Totolink Corporation
VAR-202205-0098 CVE-2021-35098 Buffer error vulnerability in multiple Qualcomm products CVSS V2: 4.6
CVSS V3: 6.7
Severity: MEDIUM
Improper validation of session id in PCM routing process can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables. APQ8053 firmware, APQ8096AU firmware, AQT1000 Multiple Qualcomm products such as firmware contain a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202205-0150 CVE-2022-28572 Shenzhen Tenda Technology Co.,Ltd.  of  ax1806  firmware and  ax1803  Command injection vulnerability in firmware CVSS V2: 6.5
CVSS V3: 8.8
Severity: HIGH
Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability in `SetIPv6Status` function. Shenzhen Tenda Technology Co.,Ltd. of ax1806 firmware and ax1803 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202205-0378 CVE-2022-28571 of D-Link Japan Co., Ltd.  dir-882  Command injection vulnerability in firmware CVSS V2: 5.8
CVSS V3: 9.8
Severity: CRITICAL
D-link 882 DIR882A1_FW130B06 was discovered to contain a command injection vulnerability in`/usr/bin/cli. of D-Link Japan Co., Ltd. dir-882 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202205-0239 CVE-2021-35116 Input validation vulnerability in multiple Qualcomm products CVSS V2: 6.6
CVSS V3: 7.1
Severity: HIGH
APK can load a crafted model into the CDSP which can lead to a compromise of CDSP and other APK`s data executing there in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables. APQ8009 firmware, APQ8009W firmware, APQ8096AU Multiple Qualcomm products such as firmware contain vulnerabilities related to input validation.Information may be obtained and information may be tampered with