VARIoT IoT vulnerabilities database
| VAR-202203-1022 | CVE-2022-25548 | Tenda AX1806 stack overflow vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the serverName parameter. Tenda AX1806 is a WiFi6 wireless router from Tenda, China.
A stack overflow vulnerability exists in Tenda AX1806, which allows remote attackers to use the vulnerability to submit special requests that can crash the application or execute arbitrary code in the context of the application
| VAR-202203-1023 | CVE-2022-25551 | Tenda AX1806 FormSetSystemTooldDNS function stack overflow vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsDomain parameter. Tenda AX1806 is a WiFi6 wireless router from Tenda, China
| VAR-202203-1028 | CVE-2022-25561 | Shenzhen Tenda Technology Co.,Ltd. of AX12 Out-of-bounds write vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_42DE00. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. Shenzhen Tenda Technology Co.,Ltd. of AX12 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda Ax12 is a dual-band Gigabit Wifi 6 wireless router from the Chinese company Tenda
| VAR-202203-1026 | CVE-2022-25560 | Shenzhen Tenda Technology Co.,Ltd. of AX12 Out-of-bounds write vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_4327CC. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. Shenzhen Tenda Technology Co.,Ltd. of AX12 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda Ax12 is a dual-band Gigabit Wifi 6 wireless router from the Chinese company Tenda
| VAR-202203-1025 | CVE-2022-25556 | Shenzhen Tenda Technology Co.,Ltd. of AX12 Out-of-bounds write vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_42E328. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. Shenzhen Tenda Technology Co.,Ltd. of AX12 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda Ax12 is a dual-band Gigabit Wifi 6 wireless router from the Chinese company Tenda
| VAR-202203-1021 | CVE-2022-25546 | Tenda AX1806 Stack Overflow Vulnerability (CNVD-2022-22747) |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsUser parameter. Tenda AX1806 is a WiFi6 wireless router from Tenda, China
| VAR-202203-0287 | CVE-2021-46408 | Shenzhen Tenda Technology Co.,Ltd. of AX12 Out-of-bounds write vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda AX12 v22.03.01.21 was discovered to contain a stack buffer overflow in the function sub_422CE4. This vulnerability allows attackers to cause a Denial of Service (DoS) via the strcpy parameter. Shenzhen Tenda Technology Co.,Ltd. of AX12 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda AX12 is a dual-band Gigabit Wifi 6 wireless router from Tenda, China
| VAR-202203-0881 | CVE-2021-40047 | plural Huawei Vulnerability related to lack of freeing memory after expiration in product |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
There is a vulnerability of memory not being released after effective lifetime in the Bastet module. Successful exploitation of this vulnerability may affect integrity. Huawei of EMUI , HarmonyOS , Magic UI Contains a vulnerability regarding the lack of free memory after expiration.Information may be tampered with
| VAR-202203-0964 | CVE-2021-40048 | plural Huawei Buffer size miscalculation vulnerability in product |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
There is an incorrect buffer size calculation vulnerability in the video framework. Successful exploitation of this vulnerability will affect availability. Huawei of EMUI , HarmonyOS , Magic UI contains a buffer size miscalculation vulnerability.Service operation interruption (DoS) It may be in a state
| VAR-202203-0284 | CVE-2021-44631 | TP-Link TL-WR886N Buffer Overflow Vulnerability (CNVD-2022-20073) |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/reset_cloud_pwd feature, which allows malicous users to execute arbitrary code on the system via a crafted post request. TP-Link TL-WR886N is a wireless router from China Pulian Company.
A buffer overflow vulnerability exists in TP-Link TL-WR886N 20190826 version 2.3.8
| VAR-202203-0288 | CVE-2021-4045 |
Tp-link Tapo C200 Command Injection Vulnerability
Related entries in the VARIoT exploits database: VAR-E-202209-0076 |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera. TP-LINK Technologies of tapo c200 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tp-link Tapo C200 is a network camera device from Tp-link company in China. The vulnerability stems from the uhttpd binary that runs as root by default in the software, which lacks filtering and escaping of command parameters. An unauthenticated attacker could exploit this vulnerability to execute system commands on the system through a special command request
| VAR-202203-0971 | CVE-2021-40051 | plural Huawei Vulnerability related to resource disclosure to the wrong area in the product |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
There is an unauthorized access vulnerability in system components. Successful exploitation of this vulnerability will affect confidentiality. Huawei of EMUI , HarmonyOS , Magic UI Exists in a vulnerability related to the leakage of resources to the wrong area.Information may be obtained
| VAR-202203-0930 | CVE-2021-44629 | TP-Link TL-WR886N Buffer Overflow Vulnerability (CNVD-2022-20074) |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
A Buffer Overflow vulnerabilitiy exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/register feature, which allows malicious users to execute arbitrary code on the system via a crafted post request. TP-LINK TL-WR886N is a router from China Tp-link company.
A buffer overflow vulnerability exists in TP-LINK TL-WR886N 20190826 version 2.3.8. The vulnerability arises from incorrect validation of data boundaries when performing operations on memory in the /cloud_config/router_post/register function
| VAR-202203-0266 | CVE-2021-40058 | Huawei of EMUI and Magic UI Out-of-bounds write vulnerability in |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
There is a heap-based buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability. Huawei of EMUI and Magic UI Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state
| VAR-202203-0970 | CVE-2020-14112 | Xiaomi Router AX6000 Information Disclosure Vulnerability |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
Information Leak Vulnerability exists in the Xiaomi Router AX6000. The vulnerability is caused by incorrect routing configuration. Attackers can exploit this vulnerability to download part of the files in Xiaomi Router AX6000. mi of ax6000 Firmware has an information disclosure vulnerability.Information may be obtained. The Xiaomi Router AX6000 is a router from the Chinese company Xiaomi
| VAR-202203-0966 | CVE-2020-36517 | Home Assistant Vulnerability regarding observable inconsistencies in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised 2022.03 allows a DNS operator to gain knowledge about internal network resources via the hardcoded DNS resolver configuration. Home Assistant Exists in observable mismatch vulnerabilities.Information may be obtained
| VAR-202203-0327 | CVE-2022-25829 | Samsung's Android for Watch Active2 Information disclosure vulnerability in plug-in |
CVSS V2: 2.1 CVSS V3: 3.3 Severity: LOW |
Information Exposure vulnerability in Watch Active2 Plugin prior to version 2.2.08.22012751 allows attacker to access password information of connected WiFiAp in the log. Samsung's Android for Watch Active2 The plugin contains an information disclosure vulnerability.Information may be obtained
| VAR-202203-0282 | CVE-2021-44628 | TP-Link TL-WR886N Buffer Overflow Vulnerability (CNVD-2022-20076) |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
A Buffer Overflow vulnerabiltiy exists in TP-LINK WR-886N 20190826 2.3.8 in thee /cloud_config/router_post/login feature, which allows malicious users to execute arbitrary code on the system via a crafted post request. TP-Link TL-WR886N is a wireless router from China Pulian Company.
A buffer overflow vulnerability exists in TP-Link TL-WR886N 20190826 2.3.8. The vulnerability arises from incorrect validation of data boundaries when performing operations on memory in the /cloud_config/router_post/login function, which could be exploited by an authenticated attacker
| VAR-202203-0321 | CVE-2022-25819 | Google of Android Out-of-bounds read vulnerability in |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
OOB read vulnerability in hdcp2 device node prior to SMR Mar-2022 Release 1 allow an attacker to view Kernel stack memory. Google of Android Exists in an out-of-bounds read vulnerability.Information may be obtained. Samsung hdcp2 is a system for Samsung mobile devices that protects output DVD content through HDMI to prevent copying.
Samsung hdcp2 has an out-of-bounds read vulnerability, which results from a lack of proper validation of user-supplied data
| VAR-202203-0283 | CVE-2021-44630 | TP-Link TL-WR886N Buffer Overflow Vulnerability (CNVD-2022-20075) |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/modify_account_pwd feature, which allows malicious users to execute arbitrary code on the system via a crafted post request. TP-Link TL-WR886N is a wireless router from China Pulian Company.
A buffer overflow vulnerability exists in TP-Link TL-WR886N 20190826 2.3.8 that arises from incorrect validation of data boundaries when performing operations on memory in the /cloud_config/router_post/modify_account_pwd function, which could be exploited by an authenticated attacker