VARIoT IoT vulnerabilities database

A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/get_reset_pwd_veirfy_code feature, which allows malicious users to execute arbitrary code on the system via a crafted post request. TP-LINK TL-WR886N is a router from China Tp-link company. A buffer overflow vulnerability exists in TP-LINK TL-WR886N 20190826 version 2.3.8. The vulnerability arises from the fact that the /cloud_config/router_post/get_reset_pwd_veirfy_code function does not properly validate the data boundary when performing operations on memory

Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter. Shenzhen Tenda Technology Co.,Ltd. of AX3 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda Ax3 is an Ax1800 Gigabit port dual-band Wifi 6 wireless router from Tenda, China

This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Permission Issues vulnerability in LinkManager web portal of Secomea GateManager allows logged in LinkManager user to access stored SiteManager backup files. Secomea of gatemanager There is a vulnerability in improper default permissions.Information may be obtained

Information Exposure vulnerability in Watch Active2 Plugin prior to version 2.2.08.22012751 allows attacker to access password information of connected WiFiAp in the log. Samsung's Android for Watch Active2 The plugin contains an information disclosure vulnerability.Information may be obtained

Information Leak Vulnerability exists in the Xiaomi Router AX6000. The vulnerability is caused by incorrect routing configuration. Attackers can exploit this vulnerability to download part of the files in Xiaomi Router AX6000. mi of ax6000 Firmware has an information disclosure vulnerability.Information may be obtained. The Xiaomi Router AX6000 is a router from the Chinese company Xiaomi

A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/upgrade_info feature, which allows malicious users to execute arbitrary code on the system via a crafted post request. TP-Link TL-WR886N is a wireless router from China Pulian Company. A buffer overflow vulnerability exists in TP-Link TL-WR886N 20190826 version 2.3.8

Security misconfiguration of RKP in kernel prior to SMR Mar-2022 Release 1 allows a system not to be protected by RKP. Google of Android Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Samsung RKP is a kernel protection mechanism for Samsung mobile devices. Samsung RKP has a security misconfiguration vulnerability. Attackers can exploit this vulnerability to affect the confidentiality, integrity, and availability of the system

Tenda AX1806 v1.0.0.1 was discovered to contain a heap overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the urls parameter. Tenda AX1806 is a WiFi6 wireless router from China Tenda company

There is a vulnerability of accessing resources using an incompatible type (type confusion) in the Bastet module. Successful exploitation of this vulnerability may affect integrity. Huawei of EMUI , HarmonyOS , Magic UI contains a type confusion vulnerability.Information may be tampered with

There is a heap-based buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability. Huawei of EMUI and Magic UI Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state

There is an improper access control vulnerability in the video module. Successful exploitation of this vulnerability may affect confidentiality. Huawei of EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Information may be obtained

There is a heap-based and stack-based buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability. Huawei of EMUI and Magic UI Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state

There is a permission control vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect confidentiality. Huawei of EMUI and Magic UI There is a vulnerability in improper default permissions.Information may be obtained

PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. Google of Android Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Samsung Weather application is an application for Samsung mobile devices to obtain weather forecast information. The vulnerability stems from the unauthorized access in the Samsung Weather application

A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows physical attackers to perform brute force attack on screen lock password. Google of Android Is vulnerable to improper restrictions on excessive authentication attempts.Information may be obtained. Samsung fingerprint matching algorithm is a fingerprint matching algorithm for Samsung mobile devices. There is a design error vulnerability in the Samsung fingerprint matching algorithm. This vulnerability is due to the improper design of the failure counting algorithm

An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised 2022.03 allows a DNS operator to gain knowledge about internal network resources via the hardcoded DNS resolver configuration. Home Assistant Exists in observable mismatch vulnerabilities.Information may be obtained

A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/modify_account_pwd feature, which allows malicious users to execute arbitrary code on the system via a crafted post request. TP-Link TL-WR886N is a wireless router from China Pulian Company. A buffer overflow vulnerability exists in TP-Link TL-WR886N 20190826 2.3.8 that arises from incorrect validation of data boundaries when performing operations on memory in the /cloud_config/router_post/modify_account_pwd function, which could be exploited by an authenticated attacker

Information Exposure vulnerability in Galaxy S3 Plugin prior to version 2.2.03.22012751 allows attacker to access password information of connected WiFiAp in the log. Samsung's Android for Galaxy Watch3 The plugin contains an information disclosure vulnerability.Information may be obtained

Information Exposure vulnerability in Galaxy Watch3 Plugin prior to version 2.2.09.22012751 allows attacker to access password information of connected WiFiAp in the log. Samsung's Android for Galaxy Watch3 The plugin contains an information disclosure vulnerability.Information may be obtained

IBM DataPower Gateway V10CD, 10.0.1, and 2108.4.1 could allow a remote attacker to bypass security restrictions, caused by the improper validation of input. By sending a specially crafted JSON message, an attacker could exploit this vulnerability to modify structure and fields. IBM X-Force ID: 209824. Vendor exploits this vulnerability IBM X-Force ID: 209824 It is published as.Information may be tampered with