VARIoT IoT vulnerabilities database
| VAR-202202-1522 | CVE-2021-22437 | EMUI and Magic UI Integer overflow vulnerability in |
CVSS V2: 6.9 CVSS V3: 7.0 Severity: HIGH |
There is a software integer overflow leading to a TOCTOU condition in smartphones. Successful exploitation of this vulnerability may cause random address access. EMUI and Magic UI includes an integer overflow vulnerability, and Time-of-check Time-of-use (TOCTOU) There is a race condition vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202202-1525 | CVE-2021-37027 | HUAWEI EMUI and Magic UI Vulnerability in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
There is a DoS vulnerability in smartphones. Successful exploitation of this vulnerability may affect service integrity. HUAWEI EMUI and Magic UI Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state
| VAR-202202-0768 | CVE-2022-25062 | TP-LINK TL-WR840N Integer overflow vulnerability in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain an integer overflow via the function dm_checkString. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. TP-LINK TL-WR840N(ES) Exists in an integer overflow vulnerability.Service operation interruption (DoS) It may be in a state. Tp-link TL-WR840N is a wireless router from China Tp-link company
| VAR-202202-1530 | CVE-2022-25060 | TP-LINK TL-WR840N Command injection vulnerability in |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_startPing. TP-LINK TL-WR840N Contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tp-link TL-WR840N is a wireless router from China Tp-link company.
There is a security vulnerability in TP-LINK TL-WR840N(ES) V6.20 180709. No detailed vulnerability details are currently available
| VAR-202202-1521 | CVE-2022-25064 | TP-LINK TL-WR840N Command injection vulnerability in |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpAddr. TP-LINK TL-WR840N(ES) Contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tp-link TL-WR840N is a wireless router from China Tp-link company. No detailed vulnerability details are currently provided
| VAR-202202-0767 | CVE-2021-22448 | EMUI and Magic UI Vulnerability in |
CVSS V2: 6.4 CVSS V3: 9.1 Severity: CRITICAL |
There is an improper verification vulnerability in smartphones. Successful exploitation of this vulnerability may cause unauthorized read and write of some files. EMUI and Magic UI Exists in unspecified vulnerabilities.Information may be obtained and information may be tampered with
| VAR-202202-1526 | CVE-2021-37103 | EMUI and Magic UI Vulnerability regarding improper default permissions in |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
There is an improper permission management vulnerability in the Wallet apps. Successful exploitation of this vulnerability may affect service confidentiality. EMUI and Magic UI There is a vulnerability in improper default permissions.Information may be obtained
| VAR-202202-1228 | CVE-2022-25084 | TOTOLINK of t6 Command injection vulnerability in firmware |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLink T6 V5.9c.4085_B20190428 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. (DoS) It may be in a state. TOTOLink T6 is a wireless dual-band router from China TotoLink Company
| VAR-202202-1579 | CVE-2022-25072 | TP-LINK Technologies of archer a54 Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TP-Link Archer A54 Archer A54(US)_V1_210111 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows unauthenticated attackers to execute arbitrary code. TP-LINK Technologies of archer a54 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tp-Link Archer A54 is a wireless dual-band router from Pulian Technology Co., Ltd.
A buffer overflow vulnerability exists in the Archer A54 router of Pulian Technology Co., Ltd
| VAR-202202-1589 | CVE-2022-25417 | Tenda AC9 Out-of-bounds write vulnerability in |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function saveparentcontrolinfo. Tenda AC9 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202202-1580 | CVE-2022-25076 | TOTOLink A800R Command Injection Vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLink A800R V4.1.2cu.5137_B20200730 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. TOTOLINK of a800r Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLink A800R is a wireless router from China TotoLink Company
| VAR-202202-0218 | CVE-2022-21209 | Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
The affected product is vulnerable to an out-of-bounds read while processing project files, which allows an attacker to craft a project file that would allow arbitrary code execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. FATEK Automation FvDesigner is a human-computer interaction device of FATEK.
A buffer error vulnerability exists in FATEK Automation FvDesigner
| VAR-202202-0828 | CVE-2022-24610 | alecto of dvc-215ip Insufficient Credential Protection Vulnerability in Firmware |
CVSS V2: 5.0 CVSS V3: 8.6 Severity: HIGH |
Settings/network settings/wireless settings on the Alecto DVC-215IP camera version 63.1.1.173 and below shows the Wi-Fi passphrase hidden, but by editing/removing the style of the password field the password becomes visible which grants access to an internal network connected to the camera. alecto of dvc-215ip A firmware vulnerability related to insufficient protection of credentials exists.Information may be obtained. Alecto DVC-215IP is a camera from Alecto.
An information disclosure vulnerability exists in Alecto DVC-215IP 63.1.1.173 and earlier
| VAR-202202-0817 | CVE-2022-25080 | TOTOLink A830R Command Injection Vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLink A830R V5.9c.4729_B20191112 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. TOTOLINK of A830R Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLink A830R is a wireless dual-band router from China TotoLink Company
| VAR-202202-0834 | CVE-2022-25083 | TOTOLINK of a860r Command injection vulnerability in firmware |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLink A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. TOTOLINK of a860r Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLink A860R is a wireless router from China TotoLink Company
| VAR-202202-0216 | CVE-2022-23985 | Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
The affected product is vulnerable to an out-of-bounds write while processing project files, which allows an attacker to craft a project file that would allow arbitrary code execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. FATEK Automation FvDesigner is a human-computer interaction device of FATEK
| VAR-202202-1572 | CVE-2022-25082 | TOTOLink A950RG Command Injection Vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. TOTOLINK of a950rg Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLink A950RG is a wireless router from China TotoLink Company
| VAR-202202-1564 | CVE-2022-25079 | TOTOLink A810R Command Injection Vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLink A810R V4.1.2cu.5182_B20201026 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. TOTOLINK of a810r Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLink A810R is a wireless dual-band router from China TotoLink Company
| VAR-202202-0832 | CVE-2022-25075 | TOTOLink A3000RU Command Injection Vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLink A3000RU V5.9c.2280_B20180512 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. TOTOLINK A3000RU Contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLink A3000RU is a wireless router from China TotoLink Company
| VAR-202202-1230 | CVE-2022-25074 | TP-LINK Technologies of TL-WR902AC Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TP-Link TL-WR902AC(US)_V3_191209 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows unauthenticated attackers to execute arbitrary code. TP-LINK Technologies of TL-WR902AC An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tp-Link Tl-Wr902Ac is an Ac750 travel router from Tp-Link in China