VARIoT IoT vulnerabilities database
| VAR-202203-0822 | CVE-2022-24416 | Buffer Error Vulnerability in Multiple Dell Products |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. Alienware 13 R3 firmware, Alienware 15 R3 firmware, Alienware 15 R4 Multiple Dell products, such as firmware, contain a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202203-0855 | CVE-2022-22148 | Yokogawa Exaopc Operating system command injection vulnerability |
CVSS V2: 6.9 CVSS V3: 7.8 Severity: HIGH |
'Root Service' service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00
| VAR-202203-2097 | No CVE | TOTOLINK A3002RU Exists Unauthorized Access Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
TOTOLINK A3002RU is a gigabit dual-band router.
TOTOLINK A3002RU has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202203-0284 | CVE-2021-44631 | TP-Link TL-WR886N Buffer Overflow Vulnerability (CNVD-2022-20073) |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/reset_cloud_pwd feature, which allows malicous users to execute arbitrary code on the system via a crafted post request. TP-Link TL-WR886N is a wireless router from China Pulian Company.
A buffer overflow vulnerability exists in TP-Link TL-WR886N 20190826 version 2.3.8
| VAR-202203-1024 | CVE-2022-25552 | Tenda AX1806 form_fast_setting_wifi_set function stack overflow vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ssid parameter. Tenda AX1806 is a WiFi6 wireless router from China Tenda company
| VAR-202203-0282 | CVE-2021-44628 | TP-Link TL-WR886N Buffer Overflow Vulnerability (CNVD-2022-20076) |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
A Buffer Overflow vulnerabiltiy exists in TP-LINK WR-886N 20190826 2.3.8 in thee /cloud_config/router_post/login feature, which allows malicious users to execute arbitrary code on the system via a crafted post request. TP-Link TL-WR886N is a wireless router from China Pulian Company.
A buffer overflow vulnerability exists in TP-Link TL-WR886N 20190826 2.3.8. The vulnerability arises from incorrect validation of data boundaries when performing operations on memory in the /cloud_config/router_post/login function, which could be exploited by an authenticated attacker
| VAR-202203-0310 | CVE-2022-25547 | Tenda AX1806 fromSetSysTime function stack overflow vulnerability (CNVD-2022-23527) |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter. Tenda AX1806 is a WiFi6 wireless router from China Tenda company
| VAR-202203-0283 | CVE-2021-44630 | TP-Link TL-WR886N Buffer Overflow Vulnerability (CNVD-2022-20075) |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/modify_account_pwd feature, which allows malicious users to execute arbitrary code on the system via a crafted post request. TP-Link TL-WR886N is a wireless router from China Pulian Company.
A buffer overflow vulnerability exists in TP-Link TL-WR886N 20190826 2.3.8 that arises from incorrect validation of data boundaries when performing operations on memory in the /cloud_config/router_post/modify_account_pwd function, which could be exploited by an authenticated attacker
| VAR-202203-0261 | CVE-2021-40053 | plural Huawei Inappropriate Default Permission Vulnerability in Products |
CVSS V2: 6.4 CVSS V3: 9.1 Severity: CRITICAL |
There is a permission control vulnerability in the Nearby module.Successful exploitation of this vulnerability will affect availability and integrity. Huawei of EMUI , HarmonyOS , Magic UI There is a vulnerability in improper default permissions.Information is tampered with and service operation is interrupted (DoS) It may be in a state
| VAR-202203-0970 | CVE-2020-14112 | Xiaomi Router AX6000 Information Disclosure Vulnerability |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
Information Leak Vulnerability exists in the Xiaomi Router AX6000. The vulnerability is caused by incorrect routing configuration. Attackers can exploit this vulnerability to download part of the files in Xiaomi Router AX6000. mi of ax6000 Firmware has an information disclosure vulnerability.Information may be obtained. The Xiaomi Router AX6000 is a router from the Chinese company Xiaomi
| VAR-202203-0315 | CVE-2022-25555 | Tenda AX1806 fromSetSysTime function stack overflow vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ntpServer parameter. Tenda AX1806 is a WiFi6 wireless router from China Tenda Company
| VAR-202203-0976 | CVE-2021-40064 | plural Huawei Out-of-bounds write vulnerabilities in the product |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
There is a heap-based buffer overflow vulnerability in system components. Successful exploitation of this vulnerability may affect system stability. Huawei of EMUI , HarmonyOS , Magic UI Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state
| VAR-202203-0997 | CVE-2022-22814 | ASUSTeK Computer Inc. of myasus Vulnerability in privilege management in |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
The System Diagnosis service of MyASUS before 3.1.2.0 allows privilege escalation. ASUSTeK Computer Inc. of myasus Exists in a permission management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202203-0311 | CVE-2022-25549 | Tenda AX1806 formSetSysToolDDNS function stack overflow vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsEn parameter. Tenda AX1806 is a WiFi6 wireless router from Tenda, China
| VAR-202203-0327 | CVE-2022-25829 | Samsung's Android for Watch Active2 Information disclosure vulnerability in plug-in |
CVSS V2: 2.1 CVSS V3: 3.3 Severity: LOW |
Information Exposure vulnerability in Watch Active2 Plugin prior to version 2.2.08.22012751 allows attacker to access password information of connected WiFiAp in the log. Samsung's Android for Watch Active2 The plugin contains an information disclosure vulnerability.Information may be obtained
| VAR-202203-1028 | CVE-2022-25561 | Shenzhen Tenda Technology Co.,Ltd. of AX12 Out-of-bounds write vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_42DE00. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. Shenzhen Tenda Technology Co.,Ltd. of AX12 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda Ax12 is a dual-band Gigabit Wifi 6 wireless router from the Chinese company Tenda
| VAR-202203-0259 | CVE-2020-14115 | mi of ax3600 Insufficient validation of data authenticity in firmware vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code. mi of ax3600 Firmware contains insufficient validation of data authenticity.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Xiaomi router AX3600 is a router from the Chinese company Xiaomi
| VAR-202203-0964 | CVE-2021-40048 | plural Huawei Buffer size miscalculation vulnerability in product |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
There is an incorrect buffer size calculation vulnerability in the video framework. Successful exploitation of this vulnerability will affect availability. Huawei of EMUI , HarmonyOS , Magic UI contains a buffer size miscalculation vulnerability.Service operation interruption (DoS) It may be in a state
| VAR-202203-0975 | CVE-2021-40062 | Huawei of EMUI and Magic UI Classic buffer overflow vulnerability in |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
There is a vulnerability of copying input buffer without checking its size in the video framework. Successful exploitation of this vulnerability may affect availability. Huawei of EMUI and Magic UI Exists in a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state
| VAR-202203-0984 | CVE-2021-44622 | TP-Link TL-WR886N Stack Overflow Vulnerability (CNVD-2022-21168) |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/check_reg_verify_code function which could let a remove malicious user execute arbitrary code via a crafted post request. TP-Link TL-WR886N is a wireless router from China Pulian Company.
The TP-Link TL-WR886N /cloud_config/router_post/check_reg_verify_code has a stack overflow vulnerability