VARIoT IoT vulnerabilities database

There is a vulnerability of copying input buffer without checking its size in the video framework. Successful exploitation of this vulnerability may affect availability. Huawei of EMUI and Magic UI Exists in a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state

There is a vulnerability of accessing resources using an incompatible type (type confusion) in the Bastet module. Successful exploitation of this vulnerability may affect integrity. Huawei of EMUI , HarmonyOS , Magic UI contains a type confusion vulnerability.Information may be tampered with

A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code. mi of ax3600 Firmware contains insufficient validation of data authenticity.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Xiaomi router AX3600 is a router from the Chinese company Xiaomi

A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code. mi of ax3600 Firmware contains insufficient validation of data authenticity.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Xiaomi router AX3600 is a router from the Chinese company Xiaomi

IBM DataPower Gateway V10CD, 10.0.1, and 2108.4.1 could allow a remote attacker to bypass security restrictions, caused by the improper validation of input. By sending a specially crafted JSON message, an attacker could exploit this vulnerability to modify structure and fields. IBM X-Force ID: 209824. Vendor exploits this vulnerability IBM X-Force ID: 209824 It is published as.Information may be tampered with

There is a heap-based buffer overflow vulnerability in system components. Successful exploitation of this vulnerability may affect system stability. Huawei of EMUI , HarmonyOS , Magic UI Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter. Tenda AX1806 is a WiFi6 wireless router from China Tenda company

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsUser parameter. Tenda AX1806 is a WiFi6 wireless router from Tenda, China

A Buffer Overflow vulnerabiltiy exists in TP-LINK WR-886N 20190826 2.3.8 in thee /cloud_config/router_post/login feature, which allows malicious users to execute arbitrary code on the system via a crafted post request. TP-Link TL-WR886N is a wireless router from China Pulian Company. A buffer overflow vulnerability exists in TP-Link TL-WR886N 20190826 2.3.8. The vulnerability arises from incorrect validation of data boundaries when performing operations on memory in the /cloud_config/router_post/login function, which could be exploited by an authenticated attacker

PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. Google of Android Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Samsung Weather application is an application for Samsung mobile devices to obtain weather forecast information. The vulnerability stems from the unauthorized access in the Samsung Weather application

A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This vulnerability is caused by a logical error when parsing a HTTP/2 HEADERS or HTTP/2 PUSH_PROMISE frame where the frame contains padding information without any other data. This logical error caused confusion about the size of the frame, leading to a parsing error. This parsing error immediately crashes the entire process. Sending a HEADERS frame or PUSH_PROMISE frame with HTTP/2 padding information does not require any special permission, so any HTTP/2 connection peer may send such a frame. For clients, this means any server to which they connect may launch this attack. For servers, anyone they allow to connect to them may launch such an attack. The attack is low-effort: it takes very little resources to send an appropriately crafted frame. The impact on availability is high: receiving the frame immediately crashes the server, dropping all in-flight connections and causing the service to need to restart. It is straightforward for an attacker to repeatedly send appropriately crafted frames, so attackers require very few resources to achieve a substantial denial of service. The attack does not have any confidentiality or integrity risks in and of itself: swift-nio-http2 is parsing the frame in memory-safe code, so the crash is safe. However, sudden process crashes can lead to violations of invariants in services, so it is possible that this attack can be used to trigger an error condition that has confidentiality or integrity risks. The risk can be mitigated if untrusted peers can be prevented from communicating with the service. This mitigation is not available to many services. The issue is fixed by rewriting the parsing code to correctly handle the condition. The issue was found by automated fuzzing by oss-fuzz. swift-nio-http2 Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsEn parameter. Tenda AX1806 is a WiFi6 wireless router from Tenda, China

There is an incorrect buffer size calculation vulnerability in the video framework. Successful exploitation of this vulnerability will affect availability. Huawei of EMUI , HarmonyOS , Magic UI contains a buffer size miscalculation vulnerability.Service operation interruption (DoS) It may be in a state

There is a permission control vulnerability in the PMS module. Successful exploitation of this vulnerability can lead to sensitive system information being obtained without authorization. Huawei of EMUI , HarmonyOS , Magic UI There is a vulnerability in improper default permissions.Information may be obtained

There is a man-in-the-middle attack vulnerability during system update download in recovery mode. Successful exploitation of this vulnerability may affect integrity. Huawei of EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Information may be tampered with

A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/upgrade_info feature, which allows malicious users to execute arbitrary code on the system via a crafted post request. TP-Link TL-WR886N is a wireless router from China Pulian Company. A buffer overflow vulnerability exists in TP-Link TL-WR886N 20190826 version 2.3.8

A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/check_reg_verify_code function which could let a remove malicious user execute arbitrary code via a crafted post request. TP-Link TL-WR886N is a wireless router from China Pulian Company. The TP-Link TL-WR886N /cloud_config/router_post/check_reg_verify_code has a stack overflow vulnerability

Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter. Shenzhen Tenda Technology Co.,Ltd. of AX3 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda Ax3 is an Ax1800 Gigabit port dual-band Wifi 6 wireless router from Tenda, China

There is a heap-based buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability. Huawei of EMUI and Magic UI Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state

A Buffer Overflow vulnerabilitiy exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/register feature, which allows malicious users to execute arbitrary code on the system via a crafted post request. TP-LINK TL-WR886N is a router from China Tp-link company. A buffer overflow vulnerability exists in TP-LINK TL-WR886N 20190826 version 2.3.8. The vulnerability arises from incorrect validation of data boundaries when performing operations on memory in the /cloud_config/router_post/register function