VARIoT IoT vulnerabilities database

There is a vulnerability of copying input buffer without checking its size in the video framework. Successful exploitation of this vulnerability may affect availability. Huawei of EMUI and Magic UI Exists in a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state

A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/check_reg_verify_code function which could let a remove malicious user execute arbitrary code via a crafted post request. TP-Link TL-WR886N is a wireless router from China Pulian Company. The TP-Link TL-WR886N /cloud_config/router_post/check_reg_verify_code has a stack overflow vulnerability

IBM DataPower Gateway V10CD, 10.0.1, and 2108.4.1 could allow a remote attacker to bypass security restrictions, caused by the improper validation of input. By sending a specially crafted JSON message, an attacker could exploit this vulnerability to modify structure and fields. IBM X-Force ID: 209824. Vendor exploits this vulnerability IBM X-Force ID: 209824 It is published as.Information may be tampered with

There is a vulnerability of memory not being released after effective lifetime in the Bastet module. Successful exploitation of this vulnerability may affect integrity. Huawei of EMUI , HarmonyOS , Magic UI Contains a vulnerability regarding the lack of free memory after expiration.Information may be tampered with

Information Exposure vulnerability in Galaxy Watch3 Plugin prior to version 2.2.09.22012751 allows attacker to access password information of connected WiFiAp in the log. Samsung's Android for Galaxy Watch3 The plugin contains an information disclosure vulnerability.Information may be obtained

Information Exposure vulnerability in Galaxy S3 Plugin prior to version 2.2.03.22012751 allows attacker to access password information of connected WiFiAp in the log. Samsung's Android for Galaxy Watch3 The plugin contains an information disclosure vulnerability.Information may be obtained

Improper authentication in Samsung Lock and mask apps setting prior to SMR Mar-2022 Release 1 allows attacker to change enable/disable without authentication. Google of Android There is an authentication vulnerability in.Information may be tampered with. The vulnerability is caused by the lack of authentication measures or insufficient authentication strength in the network system or product

Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard. Google of Android Products from other vendors have unspecified vulnerabilities.Information may be tampered with. The Samsung Setup wizard process is an installation wizard for Samsung mobile devices. An attacker can exploit this vulnerability to install before the security wizard is completed

An use after free vulnerability in sdp driver prior to SMR Mar-2022 Release 1 allows kernel crash. Google of Android Exists in a vulnerability related to the use of freed memory.Service operation interruption (DoS) It may be in a state. Samsung sdp driver is a digital presenter driver for Samsung mobile devices. There is a denial of service vulnerability in the Samsung sdp driver. The vulnerability results from the confusion of the program's instructions responsible for releasing memory. An attacker could exploit this vulnerability to cause a kernel crash

OOB read vulnerability in hdcp2 device node prior to SMR Mar-2022 Release 1 allow an attacker to view Kernel stack memory. Google of Android Exists in an out-of-bounds read vulnerability.Information may be obtained. Samsung hdcp2 is a system for Samsung mobile devices that protects output DVD content through HDMI to prevent copying. Samsung hdcp2 has an out-of-bounds read vulnerability, which results from a lack of proper validation of user-supplied data

An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised 2022.03 allows a DNS operator to gain knowledge about internal network resources via the hardcoded DNS resolver configuration. Home Assistant Exists in observable mismatch vulnerabilities.Information may be obtained

Security misconfiguration of RKP in kernel prior to SMR Mar-2022 Release 1 allows a system not to be protected by RKP. Google of Android Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Samsung RKP is a kernel protection mechanism for Samsung mobile devices. Samsung RKP has a security misconfiguration vulnerability. Attackers can exploit this vulnerability to affect the confidentiality, integrity, and availability of the system

Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. The same port exposes an unauthenticated Das U-Boot BIOS shell. k2 firmware, k3 firmware, k3c firmware etc. PHICOMM The product contains a vulnerability related to the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when an attacker is able to intercept and manipulate specific Modbus response data. Affected Product: EcoStruxure Process Expert (V2021 and prior), EcoStruxure Control Expert (V15.0 SP1 and prior)

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ecava IntegraXor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PCX files within the Inkscape component. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.

A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists that could cause remote code execution when an improperly handled TLS packet is reassembled. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior). Schneider Electric The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Schneider Electric APC Smart-UPS SMC Series, etc. are all products of the French Schneider Electric (Schneider Electric). The Schneider Electric APC Smart-UPS SMC Series is an entry-level UPS for single server, low-power networking, and point-of-sale (POS) devices. Schneider Electric APC Smart-UPS SMT Series is a line interactive power protection for servers, point of sale, routers, switches, hubs and other network equipment. Schneider Electric APC Smart-UPS SMX Series is an intelligent and efficient network power protection

Use of a hard-coded cryptographic key pair by the telnetd_startup service allows an attacker on the local area network to obtain a root shell on the device over telnet. The builds of telnetd_startup included in the version 22.5.9.163 of the K2 firmware, and version 32.1.15.93 of the K3C firmware (possibly amongst many other releases) included both the private and public RSA keys. The remaining versions cited here redacted the private key, but left the public key unchanged. An attacker in possession of the leaked private key may, through a scripted exchange of UDP packets, instruct telnetd_startup to spawn an unauthenticated telnet shell as root, by means of which they can then obtain complete control of the device. A consequence of the limited availablility of firmware images for testing is that models and versions not listed here may share this vulnerability. PHICOMM of k2 firmware and k3c A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malformed connection is sent. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior). Schneider Electric The product has Capture-replay An authentication bypass vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Schneider Electric APC Smart-UPS SMC Series, etc. are all products of the French Schneider Electric (Schneider Electric). The Schneider Electric APC Smart-UPS SMC Series is an entry-level UPS for single server, low-power networking, and point-of-sale (POS) devices. Schneider Electric APC Smart-UPS SMT Series is a line interactive power protection for servers, point of sale, routers, switches, hubs and other network equipment. Schneider Electric APC Smart-UPS SMX Series is an intelligent and efficient network power protection

The use of the RSA algorithm without OAEP, or any other padding scheme, in telnetd_startup, allows an unauthenticated attacker on the local area network to achieve a significant degree of control over the "plaintext" to which an arbitrary blob of ciphertext will be decrypted by OpenSSL's RSA_public_decrypt() function. This weakness allows the attacker to manipulate the various iterations of the telnetd startup state machine and eventually obtain a root shell on the device, by means of an exchange of crafted UDP packets. In all versions but K2 22.5.9.163 and K3C 32.1.15.93 a successful attack also requires the exploitation of a null-byte interaction error (CVE-2022-25219). k2 firmware, k3 firmware, k3c firmware etc. PHICOMM There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ecava IntegraXor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of EMF files within the Inkscape component. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.