VARIoT IoT vulnerabilities database

There is a Key Management Errors Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality,availability and integrity. A Huawei phone is a Huawei smartphone from the Chinese Huawei (Huawei) company

There is an Improper Validation of Array Index Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause stability risks. A Huawei phone is a Huawei smartphone from the Chinese Huawei (Huawei) company. There is a security vulnerability in Huawei smartphones

There is a Defects Introduced in the Design Process Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service integrity and availability. A Huawei phone is a Huawei smartphone from the Chinese Huawei (Huawei) company. There is a security vulnerability in Huawei smartphones

There is a Security Features Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality. A Huawei phone is a Huawei smartphone from the Chinese Huawei (Huawei) company

There is an Improper Permission Management Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality. A Huawei phone is a Huawei smartphone from the Chinese Huawei (Huawei) company. Huawei smartphones have security flaws

There is a Credentials Management Errors Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality. A Huawei phone is a Huawei smartphone from the Chinese Huawei (Huawei) company

There is a Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability in Huawei Smartphone. Successful exploitation of these vulnerabilities may escalate the permission to that of the root user. A Huawei phone is a Huawei smartphone from the Chinese Huawei (Huawei) company. Huawei smartphones have security flaws

There is a Permission Control Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect normal use of the device. A Huawei phone is a Huawei smartphone from the Chinese Huawei (Huawei) company. There are security vulnerabilities in several Huawei SmartPhone, which stems from the lack of effective permissions and access control measures in the products. The following products and versions are affected: EMUI 10.1.1, Magic UI 3.1.1

There is a Key Management Errors Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may lead to authentication bypass. A Huawei phone is a Huawei smartphone from the Chinese Huawei (Huawei) company. The following products and versions are affected: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0 Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

There exists an unauthenticated BLE Interface in Sloan SmartFaucets including Optima EAF, Optima ETF/EBF, BASYS EFX, and Flushometers including SOLIS. The vulnerability allows for unauthenticated kinetic effects and information disclosure on the faucets. It is possible to use the Bluetooth Low Energy (BLE) connectivity to read and write to many BLE characteristics on the device. Some of these control the flow of water, the sensitivity of the sensors, and information about maintenance. plural Sloan SmartFaucet The product contains an authentication vulnerability.Information may be obtained and information may be tampered with

Shenzhen Meikexing Communication Technology Co., Ltd. (hereinafter referred to as MERCURY) was established in 2001. Its business scope includes: general business items are: computer wireless local area network products, computer software and hardware, communication equipment, electronic products, network security equipment technology development, etc. . MERCURY D121G, MW310R, M6G, and D196G have a denial of service vulnerability. Attackers can use this vulnerability to cause a denial of service.

There has a license management vulnerability in some Huawei products. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper license management of the device, as a result, the license file can be applied and affect integrity of the device. Affected product versions include:S12700 V200R007C01,V200R007C01B102,V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S1700 V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S2700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S5700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10,V200R011C10SPC100;S6700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10,V200R011C10SPC100;S7700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S9700 V200R007C01,V200R007C01B102,V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10. plural Huawei The product contains unspecified vulnerabilities.Information may be tampered with. Huawei S12700, etc. are all enterprise-class switch products of China's Huawei (Huawei) company

There is an XXE injection vulnerability in eCNS280 V100R005C00 and V100R005C10. A module does not perform the strict operation to the input XML message. Attacker can send specific message to exploit this vulnerability, leading to the module denial of service. Huawei eCNS280 is the core network equipment of China's Huawei (Huawei) wireless broadband trunking system. In addition to providing the network functions of the traditional core network, it also provides capacity configuration for each network element according to the actual application by virtualizing the network element functions and sharing standardized hardware resources among multiple network elements, which improves the efficiency of network expansion and reduction. Business online efficiency There is a security vulnerability in eCNS280

Tiandi Weiye Technology Co., Ltd. (TIANDY) is an Internet of Things enterprise focusing on the development, production and sales of video surveillance products. Tiandiweiye Easy7 video surveillance platform has an information disclosure vulnerability, which can be exploited by attackers to obtain sensitive information.

Shenzhen Xunjie Communication Technology Co., Ltd. (hereinafter referred to as FAST) is a provider of user-end network and communication technology and equipment in China. Founded in 2002, headquartered in Shenzhen High-tech Industrial Zone. It is a high-tech enterprise with a complete independent research and development, manufacturing and marketing system. FAST FAC1203R, FR100P-AC, FAC1900R, and FAC1200R have a denial of service vulnerability. Attackers can use this vulnerability to cause a denial of service.

Shenzhen Xunjie Communication Technology Co., Ltd. (hereinafter referred to as FAST) is a provider of user-end network and communication technology and equipment in China. Founded in 2002, headquartered in Shenzhen High-tech Industrial Zone. It is a high-tech enterprise with a complete independent research and development, manufacturing and marketing system. FAST FWB201S, FWB505, FAC1203R, and FWB200 have a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service.

Shenzhen Meikexing Communication Technology Co., Ltd. (hereinafter referred to as MERCURY) was established in 2001, with a well-known independent brand "MERCURY (Mercury)", focusing on providing excellent products and solutions in the field of network communications and security monitoring. MERCURY M6G, D196G, D12A, and D121G have binary vulnerabilities, which can be exploited by attackers to cause denial of service.

Shenzhen Xunjie Communication Technology Co., Ltd. (hereinafter referred to as FAST) is a provider of user-end network and communication technology and equipment in China. Founded in 2002, headquartered in Shenzhen High-tech Industrial Zone. It is a high-tech enterprise with a complete independent research and development, manufacturing and marketing system. FAST FWB201S, FWB505, FAC1203R, and FWB200 have a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service.

TP-Link TL-WDR5620 is an intelligent router. TP-Link TL-WDR5650 is a dual-band wireless router. TP-LINK TL-WR842N is a wireless router. TP-link TL-WDR7660, TL-WDR7620, TL-WDR7661, TL-WDR7650 and TL-R470P-AC are all gigabit routers. TP-link TL-WA933RE is a wireless extender for mobile phones. Many TPLINK routers have stack overflow vulnerabilities. Attackers can use the vulnerability to cause stack buffer overflow.

Shenzhen Meikexing Communication Technology Co., Ltd. (hereinafter referred to as MERCURY) was established in 2001. Its business scope includes: general business items are: computer wireless local area network products, computer software and hardware, communication equipment, electronic products, network security equipment technology development, etc. . MERCURY M6G, D196G, MW310RE, MIAP1200GP have a denial of service vulnerability. Attackers can use this vulnerability to cause a denial of service.