VARIoT IoT vulnerabilities database

NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of authentication prior to allowing access to system configuration information. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-13708

NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. When parsing the strings file, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13709. DC112A firmware, EX3700 firmware, EX3800 Multiple Netgear products, including firmware, contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.78_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setupwizard.cgi page. When parsing the SOAP_LOGIN_TOKEN environment variable, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14107. Zero Day Initiative To this vulnerability ZDI-CAN-14107 Was numbering.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR R6260 is a router from Netgear. A hardware device that connects two or more networks and acts as a gateway between the networks

There is an Out-of-bounds read vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service availability. Huawei Smartphones contain an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state. Huawei Smartphone is a smartphone of China's Huawei (Huawei) company. A buffer overflow vulnerability exists in many Huawei devices, which is caused by an out-of-bounds read error in the product

There is an Unauthorized file access vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups. Huawei Smartphones contain a link interpretation vulnerability.Information may be tampered with. Huawei Smartphone is a smartphone of China's Huawei (Huawei) company. There is an authorization issue vulnerability in many Huawei devices

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.78_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. When parsing the SOAPAction header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13512. NETGEAR R6260 Routers contain a classic buffer overflow vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-13512 Was numbering.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR R6260 is a router device

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.78_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setupwizard.cgi page. A crafted SOAP request can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13511. Zero Day Initiative To this vulnerability ZDI-CAN-13511 Was numbering.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7000 1.0.11.116_10.2.100 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SOAP requests. The issue results from the lack of proper authentication verification before performing a password reset. An attacker can leverage this vulnerability to reset the admin password. Was ZDI-CAN-13483. Zero Day Initiative To this vulnerability ZDI-CAN-13483 Was numbering.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

There is a DoS vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause DoS attacks. Huawei Smartphones have unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state

A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to cause out-of-bounds write

There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. Huawei Smartphones have unspecified vulnerabilities.Information may be obtained

There is an Authentication vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. Huawei Smartphones have an authentication vulnerability.Information may be obtained

There is an Out-of-bounds memory access in Huawei Smartphone.Successful exploitation of this vulnerability may cause process exceptions. Huawei Smartphones contain an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

There is an Improper permission management vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. Huawei Smartphones are vulnerable to improper default permissions.Information may be obtained

There is a Verification errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. Huawei Smartphones have unspecified vulnerabilities.Information may be obtained

There is an Uninitialized variable vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause transmission of invalid data. Huawei Smartphones contain a resource initialization vulnerability.Information may be tampered with

There is a issue of IP address spoofing in Huawei Smartphone. Successful exploitation of this vulnerability may cause DoS. Huawei Smartphones have unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state

There is a SSID vulnerability with Wi-Fi network connections in Huawei devices.Successful exploitation of this vulnerability may affect service confidentiality. Huawei There is an unspecified vulnerability in the device.Information may be obtained

There is a issue of Unstandardized field names in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality. Huawei Smartphones have unspecified vulnerabilities.Information may be obtained

There is a Permission verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect the device performance. Huawei Smartphones have an authentication vulnerability.Service operation interruption (DoS) It may be in a state