VARIoT IoT vulnerabilities database

There is a Privilege escalation vulnerability with the file system component in Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. Huawei EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Information may be obtained. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. Huawei HarmonyOS has security vulnerabilities

A insufficiently protected credentials in Fortinet FortiSDNConnector version 1.1.7 and below allows attacker to disclose third-party devices credential information via configuration page lookup

An improper neutralization of input vulnerability [CWE-79] in FortiWebManager versions 6.2.3 and below, 6.0.2 and below may allow a remote authenticated attacker to inject malicious script/tags via the name/description/comments parameter of various sections of the device

An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0.0 and 6.4.6 and below may allow an authenticated attacker to read the FortiCloud credentials which were used to activate the trial license in cleartext

An improper neutralization of input vulnerability [CWE-79] in FortiAnalyzer versions 6.4.3 and below, 6.2.7 and below and 6.0.10 and below may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the column settings of Logview in FortiAnalyzer, should the attacker be able to obtain that POST request, via other, hypothetical attacks

A stack-based buffer overflow vulnerability (CWE-121) in the profile parser of FortiSandbox version 3.2.2 and below, version 3.1.4 and below may allow an authenticated attacker to potentially execute unauthorized code or commands via specifically crafted HTTP requests. fortinet's FortiSandbox contains vulnerabilities related to security checks and out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

The web server is vulnerable to reflected XSS and therefore an attacker might be able to execute scripts on a client’s computer by sending the client a manipulated URL. Bosch Rexroth IndraMotion Mlc is a new type of equipment that combines motion and logic control, as well as robot control. Bosch Rexroth IndraMotion Mlc has a cross-site scripting vulnerability, which stems from the lack of correct verification of client data in the WEB application. An attacker can use this vulnerability to execute client code

Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication. Additionally, device details are exposed which include the serial number and the firmware version by another unprotected web server resource. Bosch Rexroth IndraMotion Mlc is a new type of equipment that combines motion and logic control, as well as robot control. Bosch Rexroth IndraMotion Mlc has a security vulnerability. The vulnerability is caused by the incorrect use of related cryptographic algorithms in network systems or products. Attackers can use the vulnerability to cause the content to be incorrectly encrypted, weakly encrypted, and sensitive information stored in plain text

The user and password data base is exposed by an unprotected web server resource. Passwords are hashed with a weak hashing algorithm and therefore allow an attacker to determine the password by using rainbow tables. Robert Bosch GmbH of rexroth indramotion xlc firmware and rexroth indramotion mlc The firmware has a cryptographic strength vulnerability.Information may be obtained. Bosch Rexroth IndraMotion Mlc is a new type of equipment that combines motion and logic control, as well as robot control. Bosch Rexroth IndraMotion Mlc has a security vulnerability. The vulnerability is caused by the incorrect use of related cryptographic algorithms in network systems or products. Attackers can use the vulnerability to cause the content to be incorrectly encrypted, weakly encrypted, and sensitive information stored in plain text

TOTOLINK N600R is a wireless router. Zeon Electronics (Shenzhen) Co., Ltd. TOTOLINK N600R has a logic flaw vulnerability, which can be exploited by attackers to obtain sensitive information.

Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password. Combined with CVE-2021-23858, this allows an attacker to subsequently login to the system. Bosch Rexroth IndraMotion Mlc is a new type of equipment that combines motion and logic control, as well as robot control. Bosch Rexroth IndraMotion Mlc has a security vulnerability. The vulnerability is caused by the incorrect use of related cryptographic algorithms in network systems or products. Attackers can use the vulnerability to cause the content to be incorrectly encrypted, weakly encrypted, and sensitive information stored in plain text

Wire-server is the backing server for the open source wire secure messaging application. In affected versions it is possible to trigger email address change of a user with only the short-lived session token in the `Authorization` header. As the short-lived token is only meant as means of authentication by the client for less critical requests to the backend, the ability to change the email address with a short-lived token constitutes a privilege escalation attack. Since the attacker can change the password after setting the email address to one that they control, changing the email address can result in an account takeover by the attacker. Short-lived tokens can be requested from the backend by Wire clients using the long lived tokens, after which the long lived tokens can be stored securely, for example on the devices key chain. The short lived tokens can then be used to authenticate the client towards the backend for frequently performed actions such as sending and receiving messages. While short-lived tokens should not be available to an attacker per-se, they are used more often and in the shape of an HTTP header, increasing the risk of exposure to an attacker relative to the long-lived tokens, which are stored and transmitted in cookies. If you are running an on-prem instance and provision all users with SCIM, you are not affected by this issue (changing email is blocked for SCIM users). SAML single-sign-on is unaffected by this issue, and behaves identically before and after this update. The reason is that the email address used as SAML NameID is stored in a different location in the databse from the one used to contact the user outside wire. Version 2021-08-16 and later provide a new end-point that requires both the long-lived client cookie and `Authorization` header. The old end-point has been removed. If you are running an on-prem instance with at least some of the users invited or provisioned via SAML SSO and you cannot update then you can block `/self/email` on nginz (or in any other proxies or firewalls you may have set up). You don't need to discriminate by verb: `/self/email` only accepts `PUT` and `DELETE`, and `DELETE` is almost never used. Wire-server contains a session expiration vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Possible buffer over read due to lack of data length check in QVR Service configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables. plural Qualcomm The product contains an out-of-bounds read vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state. The Qualcomm chip is a chip from Qualcomm Corporation of the United States. A way of miniaturizing circuits (mainly semiconductor devices, but also passive components, etc.) and often fabricated on the surface of a semiconductor wafer. A buffer overflow vulnerability exists in several Qualcomm Snapdragon products. The vulnerability stems from the fact that the QVR Service configuration in the program does not properly verify the incoming buffer length, and attackers can exploit this vulnerability to cause excessive reading of the buffer

The Bitcoin / AltCoin Payment Gateway for WooCommerce WordPress plugin before 1.6.1 does not escape the 's' GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scripting issue

Forcepoint NGFW Engine versions 6.5.11 and earlier, 6.8.6 and earlier, and 6.10.0 are vulnerable to TCP reflected amplification vulnerability, if HTTP User Response has been configured. Forcepoint LLC. of Next Generation Firewall (NGFW) Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state

Null pointer dereference can occur due to memory allocation failure in DIAG in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Wearables. plural Qualcomm The product has NULL There is a vulnerability in pointer dereference.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Possible memory corruption due to lack of bound check of input index in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables. plural Qualcomm The product contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Possible buffer over read due to improper validation of frame length while processing AEAD decryption during ASSOC response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music. plural Qualcomm The product contains an out-of-bounds read vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state

Possible buffer overflow due to improper handling of negative data length while processing write request in VR service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables. plural Qualcomm The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Possible stack overflow due to improper validation of camera name length before copying the name in VR Service in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT. plural Qualcomm The product contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state