VARIoT IoT vulnerabilities database
| VAR-202104-0203 | CVE-2020-29610 | Apple macOS AudioToolboxCore MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted audio file may disclose restricted memory. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the AudioToolboxCore module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers.
The specific flaw exists within the AudioToolboxCore module
| VAR-202103-1772 | No CVE | H3C-ER3200 router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
ER3200 is a high-performance router launched by H3C. It is mainly positioned in the SMB market for Ethernet/optical/ADSL access and network environments such as governments, corporate institutions, and Internet cafes.
The H3C-ER3200 router has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202103-1333 | CVE-2021-25160 | Aruba Instant Access Point Vulnerability in |
CVSS V2: 4.0 CVSS V3: 4.9 Severity: Medium |
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Pillow is a Python-based image processing library.
There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
| VAR-202103-0194 | CVE-2020-25218 | Grandstream GRP261x VoIP phone Authentication vulnerabilities in |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allow Authentication Bypass in its administrative web interface. Grandstream GRP261x VoIP phone Contains an authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Grandstream GRP261x VoIP phone is an IP phone of American Grandstream company. Carrier-grade IP phones designed for large-scale deployment. No detailed vulnerability details are currently provided
| VAR-202103-0193 | CVE-2020-25217 | Grandstream GRP261x VoIP phone Command injection vulnerability |
CVSS V2: 9.0 CVSS V3: 7.2 Severity: HIGH |
Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allows Command Injection as root in its administrative web interface. Grandstream GRP261x VoIP phone is an IP phone of American Grandstream company. Carrier-grade IP phones designed for large-scale deployment. No detailed vulnerability details are currently provided
| VAR-202103-0737 | CVE-2021-21727 | ZXHN F623 firmware Vulnerability in |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
A ZTE product has a DoS vulnerability. A remote attacker can amplify traffic by sending carefully constructed IPv6 packets to the affected devices, which eventually leads to device denial of service. This affects:<ZXHN F623><All versions up to V6.0.0P3T33>. ZXHN F623 firmware Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state
| VAR-202103-0137 | CVE-2020-19641 | INSMA Wifi Mini Spy 1080P HD Security IP Camera Vulnerability in privilege management |
CVSS V2: 6.5 CVSS V3: 8.8 Severity: HIGH |
An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. Authenticated attackers with the "Operator" Privilege can gain admin privileges via a crafted request to '/goform/formUserMng'
| VAR-202103-0138 | CVE-2020-19642 | INSMA Wifi Mini Spy 1080P HD Security IP Camera Vulnerability in unlimited upload of dangerous types of files in |
CVSS V2: 4.6 CVSS V3: 6.2 Severity: MEDIUM |
An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. A local attacker can execute arbitrary code via editing the 'recdata.db' file to call a specially crafted GoAhead ASP-file on the SD card
| VAR-202103-0139 | CVE-2020-19643 | INSMA Wifi Mini Spy 1080P HD Security IP Camera cross-site scripting vulnerability |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
Cross Site Scripting (XSS) vulnerability in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B via all fields in the FTP settings page to the "goform/formSetFtpCfg" settings page. No detailed vulnerability details are currently provided
| VAR-202103-0136 | CVE-2020-19640 | INSMA Wifi Mini Spy 1080P HD Security IP Camera Vulnerability in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. An unauthenticated attacker can reboot the device causing a Denial of Service, via a hidden reboot command to '/media/?action=cmd'
| VAR-202103-1347 | CVE-2021-25159 | Aruba Instant Access Point Vulnerability in |
CVSS V2: 8.5 CVSS V3: 6.5 Severity: Medium |
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Aruba Instant Access Point (IAP) Contains an unspecified vulnerability.Information is tampered with and denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library.
There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
| VAR-202103-1334 | CVE-2021-25161 | Aruba Instant Access Point Cross-site Scripting Vulnerability |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: Medium |
A remote cross-site scripting (xss) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Pillow is a Python-based image processing library.
There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
| VAR-202103-0053 | CVE-2019-5317 | Aruba Instant Access Point Authentication vulnerabilities in |
CVSS V2: 4.6 CVSS V3: 6.8 Severity: Medium |
A local authentication bypass vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.15 and below; Aruba Instant 8.3.x: 8.3.0.11 and below; Aruba Instant 8.4.x: 8.4.0.5 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Aruba Instant Access Point (IAP) Contains an authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library.
There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
| VAR-202103-0054 | CVE-2019-5319 | Aruba Instant Access Point Buffer Overflow Vulnerability in Linux |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: Critical |
A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Aruba Instant Access Point (IAP) Contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library.
There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
| VAR-202103-1341 | CVE-2021-25149 | Aruba Instant Access Point Buffer Overflow Vulnerability in Linux |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: Critical |
A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Aruba Instant Access Point (IAP) Contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library.
There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
| VAR-202103-1340 | CVE-2021-25148 | Aruba Instant Access Point Vulnerability in |
CVSS V2: 8.5 CVSS V3: 8.1 Severity: High |
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Aruba Instant Access Point (IAP) Contains an unspecified vulnerability.Information is tampered with and denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library.
There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
| VAR-202103-1336 | CVE-2021-25143 | Aruba Instant Vulnerability in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A remote denial of service (dos) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.9 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Pillow is a Python-based image processing library.
There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
| VAR-202103-1344 | CVE-2021-25156 | Aruba Instant Access Point Vulnerability in |
CVSS V2: 4.0 CVSS V3: 4.9 Severity: Medium |
A remote arbitrary directory create vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Pillow is a Python-based image processing library.
There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
| VAR-202103-1345 | CVE-2021-25157 | Aruba Instant Access Point Vulnerability in |
CVSS V2: 4.0 CVSS V3: 4.9 Severity: Medium |
A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Pillow is a Python-based image processing library.
There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
| VAR-202103-1338 | CVE-2021-25145 | Aruba Instant Access Point Vulnerability in |
CVSS V2: 3.3 CVSS V3: 6.5 Severity: Medium |
A remote unauthorized disclosure of information vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Pillow is a Python-based image processing library.
There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements