VARIoT IoT vulnerabilities database

An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It performs actions based on certain SMS commands. This can be used to set up a voice communication channel from the watch to any telephone number, initiated by sending a specific SMS and using the default password, e.g., pw,<password>,call,<mobile_number> triggers an outbound call from the watch. The password is sometimes available because of CVE-2019-20471. TK-Star Q90 Junior GPS horloge The device contains a vulnerability in initializing resources to insecure default values.Information may be obtained. When using the device at initial setup, a default password is used (123456) for administrative purposes. ------------------------------------------ [VulnerabilityType Other] Remote audio connection without explicit approval ------------------------------------------ [Vendor of Product] TK-star ------------------------------------------ [Affected Product Code Base] TK-Star Q90 Junior GPS horloge - 3.1042.9.8656 ------------------------------------------ [Affected Component] Smartwatch ------------------------------------------ [Attack Type] Remote ------------------------------------------ [Impact Code execution] true ------------------------------------------ [Impact Information Disclosure] true ------------------------------------------ [Attack Vectors] An attacker needs to send an SMS to the device's mobile number. Knowledge of the mobile number is required before this vulnerability can be exploited. ------------------------------------------ [Has vendor confirmed or acknowledged the vulnerability?] true ------------------------------------------ [Discoverer] Dennis van Warmerdam, Jasper Nota, Jim Blankendaal ------------------------------------------ [Reference] https://www.tk-star.com Use CVE-2019-20470

Out of bound in camera driver due to lack of check of validation of array index before copying into array in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables. plural Qualcomm The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

An issue was discovered in SeTracker2 for TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It has unnecessary permissions such as READ_EXTERNAL_STORAGE, WRITE_EXTERNAL_STORAGE, and READ_CONTACTS. TK-Star Q90 Junior GPS horloge For devices SeTracker2 Is vulnerable to incorrect default permissions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. ------------------------------------------ [Additional Information] The manifest of Q90 declares the use of permissions. However some of the declared functions are not required for proper functioning of the application. The following application permissions are not required: android.permission.SYSTEM_ALERT_WINDOW: Allows an app to create windows using the type WindowManager.LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.WRITE_EXTERNAL_STORAGE: Declaring these permissions for debugging purposes is common practice, but they should not be carried over to production releases of the app. android.permission.READ_EXTERNAL_STORAGE. android.permission.CHANGE_WIFI_STATE: Allows applications to change Wi-Fi connectivity state. android.permission.CHANGE_CONFIGURATION: Allows access to the list of accounts (including usernames) in the Accounts Service. android.permission.READ_CONTACTS: Allows an application to read the user's contacts data. android.permission.MANAGE_ACCOUNTS: The application can request create or access accounts stored locally in the AccountManager. android.permission.GET_ACCOUNTS: Allows access to the list of accounts (including usernames) in the Accounts Service. android.permission.BLUETOOTH: Allows applications to connect to paired bluetooth devices. android.permission.BLUETOOTH_ADMIN: Allows applications to discover and pair bluetooth devices. android.permission.GET_TASKS: Allows the app to retrieve information about currently and recently running tasks. This may allow the app to discover information about which applications are used on the device. The backup element (android:allowBackup) is manually set to true. The sheer amount of unnecessary permissions, with potential high security impact, (e.g. reading all contact information, retrieving usernames, passwords and other personal information stored on the device, changing system settings, connecting to other devices) provides the application with an unnecessarily large amount of sensitive information and (potential) control over older (API 16-22) mobile devices and raises numerous questions regarding the intentions behind this application. ------------------------------------------ [Vulnerability Type] Insecure Permissions ------------------------------------------ [Vendor of Product] TK-star ------------------------------------------ [Affected Product Code Base] TK-Star Q90 Junior GPS horloge - 3.1042.9.8656 ------------------------------------------ [Affected Component] Q90 SeTracker2 ------------------------------------------ [Attack Type] Local ------------------------------------------ [Impact Code execution] true ------------------------------------------ [Impact Information Disclosure] true ------------------------------------------ [CVE Impact Other] Excessive permissions can enable malicious behaviour. ------------------------------------------ [Attack Vectors] to exploit the vulnerability, the application code must be updated with malicious intent. ------------------------------------------ [Has vendor confirmed or acknowledged the vulnerability?] true ------------------------------------------ [Discoverer] Dennis van Warmerdam, Jasper Nota, Jim Blankendaal ------------------------------------------ [Reference] https://www.tk-star.com Use CVE-2019-20468

There is a buffer overflow vulnerability in Mate 30 10.1.0.126(C00E125R5P3). A module does not verify the some input when dealing with messages. Attackers can exploit this vulnerability by sending malicious input through specific module. This could cause buffer overflow, compromising normal service. Huawei Mate 30 is a smart phone of China's Huawei (Huawei) company. The vulnerability stems from the program not validating the input correctly

There is an out-of-bound read vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module does not verify the some input. Attackers can exploit this vulnerability by sending malicious input through specific app. This could cause out-of-bound, compromising normal service. Taurus-AL00A Is vulnerable to an out-of-bounds read.Information is obtained and denial of service (DoS) It may be put into a state. Huawei Taurus-AL00A is a smartphone of China's Huawei (Huawei) company. The vulnerability stems from the program's failure to properly validate certain inputs. Attackers can use some apps to send malicious messages to the module to use this vulnerability to cause out-of-bounds and affect the normal use of the device

There is a pointer double free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). There is a lack of muti-thread protection when a function is called. Attackers can exploit this vulnerability by performing malicious operation to cause pointer double free. This may lead to module crash, compromising normal service. Huawei Taurus-AL00A is a smart phone of China's Huawei (Huawei) company. Huawei Taurus-AL00A 10.0.0.1 (C00E1R1P1) has security vulnerabilities. The vulnerability stems from the fact that the program does not set multi-thread reentrancy protection when calling a function

There is an out-of-bound read vulnerability in Mate 30 10.0.0.182(C00E180R6P2). A module does not verify the some input when dealing with messages. Attackers can exploit this vulnerability by sending malicious input through specific module. This could cause out-of-bound, compromising normal service. Mate 30 Is vulnerable to an out-of-bounds read.Denial of service (DoS) It may be put into a state. Huawei Mate 30 is a smart phone of China's Huawei (Huawei) company. The vulnerability stems from the program not validating the input correctly

There is a weak algorithm vulnerability in Mate 3010.0.0.203(C00E201R7P2). The protection is insufficient for the modules that should be protected. Local attackers can exploit this vulnerability to affect the integrity of certain module. Mate 30 Exists in unspecified vulnerabilities.Information may be tampered with. Huawei Mate 30 is a smart phone of China's Huawei (Huawei) company

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The Dropbear SSH daemon has been modified to accept an alternate hard-coded path to a public key that allows root access. This key is stored in a /rom location that cannot be modified by the device owner. Mofi Network MOFI4500-4GXeLTE is a wireless router of Mofi Network Company

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The poof.cgi script contains undocumented code that provides the ability to remotely reboot the device. An adversary with the private key (but not the root password) can remotely reboot the device. Mofi Network MOFI4500-4GXeLTE is a wireless router of Mofi Network Company

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. A format error in /etc/shadow, coupled with a logic bug in the LuCI - OpenWrt Configuration Interface framework, allows the undocumented system account mofidev to login to the cgi-bin/luci/quick/wizard management interface without a password by abusing a forgotten-password feature. Mofi Network MOFI4500-4GXeLTE is a wireless router of Mofi Network Company. Attackers can use the vulnerabilities to log in to the mofidev user with any password. After logging in, the root user's password can be modified

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The wireless network password is exposed in a QR encoded picture that an unauthenticated adversary can download via the web-management interface. Mofi Network MOFI4500-4GXeLTE is a wireless router of Mofi Network Company. Attackers can use this vulnerability to access /wifi.png to obtain the QR code of the Wi-Fi password

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They can be rebooted by sending an unauthenticated poof.cgi HTTP GET request. Mofi Network MOFI4500-4GXeLTE is a wireless router of Mofi Network Company. Attackers can use this vulnerability to access /cgi-bin/poof.cgi to remotely restart the device

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. The one-time password algorithm for the undocumented system account mofidev generates a predictable six-digit password. Mofi Network MOFI4500-4GXeLTE is a wireless router of Mofi Network Company. Attackers can use this vulnerability to know its generation algorithm through firmware reverse engineering, and directly calculate a one-time password based on the PIN code

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They contain two undocumented administrator accounts. The sftp and mofidev accounts are defined in /etc/passwd and the password is not unique across installations. Mofi Network MOFI4500-4GXeLTE is a wireless router of Mofi Network Company. No detailed vulnerability details are currently provided

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function contains undocumented code that provides the ability to authenticate as root without knowing the actual root password. An adversary with the private key can remotely authenticate to the management interface as root. Mofi Network MOFI4500-4GXeLTE is a wireless router of Mofi Network Company

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. Authentication is not required to download the support file that contains sensitive information such as cleartext credentials and password hashes. Mofi Network MOFI4500-4GXeLTE is a wireless router of Mofi Network Company. Attackers can use this leak to gain unauthorized access to /systemlog.tar.gz to obtain information such as /etc/shadow and plaintext Wi-Fi credentials

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function passes untrusted data to the operating system without proper sanitization. A crafted request can be sent to execute arbitrary commands as root. Mofi Network MOFI4500-4GXeLTE is a wireless router of Mofi Network Company. No detailed vulnerability details are currently provided

Bohan Weiye (Beijing) Technology Co., Ltd. is a comprehensive solution provider for mobile Internet of Things. Bohan Weiye (Beijing) Technology Co., Ltd. has logic flaws and loopholes in the community arterial property management integrated management and control cloud service platform. Attackers can use vulnerabilities to log in to the system to gain administrator rights and perform unauthorized operations.

A TOCTOU vulnerability exists in madCodeHook before 2020-07-16 that allows local attackers to elevate their privileges to SYSTEM. This occurs because path redirection can occur via vectors involving directory junctions. Madshi MadCodeHook is a code library organized by Madshi to handle code compatibility between 32-bit and 64-bit Windows 2000 to Windows 10 systems