VARIoT IoT vulnerabilities database

An Untrusted Pointer Dereference can occur while doing USB control transfers, if multiple requests of different standard request categories like device, interface & endpoint are made together. in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables. plural Qualcomm The product contains a buffer error vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Denial of service in WLAN module due to improper check of subtypes in logic where excessive frames are dropped in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music. plural Qualcomm The product contains unspecified vulnerabilities.Denial of service (DoS) It may be put into a state

A buffer overflow can occur when playing an MKV clip due to lack of input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables. plural Qualcomm The product contains a vulnerability related to out-of-bounds writing.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Improper access control when using mmap with the kgsl driver with a special offset value that can be provided to map the memstore of the GPU to user space in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables. plural Qualcomm The product contains unspecified vulnerabilities.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Before enqueuing a frame to the PE queue for further processing, an entry in a hash table can be deleted and using a stale version later can lead to use after free condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables. plural Qualcomm The product contains a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Possible buffer over read while processing P2P IE and NOA attribute of beacon and probe response frames due to improper validation of P2P IE and NOA attribute lengths in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking. plural Qualcomm The product contains an out-of-bounds read vulnerability.Information is obtained and denial of service (DoS) It may be put into a state

Possible buffer over-read while parsing quiet IE in Rx beacon frame due to improper check of IE length in received beacon in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking. plural Qualcomm The product contains an out-of-bounds read vulnerability.Information is obtained and denial of service (DoS) It may be put into a state

Possible memory corruption while processing EAPOL frames due to lack of validation of key length before using it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking. plural Qualcomm The product is vulnerable to integer overflow.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Stack overflow may occur if GSM/WCDMA broadcast config size received from user is larger than variable length array in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables. plural Qualcomm The product contains a vulnerability related to out-of-bounds writing.Information is obtained and denial of service (DoS) It may be put into a state

Out of bound write and read in TA while processing command from NS side due to improper length check on command and response buffers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music. plural Qualcomm The product contains input validation, out-of-bounds read, and out-of-bounds write vulnerabilities.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Possible buffer overflow while updating ikev2 parameters due to lack of check of input validation for certain parameters received from the ePDG server in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile. plural Qualcomm The product contains a vulnerability in array index validation.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Out of bound memory access while playing music playbacks with crafted vorbis content due to improper checks in header extraction in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking. plural Qualcomm The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Possible memory corruption and information leakage in sub-system due to lack of check for validity and boundary compliance for parameters that are read from shared MSG RAM in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking. plural Qualcomm The product contains a vulnerability related to input verification and a vulnerability related to out-of-bounds writing.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

User can overwrite Security Code NV item without knowing current SPC due to improper validation of SPC code setting and device lock in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables. plural Qualcomm The product contains unspecified vulnerabilities.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. Any SIM card used with the device cannot have a PIN configured. If a PIN is configured, the device simply produces a "Remove PIN and restart!" message, and cannot be used. This makes it easier for an attacker to use the SIM card by stealing the device. TK-Star Q90 Junior GPS horloge An unspecified vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. ------------------------------------------ [VulnerabilityType Other] recommendation to disable common security measures ------------------------------------------ [Vendor of Product] TK-star ------------------------------------------ [Affected Product Code Base] TK-Star Q90 Junior GPS horloge - 3.1042.9.8656 ------------------------------------------ [Affected Component] Sim card & PIN ------------------------------------------ [Attack Vectors] Local ------------------------------------------ [Has vendor confirmed or acknowledged the vulnerability?] true ------------------------------------------ [Discoverer] Dennis van Warmerdam, Jasper Nota, Jim Blankendaal ------------------------------------------ [Reference] https://www.tk-star.com Use CVE-2019-20473. With kind regards / Met vriendelijke groet, Willem Westerhof | Senior Security Specialist & Public speaker [Logo, company name Description automatically generated] Raising Your Cyber Resilience E: willem.westerhof@secura.com<mailto:willem.westerhof@secura.com> T: +31 6 488 594 22 W: secura.com<https://www.secura.com/> Follow us on: [signature_192587247]<https://www.linkedin.com/company/securabv/> [signature_493676802] <https://twitter.com/SecuraBV> [signature_235860830] <https://www.youtube.com/c/SecuraBV> [signature_4021970036]<https://www.secura.com/>

An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. When using the device at initial setup, a default password is used (123456) for administrative purposes. There is no prompt to change this password. Note that this password can be used in combination with CVE-2019-20470. TK-Star Q90 Junior GPS horloge A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. It performs actions based on certain SMS commands. This can be used to set up a voice communication channel from the watch to any telephone number, initiated by sending a specific SMS and using the default password, e.g., pw,<password>,call,<mobile_number> triggers an outbound call from the watch. ------------------------------------------ [VulnerabilityType Other] Remote audio connection without explicit approval ------------------------------------------ [Vendor of Product] TK-star ------------------------------------------ [Affected Product Code Base] TK-Star Q90 Junior GPS horloge - 3.1042.9.8656 ------------------------------------------ [Affected Component] Smartwatch ------------------------------------------ [Attack Type] Remote ------------------------------------------ [Impact Code execution] true ------------------------------------------ [Impact Information Disclosure] true ------------------------------------------ [Attack Vectors] An attacker needs to send an SMS to the device's mobile number. Knowledge of the mobile number is required before this vulnerability can be exploited. ------------------------------------------ [Has vendor confirmed or acknowledged the vulnerability?] true ------------------------------------------ [Discoverer] Dennis van Warmerdam, Jasper Nota, Jim Blankendaal ------------------------------------------ [Reference] https://www.tk-star.com Use CVE-2019-20470

An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It performs actions based on certain SMS commands. This can be used to set up a voice communication channel from the watch to any telephone number, initiated by sending a specific SMS and using the default password, e.g., pw,<password>,call,<mobile_number> triggers an outbound call from the watch. The password is sometimes available because of CVE-2019-20471. TK-Star Q90 Junior GPS horloge The device contains a vulnerability in initializing resources to insecure default values.Information may be obtained. When using the device at initial setup, a default password is used (123456) for administrative purposes. ------------------------------------------ [VulnerabilityType Other] Remote audio connection without explicit approval ------------------------------------------ [Vendor of Product] TK-star ------------------------------------------ [Affected Product Code Base] TK-Star Q90 Junior GPS horloge - 3.1042.9.8656 ------------------------------------------ [Affected Component] Smartwatch ------------------------------------------ [Attack Type] Remote ------------------------------------------ [Impact Code execution] true ------------------------------------------ [Impact Information Disclosure] true ------------------------------------------ [Attack Vectors] An attacker needs to send an SMS to the device's mobile number. Knowledge of the mobile number is required before this vulnerability can be exploited. ------------------------------------------ [Has vendor confirmed or acknowledged the vulnerability?] true ------------------------------------------ [Discoverer] Dennis van Warmerdam, Jasper Nota, Jim Blankendaal ------------------------------------------ [Reference] https://www.tk-star.com Use CVE-2019-20470

Out of bound in camera driver due to lack of check of validation of array index before copying into array in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables. plural Qualcomm The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

An issue was discovered in SeTracker2 for TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It has unnecessary permissions such as READ_EXTERNAL_STORAGE, WRITE_EXTERNAL_STORAGE, and READ_CONTACTS. TK-Star Q90 Junior GPS horloge For devices SeTracker2 Is vulnerable to incorrect default permissions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. ------------------------------------------ [Additional Information] The manifest of Q90 declares the use of permissions. However some of the declared functions are not required for proper functioning of the application. The following application permissions are not required: android.permission.SYSTEM_ALERT_WINDOW: Allows an app to create windows using the type WindowManager.LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.WRITE_EXTERNAL_STORAGE: Declaring these permissions for debugging purposes is common practice, but they should not be carried over to production releases of the app. android.permission.READ_EXTERNAL_STORAGE. android.permission.CHANGE_WIFI_STATE: Allows applications to change Wi-Fi connectivity state. android.permission.CHANGE_CONFIGURATION: Allows access to the list of accounts (including usernames) in the Accounts Service. android.permission.READ_CONTACTS: Allows an application to read the user's contacts data. android.permission.MANAGE_ACCOUNTS: The application can request create or access accounts stored locally in the AccountManager. android.permission.GET_ACCOUNTS: Allows access to the list of accounts (including usernames) in the Accounts Service. android.permission.BLUETOOTH: Allows applications to connect to paired bluetooth devices. android.permission.BLUETOOTH_ADMIN: Allows applications to discover and pair bluetooth devices. android.permission.GET_TASKS: Allows the app to retrieve information about currently and recently running tasks. This may allow the app to discover information about which applications are used on the device. The backup element (android:allowBackup) is manually set to true. The sheer amount of unnecessary permissions, with potential high security impact, (e.g. reading all contact information, retrieving usernames, passwords and other personal information stored on the device, changing system settings, connecting to other devices) provides the application with an unnecessarily large amount of sensitive information and (potential) control over older (API 16-22) mobile devices and raises numerous questions regarding the intentions behind this application. ------------------------------------------ [Vulnerability Type] Insecure Permissions ------------------------------------------ [Vendor of Product] TK-star ------------------------------------------ [Affected Product Code Base] TK-Star Q90 Junior GPS horloge - 3.1042.9.8656 ------------------------------------------ [Affected Component] Q90 SeTracker2 ------------------------------------------ [Attack Type] Local ------------------------------------------ [Impact Code execution] true ------------------------------------------ [Impact Information Disclosure] true ------------------------------------------ [CVE Impact Other] Excessive permissions can enable malicious behaviour. ------------------------------------------ [Attack Vectors] to exploit the vulnerability, the application code must be updated with malicious intent. ------------------------------------------ [Has vendor confirmed or acknowledged the vulnerability?] true ------------------------------------------ [Discoverer] Dennis van Warmerdam, Jasper Nota, Jim Blankendaal ------------------------------------------ [Reference] https://www.tk-star.com Use CVE-2019-20468

There is a buffer overflow vulnerability in Mate 30 10.1.0.126(C00E125R5P3). A module does not verify the some input when dealing with messages. Attackers can exploit this vulnerability by sending malicious input through specific module. This could cause buffer overflow, compromising normal service. Huawei Mate 30 is a smart phone of China's Huawei (Huawei) company. The vulnerability stems from the program not validating the input correctly