VARIoT IoT vulnerabilities database

Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials.   Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02. aspect-ent-2 firmware, aspect-ent-256 firmware, aspect-ent-96 firmware etc. ABB The product contains a vulnerability related to the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ABB ASPECT is a scalable building energy management and control solution from Swiss company ABB. Attackers can exploit this vulnerability to access the system

Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access.   Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02. aspect-ent-2 firmware, aspect-ent-256 firmware, aspect-ent-96 firmware etc. ABB The product contains a weak password requirement vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ABB ASPECT is a scalable building energy management and control solution from Swiss company ABB. An attacker can exploit this vulnerability to gain unauthorized administrator/application access

In emmc_rpmb_ioctl of emmc_rpmb.c, there is an Information Disclosure due to a Missing Bounds Check. This could lead to Information Disclosure of kernel data. Google of Android Exists in unspecified vulnerabilities.Information may be obtained. Google Pixel is a smartphone from Google Inc. There is a security vulnerability in Google Pixel. The vulnerability is caused by the lack of boundary check in emmc_rpmb_ioctl in emmc_rpmb.c, which may cause information leakage. No detailed vulnerability details are provided at present

In the MTK_FLP_MSG_HAL_DIAG_REPORT_DATA_NTF handler of flp2hal_- interface.c, there is a possible stack buffer overflow due to a missing bounds check. This could lead to local escalation of privilege in a privileged process with System execution privileges needed. User interaction is not needed for exploitation. Google of Android Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Google Pixel is a smartphone produced by Google Inc. The vulnerability is caused by the lack of boundary check in the MTK_FLP_MSG_HAL_DIAG_REPORT_DATA_NTF handler in flp2hal_interface.c

In multiple functions of gl_proc.c, there is a buffer overwrite due to a missing bounds check. This could lead to escalation of privileges in the kernel. Google of Android Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Google Pixel is a smartphone produced by Google in the United States. Attackers can exploit this vulnerability to cause privilege escalation

In /proc/driver/wmt_dbg driver, there are several possible out of bounds writes. These could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Google of Android Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Google Pixel is a smartphone produced by Google Inc. There is a security vulnerability in Google Pixel, which is caused by multiple possible out-of-bounds writes in the /proc/driver/wmt_dbg driver. No detailed vulnerability details are provided at this time

In WMT_unlocked_ioctl of MTK WMT device driver, there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Google of Android Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Google Pixel is a smartphone produced by Google in the United States. There is an out-of-bounds write vulnerability in Google Pixel

AiKuai flow control router is a router product of Quanxun Huiju Network Technology (Beijing) Co., Ltd. AiKuai flow control router of Quanxun Huiju Network Technology (Beijing) Co., Ltd. has an information leakage vulnerability, which can be exploited by attackers to obtain sensitive information.

AiKuai flow control router is a router product of Quanxun Huiju Network Technology (Beijing) Co., Ltd. AiKuai flow control router of Quanxun Huiju Network Technology (Beijing) Co., Ltd. has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the database.

A vulnerability was found in Netgear R6900 1.0.1.26_1.0.20. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file upgrade_check.cgi of the component HTTP Header Handler. The manipulation of the argument Content-Length leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. The vulnerability is caused by the parameter Content-Length of the file upgrade_check.cgi failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to cause a denial of service

Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (fromWizardHandle modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50. of AC6 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is due to insufficient length or boundary checking of input data, overwriting adjacent memory areas. Attackers can exploit this vulnerability to execute malicious code and gain control of the router, thereby threatening devices and network data connected to the router

Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (setDoubleL2tpConfig->guest_ip_check(overflow arg: mask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50. Shenzhen Tenda Technology Co.,Ltd. of AC6 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability stems from improper input processing in the guest_ip_check function of the setDoubleL2tpConfig module. No detailed vulnerability details are currently available

Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (setDoublePppoeConfig->guest_ip_check(overflow arg: mask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50. Shenzhen Tenda Technology Co.,Ltd. of AC6 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the guest_ip_check function in the setDoublePppoeConfig module not properly validating the input. No detailed vulnerability details are currently provided

Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (fromAdvSetLanip(overflow arg:lanMask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50. of AC6 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability stems from improper processing of the lanMask parameter in the fromAdvSetLanip module. No detailed vulnerability details are currently available

Use of implicit intent for sensitive communication in SmartThings prior to version 1.8.21 allows local attackers to get sensitive information. Samsung's SmartThings Exists in unspecified vulnerabilities.Information may be obtained

In OSUInfo of OSUInfo.java, there is a possible escalation of privilege due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Google of Android Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Google Pixel is a smartphone produced by Google in the United States. No detailed vulnerability details are currently available

In gattServerSendResponseNative of com_android_bluetooth_gatt.cpp, there is a possible out of bounds stack write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Google of Android Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Google Pixel is a smartphone produced by Google in the United States. There is an out-of-bounds write vulnerability in Google Pixel. The vulnerability is caused by the lack of boundary check in gattServerSendResponseNative of com_android_bluetooth_gatt.cpp. Attackers can exploit this vulnerability to elevate local privileges

In handle_notification_response of btif_rc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Google of Android Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Google Pixel is a smartphone produced by Google in the United States. There is a security vulnerability in Google Pixel. No detailed vulnerability details are provided at present

In gatts_process_read_by_type_req of gatt_sr.c, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Google of Android Exists in the use of uninitialized resources.Information may be obtained. Google Pixel is a smartphone produced by Google in the United States. There is a security vulnerability in Google Pixel. No detailed vulnerability details are provided at present

In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds write due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Google of Android Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Google Pixel is a smartphone produced by Google in the United States. There is a security vulnerability in Google Pixel. No detailed vulnerability details are provided at present