VARIoT IoT vulnerabilities database

An attacker in the wifi vicinity of a target Google Home can spy on the victim, resulting in Elevation of Privilege  . nest audio firmware, nest mini firmware, home mini firmware etc. Google There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

 In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a     possible way to access adb before SUW completion due to an insecure default     value. This could lead to local escalation of privilege with no additional     execution privileges needed. User interaction is not needed for     exploitation . Google of pixel watch There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Google Pixel Watch is a smart watch made by the American company Google. Google Pixel Watch privilege escalation vulnerability. This vulnerability is due to an unsafe default value flaw in the checkDebuggingDisabled function in DeviceVersionFragment.java. An attacker can use this vulnerability to obtain elevated privileges

Memory corruption in HLOS while running playready use-case. 315 5g iot modem firmware, 9205 lte modem firmware, 9206 lte modem Several Qualcomm products, such as firmware, contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Memory corruption in Audio during playback with speaker protection. 315 5g iot modem firmware, 9205 lte modem firmware, 9206 lte modem Several Qualcomm products, such as firmware, contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Memory corruption in Audio when memory map command is executed consecutively in ADSP. 315 5g iot modem firmware, 9206 lte modem firmware, APQ8017 Multiple Qualcomm products, such as firmware, contain vulnerabilities related to use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header. 315 5g iot modem firmware, 9206 lte modem firmware, APQ8017 Multiple Qualcomm products, including firmware, contain vulnerabilities related to infinite loops.Service operation interruption (DoS) It may be in a state

There is a possible information disclosure due to a missing permission check. This could lead to local information disclosure of health data with no additional execution privileges needed. Google of Android Exists in a vulnerability related to the lack of authentication.Information may be obtained. Google Pixel Watch is a smart watch made by the American company Google. Google Pixel Watch has an information disclosure vulnerability that allows attackers to obtain sensitive information

Beijing Xingwang Ruijie Network Technology Co., Ltd. EG2000GE is a router product. There is a command execution vulnerability in the EG2000GE of Beijing StarNet Ruijie Network Technology Co., Ltd. An attacker can use this vulnerability to gain control of the server.

Beijing Xingwang Ruijie Network Technology Co., Ltd. EG2000GE is a router product. There is a command execution vulnerability in the EG2000GE of Beijing StarNet Ruijie Network Technology Co., Ltd. An attacker can use this vulnerability to gain control of the server.

TOTOLINK X6000R v9.4.0cu.852_B20230719 was discovered to contain a remote command execution (RCE) vulnerability via the component /cgi-bin/cstecgi.cgi. TOTOLINK of x6000r The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK X6000R is a wireless router made by China Zeon Electronics (TOTOLINK) Company. The vulnerability is caused by the failure of the component /cgi-bin/cstecgi.cgi to correctly filter special characters, commands, etc. in the constructed command

Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass.This issue affects eWeLink before 5.2.0. CoolKit Technology multiple of OS for eWeLink Exists in unspecified vulnerabilities.Information may be obtained and information may be tampered with

Incorrect access control in TP-Link Tapo before v3.1.315 allows attackers to access user credentials in plaintext. TP-LINK Technologies of tapo Contains a vulnerability in the transmission of important information in clear text.Information may be obtained

Beijing Xingwang Ruijie Network Technology Co., Ltd. is a professional network manufacturer with a full range of network equipment product lines and solutions including switches, routers, software, security firewalls, wireless products, storage, etc. Ruijie EG2000UE has an information leakage vulnerability that allows attackers to obtain sensitive server information.

Arris DG860A and DG1670A devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. (They use the first 6 characters of the SSID and the last 6 characters of the BSSID, decrementing the last digit.)

Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formWifiMacFilterSet.

Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formSetUplinkInfo. Tenda W9 is a wireless in-wall access point from China's Tenda Company. This vulnerability is caused by the formSetUplinkInfo method failing to correctly verify the length of the input data. A remote attacker can use this vulnerability to execute arbitrary code on the system or cause a denial of Service attacks

Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formGetDiagnoseInfo .

Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formexeCommand .

Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formSetDiagnoseInfo .

Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formSetAutoPing.