splashsc/IOT_Vulnerability_Discovery

GitHub

github.com

Unavailable

This project is no longer available (or publicly accessible) from GitHub

Releases0

splash's iot vul

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-45005 ↗	Dec 13, 2022Tuesday, 13 December 2022, 19:15	9.8 CRITICAL	—
IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injection vulnerability in the cmd_get_ping_output function.
CVE-2022-43367 ↗	Oct 27, 2022Thursday, 27 October 2022, 18:15	9.8 CRITICAL	—
IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injection vulnerability in the formSetDebugCfg function.
CVE-2022-43366 ↗	Oct 27, 2022Thursday, 27 October 2022, 18:15	7.5 HIGH	—
IP-COM EW9 V15.11.0.14(9732) allows unauthenticated attackers to access sensitive information via the checkLoginUser, ate, telnet, version, setDebugCfg, and boot interfaces.
CVE-2022-43365 ↗	Oct 27, 2022Thursday, 27 October 2022, 18:15	7.5 HIGH	—
IP-COM EW9 V15.11.0.14(9732) was discovered to contain a buffer overflow in the formSetDebugCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.
CVE-2022-43364 ↗	Oct 27, 2022Thursday, 27 October 2022, 18:15	7.5 HIGH	—
An access control issue in the password reset page of IP-COM EW9 V15.11.0.14(9732) allows unauthenticated attackers to arbitrarily change the admin password.
CVE-2022-41489 ↗	Oct 13, 2022Thursday, 13 October 2022, 14:15	8.1 HIGH	—
WAYOS LQ_09 22.03.17V was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to send crafted requests to the server from the affected device. This vulnerability is exploitable due to a lack of authentication in the component Usb_upload.htm.
CVE-2022-40107 ↗	Sep 23, 2022Friday, 23 September 2022, 19:15	7.5 HIGH	—
Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formexeCommand function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.
CVE-2022-40103 ↗	Sep 23, 2022Friday, 23 September 2022, 19:15	5.5 MEDIUM	—
Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formSetAutoPing function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.
CVE-2022-40106 ↗	Sep 23, 2022Friday, 23 September 2022, 19:15	7.5 HIGH	—
Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the set_local_time function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.
CVE-2022-40105 ↗	Sep 23, 2022Friday, 23 September 2022, 19:15	7.5 HIGH	—
Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formWifiMacFilterGet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.
CVE-2022-40104 ↗	Sep 23, 2022Friday, 23 September 2022, 19:15	7.5 HIGH	—
Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formwrlSSIDget function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.
CVE-2022-40100 ↗	Sep 23, 2022Friday, 23 September 2022, 19:15	9.8 CRITICAL	—
Tenda i9 v1.0.0.8(3828) was discovered to contain a command injection vulnerability via the FormexeCommand function.
CVE-2022-40102 ↗	Sep 23, 2022Friday, 23 September 2022, 19:15	7.5 HIGH	—
Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formwrlSSIDset function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.
CVE-2022-40101 ↗	Sep 23, 2022Friday, 23 September 2022, 19:15	7.5 HIGH	—
Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formWifiMacFilterSet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.