CVE-2022-25748

Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile,...

CVE-2022-25748

CVE-2022-25748 is a memory corruption vulnerability in Qualcomm WLAN due to an integer overflow that leads to a buffer overflow while parsing GTK frames, affecting multiple Snapdragon platforms (Auto, Compute, Connectivity, etc.). The primary impact is remote network-executable code execution wit...

CVE-2022-25663

Possible buffer overflow due to lack of buffer length check during management frame Rx handling lead to denial of service in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity...

CVE-2022-25663

Possible buffer overflow due to lack of buffer length check during management frame Rx handling lead to denial of service in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity...

Sensormatic Electronics C-CURE 9000

1. EXECUTIVE SUMMARY CVSS v3 4.3 ATTENTION: Low attack complexity Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls Inc. Equipment: C-CURE 9000 Vulnerability: Observable Response Discrepancy 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...

TOTOLINK NR1800X setLanguageCfg Method Buffer Overflow Vulnerability

TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE from China's TOTOLINK. designed to provide fast and easy deployment of NR fixed data services in homes and offices. A buffer overflow vulnerability exists in TOTOLINK NR1800X version V9.1.0u.6279B20210910, which stems from the lack...

TOTOLINK NR1800X UploadFirmwareFile Command Injection Vulnerability

TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE from China's TOTOLINK. designed to provide fast and easy deployment of NR fixed data services in homes and offices. A command injection vulnerability exists in TOTOLINK NR1800X version V9.1.0u.6279B20210910, which originates from t...

TOTOLINK NR1800X setIpPortFilterRules method buffer overflow vulnerability

TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE from China's TOTOLINK. designed to provide fast and easy deployment of NR fixed data services in homes and offices. A buffer overflow vulnerability exists in TOTOLINK NR1800X version V9.1.0u.6279B20210910, which stems from a lack o...

TOTOLINK NR1800X UploadCustomModule Buffer Overflow Vulnerability

TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE from China-based Gion Electronics TOTOLINK, designed to provide fast and easy deployment of NR fixed data services for homes and offices.A buffer overflow vulnerability exists in TOTOLINK NR1800X V9.1.0u.6279B20210910 version, whic...

TOTOLINK NR1800X setOpModeCfg buffer overflow vulnerability

TOTOLINK NR1800X is an excellent 5G NR indoor Wi-Fi and SIP CPE from China Gion Electronics TOTOLINK.Designed to provide fast and convenient deployment of NR fixed data services for homes and offices.TOTOLINK NR1800X V9.1.0u.6279B20210910 version is vulnerable to a buffer overflow vulnerability,...

TOTOLINK A860R Command Injection Vulnerability

TOTOLINK A860R is a wireless router from China Gion Electronics TOTOLINK.TOTOLINK A860R version V4.1.2cu.5182B20201027 is vulnerable to command injection, which stems from the component /cgi-bin/downloadFile.cgi failing to properly filter the construct command special characters, commands, etc. A...

Delta Electronics DIALink Detection

Binary data deltaelectronicsdialinkdetect.nbin...

Delta Electronics DIALink Known Cryptographic Key Authentication Bypass (CVE-2022-2660)

Binary data deltaelectronicsdialinkjwtkey.nbin...

CISA Releases Six Industrial Control Systems Advisories

CISA has released six 6 Industrial Control Systems ICS advisories on September 29, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for...

CVE-2022-22058

CVE-2022-22058 describes a memory corruption due to a use-after-free in the kernel when handling ION handles, impacting Qualcomm Snapdragon-based devices (e.g., Snapdragon Auto, Compute, Connectivity, Consumer Electronics Connectivity, Consumer IoT, Industrial IoT, Mobile, Voice & Music, Wearable...

Delta Electronics DIAEnergie

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Delta Electronics Equipment: DIAEnergie Vulnerabilities: Use of Hard-coded Credentials 2. UPDATE OR REPOSTED INFORMATION This updated advisory is a follow-up to the original advisory titled...

CVE-2022-3214 Delta Electronics DIAEnergy Use of Hard-coded Credentials

Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Versions prior to 1.9.03.009 have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer authorization, allowing...

CVE-2022-25690

Information disclosure in WLAN due to improper validation of array index while parsing crafted ANQP action frames in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,...

CVE-2022-25670

Denial of service in WLAN HOST due to buffer over read while unpacking frames in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...

Design/Logic Flaw

Denial of service in WLAN HOST due to buffer over read while unpacking frames in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...