WWBN AVideo ObjectYPT SQL injection vulnerability

Talos Vulnerability Report TALOS-2022-1551 WWBN AVideo ObjectYPT SQL injection vulnerability August 16, 2022 CVE Number CVE-2022-33147,CVE-2022-34652,CVE-2022-33149,CVE-2022-33148 SUMMARY A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit...

WWBN AVideo objects id handling authentication bypass vulnerability

Talos Vulnerability Report TALOS-2022-1536 WWBN AVideo objects id handling authentication bypass vulnerability August 16, 2022 CVE Number CVE-2022-32768,CVE-2022-32769 SUMMARY Multiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev...

WWBN AVideo cookie information disclosure vulnerability

Talos Vulnerability Report TALOS-2022-1542 WWBN AVideo cookie information disclosure vulnerability August 16, 2022 CVE Number CVE-2022-32777,CVE-2022-32778 SUMMARY An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. The...

WWBN AVideo aVideoEncoder unzipDirectory directory traversal vulnerability

Talos Vulnerability Report TALOS-2022-1547 WWBN AVideo aVideoEncoder unzipDirectory directory traversal vulnerability August 16, 2022 CVE Number CVE-2022-30547 SUMMARY A directory traversal vulnerability exists in the unzipDirectory functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364...

ESTsoft Alyac OLE header Mini FAT sectors integer overflow

Talos Vulnerability Report TALOS-2022-1533 ESTsoft Alyac OLE header Mini FAT sectors integer overflow August 3, 2022 CVE Number CVE-2022-29886 SUMMARY An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially-crafted OLE file can lead to a heap buff...

ESTsoft Alyac OLE header parsing integer overflow

Talos Vulnerability Report TALOS-2022-1527 ESTsoft Alyac OLE header parsing integer overflow August 3, 2022 CVE Number CVE-2022-32543 SUMMARY An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially-crafted OLE file can lead to a heap buffer overfl...

TCL LinkHub Mesh Wifi ucloud_del_node denial of service vulnerability

Talos Vulnerability Report TALOS-2022-1507 TCL LinkHub Mesh Wifi uclouddelnode denial of service vulnerability August 1, 2022 CVE Number CVE-2022-26346 SUMMARY A denial of service vulnerability exists in the uclouddelnode functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.0014. A specially-crafted...

TCL LinkHub Mesh Wi-Fi confsrv addTimeGroup stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2022-1482 TCL LinkHub Mesh Wi-Fi confsrv addTimeGroup stack-based buffer overflow vulnerability August 1, 2022 CVE Number CVE-2022-25996 SUMMARY A stack-based buffer overflow vulnerability exists in the confsrv addTimeGroup functionality of TCL LinkHub Mesh Wi-Fi...

TCL LinkHub Mesh Wifi confsrv ucloud_add_node OS command injection vulnerability

Talos Vulnerability Report TALOS-2022-1458 TCL LinkHub Mesh Wifi confsrv ucloudaddnode OS command injection vulnerability August 1, 2022 CVE Number CVE-2022-22140 SUMMARY An os command injection vulnerability exists in the confsrv ucloudaddnode functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.001...

TCL LinkHub Mesh Wi-Fi confctl_set_wan_cfg denial of service vulnerability

Talos Vulnerability Report TALOS-2022-1506 TCL LinkHub Mesh Wi-Fi confctlsetwancfg denial of service vulnerability August 1, 2022 CVE Number CVE-2022-27178 SUMMARY A denial of service vulnerability exists in the confctlsetwancfg functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.0014. A...

TCL LinkHub Mesh Wifi libcommonprod.so prod_change_root_passwd hard-coded password vulnerability

Talos Vulnerability Report TALOS-2022-1459 TCL LinkHub Mesh Wifi libcommonprod.so prodchangerootpasswd hard-coded password vulnerability August 1, 2022 CVE Number CVE-2022-22144 SUMMARY A hard-coded password vulnerability exists in the libcommonprod.so prodchangerootpasswd functionality of TCL...

TCL LinkHub Mesh Wifi confsrv set_port_fwd_rule stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2022-1454 TCL LinkHub Mesh Wifi confsrv setportfwdrule stack-based buffer overflow vulnerability August 1, 2022 CVE Number CVE-2022-23399 SUMMARY A stack-based buffer overflow vulnerability exists in the confsrv setportfwdrule functionality of TCL LinkHub Mesh Wif...

TCL LinkHub Mesh Wifi confctl_set_master_wlan denial of service vulnerability

Talos Vulnerability Report TALOS-2022-1505 TCL LinkHub Mesh Wifi confctlsetmasterwlan denial of service vulnerability August 1, 2022 CVE Number CVE-2022-27185 SUMMARY A denial of service vulnerability exists in the confctlsetmasterwlan functionality of TCL LinkHub Mesh Wifi MS1G0001.0014. A...

TCL LinkHub Mesh Wifi confsrv ucloud_add_node_new OS command injection vulnerability

Talos Vulnerability Report TALOS-2022-1457 TCL LinkHub Mesh Wifi confsrv ucloudaddnodenew OS command injection vulnerability August 1, 2022 CVE Number CVE-2022-21178 SUMMARY An os command injection vulnerability exists in the confsrv ucloudaddnewnode functionality of TCL LinkHub Mesh Wifi...

TCL LinkHub Mesh Wi-Fi confsrv confctl_set_app_language stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2022-1462 TCL LinkHub Mesh Wi-Fi confsrv confctlsetapplanguage stack-based buffer overflow vulnerability August 1, 2022 CVE Number CVE-2022-23103 SUMMARY A stack-based buffer overflow vulnerability exists in the confsrv confctlsetapplanguage functionality of TCL...

TCL LinkHub Mesh Wifi confctl_set_guest_wlan denial of service vulnerability

Talos Vulnerability Report TALOS-2022-1502 TCL LinkHub Mesh Wifi confctlsetguestwlan denial of service vulnerability August 1, 2022 CVE Number CVE-2022-27660 SUMMARY A denial of service vulnerability exists in the confctlsetguestwlan functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.0014. A...

TCL LinkHub Mesh Wifi confctl_get_master_wlan information disclosure vulnerability

Talos Vulnerability Report TALOS-2022-1504 TCL LinkHub Mesh Wifi confctlgetmasterwlan information disclosure vulnerability August 1, 2022 CVE Number CVE-2022-27630 SUMMARY An information disclosure vulnerability exists in the confctlgetmasterwlan functionality of TCL LinkHub Mesh Wi-Fi...

TCL LinkHub Mesh Wifi GetValue buffer overflow vulnerability

Talos Vulnerability Report TALOS-2022-1463 TCL LinkHub Mesh Wifi GetValue buffer overflow vulnerability August 1, 2022 CVE Number...

TCL LinkHub Mesh Wifi confctl_get_guest_wlan information disclosure vulnerability

Talos Vulnerability Report TALOS-2022-1503 TCL LinkHub Mesh Wifi confctlgetguestwlan information disclosure vulnerability August 1, 2022 CVE Number CVE-2022-27633 SUMMARY An information disclosure vulnerability exists in the confctlgetguestwlan functionality of TCL LinkHub Mesh Wifi MS1G0001.0014...

TCL LinkHub Mesh Wi-Fi confsrv ucloud_set_node_location buffer overflow vulnerability

Talos Vulnerability Report TALOS-2022-1484 TCL LinkHub Mesh Wi-Fi confsrv ucloudsetnodelocation buffer overflow vulnerability August 1, 2022 CVE Number CVE-2022-26342 SUMMARY A buffer overflow vulnerability exists in the confsrv ucloudsetnodelocation functionality of TCL LinkHub Mesh Wi-Fi...

TCL LinkHub Mesh Wifi confers ucloud_add_node_new stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2022-1456 TCL LinkHub Mesh Wifi confers ucloudaddnodenew stack-based buffer overflow vulnerability August 1, 2022 CVE Number CVE-2022-21201 SUMMARY A stack-based buffer overflow vulnerability exists in the confers ucloudaddnodenew functionality of TCL LinkHub Mesh...

TCL LinkHub Mesh Wi-Fi confsrv ucloud_set_node_location stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2022-1483 TCL LinkHub Mesh Wi-Fi confsrv ucloudsetnodelocation stack-based buffer overflow vulnerability August 1, 2022 CVE Number CVE-2022-26009 SUMMARY A stack-based buffer overflow vulnerability exists in the confsrv ucloudsetnodelocation functionality of TCL...

TCL LinkHub Mesh Wifi confsrv set_mf_rule stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2022-1455 TCL LinkHub Mesh Wifi confsrv setmfrule stack-based buffer overflow vulnerability August 1, 2022 CVE Number CVE-2022-23919,CVE-2022-23918 SUMMARY A stack-based buffer overflow vulnerability exists in the confsrv setmfrule functionality of TCL LinkHub Mes...

DD-WRT httpd unescape memory corruption vulnerability

Summary A memory corruption vulnerability exists in the httpd unescape functionality of DD-WRT Revision 32270 - Revision 48599. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. Tested Versions DD-WRT Revision 322...

Asuswrt and Asuswrt-Merlin New Gen httpd unescape memory corruption vulnerability

Talos Vulnerability Report TALOS-2022-1511 Asuswrt and Asuswrt-Merlin New Gen httpd unescape memory corruption vulnerability July 27, 2022 CVE Number CVE-2022-26376 SUMMARY A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.38648706 and...

FreshTomato httpd unescape memory corruption vulnerability

Summary A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. Tested Versions FreshTomato 2022.1 Product URLs...

Accusoft ImageGear PSD Header processing memory allocation out-of-bounds write vulnerability

Summary An out-of-bounds write vulnerability exists in the PSD Header processing memory allocation functionality of Accusoft ImageGear 20.0. A specially-crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions...

Google Chrome WebGPU DoBufferDestroy kDirect allocation use-after-free vulnerability

Summary A use-after-free vulnerability exists in the WebGPU functionality of Google Chrome 102.0.4956.0 Build 64-bit and 99.0.4844.82 Build 64-bit. A specially-crafted web page can lead to a use-after-free. An attacker can provide a crafted URL to trigger this vulnerability. Tested Versions Googl...

Adobe Acrobat Reader DC overlapping annotations type confusion vulnerability

Summary A type confusion vulnerability exists in the way Adobe Acrobat Reader DC 2022.001.20085 deals with overlapping annotations. A specially-crafted PDF document can trigger this vulnerability, which can lead to arbitrary code execution. A victim needs to open the malicious file to trigger thi...

Adobe Acrobat Reader DC event value use-after-free

Summary A use-after-free vulnerability exists in the way Adobe Acrobat Reader DC 2022.001.20117 deals with event objects across different event types. A specially-crafted PDF document can trigger this vulnerability, which can lead to arbitrary code execution. A victim needs to open the malicious...

Robustel R1510 web_server action endpoints OS command injection vulnerabilities

Summary Multiple command injection vulnerabilities exist in the webserver action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities. Tested...

Robustel R1510 web_server /action/remove/ API data removal vulnerability

Summary A data removal vulnerability exists in the webserver /action/remove/ API functionality of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary file deletion. An attacker can send a sequence of requests to trigger this vulnerability. Tested Versions Robustel R151...

Robustel R1510 clish art2 command execution vulnerability

Summary A command execution vulnerability exists in the clish art2 functionality of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. Tested Versions Robustel R1510 3.3.0...

Robustel R1510 web_server ajax endpoints OS command injection vulnerabilities

Summary Multiple command injection vulnerabilities exist in the webserver ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities. Tested...

Anker Eufy Homebase 2 mips_collector appsrv_server use-after-free vulnerability

Talos Vulnerability Report TALOS-2022-1440 Anker Eufy Homebase 2 mipscollector appsrvserver use-after-free vulnerability June 15, 2022 CVE Number CVE-2022-21806 SUMMARY A use-after-free vulnerability exists in the mipscollector appsrvserver functionality of Anker Eufy Homebase 2 2.1.8.5h. A...

Blynk Blynk-Library BlynkConsole.h runCommand stack-based buffer overflow vulnerability

Summary A stack-based buffer overflow vulnerability exists in the BlynkConsole.h runCommand functionality of Blynk -Library v1.0.1. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability. Tested Versions Blynk -Libra...

Bachmann Visutec GmbH Atvise License registration information disclosure vulnerability

Summary An information disclosure vulnerability exists in the License registration functionality of Bachmann Visutec GmbH Atvise 3.5.4, 3.6 and 3.7. A plaintext HTTP request can lead to a disclosure of login credentials. An attacker can perform a man-in-the-middle attack to trigger this...

Open Automation Software Platform Engine SecureBrowseFile information disclosure vulnerability

Summary An information disclosure vulnerability exists in the OAS Engine SecureBrowseFile functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to a disclosure of sensitive information. An attacker can send a network request to trigger th...

Open Automation Software Platform Engine SecureAddSecurity external config control vulnerability

Summary An external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of a custom Security Group. An attacker can send a sequence of...

Open Automation Software Platform Engine SecureConfigValues denial of service vulnerability

Summary A denial of service vulnerability exists in the OAS Engine SecureConfigValues functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to loss of communications. An attacker can send a network request to trigger this vulnerability...

Open Automation Software Platform Engine SecureTransferFiles information disclosure vulnerability

Summary An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to arbitrary file read. An attacker can send a sequence of requests to trigger...

Open Automation Software Platform Engine SecureAddUser External config control vulnerability

Summary An external config control vulnerability exists in the OAS Engine SecureAddUser functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of an OAS user account. An attacker can send a sequence of requests t...

Open Automation Software Platform Engine cleartext transmission of sensitive information vulnerability

Summary A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications functionality of Open Automation Software OAS Platform V16.00.0112. A targeted network sniffing attack can lead to a disclosure of sensitive information. An attacker can...

Open Automation Software OAS Platform REST API unauthenticated vulnerability

Summary An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this...

Open Automation Software Platform Engine SecureTransferFiles file write vulnerability

Summary A file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this...

NVIDIA nvwgf2umx_cfg.dll shader DCL_INDEXABLE memory corruption vulnerability

Summary A memory corruption vulnerability exists in the shader dclindexable functionality of NVIDIA D3D10 Driver version 496.76, 30.0.14.9676. A specially-crafted executable / shader file can lead to memory corruption. This vulnerability potentially could be triggered from guest machines running...

NVIDIA nvwgf2umx_cfg.dll shader DCL_UNORDERED_ACCESS_VIEW_STRUCTURED memory corruption vulnerability

Summary A memory corruption vulnerability exists in the shader DCLUNORDEREDACCESSVIEWSTRUCTURED functionality of NVIDIA D3D10 Driver version 496.76, 30.0.14.9676. A specially-crafted executable / shader file can lead to memory corruption. This vulnerability potentially could be triggered from gue...

NVIDIA nvwgf2umx_cfg.dll shader DCL_INDEXRANGE memory corruption vulnerability

Summary A memory corruption vulnerability exists in the shader DCLINDEXRANGE functionality of NVIDIA D3D10 Driver version 496.76, 30.0.14.9676. A specially-crafted executable/shader file can lead to memory corruption. This vulnerability potentially could be triggered from guest machines running...

NVIDIA nvwgf2umx_cfg.dll shader DCL_RESOURCE_STRUCTURED memory corruption vulnerability

Summary A memory corruption vulnerability exists in the shader DCLRESOURCESTRUCTURED functionality of NVIDIA D3D10 Driver, version 496.76, 30.0.14.9676. A specially-crafted executable/shader file can lead to an out-of-bounds write. This vulnerability potentially could be triggered from guest...

InHand Networks InRouter302 router configuration import privilege escalation vulnerability

Summary A privilege escalation vulnerability exists in the router configuration import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions InHand...