Filtered by vendor Hinet
Subscribe
Total
10 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-35222 | 1 Hinet | 1 Hicos Natural Person Credential Component Client | 2022-08-12 | N/A | 6.8 MEDIUM |
| HiCOS Citizen verification component has a stack-based buffer overflow vulnerability due to insufficient parameter length validation. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service. | |||||
| CVE-2022-32962 | 1 Hinet | 1 Hicos Natural Person Credential Component Client | 2022-08-02 | N/A | 6.8 MEDIUM |
| HiCOS’ client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, manipulate system data or terminate service. | |||||
| CVE-2022-32961 | 1 Hinet | 1 Hicos Natural Person Credential Component Client | 2022-08-02 | N/A | 6.8 MEDIUM |
| HICOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for token information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service. | |||||
| CVE-2022-32960 | 1 Hinet | 1 Hicos Natural Person Credential Component Client | 2022-08-02 | N/A | 6.8 MEDIUM |
| HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for card number. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service. | |||||
| CVE-2022-32959 | 1 Hinet | 1 Hicos Natural Person Credential Component Client | 2022-08-02 | N/A | 6.8 MEDIUM |
| HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service. | |||||
| CVE-2019-15065 | 1 Hinet | 2 Gpon, Gpon Firmware | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| A service which is hosted on port 6998 in HiNet GPON firmware < I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L). | |||||
| CVE-2019-13412 | 1 Hinet | 2 Gpon, Gpon Firmware | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| A service which is hosted on port 3097 in HiNet GPON firmware < I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L). | |||||
| CVE-2019-15066 | 1 Hinet | 2 Gpon, Gpon Firmware | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. It allows an attacker to execute arbitrary command through port 6998. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). | |||||
| CVE-2019-13411 | 1 Hinet | 2 Gpon, Gpon Firmware | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. It allows an attacker to execute arbitrary command through port 3097. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). | |||||
| CVE-2019-15064 | 1 Hinet | 2 Gpon, Gpon Firmware | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| HiNet GPON firmware version < I040GWR190731 allows an attacker login to device without any authentication. | |||||