Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): MQTT
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2022-24188 |
The /device/signin end-point for the Ourphoto App version 1.4.1 discloses clear-text password information for functionality within the picture frame devices. The deviceVideoCallPassword and mqttPassword are returned in clear-text. The lack of sessions management and presence of insecure direct object references allows to return password information for other end-users devices. Many of the picture frame devices offer video calling, and it is likely this information can be used to abuse that functionality. Published: November 28, 2022; 5:15:10 PM -0500 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2022-31772 |
IBM MQ 8.0, 9.0 LTS, 9.1 CD, 9.1 LTS, 9.2 CD, and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service to the MQTT channels. IBM X-Force ID: 228335. Published: November 11, 2022; 2:15:10 PM -0500 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2022-35612 |
A cross-site scripting (XSS) vulnerability in MQTTRoute v3.3 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the dashboard name text field. Published: October 13, 2022; 7:15:10 PM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-35611 |
A Cross-Site Request Forgery (CSRF) in MQTTRoute v3.3 and below allows attackers to create and remove dashboards. Published: October 13, 2022; 7:15:10 PM -0400 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2021-44222 |
A vulnerability has been identified in SIMATIC eaSie Core Package (All versions < V22.00). The underlying MQTT service of affected systems does not perform authentication in the default configuration. This could allow an unauthenticated remote attacker to send arbitrary messages to the service and thereby issue arbitrary requests in the affected system. Published: July 12, 2022; 6:15:10 AM -0400 |
V3.1: 9.1 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2022-32449 |
TOTOLINK EX300_V2 V4.0.3c.7484 was discovered to contain a command injection vulnerability via the langType parameter in the setLanguageCfg function. This vulnerability is exploitable via a crafted MQTT data packet. Published: July 07, 2022; 3:15:08 PM -0400 |
V3.1: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2021-21967 |
An out-of-bounds write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to denial of service. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. Published: April 14, 2022; 4:15:08 PM -0400 |
V3.1: 5.9 MEDIUM V2.0: 7.1 HIGH |
CVE-2022-25137 |
A command injection vulnerability in the function recvSlaveUpgstatus of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet. Published: February 18, 2022; 7:15:17 PM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2022-25136 |
A command injection vulnerability in the function meshSlaveUpdate of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet. Published: February 18, 2022; 7:15:17 PM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2022-25135 |
A command injection vulnerability in the function recv_mesh_info_sync of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet. Published: February 18, 2022; 7:15:17 PM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2022-25134 |
A command injection vulnerability in the function setUpgradeFW of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet. Published: February 18, 2022; 7:15:17 PM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2022-25133 |
A command injection vulnerability in the function isAssocPriDevice of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet. Published: February 18, 2022; 7:15:17 PM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2022-25132 |
A command injection vulnerability in the function meshSlaveDlfw of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet. Published: February 18, 2022; 7:15:17 PM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2022-25131 |
A command injection vulnerability in the function recvSlaveCloudCheckStatus of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet. Published: February 18, 2022; 7:15:17 PM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2022-25130 |
A command injection vulnerability in the function updateWifiInfo of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet. Published: February 18, 2022; 7:15:17 PM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2021-21971 |
An out-of-bounds write vulnerability exists in the URL_decode functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to an out-of-bounds write. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. Published: February 04, 2022; 6:15:10 PM -0500 |
V3.1: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2021-21970 |
An out-of-bounds write vulnerability exists in the HandleSeaCloudMessage functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. The HandleIncomingSeaCloudMessage function uses at [3] the json_object_get_string to populate the p_name global variable. The p_name is only 0x80 bytes long, and the total MQTT message could be up to 0x201 bytes. Because the function json_object_get_string will fill str based on the length of the json’s value and not the actual str size, this would result in a possible out-of-bounds write. Published: February 04, 2022; 6:15:10 PM -0500 |
V3.1: 8.1 HIGH V2.0: 6.8 MEDIUM |
CVE-2021-21969 |
An out-of-bounds write vulnerability exists in the HandleSeaCloudMessage functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. The HandleIncomingSeaCloudMessage function uses at [4] the json_object_get_string to populate the p_payload global variable. The p_payload is only 0x100 bytes long, and the total MQTT message could be up to 0x201 bytes. Because the function json_object_get_string will fill str based on the length of the json’s value and not the actual str size, this would result in a possible out-of-bounds write. Published: February 04, 2022; 6:15:10 PM -0500 |
V3.1: 8.1 HIGH V2.0: 6.8 MEDIUM |
CVE-2021-21968 |
A file write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to arbitrary file overwrite. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. Published: February 04, 2022; 6:15:10 PM -0500 |
V3.1: 8.3 HIGH V2.0: 6.8 MEDIUM |
CVE-2021-21962 |
A heap-based buffer overflow vulnerability exists in the OTA Update u-download functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A series of specially-crafted MQTT payloads can lead to remote code execution. An attacker must perform a man-in-the-middle attack in order to trigger this vulnerability. Published: February 04, 2022; 6:15:10 PM -0500 |
V3.1: 8.1 HIGH V2.0: 6.8 MEDIUM |