Hinet

hinet

10 CVEs • 3 products

Products (3)

Click to collapse

Toggle

Hicos Natural Person Credential Component Client

hicos_natural_person_credential_component_client

CVEs (10)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-35222 1Hinet 1Hicos Natural Person Credential Component Client Nov 21, 2024 Aug 2, 2022 N/A· v4 6.8 MEDIUM· v3 N/A· v2 HiCOS Citizen verification component has a stack-based buffer overflow vulnerability due to insufficient parameter length validation. An unauthenticated physical attacker can exploit this vulnerability to execute arbitra...Show more HiCOS Citizen verification component has a stack-based buffer overflow vulnerability due to insufficient parameter length validation. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service.Show less
CVE-2022-32962 1Hinet 1Hicos Natural Person Credential Component Client Nov 21, 2024 Jul 20, 2022 N/A· v4 6.8 MEDIUM· v3 N/A· v2 HiCOS’ client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, manipulate system data o...Show more HiCOS’ client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, manipulate system data or terminate service.Show less
CVE-2022-32961 1Hinet 1Hicos Natural Person Credential Component Client Nov 21, 2024 Jul 20, 2022 N/A· v4 6.8 MEDIUM· v3 N/A· v2 HICOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for token information. An unauthenticated phys...Show more HICOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for token information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service.Show less
CVE-2022-32960 1Hinet 1Hicos Natural Person Credential Component Client Nov 21, 2024 Jul 20, 2022 N/A· v4 6.8 MEDIUM· v3 N/A· v2 HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for card number. An unauthenticated physical a...Show more HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for card number. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service.Show less
CVE-2022-32959 1Hinet 1Hicos Natural Person Credential Component Client Nov 21, 2024 Jul 20, 2022 N/A· v4 6.8 MEDIUM· v3 N/A· v2 HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physica...Show more HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service.Show less
CVE-2019-15066 1Hinet 1Gpon Firmware Nov 21, 2024 Oct 17, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. It allows an attacker to execute arbitrary command through port 6998. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/P...Show more An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. It allows an attacker to execute arbitrary command through port 6998. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).Show less
CVE-2019-15065 1Hinet 1Gpon Firmware Nov 21, 2024 Oct 17, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A service which is hosted on port 6998 in HiNet GPON firmware < I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/...Show more A service which is hosted on port 6998 in HiNet GPON firmware < I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L).Show less
CVE-2019-15064 1Hinet 1Gpon Firmware Nov 21, 2024 Oct 17, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 HiNet GPON firmware version < I040GWR190731 allows an attacker login to device without any authentication.
CVE-2019-13412 1Hinet 1Gpon Firmware Nov 21, 2024 Oct 17, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A service which is hosted on port 3097 in HiNet GPON firmware < I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/...Show more A service which is hosted on port 3097 in HiNet GPON firmware < I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L).Show less
CVE-2019-13411 1Hinet 1Gpon Firmware Nov 21, 2024 Oct 17, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. It allows an attacker to execute arbitrary command through port 3097. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/P...Show more An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. It allows an attacker to execute arbitrary command through port 3097. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).Show less