Vulnerabilities (CVE)

Filtered by vendor Hinet Subscribe
Total 10 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-35222 1 Hinet 1 Hicos Natural Person Credential Component Client 2024-11-21 N/A 6.8 MEDIUM
HiCOS Citizen verification component has a stack-based buffer overflow vulnerability due to insufficient parameter length validation. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service.
CVE-2022-32962 1 Hinet 1 Hicos Natural Person Credential Component Client 2024-11-21 N/A 6.8 MEDIUM
HiCOS’ client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, manipulate system data or terminate service.
CVE-2022-32961 1 Hinet 1 Hicos Natural Person Credential Component Client 2024-11-21 N/A 6.8 MEDIUM
HICOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for token information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service.
CVE-2022-32960 1 Hinet 1 Hicos Natural Person Credential Component Client 2024-11-21 N/A 6.8 MEDIUM
HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for card number. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service.
CVE-2022-32959 1 Hinet 1 Hicos Natural Person Credential Component Client 2024-11-21 N/A 6.8 MEDIUM
HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service.
CVE-2019-15066 1 Hinet 2 Gpon, Gpon Firmware 2024-11-21 10.0 HIGH 10.0 CRITICAL
An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. It allows an attacker to execute arbitrary command through port 6998. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
CVE-2019-15065 1 Hinet 2 Gpon, Gpon Firmware 2024-11-21 5.0 MEDIUM 9.3 CRITICAL
A service which is hosted on port 6998 in HiNet GPON firmware < I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L).
CVE-2019-15064 1 Hinet 2 Gpon, Gpon Firmware 2024-11-21 7.5 HIGH 9.8 CRITICAL
HiNet GPON firmware version < I040GWR190731 allows an attacker login to device without any authentication.
CVE-2019-13412 1 Hinet 2 Gpon, Gpon Firmware 2024-11-21 5.0 MEDIUM 9.3 CRITICAL
A service which is hosted on port 3097 in HiNet GPON firmware < I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L).
CVE-2019-13411 1 Hinet 2 Gpon, Gpon Firmware 2024-11-21 7.5 HIGH 10.0 CRITICAL
An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. It allows an attacker to execute arbitrary command through port 3097. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).