hinet 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に vendor risk memory corruption and バッファオーバーフロー などに関し、一部は アプリケーションクラッシュ を招き、vendor surface production workloads and vendor surface software deployment 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2022-35222 | HiCOS Citizen verification component has a stack-based buffer overflow vulnerability due to insufficient parameter length validation. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service. | [email protected] | 6.8 | 0.35% | 2022-08-02 | 2026-06-17 |
| CVE-2022-32962 | HiCOS’ client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, manipulate system data or terminate service. | [email protected] | 6.8 | 0.21% | 2022-07-19 | 2026-06-17 |
| CVE-2022-32961 | HICOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for token information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service. | [email protected] | 6.8 | 0.22% | 2022-07-19 | 2026-06-17 |
| CVE-2022-32960 | HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for card number. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service. | [email protected] | 6.8 | 0.18% | 2022-07-19 | 2026-06-17 |
| CVE-2022-32959 | HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service. | [email protected] | 6.8 | 0.22% | 2022-07-19 | 2026-06-17 |
| CVE-2019-15066 | An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. It allows an attacker to execute arbitrary command through port 6998. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). | [email protected] | 10.0 | 1.64% | 2019-10-17 | 2026-06-16 |
| CVE-2019-15065 | A service which is hosted on port 6998 in HiNet GPON firmware < I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L). | [email protected] | 9.3 | 1.20% | 2019-10-17 | 2026-06-16 |
| CVE-2019-15064 | HiNet GPON firmware version < I040GWR190731 allows an attacker login to device without any authentication. | [email protected] | 9.8 | 1.41% | 2019-10-17 | 2026-06-16 |
| CVE-2019-13412 | A service which is hosted on port 3097 in HiNet GPON firmware < I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L). | [email protected] | 9.3 | 1.20% | 2019-10-17 | 2026-06-16 |
| CVE-2019-13411 | An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. It allows an attacker to execute arbitrary command through port 3097. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). | [email protected] | 10.0 | 1.31% | 2019-10-17 | 2026-06-16 |