Aggregates CVE and security vulnerability intelligence across all hinet-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk memory corruption and vendor risk buffer overflow and related problems; some flaws may lead to vendor impact application crash, affecting vendor surface production workloads scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2022-35222 | HiCOS Citizen verification component has a stack-based buffer overflow vulnerability due to insufficient parameter length validation. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service. | [email protected] | 6.8 | 0.05% | 2022-08-02 | 2024-11-21 |
| CVE-2022-32962 | HiCOS’ client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, manipulate system data or terminate service. | [email protected] | 6.8 | 0.08% | 2022-07-20 | 2024-11-21 |
| CVE-2022-32961 | HICOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for token information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service. | [email protected] | 6.8 | 0.07% | 2022-07-20 | 2024-11-21 |
| CVE-2022-32960 | HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for card number. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service. | [email protected] | 6.8 | 0.18% | 2022-07-20 | 2024-11-21 |
| CVE-2022-32959 | HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service. | [email protected] | 6.8 | 0.05% | 2022-07-20 | 2024-11-21 |
| CVE-2019-15066 | An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. It allows an attacker to execute arbitrary command through port 6998. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). | [email protected] | 10.0 | 0.44% | 2019-10-17 | 2024-11-21 |
| CVE-2019-15065 | A service which is hosted on port 6998 in HiNet GPON firmware < I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L). | [email protected] | 9.3 | 0.39% | 2019-10-17 | 2024-11-21 |
| CVE-2019-15064 | HiNet GPON firmware version < I040GWR190731 allows an attacker login to device without any authentication. | [email protected] | 9.8 | 0.40% | 2019-10-17 | 2024-11-21 |
| CVE-2019-13412 | A service which is hosted on port 3097 in HiNet GPON firmware < I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L). | [email protected] | 9.3 | 0.39% | 2019-10-17 | 2024-11-21 |
| CVE-2019-13411 | An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. It allows an attacker to execute arbitrary command through port 3097. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). | [email protected] | 10.0 | 0.42% | 2019-10-17 | 2024-11-21 |