VYPR
Vendor

HiCOS

Products
2
CVEs
6
Across products
6
Status
Private

Products

2

Recent CVEs

6
  • CVE-2020-12775CriMar 1, 2022
    risk 0.64cvss 9.8epss 0.03

    Hicos citizen certificate client-side component does not filter special characters for command parameters in specific web URLs. An unauthenticated remote attacker can exploit this vulnerability to perform command injection attack to execute arbitrary system command, disrupt…

  • CVE-2022-35222MedAug 2, 2022
    risk 0.44cvss 6.8epss 0.00

    HiCOS Citizen verification component has a stack-based buffer overflow vulnerability due to insufficient parameter length validation. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service.

  • CVE-2022-32962MedJul 20, 2022
    risk 0.44cvss 6.8epss 0.00

    HiCOS’ client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, manipulate system data or terminate service.

  • CVE-2022-32961MedJul 20, 2022
    risk 0.44cvss 6.8epss 0.00

    HICOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for token information. An unauthenticated physical attacker can exploit this vulnerability to execute…

  • CVE-2022-32960MedJul 20, 2022
    risk 0.44cvss 6.8epss 0.00

    HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for card number. An unauthenticated physical attacker can exploit this vulnerability to execute…

  • CVE-2022-32959MedJul 20, 2022
    risk 0.44cvss 6.8epss 0.00

    HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physical attacker can exploit this vulnerability to execute…