VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202503-2639 CVE-2023-3634 Many Fesco products have denial of service vulnerabilities CVSS V2: 9.0
CVSS V3: -
Severity: HIGH
MSE6-D2M-5000-CBUS-S-RG-BAR-VCB-AGD, MSE6-E2M-5000-FB13-AGD, MSE6-E2M-5000-FB37-AGD, etc. are all industrial control components. Many products of festo have denial of service vulnerabilities, which can be exploited by attackers to gain control of the server.
VAR-202503-2527 CVE-2025-2621 D-Link Systems, Inc.  of  DAP-1620  Out-of-bounds write vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: Critical
A vulnerability was found in D-Link DAP-1620 1.03 and classified as critical. This issue affects the function check_dws_cookie of the file /storage. The manipulation of the argument uid leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DAP-1620 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202503-2642 CVE-2025-2620 D-Link Systems, Inc.  of  DAP-1620  Out-of-bounds write vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: Critical
A vulnerability has been found in D-Link DAP-1620 1.03 and classified as critical. This vulnerability affects the function mod_graph_auth_uri_handler of the file /storage of the component Authentication Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DAP-1620 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DAP-1620 is a wireless repeater extender from D-Link, a Chinese company. D-Link DAP-1620 mod_graph_auth_uri_handler function has a stack buffer overflow vulnerability, which can be exploited by attackers to execute arbitrary code on the system or cause a denial of service
VAR-202503-2673 CVE-2025-2619 D-Link Systems, Inc.  of  DAP-1620  Out-of-bounds write vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: Critical
A vulnerability, which was classified as critical, was found in D-Link DAP-1620 1.03. This affects the function check_dws_cookie of the file /storage of the component Cookie Handler. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DAP-1620 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DAP-1620 is a wireless repeater extender from D-Link. The vulnerability is caused by the failure of the check_dws_cookie function of the Cookie processing component to correctly verify the length of the input data. Attackers can use this vulnerability to execute arbitrary code on the system or cause a denial of service
VAR-202503-2528 CVE-2025-2618 D-Link Systems, Inc.  of  DAP-1620  Out-of-bounds write vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: Critical
A vulnerability, which was classified as critical, has been found in D-Link DAP-1620 1.03. Affected by this issue is the function set_ws_action of the file /dws/api/ of the component Path Handler. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DAP-1620 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202503-2695 CVE-2025-29218 Shenzhen Tenda Technology Co.,Ltd.  of  w18e  Stack-based buffer overflow vulnerability in firmware CVSS V2: -
CVSS V3: 6.5
Severity: MEDIUM
Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow in the wifiPwd parameter at /goform/setModules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Shenzhen Tenda Technology Co.,Ltd. of w18e A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state
VAR-202503-2702 CVE-2025-29217 Shenzhen Tenda Technology Co.,Ltd.  of  w18e  Stack-based buffer overflow vulnerability in firmware CVSS V2: -
CVSS V3: 6.5
Severity: MEDIUM
Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow in the wifiSSID parameter at /goform/setModules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Shenzhen Tenda Technology Co.,Ltd. of w18e A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state
VAR-202503-2565 CVE-2025-29215 Shenzhen Tenda Technology Co.,Ltd.  of  AX12  Stack-based buffer overflow vulnerability in firmware CVSS V2: -
CVSS V3: 6.5
Severity: MEDIUM
Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow via the sub_43fdcc function at /goform/SetNetControlList. Shenzhen Tenda Technology Co.,Ltd. of AX12 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state
VAR-202503-2588 CVE-2025-29214 Shenzhen Tenda Technology Co.,Ltd.  of  AX12  Stack-based buffer overflow vulnerability in firmware CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow via the sub_42F69C function at /goform/setMacFilterCfg. Shenzhen Tenda Technology Co.,Ltd. of AX12 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state
VAR-202503-1033 CVE-2025-29101 Shenzhen Tenda Technology Co.,Ltd.  of  AC8  Stack-based buffer overflow vulnerability in firmware CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
Tenda AC8V4.0 V16.03.34.06 was discovered to contain a stack overflow via the deviceid parameter in the get_parentControl_list_Info function. Shenzhen Tenda Technology Co.,Ltd. of AC8 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state
VAR-202503-0574 CVE-2025-29387 Shenzhen Tenda Technology Co.,Ltd.  of  AC9  Out-of-bounds write vulnerability in firmware CVSS V2: -
CVSS V3: 7.1
Severity: HIGH
In Tenda AC9 v1.0 V15.03.05.14_multi, the wanSpeed parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. Shenzhen Tenda Technology Co.,Ltd. of AC9 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202503-0655 CVE-2025-29386 Shenzhen Tenda Technology Co.,Ltd.  of  AC9  Out-of-bounds write vulnerability in firmware CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
In Tenda AC9 v1.0 V15.03.05.14_multi, the mac parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. Shenzhen Tenda Technology Co.,Ltd. of AC9 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202503-0549 CVE-2025-29385 Shenzhen Tenda Technology Co.,Ltd.  of  AC9  Out-of-bounds write vulnerability in firmware CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
In Tenda AC9 v1.0 V15.03.05.14_multi, the cloneType parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. Shenzhen Tenda Technology Co.,Ltd. of AC9 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202503-0623 CVE-2025-29384 Shenzhen Tenda Technology Co.,Ltd.  of  AC9  Out-of-bounds write vulnerability in firmware CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. Shenzhen Tenda Technology Co.,Ltd. of AC9 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202503-2140 CVE-2025-29362 Tenda RX3 /goform/setPptpUserList buffer overflow vulnerability CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the list parameter at /goform/setPptpUserList. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. Tenda RX3 is a dual-band WiFi 6 home wireless router from China's Tenda Company
VAR-202503-0301 CVE-2025-27396 Siemens SCALANCE LPE9403 Privilege Escalation Vulnerability CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit the elevation of privileges required to perform certain valid functionality. This could allow an authenticated lowly-privileged remote attacker to escalate their privileges. Siemens SCALANCE LPE9403 is a local processing engine for industrial field data processing of Siemens, Germany. It is used to capture, collect and pre-process industrial field data. Siemens SCALANCE LPE9403 has a privilege escalation vulnerability. Attackers can exploit this vulnerability to elevate privileges
VAR-202503-0324 CVE-2025-2233 (0Day) (Pwn2Own) Samsung SmartThings Improper Verification of Cryptographic Signature Authentication Bypass Vulnerability CVSS V2: -
CVSS V3: 8.8
Severity: HIGH
Samsung SmartThings Improper Verification of Cryptographic Signature Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Samsung SmartThings. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Hub Local API service, which listens on TCP port 8766 by default. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-25615
VAR-202503-0647 CVE-2024-56192 Google Pixel Watch Buffer Overflow Vulnerability CVSS V2: 6.8
CVSS V3: 7.8
Severity: HIGH
In wl_notify_gscan_event of wl_cfgscan.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Google Pixel Watch is a durable smartwatch from Google. There is a buffer overflow vulnerability in Google Pixel Watch. The vulnerability is caused by the lack of boundary check in wl_notify_gscan_event of wl_cfgscan.c
VAR-202503-0619 CVE-2024-56191 Google Pixel Watch Integer Overflow Vulnerability CVSS V2: 7.2
CVSS V3: 8.4
Severity: HIGH
In dhd_process_full_gscan_result of dhd_pno.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Google Pixel Watch is a durable smartwatch from Google
VAR-202503-0652 CVE-2024-56187 Google Pixel Logic Error Vulnerability (CNVD-2025-05455) CVSS V2: 5.7
CVSS V3: 6.6
Severity: MEDIUM
In ppcfw_deny_sec_dram_access of ppcfw.c, there is a possible arbitrary read from TEE memory due to a logic error in the code. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Google Pixel is a smartphone from Google, an American company