VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202503-2802 CVE-2025-28138 TOTOLINK  of  a800r  in the firmware  OS  Command injection vulnerability CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
TOTOLINK A800R V4.1.2cu.5137_B20200730 contains a remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter. TOTOLINK of a800r The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202503-2809 CVE-2025-26003 Telesquare  of  TLR-2005KSH  Code injection vulnerability in firmware CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized command execution vulnerability when requesting the admin.cgi parameter with setAutorest. Telesquare of TLR-2005KSH A code injection vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202503-2639 CVE-2023-3634 Many Fesco products have denial of service vulnerabilities CVSS V2: 9.0
CVSS V3: -
Severity: HIGH
MSE6-D2M-5000-CBUS-S-RG-BAR-VCB-AGD, MSE6-E2M-5000-FB13-AGD, MSE6-E2M-5000-FB37-AGD, etc. are all industrial control components. Many products of festo have denial of service vulnerabilities, which can be exploited by attackers to gain control of the server.
VAR-202503-2527 CVE-2025-2621 D-Link Systems, Inc.  of  DAP-1620  Out-of-bounds write vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: Critical
A vulnerability was found in D-Link DAP-1620 1.03 and classified as critical. This issue affects the function check_dws_cookie of the file /storage. The manipulation of the argument uid leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DAP-1620 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202503-2642 CVE-2025-2620 D-Link Systems, Inc.  of  DAP-1620  Out-of-bounds write vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: Critical
A vulnerability has been found in D-Link DAP-1620 1.03 and classified as critical. This vulnerability affects the function mod_graph_auth_uri_handler of the file /storage of the component Authentication Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DAP-1620 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DAP-1620 is a wireless repeater extender from D-Link, a Chinese company. D-Link DAP-1620 mod_graph_auth_uri_handler function has a stack buffer overflow vulnerability, which can be exploited by attackers to execute arbitrary code on the system or cause a denial of service
VAR-202503-2673 CVE-2025-2619 D-Link Systems, Inc.  of  DAP-1620  Out-of-bounds write vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: Critical
A vulnerability, which was classified as critical, was found in D-Link DAP-1620 1.03. This affects the function check_dws_cookie of the file /storage of the component Cookie Handler. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DAP-1620 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DAP-1620 is a wireless repeater extender from D-Link. The vulnerability is caused by the failure of the check_dws_cookie function of the Cookie processing component to correctly verify the length of the input data. Attackers can use this vulnerability to execute arbitrary code on the system or cause a denial of service
VAR-202503-2528 CVE-2025-2618 D-Link Systems, Inc.  of  DAP-1620  Out-of-bounds write vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: Critical
A vulnerability, which was classified as critical, has been found in D-Link DAP-1620 1.03. Affected by this issue is the function set_ws_action of the file /dws/api/ of the component Path Handler. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DAP-1620 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202503-2695 CVE-2025-29218 Shenzhen Tenda Technology Co.,Ltd.  of  w18e  Stack-based buffer overflow vulnerability in firmware CVSS V2: -
CVSS V3: 6.5
Severity: MEDIUM
Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow in the wifiPwd parameter at /goform/setModules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Shenzhen Tenda Technology Co.,Ltd. of w18e A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state
VAR-202503-2702 CVE-2025-29217 Shenzhen Tenda Technology Co.,Ltd.  of  w18e  Stack-based buffer overflow vulnerability in firmware CVSS V2: -
CVSS V3: 6.5
Severity: MEDIUM
Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow in the wifiSSID parameter at /goform/setModules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Shenzhen Tenda Technology Co.,Ltd. of w18e A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state
VAR-202503-2565 CVE-2025-29215 Shenzhen Tenda Technology Co.,Ltd.  of  AX12  Stack-based buffer overflow vulnerability in firmware CVSS V2: -
CVSS V3: 6.5
Severity: MEDIUM
Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow via the sub_43fdcc function at /goform/SetNetControlList. Shenzhen Tenda Technology Co.,Ltd. of AX12 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state
VAR-202503-2588 CVE-2025-29214 Shenzhen Tenda Technology Co.,Ltd.  of  AX12  Stack-based buffer overflow vulnerability in firmware CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow via the sub_42F69C function at /goform/setMacFilterCfg. Shenzhen Tenda Technology Co.,Ltd. of AX12 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state
VAR-202503-1033 CVE-2025-29101 Shenzhen Tenda Technology Co.,Ltd.  of  AC8  Stack-based buffer overflow vulnerability in firmware CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
Tenda AC8V4.0 V16.03.34.06 was discovered to contain a stack overflow via the deviceid parameter in the get_parentControl_list_Info function. Shenzhen Tenda Technology Co.,Ltd. of AC8 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state
VAR-202503-0852 CVE-2025-29118 Shenzhen Tenda Technology Co.,Ltd.  of  AC8  Stack-based buffer overflow vulnerability in firmware CVSS V2: -
CVSS V3: 6.5
Severity: MEDIUM
Tenda AC8 V16.03.34.06 was discovered to contain a stack overflow via the src parameter in the function sub_47D878. Shenzhen Tenda Technology Co.,Ltd. of AC8 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state
VAR-202503-0574 CVE-2025-29387 Shenzhen Tenda Technology Co.,Ltd.  of  AC9  Out-of-bounds write vulnerability in firmware CVSS V2: -
CVSS V3: 7.1
Severity: HIGH
In Tenda AC9 v1.0 V15.03.05.14_multi, the wanSpeed parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. Shenzhen Tenda Technology Co.,Ltd. of AC9 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202503-0655 CVE-2025-29386 Shenzhen Tenda Technology Co.,Ltd.  of  AC9  Out-of-bounds write vulnerability in firmware CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
In Tenda AC9 v1.0 V15.03.05.14_multi, the mac parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. Shenzhen Tenda Technology Co.,Ltd. of AC9 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202503-0549 CVE-2025-29385 Shenzhen Tenda Technology Co.,Ltd.  of  AC9  Out-of-bounds write vulnerability in firmware CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
In Tenda AC9 v1.0 V15.03.05.14_multi, the cloneType parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. Shenzhen Tenda Technology Co.,Ltd. of AC9 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202503-0623 CVE-2025-29384 Shenzhen Tenda Technology Co.,Ltd.  of  AC9  Out-of-bounds write vulnerability in firmware CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. Shenzhen Tenda Technology Co.,Ltd. of AC9 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202503-2140 CVE-2025-29362 Tenda RX3 /goform/setPptpUserList buffer overflow vulnerability CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the list parameter at /goform/setPptpUserList. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. Tenda RX3 is a dual-band WiFi 6 home wireless router from China's Tenda Company
VAR-202503-0301 CVE-2025-27396 Siemens SCALANCE LPE9403 Privilege Escalation Vulnerability CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit the elevation of privileges required to perform certain valid functionality. This could allow an authenticated lowly-privileged remote attacker to escalate their privileges. Siemens SCALANCE LPE9403 is a local processing engine for industrial field data processing of Siemens, Germany. It is used to capture, collect and pre-process industrial field data. Siemens SCALANCE LPE9403 has a privilege escalation vulnerability. Attackers can exploit this vulnerability to elevate privileges
VAR-202503-0324 CVE-2025-2233 (0Day) (Pwn2Own) Samsung SmartThings Improper Verification of Cryptographic Signature Authentication Bypass Vulnerability CVSS V2: -
CVSS V3: 8.8
Severity: HIGH
Samsung SmartThings Improper Verification of Cryptographic Signature Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Samsung SmartThings. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Hub Local API service, which listens on TCP port 8766 by default. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-25615