VARIoT IoT vulnerabilities database
| VAR-202601-0734 | CVE-2025-58693 | fortinet's FortiVoice Past traversal vulnerability in |
CVSS V2: - CVSS V3: 6.5 Severity: MEDIUM |
An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 allows a privileged attacker to delete files from the underlying filesystem via crafted HTTP or HTTPs requests. However, all information handled by the software may be rewritten. Furthermore, the software may stop functioning completely. Furthermore, attacks that exploit this vulnerability do not affect other software
| VAR-202601-1483 | CVE-2026-0405 | of netgear CBR750 Authentication vulnerabilities in multiple products, including firmware |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
An authentication bypass vulnerability in NETGEAR Orbi devices allows
users connected to the local network to access the router web interface
as an admin. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software
| VAR-202601-2770 | CVE-2026-0404 | of netgear RBR750 Vulnerabilities related to input validation in multiple products, such as firmware |
CVSS V2: - CVSS V3: 8.0 Severity: HIGH |
An insufficient input validation vulnerability in NETGEAR Orbi devices'
DHCPv6 functionality allows network adjacent attackers authenticated
over WiFi or on LAN to execute OS command injections on the router.
DHCPv6 is not enabled by default. DHCPv6 is disabled by default.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software
| VAR-202601-1875 | CVE-2026-0403 | of netgear RBE970 FIRMWARE Vulnerabilities related to input confirmation in multiple products such as |
CVSS V2: - CVSS V3: 8.0 Severity: HIGH |
An insufficient input validation vulnerability in NETGEAR Orbi routers
allows attackers connected to the router's LAN to execute OS command
injections. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software
| VAR-202601-1302 | CVE-2025-71027 | Shenzhen Tenda Technology Co.,Ltd. of AX3 Multiple vulnerabilities in firmware |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanMTU2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. DoS ) attacks.Information handled by the software will not be leaked to the outside. Information handled by the software will not be rewritten. In addition, the software may stop functioning completely. Furthermore, attacks that exploit this vulnerability will not affect other software
| VAR-202601-0482 | CVE-2025-71026 | Shenzhen Tenda Technology Co.,Ltd. of AX3 Multiple vulnerabilities in firmware |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanSpeed2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. DoS ) may cause attacks.Information handled by the software will not be leaked to the outside. Information handled by the software will not be rewritten. In addition, the software may stop functioning completely. Furthermore, attacks that exploit this vulnerability will not affect other software
| VAR-202601-1882 | CVE-2025-71025 | Shenzhen Tenda Technology Co.,Ltd. of AX3 Multiple vulnerabilities in firmware |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the cloneType2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. DoS ) may cause attacks.Information handled by the software will not be leaked to the outside. Information handled by the software will not be rewritten. In addition, the software may stop functioning completely. Furthermore, attacks that exploit this vulnerability will not affect other software
| VAR-202601-1487 | CVE-2025-71024 | Shenzhen Tenda Technology Co.,Ltd. of AX3 Multiple vulnerabilities in firmware |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the serviceName2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. DoS ) attacks.Information handled by the software will not be leaked to the outside. Information handled by the software will not be rewritten. In addition, the software may stop functioning completely. Furthermore, attacks that exploit this vulnerability will not affect other software
| VAR-202601-0689 | CVE-2025-71023 | Shenzhen Tenda Technology Co.,Ltd. of AX3 Stack-based buffer overflow vulnerability in firmware |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the mac2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. DoS ) attacks.Information handled by the software will not be leaked to the outside. Information handled by the software will not be rewritten. In addition, the software may stop functioning completely. Furthermore, attacks that exploit this vulnerability will not affect other software
| VAR-202601-0370 | CVE-2025-40942 | Siemens' telecontrol server basic Unnecessary Privileged Execution Vulnerability in |
CVSS V2: - CVSS V3: 8.8 Severity: High |
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.4). Affected application contains a local privilege escalation vulnerability that could allow an attacker to run arbitrary code with elevated privileges. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software
| VAR-202601-1872 | CVE-2026-0513 | SAP of SAP Supplier Relationship Management Open redirect vulnerability in |
CVSS V2: - CVSS V3: 4.7 Severity: MEDIUM |
Due to an Open Redirect Vulnerability in SAP Supplier Relationship Management (SICF Handler in SRM Catalog), an unauthenticated attacker could craft a malicious URL that, if accessed by a victim, redirects them to an attacker-controlled site.This causes low impact on integrity of the application. Confidentiality and availability are not impacted. This vulnerability has a low impact on the integrity of the application, but does not affect confidentiality or availability.Information handled by the software will not be leaked to the outside. However, some of the information handled by the software may be rewritten. Furthermore, the software will not stop. Furthermore, attacks exploiting this vulnerability may affect other software
| VAR-202601-1992 | CVE-2025-29329 | Sagemcom of F@ST 3686 Firmware Classic buffer overflow vulnerability in |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Buffer Overflow in the ippprint (Internet Printing Protocol) service in Sagemcom F@st 3686 MAGYAR_4.121.0 allows remote attacker to execute arbitrary code by sending a crafted HTTP request. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software
| VAR-202601-3748 | CVE-2025-70161 | EDIMAX Technology of BR-6208AC Command injection vulnerability in firmware |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
EDIMAX BR-6208AC V2_1.02 is vulnerable to Command Injection. This arises because the pppUserName field is directly passed to a shell command via the system() function without proper sanitization. An attacker can exploit this by injecting malicious commands into the pppUserName field, allowing arbitrary code execution. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software
| VAR-202601-2351 | CVE-2026-20976 | Samsung's Galaxy Store Unspecified vulnerability in |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
Improper input validation in Galaxy Store prior to version 4.6.02 allows local attacker to execute arbitrary script. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software
| VAR-202601-0196 | CVE-2026-0640 | Shenzhen Tenda Technology Co.,Ltd. of ac23 Multiple vulnerabilities in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A weakness has been identified in Tenda AC23 16.03.07.52. This affects the function sscanf of the file /goform/PowerSaveSet. Executing a manipulation of the argument Time can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. Tenda AC23 16.03.07.52 The vulnerability was discovered in the file /goform/PowerSaveSet function of sscanf Affects the argument Time The following operation can cause a buffer overflow. Exploits are publicly available and may be used in attacks.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely
| VAR-202601-0741 | CVE-2025-46696 | Dell's secure connect gateway Unnecessary Privileged Execution Vulnerability in |
CVSS V2: - CVSS V3: 6.4 Severity: MEDIUM |
Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application, version(s) versions 5.26 to 5.30, contain(s) an Execution with Unnecessary Privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software
| VAR-202601-0271 | CVE-2025-20794 | media tech's NR15 Stack-based buffer overflow vulnerability in multiple products, including |
CVSS V2: - CVSS V3: 6.5 Severity: MEDIUM |
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689259 / MOLY01586470; Issue ID: MSV-4847. Patch ID teeth MOLY01689259 / MOLY01586470 And the problem ID teeth MSV-4847 is.Information handled by the software will not be leaked to the outside. Information handled by the software will not be rewritten. In addition, the software may stop functioning completely. Furthermore, attacks that exploit this vulnerability will not affect other software
| VAR-202601-0357 | CVE-2025-20793 | media tech's NR15 In multiple products such as NULL Pointer dereference vulnerability |
CVSS V2: - CVSS V3: 6.5 Severity: MEDIUM |
In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01430930; Issue ID: MSV-4836. Patch ID teeth MOLY01430930 And the problem ID teeth MSV-4836 is.Information handled by the software will not be leaked to the outside. Information handled by the software will not be rewritten. In addition, the software may stop functioning completely. Furthermore, attacks that exploit this vulnerability will not affect other software
| VAR-202601-0137 | CVE-2025-20761 | media tech's NR15 Vulnerabilities related to checking exceptional conditions in multiple products, such as |
CVSS V2: - CVSS V3: 6.5 Severity: MEDIUM |
In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01311265; Issue ID: MSV-4655. UE If it connects, it could allow a remote denial of service ( DoS ) attacks can occur. Patch ID teeth MOLY01311265 and the challenges ID teeth MSV-4655 is.Information handled by the software will not be leaked to the outside. Information handled by the software will not be rewritten. In addition, the software may stop functioning completely. Furthermore, attacks that exploit this vulnerability will not affect other software
| VAR-202601-0053 | CVE-2025-20760 | media tech's NR15 Vulnerabilities related to reachable assertions in multiple products, including |
CVSS V2: - CVSS V3: 6.5 Severity: MEDIUM |
In Modem, there is a possible read of uninitialized heap data due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01676750; Issue ID: MSV-4653. Patch ID teeth MOLY01676750 And the problem ID teeth MSV-4653 is.Information handled by the software will not be leaked to the outside. Information handled by the software will not be rewritten. In addition, the software may stop functioning completely. Furthermore, attacks that exploit this vulnerability will not affect other software