VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202505-1719 CVE-2025-45865 TOTOLINK  of  A3002R  Classic buffer overflow vulnerability in firmware CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the dnsaddr parameter in the formDhcpv6s interface. TOTOLINK of A3002R Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202505-1687 CVE-2025-45861 TOTOLINK  of  A3002R  Classic buffer overflow vulnerability in firmware CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the routername parameter in the formDnsv6 interface. TOTOLINK of A3002R Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202505-0389 No CVE H3C Magic R3000 Gigabit Dual-Band Wi-Fi 6 Router from H3C Technologies Co., Ltd. Has a Binary Vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
H3C Technologies Co., Ltd. is a global leader in digital solutions. H3C Magic R3000 Gigabit Dual-Band Wi-Fi 6 Router of H3C Technologies Co., Ltd. has a binary vulnerability that can be exploited by attackers to bypass login restrictions.
VAR-202505-1004 CVE-2025-45790 CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow via the priority parameter in the setMacQos interface of /lib/cste_modules/firewall.so.
VAR-202505-0747 CVE-2025-45789 CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
TOTOLINK A3100R V5.9c.1527 is vulnerable to buffer overflow via the urlKeyword parameter in setParentalRules.
VAR-202505-1253 CVE-2025-45788 CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow via the comment parameter in setMacFilterRules.
VAR-202505-1105 CVE-2025-45787 CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow viathe comment parameter in setIpPortFilterRules.
VAR-202505-1511 CVE-2025-45845 CVSS V2: -
CVSS V3: 8.8
Severity: HIGH
TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid5g parameter in the setWiFiEasyGuestCfg function.
VAR-202505-0868 CVE-2025-45844 CVSS V2: -
CVSS V3: 8.8
Severity: HIGH
TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid parameter in the setWiFiBasicCfg function.
VAR-202505-0869 CVE-2025-45843 CVSS V2: -
CVSS V3: 8.8
Severity: HIGH
TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid parameter in the setWiFiGuestCfg function.
VAR-202505-0635 CVE-2025-45842 CVSS V2: -
CVSS V3: 8.8
Severity: HIGH
TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid5g parameter in the setWiFiEasyCfg function.
VAR-202505-1252 CVE-2025-45841 CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the text parameter in the setSmsCfg function.
VAR-202505-1246 No CVE H3C Technologies Co., Ltd. NX15 has a binary vulnerability CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
H3C Technologies Co., Ltd. is a global leader in digital solutions. H3C Technologies Co., Ltd. NX15 has a binary vulnerability that can be exploited by attackers to cause a denial of service.
VAR-202505-1109 CVE-2025-44899 Tenda RX3 fromSetWifiGusetBasic stack overflow vulnerability CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
There is a stack overflow vulnerability in Tenda RX3 V1.0br_V16.03.13.11 In the fromSetWifiGusetBasic function of the web url /goform/ WifiGuestSet, the manipulation of the parameter shareSpeed leads to stack overflow. Tenda RX3 is a home wireless router from China's Tenda Company. Attackers can use this vulnerability to submit special requests to crash the application and cause a denial of service
VAR-202505-0403 CVE-2025-44900 Tenda RX3 GetParentControlInfo stack overflow vulnerability CVSS V2: 6.4
CVSS V3: 6.5
Severity: MEDIUM
In Tenda RX3 V1.0br_V16.03.13.11 in the GetParentControlInfo function of the web url /goform/GetParentControlInfo, the manipulation of the parameter mac leads to stack overflow. Tenda RX3 is a home wireless router from China's Tenda Company. No detailed vulnerability details are currently available
VAR-202505-0090 CVE-2025-4368 Shenzhen Tenda Technology Co.,Ltd.  of  AC8  Buffer error vulnerability in firmware CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability, which was classified as critical, was found in Tenda AC8 16.03.34.06. Affected is the function formGetRouterStatus of the file /goform/MtuSetMacWan. The manipulation of the argument shareSpeed leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC8 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC8 has a buffer overflow vulnerability, which is caused by the parameter shareSpeed in /goform/MtuSetMacWan failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
VAR-202505-0750 CVE-2025-45492 of netgear  EX8000  Command injection vulnerability in firmware CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the Iface parameter in the action_wireless function. of netgear EX8000 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202505-0108 CVE-2025-4356 D-Link Systems, Inc.  of  D-Link DAP-1520  Buffer error vulnerability in firmware CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02. It has been declared as critical. This vulnerability affects the function mod_graph_auth_uri_handler of the file /storage of the component Authentication Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of D-Link DAP-1520 The firmware contains a buffer error vulnerability, a stack-based buffer overflow vulnerability, and an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda DAP-1520 is a dual-band wireless access point from China's Tenda company. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
VAR-202505-0091 CVE-2025-4355 D-Link Systems, Inc.  of  D-Link DAP-1520  Buffer error vulnerability in firmware CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02. It has been classified as critical. This affects the function set_ws_action of the file /dws/api/. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of D-Link DAP-1520 The firmware contains a buffer error vulnerability, a heap-based buffer overflow vulnerability, and an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda DAP-1520 is a dual-band wireless access point from China's Tenda company. The vulnerability is caused by the function set_ws_action in the file /dws/api failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
VAR-202505-0159 CVE-2025-4354 D-Link Systems, Inc.  of  D-Link DAP-1520  Buffer error vulnerability in firmware CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02 and classified as critical. Affected by this issue is the function check_dws_cookie of the file /storage. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of D-Link DAP-1520 The firmware contains a buffer error vulnerability, a stack-based buffer overflow vulnerability, and an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda DAP-1520 is a dual-band wireless access point from China's Tenda company. The vulnerability is caused by the function check_dws_cookie in the file/storage failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service