VARIoT IoT vulnerabilities database

VAR-202505-1719 | CVE-2025-45865 | TOTOLINK of A3002R Classic buffer overflow vulnerability in firmware |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the dnsaddr parameter in the formDhcpv6s interface. TOTOLINK of A3002R Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202505-1687 | CVE-2025-45861 | TOTOLINK of A3002R Classic buffer overflow vulnerability in firmware |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the routername parameter in the formDnsv6 interface. TOTOLINK of A3002R Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202505-0389 | No CVE | H3C Magic R3000 Gigabit Dual-Band Wi-Fi 6 Router from H3C Technologies Co., Ltd. Has a Binary Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
H3C Technologies Co., Ltd. is a global leader in digital solutions.
H3C Magic R3000 Gigabit Dual-Band Wi-Fi 6 Router of H3C Technologies Co., Ltd. has a binary vulnerability that can be exploited by attackers to bypass login restrictions.
VAR-202505-1004 | CVE-2025-45790 |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow via the priority parameter in the setMacQos interface of /lib/cste_modules/firewall.so.
VAR-202505-0747 | CVE-2025-45789 |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK A3100R V5.9c.1527 is vulnerable to buffer overflow via the urlKeyword parameter in setParentalRules.
VAR-202505-1253 | CVE-2025-45788 |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow via the comment parameter in setMacFilterRules.
VAR-202505-1105 | CVE-2025-45787 |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow viathe comment parameter in setIpPortFilterRules.
VAR-202505-1511 | CVE-2025-45845 |
CVSS V2: - CVSS V3: 8.8 Severity: HIGH |
TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid5g parameter in the setWiFiEasyGuestCfg function.
VAR-202505-0868 | CVE-2025-45844 |
CVSS V2: - CVSS V3: 8.8 Severity: HIGH |
TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid parameter in the setWiFiBasicCfg function.
VAR-202505-0869 | CVE-2025-45843 |
CVSS V2: - CVSS V3: 8.8 Severity: HIGH |
TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid parameter in the setWiFiGuestCfg function.
VAR-202505-0635 | CVE-2025-45842 |
CVSS V2: - CVSS V3: 8.8 Severity: HIGH |
TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid5g parameter in the setWiFiEasyCfg function.
VAR-202505-1252 | CVE-2025-45841 |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the text parameter in the setSmsCfg function.
VAR-202505-1246 | No CVE | H3C Technologies Co., Ltd. NX15 has a binary vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
H3C Technologies Co., Ltd. is a global leader in digital solutions.
H3C Technologies Co., Ltd. NX15 has a binary vulnerability that can be exploited by attackers to cause a denial of service.
VAR-202505-1109 | CVE-2025-44899 | Tenda RX3 fromSetWifiGusetBasic stack overflow vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
There is a stack overflow vulnerability in Tenda RX3 V1.0br_V16.03.13.11 In the fromSetWifiGusetBasic function of the web url /goform/ WifiGuestSet, the manipulation of the parameter shareSpeed leads to stack overflow. Tenda RX3 is a home wireless router from China's Tenda Company. Attackers can use this vulnerability to submit special requests to crash the application and cause a denial of service
VAR-202505-0403 | CVE-2025-44900 | Tenda RX3 GetParentControlInfo stack overflow vulnerability |
CVSS V2: 6.4 CVSS V3: 6.5 Severity: MEDIUM |
In Tenda RX3 V1.0br_V16.03.13.11 in the GetParentControlInfo function of the web url /goform/GetParentControlInfo, the manipulation of the parameter mac leads to stack overflow. Tenda RX3 is a home wireless router from China's Tenda Company. No detailed vulnerability details are currently available
VAR-202505-0090 | CVE-2025-4368 | Shenzhen Tenda Technology Co.,Ltd. of AC8 Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability, which was classified as critical, was found in Tenda AC8 16.03.34.06. Affected is the function formGetRouterStatus of the file /goform/MtuSetMacWan. The manipulation of the argument shareSpeed leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC8 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state.
Tenda AC8 has a buffer overflow vulnerability, which is caused by the parameter shareSpeed in /goform/MtuSetMacWan failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
VAR-202505-0750 | CVE-2025-45492 | of netgear EX8000 Command injection vulnerability in firmware |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the Iface parameter in the action_wireless function. of netgear EX8000 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202505-0108 | CVE-2025-4356 | D-Link Systems, Inc. of D-Link DAP-1520 Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02. It has been declared as critical. This vulnerability affects the function mod_graph_auth_uri_handler of the file /storage of the component Authentication Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of D-Link DAP-1520 The firmware contains a buffer error vulnerability, a stack-based buffer overflow vulnerability, and an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda DAP-1520 is a dual-band wireless access point from China's Tenda company. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
VAR-202505-0091 | CVE-2025-4355 | D-Link Systems, Inc. of D-Link DAP-1520 Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02. It has been classified as critical. This affects the function set_ws_action of the file /dws/api/. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of D-Link DAP-1520 The firmware contains a buffer error vulnerability, a heap-based buffer overflow vulnerability, and an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda DAP-1520 is a dual-band wireless access point from China's Tenda company. The vulnerability is caused by the function set_ws_action in the file /dws/api failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
VAR-202505-0159 | CVE-2025-4354 | D-Link Systems, Inc. of D-Link DAP-1520 Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02 and classified as critical. Affected by this issue is the function check_dws_cookie of the file /storage. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of D-Link DAP-1520 The firmware contains a buffer error vulnerability, a stack-based buffer overflow vulnerability, and an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda DAP-1520 is a dual-band wireless access point from China's Tenda company. The vulnerability is caused by the function check_dws_cookie in the file/storage failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service