VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202505-0032 CVE-2025-4268 TOTOLINK  of  A720R  Authentication vulnerability in firmware CVSS V2: 5.0
CVSS V3: 5.3
Severity: Medium
A vulnerability has been found in TOTOLINK A720R 4.1.5cu.374 and classified as critical. This vulnerability affects unknown code of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input RebootSystem leads to missing authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of A720R The firmware contains vulnerabilities related to authentication and lack of authentication for critical functions.Service operation interruption (DoS) It may be in a state. TOTOLINK A720R is a wireless router of China's TOTOLINK Electronics. TOTOLINK A720R has an improper authentication vulnerability, which is caused by improper processing of the parameter topicurl in the file /cgi-bin/cstecgi.cgi. No detailed vulnerability details are provided at present
VAR-202505-0145 CVE-2025-20670 Certificate validation vulnerability in multiple MediaTek products CVSS V2: -
CVSS V3: 5.7
Severity: MEDIUM
In Modem, there is a possible permission bypass due to improper certificate validation. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with User execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01334347; Issue ID: MSV-2772. media tech's nr16 , NR17 , NR17R Exists in a certificate validation vulnerability.Information may be obtained
VAR-202505-0190 CVE-2025-20667 Encryption vulnerability in multiple MediaTek products CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
In Modem, there is a possible information disclosure due to incorrect error handling. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01513293; Issue ID: MSV-2741. LR12A , LR13 , NR15 There are vulnerabilities in the encryption strength of multiple MediaTek products, including:Information may be obtained
VAR-202505-0239 CVE-2025-20666 media tech's  NR15  Reachable Assertiveness Vulnerability in CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00650610; Issue ID: MSV-2933. media tech's NR15 Exists in a reachable assertiveness vulnerability.Service operation interruption (DoS) It may be in a state
VAR-202505-0384 No CVE Brother (China) Commercial Co., Ltd. Brother DCP-L2540DW series has a weak password vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Brother DCP-L2540DW is a multi-function laser/LED printer. Brother (China) Commercial Co., Ltd. Brother DCP-L2540DW series has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
VAR-202505-0385 No CVE Beijing Xingwang Ruijie Network Technology Co., Ltd. AG515 has a command execution vulnerability CVSS V2: 7.1
CVSS V3: -
Severity: HIGH
AG515 is a high-performance gateway device suitable for small and medium-sized enterprises and large office environments. AG515 of Beijing Xingwang Ruijie Network Technology Co., Ltd. has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.
VAR-202505-0988 No CVE Shenzhen Jixiang Tengda Technology Co., Ltd. AC6 has a binary vulnerability CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
AC6 is an 11ac dual-band wireless router designed for 100M fiber homes. AC6 of Shenzhen Jixiang Tengda Technology Co., Ltd. has a binary vulnerability that can be exploited by attackers to cause a denial of service.
VAR-202505-1239 No CVE Shenzhen Jixiang Tengda Technology Co., Ltd. AC6 has a binary vulnerability CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
AC6 is an 11ac dual-band wireless router designed for 100M fiber homes. AC6 of Shenzhen Jixiang Tengda Technology Co., Ltd. has a binary vulnerability that can be exploited by attackers to cause a denial of service.
VAR-202505-1096 No CVE Beijing Xingwang Ruijie Network Technology Co., Ltd. NBR800G has an arbitrary file write vulnerability CVSS V2: 7.1
CVSS V3: -
Severity: HIGH
NBR800G is a router for Internet behavior management. Beijing Xingwang Ruijie Network Technology Co., Ltd. NBR800G has an arbitrary file write vulnerability, which can be exploited by attackers to obtain server permissions.
VAR-202505-0732 No CVE NUUO Network Video Recorder has a logic flaw vulnerability CVSS V2: 3.6
CVSS V3: -
Severity: LOW
NUUO is a company specializing in the production of Network Video Recorders (NVRs). NUUO Network Video Recorder has a logic flaw vulnerability that can be exploited by attackers to modify account passwords without authorization.
VAR-202505-1496 No CVE Advantech WebAccess has a file upload vulnerability CVSS V2: 7.1
CVSS V3: -
Severity: HIGH
Advantech WebAccess is an HMI/SCADA monitoring software completely based on IE browser. Advantech WebAccess of Advantech Technology (China) Co., Ltd. has a file upload vulnerability, which can be exploited by attackers to gain control of the server.
VAR-202505-0733 No CVE Samsung (China) Investment Co., Ltd. C430W has a command execution vulnerability CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
C430W is a laser printer. Samsung (China) Investment Co., Ltd. C430W has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.
VAR-202505-1241 No CVE Samsung (China) Investment Co., Ltd. M2085FW has a command execution vulnerability CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
The M2085FW is a black and white laser multifunction printer with printing, copying, scanning and faxing functions. Samsung (China) Investment Co., Ltd. SANSUNG has a command execution vulnerability that can be exploited by attackers to execute arbitrary commands.
VAR-202505-0502 No CVE Zhejiang Dahua Technology Co., Ltd. DSS has a SQL injection vulnerability CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
Zhejiang Dahua Technology Co., Ltd. is a global leading video-centric smart IoT solution provider and operation service provider. There is a SQL injection vulnerability in the DSS of Zhejiang Dahua Technology Co., Ltd., which can be exploited by attackers to obtain sensitive information in the database.
VAR-202505-1497 No CVE Shenzhen Jixiang Tengda Technology Co., Ltd. FH451 has a binary vulnerability CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
FH451 is a router produced by Tenda Company, with a maximum transmission rate of 450Mbps and supports WDS wireless bridging. Shenzhen Jixiang Tenda Technology Co., Ltd. FH451 has a binary vulnerability, which can be exploited by attackers to cause denial of service.
VAR-202505-1240 No CVE Shenzhen Jixiang Tengda Technology Co., Ltd. FH451 has a binary vulnerability CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
FH451 is a router produced by Tenda Company, with a maximum transmission rate of 450Mbps and supports WDS wireless bridging. Shenzhen Jixiang Tenda Technology Co., Ltd. FH451 has a binary vulnerability, which can be exploited by attackers to cause denial of service.
VAR-202505-0386 No CVE D-Link DI-8100 has binary vulnerability CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
D-Link DI-8100 is a broadband router designed by D-Link for small and medium-sized network environments, supporting up to 4 Internet ports and up to 4 LAN ports. D-Link DI-8100 has a binary vulnerability that can be exploited by attackers to cause a denial of service.
VAR-202505-0989 No CVE D-Link DWR-M961 has a stack overflow vulnerability CVSS V2: 4.9
CVSS V3: -
Severity: MEDIUM
DWR-M961 is a router. D-Link DWR-M961 has a stack overflow vulnerability, which can be exploited by attackers to cause the program to crash.
VAR-202505-0734 No CVE Sony SNC-RX570N has weak password vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
SNC-RX570N is a network camera. Sony SNC-RX570N has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
VAR-202505-0387 No CVE Zhuhai Pantum Printing Technology Co., Ltd. has a number of printers with logical flaws. CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
M6700DW is a black and white laser multifunction printer. P2500NW is a black and white laser single-function printer. BM5100ADW is a black and white laser multifunction printer. CM1100DW is a color laser multifunction printer. ‌ Many printer products of Zhuhai Pantum Printing Technology Co., Ltd. have a logic defect vulnerability, which can be exploited by attackers to obtain sensitive information.