VARIoT IoT vulnerabilities database
| VAR-202505-1003 | CVE-2025-45800 | TOTOLINK of a950rg Command injection vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK A950RG V4.1.2cu.5204_B20210112 contains a command execution vulnerability in the setDeviceName interface of the /lib/cste_modules/global.so library, specifically in the processing of the deviceMac parameter. TOTOLINK of a950rg Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A950RG is a super-generation Giga wireless router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to execute arbitrary commands
| VAR-202505-0752 | CVE-2025-44877 | Shenzhen Tenda Technology Co.,Ltd. of AC9 Command injection vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via the usbname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of AC9 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202505-0643 | CVE-2025-44872 | Shenzhen Tenda Technology Co.,Ltd. of AC9 Command injection vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via the deviceName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of AC9 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202505-1258 | CVE-2025-44868 | WAVLINK of WL-WN530H4 Command injection vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Wavlink WL-WN530H4 20220801 was found to contain a command injection vulnerability in the ping_test function of the adm.cgi via the pingIp parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. WAVLINK of WL-WN530H4 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. WAVLINK WL-WN530H4 is a high-performance USB wireless network card from WAVLINK, China, that supports 802.11ac dual-band Wi-Fi
| VAR-202505-1362 | CVE-2025-46635 | Shenzhen Tenda Technology Co.,Ltd. of RX2 Pro Access control vulnerabilities in firmware |
CVSS V2: 7.5 CVSS V3: 7.1 Severity: HIGH |
An issue was discovered on Tenda RX2 Pro 16.03.30.14 devices. Improper network isolation between the guest Wi-Fi network and other network interfaces on the router allows an attacker (who is authenticated to the guest Wi-Fi) to access resources on the router and/or resources and devices on other networks hosted by the router by configuring a static IP address (within the non-guest subnet) on their host. Shenzhen Tenda Technology Co.,Ltd. of RX2 Pro Firmware contains an access control vulnerability.Information may be obtained and information may be tampered with. Tenda RX2 Pro is a high-performance WiFi 6 signal amplifier from China's Tenda.
Tenda RX2 Pro 16.03.30.14 version has a security bypass vulnerability that can be exploited by attackers to access routers and other network resources
| VAR-202505-1101 | CVE-2025-46634 | Shenzhen Tenda Technology Co.,Ltd. of RX2 Pro Vulnerability related to plaintext storage of important information in firmware |
CVSS V2: 8.5 CVSS V3: 8.2 Severity: HIGH |
Cleartext transmission of sensitive information in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an unauthenticated attacker to authenticate to the web management portal by collecting credentials from observed/collected traffic. It implements encryption, but not until after the user has transmitted the hash of their password in cleartext. The hash can be replayed to authenticate. Shenzhen Tenda Technology Co.,Ltd. of RX2 Pro The firmware contains a vulnerability related to plaintext storage of sensitive information.Information may be obtained and information may be tampered with. Tenda RX2 Pro is a high-performance WiFi 6 signal amplifier from China's Tenda.
Tenda RX2 Pro has an information leakage vulnerability that can be exploited by attackers to collect credentials for authentication
| VAR-202505-1102 | CVE-2025-46633 | Shenzhen Tenda Technology Co.,Ltd. of RX2 Pro Vulnerability related to plaintext storage of important information in firmware |
CVSS V2: 8.5 CVSS V3: 8.2 Severity: HIGH |
Cleartext transmission of sensitive information in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an attacker to decrypt traffic between the client and server by collecting the symmetric AES key from collected and/or observed traffic. The AES key in sent in cleartext in response to successful authentication. The IV is always EU5H62G9ICGRNI43. Shenzhen Tenda Technology Co.,Ltd. of RX2 Pro The firmware contains a vulnerability related to plaintext storage of sensitive information.Information may be obtained and information may be tampered with. Tenda RX2 Pro is a high-performance WiFi 6 signal amplifier from China's Tenda. Attackers can exploit this vulnerability to decrypt traffic between the client and the server
| VAR-202505-0993 | CVE-2025-46632 | Shenzhen Tenda Technology Co.,Ltd. of RX2 Pro Vulnerability in firmware regarding reuse of cryptographic nonce and key pairs |
CVSS V2: 6.4 CVSS V3: 6.5 Severity: MEDIUM |
Initialization vector (IV) reuse in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an attacker to discern information about or more easily decrypt encrypted messages between client and server. Shenzhen Tenda Technology Co.,Ltd. of RX2 Pro The firmware contains a vulnerability related to the reuse of cryptographic nonce and key pairs.Information may be obtained and information may be tampered with. Tenda RX2 Pro is a high-performance WiFi 6 signal amplifier from China's Tenda.
Tenda RX2 Pro 16.03.30.14 version has an information leakage vulnerability, which can lead to decryption of encrypted messages by attackers
| VAR-202505-1505 | CVE-2025-46631 | Shenzhen Tenda Technology Co.,Ltd. of RX2 Pro Authentication vulnerability in firmware |
CVSS V2: 6.4 CVSS V3: 6.5 Severity: MEDIUM |
Improper access controls in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to enable telnet access to the router's OS by sending a /goform/telnet web request. Shenzhen Tenda Technology Co.,Ltd. of RX2 Pro An authentication vulnerability exists in firmware.Information may be obtained and information may be tampered with. Tenda RX2 Pro is a high-performance WiFi 6 signal amplifier from China's Tenda
| VAR-202505-0994 | CVE-2025-46630 | Shenzhen Tenda Technology Co.,Ltd. of RX2 Pro Authentication vulnerability in firmware |
CVSS V2: 6.4 CVSS V3: 6.5 Severity: MEDIUM |
Improper access controls in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to enable 'ate' (a remote system management binary) by sending a /goform/ate web request. Shenzhen Tenda Technology Co.,Ltd. of RX2 Pro An authentication vulnerability exists in firmware.Information may be obtained and information may be tampered with. Tenda RX2 Pro is a high-performance WiFi 6 signal amplifier from China's Tenda
| VAR-202505-1103 | CVE-2025-46629 | Shenzhen Tenda Technology Co.,Ltd. of RX2 Pro Access control vulnerabilities in firmware |
CVSS V2: 6.4 CVSS V3: 6.5 Severity: MEDIUM |
Lack of access controls in the 'ate' management binary of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to perform unauthorized configuration changes for any router where 'ate' has been enabled by sending a crafted UDP packet. Shenzhen Tenda Technology Co.,Ltd. of RX2 Pro Firmware contains an access control vulnerability.Information may be obtained and information may be tampered with. Tenda RX2 Pro is a high-performance WiFi 6 signal amplifier from China's Tenda. Attackers can exploit this vulnerability to cause unauthorized configuration changes
| VAR-202505-1506 | CVE-2025-46628 | Shenzhen Tenda Technology Co.,Ltd. of RX2 Pro Access control vulnerabilities in firmware |
CVSS V2: 7.5 CVSS V3: 7.3 Severity: HIGH |
Lack of input validation/sanitization in the 'ate' management service in the Tenda RX2 Pro 16.03.30.14 allows an unauthorized remote attacker to gain root shell access to the device by sending a crafted UDP packet to the 'ate' service when it is enabled. Authentication is not needed. Shenzhen Tenda Technology Co.,Ltd. of RX2 Pro Firmware contains an access control vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda RX2 Pro is a high-performance WiFi 6 signal amplifier from China's Tenda. No detailed vulnerability details are currently provided
| VAR-202505-0399 | CVE-2025-46627 | Shenzhen Tenda Technology Co.,Ltd. of RX2 Pro Vulnerability related to insecure storage of sensitive information in firmware |
CVSS V2: 8.5 CVSS V3: 8.2 Severity: HIGH |
Use of weak credentials in the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated attacker to authenticate to the telnet service by calculating the root password based on easily-obtained device information. The password is based on the last two digits/octets of the MAC address. Shenzhen Tenda Technology Co.,Ltd. of RX2 Pro A vulnerability exists in the firmware that involves insecure storage of sensitive information.Information may be obtained and information may be tampered with. Tenda RX2 Pro is a high-performance WiFi 6 signal amplifier from China's Tenda
| VAR-202505-0995 | CVE-2025-46626 | Shenzhen Tenda Technology Co.,Ltd. of RX2 Pro Cryptographic Strength Vulnerability in Firmware |
CVSS V2: 7.5 CVSS V3: 7.3 Severity: HIGH |
Reuse of a static AES key and initialization vector for encrypted traffic to the 'ate' management service of the Tenda RX2 Pro 16.03.30.14 allows an attacker to decrypt, replay, and/or forge traffic to the service. Shenzhen Tenda Technology Co.,Ltd. of RX2 Pro The firmware has a cryptographic strength vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda RX2 Pro is a high-performance WiFi 6 signal amplifier from China's Tenda.
Tenda RX2 Pro 16.03.30.14 version has a security bypass vulnerability that can be exploited by attackers to cause decryption, replay, or forged traffic
| VAR-202505-0400 | CVE-2025-46625 | Shenzhen Tenda Technology Co.,Ltd. of RX2 Pro Command injection vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
Lack of input validation/sanitization in the 'setLanCfg' API endpoint in httpd in the Tenda RX2 Pro 16.03.30.14 allows a remote attacker that is authorized to the web management portal to gain root shell access to the device by sending a crafted web request. This is persistent because the command injection is saved in the configuration of the device. Shenzhen Tenda Technology Co.,Ltd. of RX2 Pro Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda RX2 Pro is a high-performance WiFi 6 signal amplifier from China's Tenda.
Tenda RX2 Pro has an input validation error vulnerability, which stems from the lack of input validation in the setLanCfg API endpoint. Attackers can exploit this vulnerability to gain root shell access
| VAR-202505-1259 | CVE-2025-44867 | Shenzhen Tenda Technology Co.,Ltd. of W20E Command injection vulnerability in firmware |
CVSS V2: 6.5 CVSS V3: 6.3 Severity: MEDIUM |
Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetNetCheckTools function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of W20E Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. No detailed vulnerability details are currently available
| VAR-202505-1515 | CVE-2025-44866 | Shenzhen Tenda Technology Co.,Ltd. of W20E Command injection vulnerability in firmware |
CVSS V2: 6.5 CVSS V3: 6.3 Severity: MEDIUM |
Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the level parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of W20E Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. No detailed vulnerability details are currently available
| VAR-202505-1375 | CVE-2025-44865 | Shenzhen Tenda Technology Co.,Ltd. of W20E Command injection vulnerability in firmware |
CVSS V2: 6.5 CVSS V3: 6.3 Severity: MEDIUM |
Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the enable parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of W20E Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. No detailed vulnerability details are currently available
| VAR-202505-0404 | CVE-2025-44864 | Shenzhen Tenda Technology Co.,Ltd. of W20E Command injection vulnerability in firmware |
CVSS V2: 6.5 CVSS V3: 6.3 Severity: MEDIUM |
Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the module parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of W20E Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. No detailed vulnerability details are currently available
| VAR-202505-0753 | CVE-2025-44863 | TOTOLINK of CA300-PoE Command injection vulnerability in firmware |
CVSS V2: 6.4 CVSS V3: 6.5 Severity: MEDIUM |
TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the msg_process function via the Url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. TOTOLINK CA300-PoE is a wireless access point of China's Jiong Electronics (TOTOLINK) company