VARIoT IoT vulnerabilities database
| VAR-202505-0004 | CVE-2025-4148 | of netgear EX6200 Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was found in Netgear EX6200 1.0.3.94 and classified as critical. Affected by this issue is the function sub_503FC. The manipulation of the argument host leads to buffer overflow. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. of netgear EX6200 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR EX6200 is a wireless network signal extender from NETGEAR. The vulnerability is caused by the sub_503FC function parameter host failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202505-0005 | CVE-2025-4147 | of netgear EX6200 Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability has been found in Netgear EX6200 1.0.3.94 and classified as critical. Affected by this vulnerability is the function sub_47F7C. The manipulation of the argument host leads to buffer overflow. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. of netgear EX6200 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR EX6200 is a wireless network signal extender from NETGEAR. The vulnerability is caused by the sub_47F7C function parameter host failing to correctly verify the length of the input data. Attackers can use this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202505-0010 | CVE-2025-4146 | of netgear EX6200 Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability, which was classified as critical, was found in Netgear EX6200 1.0.3.94. Affected is the function sub_41940. The manipulation of the argument host leads to buffer overflow. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. of netgear EX6200 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR EX6200 is a wireless network signal extender from NETGEAR. The vulnerability is caused by the sub_41940 function parameter host failing to correctly verify the length of the input data. Attackers can use this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202505-0014 | CVE-2025-4145 | of netgear EX6200 Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability, which was classified as critical, has been found in Netgear EX6200 1.0.3.94. This issue affects the function sub_3D0BC. The manipulation of the argument host leads to buffer overflow. The attack may be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way. of netgear EX6200 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR EX6200 is a wireless network signal extender from NETGEAR. The vulnerability is caused by the sub_3D0BC function parameter host failing to correctly verify the length of the input data. Attackers can use this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202504-3428 | CVE-2025-4142 | of netgear EX6200 Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability has been found in Netgear EX6200 1.0.3.94 and classified as critical. This vulnerability affects the function sub_3C8EC. The manipulation of the argument host leads to buffer overflow. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way. of netgear EX6200 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR EX6200 is a wireless network signal extender from NETGEAR. The vulnerability is caused by the sub_3C8EC function parameter host failing to correctly verify the length of the input data. Attackers can use this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202504-3412 | CVE-2025-4141 | of netgear EX6200 Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability, which was classified as critical, was found in Netgear EX6200 1.0.3.94. This affects the function sub_3C03C. The manipulation of the argument host leads to buffer overflow. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. of netgear EX6200 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR EX6200 is a wireless network signal extender from NETGEAR. The vulnerability is caused by the sub_3C03C function parameter host failing to correctly verify the length of the input data. Attackers can use this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202504-3391 | CVE-2025-4140 | of netgear EX6120 Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability, which was classified as critical, has been found in Netgear EX6120 1.0.3.94. Affected by this issue is the function sub_30394. The manipulation of the argument host leads to buffer overflow. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. of netgear EX6120 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR EX6120 is a wireless extender from NETGEAR. The vulnerability is caused by the sub_30394 function parameter host failing to correctly verify the length of the input data. Attackers can use this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202504-3413 | CVE-2025-4139 | of netgear EX6120 Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability classified as critical was found in Netgear EX6120 1.0.0.68. Affected by this vulnerability is the function fwAcosCgiInbound. The manipulation of the argument host leads to buffer overflow. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. of netgear EX6120 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR EX6120 is a wireless extender from NETGEAR. The vulnerability is caused by the failure of the parameter host of the fwAcosCgiInbound function to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202504-3999 | CVE-2025-2170 | SonicWALL of SMA1000 Server-side request forgery vulnerability in firmware |
CVSS V2: - CVSS V3: 7.2 Severity: HIGH |
A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface, which in specific conditions could potentially enable a remote unauthenticated attacker to cause the appliance to make requests to an unintended location. SonicWALL of SMA1000 A server-side request forgery vulnerability exists in the firmware.Information may be obtained and information may be tampered with
| VAR-202504-3377 | CVE-2025-4135 | of netgear wg302v2 Injection Vulnerability in Firmware |
CVSS V2: 6.5 CVSS V3: 6.3 Severity: Medium |
A vulnerability was found in Netgear WG302v2 up to 5.2.9 and classified as critical. Affected by this issue is the function ui_get_input_value. The manipulation of the argument host leads to command injection. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. of netgear wg302v2 The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR WG302v2 is a wireless access point from NETGEAR.
NETGEAR WG302v2 has a command injection vulnerability, which is caused by the failure of the ui_get_input_value function parameter host to properly filter special characters and commands in constructing commands. No detailed vulnerability details are currently available
| VAR-202504-3406 | CVE-2025-4122 | of netgear jwnr2000v2 Injection Vulnerability in Firmware |
CVSS V2: 6.5 CVSS V3: 6.3 Severity: Medium |
A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been rated as critical. Affected by this issue is the function sub_435E04. The manipulation of the argument host leads to command injection. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. of netgear jwnr2000v2 The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state.
NETGEAR JWNR2000v2 has a command injection vulnerability, which is caused by the sub_435E04 function parameter host failing to properly filter special characters and commands in the constructed command. No detailed vulnerability details are currently available
| VAR-202504-3331 | CVE-2025-4121 | of netgear jwnr2000v2 Injection Vulnerability in Firmware |
CVSS V2: 6.5 CVSS V3: 6.3 Severity: Medium |
A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been declared as critical. Affected by this vulnerability is the function cmd_wireless. The manipulation of the argument host leads to command injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. of netgear jwnr2000v2 The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state.
NETGEAR JWNR2000v2 has a command injection vulnerability, which is caused by the cmd_wireless function parameter host failing to properly filter special characters and commands in the constructed command. No detailed vulnerability details are currently available
| VAR-202504-3267 | CVE-2025-4120 | of netgear jwnr2000v2 Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been classified as critical. Affected is the function sub_4238E8. The manipulation of the argument host leads to buffer overflow. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. of netgear jwnr2000v2 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the failure of the parameter host of the sub_4238E8 function to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202504-3268 | CVE-2025-4117 | of netgear JWNR2000 Buffer error vulnerability in firmware |
CVSS V2: 5.2 CVSS V3: 5.5 Severity: Medium |
A vulnerability, which was classified as critical, was found in Netgear JWNR2000v2 1.0.0.11. This affects the function sub_41A914. The manipulation of the argument host leads to buffer overflow. The vendor was contacted early about this disclosure but did not respond in any way. of netgear JWNR2000 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR JWNR2000v2 is a wireless router from NETGEAR. The vulnerability is caused by the sub_41A914 function parameter host failing to correctly verify the length of the input data. No detailed vulnerability details are currently provided
| VAR-202504-3252 | CVE-2025-4116 | of netgear JWNR2000 Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability, which was classified as critical, has been found in Netgear JWNR2000v2 1.0.0.11. Affected by this issue is the function get_cur_lang_ver. The manipulation of the argument host leads to buffer overflow. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. of netgear JWNR2000 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR JWNR2000v2 is a wireless router from NETGEAR. The vulnerability is caused by the parameter host of the get_cur_lang_ver function failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202504-3302 | CVE-2025-4115 | of netgear JWNR2000 Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability classified as critical was found in Netgear JWNR2000v2 1.0.0.11. Affected by this vulnerability is the function default_version_is_new. The manipulation of the argument host leads to buffer overflow. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. of netgear JWNR2000 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR JWNR2000v2 is a wireless router from NETGEAR. The vulnerability is caused by the default_version_is_new function parameter host failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202504-3332 | CVE-2025-4114 | of netgear JWNR2000 Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability classified as critical has been found in Netgear JWNR2000v2 1.0.0.11. Affected is the function check_language_file. The manipulation of the argument host leads to buffer overflow. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. of netgear JWNR2000 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR JWNR2000v2 is a wireless router from NETGEAR. The vulnerability is caused by the fact that the parameter host of the check_language_file function fails to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202504-3673 | CVE-2025-4125 | Delta Electronics, INC. of ISPSoft Out-of-bounds write vulnerability in |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file. Delta Electronics, INC. of ISPSoft Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202504-3892 | CVE-2025-4124 | Delta Electronics, INC. of ISPSoft Out-of-bounds write vulnerability in |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file. Delta Electronics, INC. of ISPSoft Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202504-4192 | CVE-2025-22884 | Delta Electronics, INC. of ISPSoft Out-of-bounds write vulnerability in |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file. Delta Electronics, INC. of ISPSoft Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state