VARIoT IoT vulnerabilities database
| VAR-202504-4132 | CVE-2025-22883 | Delta Electronics, INC. of ISPSoft Out-of-bounds write vulnerability in |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file. Delta Electronics, INC. of ISPSoft Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202504-3704 | CVE-2025-22882 | Delta Electronics, INC. of ISPSoft Out-of-bounds write vulnerability in |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to leverage debugging logic to execute arbitrary code when parsing CBDGL file. Delta Electronics, INC. of ISPSoft Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202504-3237 | CVE-2025-4007 | Shenzhen Tenda Technology Co.,Ltd. of W12 firmware and i24 Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability classified as critical was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). Affected by this vulnerability is the function cgidhcpsCfgSet of the file /goform/modules of the component httpd. The manipulation of the argument json leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of W12 firmware and i24 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the failure of the parameter json in /goform/modules to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202504-3238 | CVE-2025-3996 | TOTOLINK of N150RT Cross-site scripting vulnerability in firmware |
CVSS V2: 3.3 CVSS V3: 2.4 Severity: Medium |
A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /home.htm of the component MAC Filtering Page. The manipulation of the argument Comment leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of N150RT The firmware contains cross-site scripting and code injection vulnerabilities.Information may be obtained and information may be tampered with. TOTOLINK N150RT is a high-power wireless router device.
TOTOLINK N150RT has a cross-site scripting vulnerability, which originates from the parameter Comment in the file /home.htm. No detailed vulnerability details are provided at present
| VAR-202504-3292 | CVE-2025-3995 | TOTOLINK of N150RT Cross-site scripting vulnerability in firmware |
CVSS V2: 3.3 CVSS V3: 2.4 Severity: Medium |
A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /boafrm/fromStaticDHCP of the component LAN Settings Page. The manipulation of the argument Hostname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of N150RT The firmware contains cross-site scripting and code injection vulnerabilities.Information may be tampered with. TOTOLINK N150RT is a wireless router from China's TOTOLINK Electronics.
There is a cross-site scripting vulnerability in the 3.4.0-B20190525 version of TOTOLINK N150RT. Attackers can exploit this vulnerability to execute arbitrary web scripts or HTML by injecting carefully crafted payloads
| VAR-202504-3211 | CVE-2025-3994 | TOTOLINK of N150RT Cross-site scripting vulnerability in firmware |
CVSS V2: 3.3 CVSS V3: 2.4 Severity: Medium |
A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been classified as problematic. Affected is an unknown function of the file /home.htm of the component IP Port Filtering. The manipulation of the argument Comment leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of N150RT The firmware contains cross-site scripting and code injection vulnerabilities.Information may be tampered with. TOTOLINK N150RT is a wireless router from China's TOTOLINK Electronics.
TOTOLINK N150RT 3.4.0-B20190525 version has a cross-site scripting vulnerability. Attackers can exploit this vulnerability to execute arbitrary web scripts or HTML by injecting carefully crafted payloads
| VAR-202504-3432 | CVE-2025-3993 | TOTOLINK of N150RT Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525 and classified as critical. This issue affects some unknown processing of the file /boafrm/formWsc. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of N150RT The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N150RT is a wireless router produced by TOTOLINK.
TOTOLINK N150RT has a buffer overflow vulnerability, which is caused by improper processing of the parameter submit-url in the file /boafrm/formWsc. No detailed vulnerability details are provided at present
| VAR-202504-3212 | CVE-2025-3992 | TOTOLINK of N150RT Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability has been found in TOTOLINK N150RT 3.4.0-B20190525 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formWlwds. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of N150RT The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N150RT is a wireless router produced by China's TOTOLINK Electronics Company. The vulnerability is caused by the failure of the parameter submit-url in the file /boafrm/formWlwds to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202504-3196 | CVE-2025-3991 | TOTOLINK of N150RT Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability, which was classified as critical, was found in TOTOLINK N150RT 3.4.0-B20190525. This affects an unknown part of the file /boafrm/formWdsEncrypt. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of N150RT The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N150RT is a wireless router produced by China's TOTOLINK Electronics. The vulnerability is caused by the failure of the submit-url parameter in the file /boafrm/formWdsEncrypt to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202504-3430 | CVE-2025-3990 | TOTOLINK of N150RT Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability, which was classified as critical, has been found in TOTOLINK N150RT 3.4.0-B20190525. Affected by this issue is some unknown functionality of the file /boafrm/formVlan. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of N150RT The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N150RT is a wireless router produced by China's TOTOLINK Electronics. The vulnerability is caused by the parameter submit-url in the file /boafrm/formVlan failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202504-3229 | CVE-2025-3989 | TOTOLINK of N150RT Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability classified as critical was found in TOTOLINK N150RT 3.4.0-B20190525. Affected by this vulnerability is an unknown functionality of the file /boafrm/formStaticDHCP. The manipulation of the argument Hostname leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of N150RT The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N150RT is a wireless router produced by China's TOTOLINK Electronics. The vulnerability is caused by the failure of the parameter Hostname in the file /boafrm/formStaticDHCP to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202504-3339 | CVE-2025-3988 | TOTOLINK of N150RT Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability classified as critical has been found in TOTOLINK N150RT 3.4.0-B20190525. Affected is an unknown function of the file /boafrm/formPortFw. The manipulation of the argument service_type leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of N150RT The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N150RT is a wireless router from China's TOTOLINK Electronics.
TOTOLINK N150RT has a buffer overflow vulnerability, which is caused by the parameter service_type in the file /boafrm/formPortFw failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202504-3319 | CVE-2025-3987 | TOTOLINK of N150RT Injection Vulnerability in Firmware |
CVSS V2: 6.5 CVSS V3: 6.3 Severity: Medium |
A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been rated as critical. This issue affects some unknown processing of the file /boafrm/formWsc. The manipulation of the argument localPin leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of N150RT The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N150RT is a wireless router from China's TOTOLINK Electronics.
TOTOLINK N150RT has a command injection vulnerability, which is caused by the failure of the localPin parameter in the file /boafrm/formWsc to properly filter special characters and commands in the constructed command. No detailed vulnerability details are currently provided
| VAR-202504-3639 | No CVE | B-LINK RouterB-LINK Router has a logic flaw vulnerability |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
B-LINK Router is a network device, mainly used for network connection and data forwarding.
B-LINK Router has a logic flaw vulnerability, which can be exploited by attackers to reset account passwords.
| VAR-202504-3723 | No CVE | Hollysys Technology Group Co., Ltd. LE5118 programmable logic controller has a denial of service vulnerability |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
HollySys Technology Group Co., Ltd. is a high-tech enterprise group mainly engaged in automation control system platforms and industry solutions.
HollySys Technology Group Co., Ltd. LE5118 programmable logic controller has a denial of service vulnerability, which can be exploited by attackers to cause denial of service.
| VAR-202504-3642 | No CVE | HP LaserJet MFP M132nw of HP Trading (Shanghai) Co., Ltd. has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
HP LaserJet MFP M132nw is a black and white laser multifunction printer, mainly used for printing, copying and scanning.
HP LaserJet MFP M132nw of HP Trading (Shanghai) Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202504-3799 | No CVE | TP-Link Technologies Co., Ltd. TL-IPC43AN-4GY PTZ IP Camera Has a Denial of Service Vulnerability |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
TP-Link Technologies Co., Ltd. is a leading global supplier of network communication equipment, mainly providing network communication equipment and solutions.
TP-Link Technologies Co., Ltd. TL-IPC43AN-4GY PTZ network camera has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.
| VAR-202504-3641 | No CVE | Sony (China) Co., Ltd. SONY SNC-CH260 camera has unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Sony (China) Co., Ltd. is a company engaged in investment, product marketing, customer after-sales service contact, etc. in the electronic information industry.
Sony (China) Co., Ltd. SONY SNC-CH260 camera has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202504-3567 | No CVE | Emerson Electric (China) Investment Co., Ltd. Emerson DCS DeltaV MQ Controller has a denial of service vulnerability |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
Emerson Electric (China) Investment Co., Ltd. is a global technology and engineering company.
Emerson DCS DeltaV MQ Controller of Emerson Electric (China) Investment Co., Ltd. has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.
| VAR-202504-3640 | No CVE | HP OfficeJet Pro 8740 has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
HP OfficeJet Pro 8740 is a multi-function printer with multiple functions such as printing, copying, scanning and faxing.
HP OfficeJet Pro 8740 of HP Trading (Shanghai) Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.