VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202504-4132 CVE-2025-22883 Delta Electronics, INC.  of  ISPSoft  Out-of-bounds write vulnerability in CVSS V2: 7.2
CVSS V3: 7.8
Severity: HIGH
Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file. Delta Electronics, INC. of ISPSoft Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202504-3704 CVE-2025-22882 Delta Electronics, INC.  of  ISPSoft  Out-of-bounds write vulnerability in CVSS V2: 7.2
CVSS V3: 7.8
Severity: HIGH
Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to leverage debugging logic to execute arbitrary code when parsing CBDGL file. Delta Electronics, INC. of ISPSoft Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202504-3237 CVE-2025-4007 Shenzhen Tenda Technology Co.,Ltd.  of  W12  firmware and  i24  Buffer error vulnerability in firmware CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability classified as critical was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). Affected by this vulnerability is the function cgidhcpsCfgSet of the file /goform/modules of the component httpd. The manipulation of the argument json leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of W12 firmware and i24 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the failure of the parameter json in /goform/modules to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
VAR-202504-3238 CVE-2025-3996 TOTOLINK  of  N150RT  Cross-site scripting vulnerability in firmware CVSS V2: 3.3
CVSS V3: 2.4
Severity: Medium
A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /home.htm of the component MAC Filtering Page. The manipulation of the argument Comment leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of N150RT The firmware contains cross-site scripting and code injection vulnerabilities.Information may be obtained and information may be tampered with. TOTOLINK N150RT is a high-power wireless router device. TOTOLINK N150RT has a cross-site scripting vulnerability, which originates from the parameter Comment in the file /home.htm. No detailed vulnerability details are provided at present
VAR-202504-3292 CVE-2025-3995 TOTOLINK  of  N150RT  Cross-site scripting vulnerability in firmware CVSS V2: 3.3
CVSS V3: 2.4
Severity: Medium
A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /boafrm/fromStaticDHCP of the component LAN Settings Page. The manipulation of the argument Hostname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of N150RT The firmware contains cross-site scripting and code injection vulnerabilities.Information may be tampered with. TOTOLINK N150RT is a wireless router from China's TOTOLINK Electronics. There is a cross-site scripting vulnerability in the 3.4.0-B20190525 version of TOTOLINK N150RT. Attackers can exploit this vulnerability to execute arbitrary web scripts or HTML by injecting carefully crafted payloads
VAR-202504-3211 CVE-2025-3994 TOTOLINK  of  N150RT  Cross-site scripting vulnerability in firmware CVSS V2: 3.3
CVSS V3: 2.4
Severity: Medium
A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been classified as problematic. Affected is an unknown function of the file /home.htm of the component IP Port Filtering. The manipulation of the argument Comment leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of N150RT The firmware contains cross-site scripting and code injection vulnerabilities.Information may be tampered with. TOTOLINK N150RT is a wireless router from China's TOTOLINK Electronics. TOTOLINK N150RT 3.4.0-B20190525 version has a cross-site scripting vulnerability. Attackers can exploit this vulnerability to execute arbitrary web scripts or HTML by injecting carefully crafted payloads
VAR-202504-3432 CVE-2025-3993 TOTOLINK  of  N150RT  Buffer error vulnerability in firmware CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525 and classified as critical. This issue affects some unknown processing of the file /boafrm/formWsc. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of N150RT The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N150RT is a wireless router produced by TOTOLINK. TOTOLINK N150RT has a buffer overflow vulnerability, which is caused by improper processing of the parameter submit-url in the file /boafrm/formWsc. No detailed vulnerability details are provided at present
VAR-202504-3212 CVE-2025-3992 TOTOLINK  of  N150RT  Buffer error vulnerability in firmware CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability has been found in TOTOLINK N150RT 3.4.0-B20190525 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formWlwds. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of N150RT The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N150RT is a wireless router produced by China's TOTOLINK Electronics Company. The vulnerability is caused by the failure of the parameter submit-url in the file /boafrm/formWlwds to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
VAR-202504-3196 CVE-2025-3991 TOTOLINK  of  N150RT  Buffer error vulnerability in firmware CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability, which was classified as critical, was found in TOTOLINK N150RT 3.4.0-B20190525. This affects an unknown part of the file /boafrm/formWdsEncrypt. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of N150RT The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N150RT is a wireless router produced by China's TOTOLINK Electronics. The vulnerability is caused by the failure of the submit-url parameter in the file /boafrm/formWdsEncrypt to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
VAR-202504-3430 CVE-2025-3990 TOTOLINK  of  N150RT  Buffer error vulnerability in firmware CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability, which was classified as critical, has been found in TOTOLINK N150RT 3.4.0-B20190525. Affected by this issue is some unknown functionality of the file /boafrm/formVlan. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of N150RT The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N150RT is a wireless router produced by China's TOTOLINK Electronics. The vulnerability is caused by the parameter submit-url in the file /boafrm/formVlan failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
VAR-202504-3229 CVE-2025-3989 TOTOLINK  of  N150RT  Buffer error vulnerability in firmware CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability classified as critical was found in TOTOLINK N150RT 3.4.0-B20190525. Affected by this vulnerability is an unknown functionality of the file /boafrm/formStaticDHCP. The manipulation of the argument Hostname leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of N150RT The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N150RT is a wireless router produced by China's TOTOLINK Electronics. The vulnerability is caused by the failure of the parameter Hostname in the file /boafrm/formStaticDHCP to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
VAR-202504-3339 CVE-2025-3988 TOTOLINK  of  N150RT  Buffer error vulnerability in firmware CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability classified as critical has been found in TOTOLINK N150RT 3.4.0-B20190525. Affected is an unknown function of the file /boafrm/formPortFw. The manipulation of the argument service_type leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of N150RT The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N150RT is a wireless router from China's TOTOLINK Electronics. TOTOLINK N150RT has a buffer overflow vulnerability, which is caused by the parameter service_type in the file /boafrm/formPortFw failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
VAR-202504-3319 CVE-2025-3987 TOTOLINK  of  N150RT  Injection Vulnerability in Firmware CVSS V2: 6.5
CVSS V3: 6.3
Severity: Medium
A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been rated as critical. This issue affects some unknown processing of the file /boafrm/formWsc. The manipulation of the argument localPin leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of N150RT The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N150RT is a wireless router from China's TOTOLINK Electronics. TOTOLINK N150RT has a command injection vulnerability, which is caused by the failure of the localPin parameter in the file /boafrm/formWsc to properly filter special characters and commands in the constructed command. No detailed vulnerability details are currently provided
VAR-202504-3639 No CVE B-LINK RouterB-LINK Router has a logic flaw vulnerability CVSS V2: 6.4
CVSS V3: -
Severity: MEDIUM
B-LINK Router is a network device, mainly used for network connection and data forwarding. B-LINK Router has a logic flaw vulnerability, which can be exploited by attackers to reset account passwords.
VAR-202504-3723 No CVE Hollysys Technology Group Co., Ltd. LE5118 programmable logic controller has a denial of service vulnerability CVSS V2: 6.1
CVSS V3: -
Severity: MEDIUM
‌HollySys Technology Group Co., Ltd. is a high-tech enterprise group mainly engaged in automation control system platforms and industry solutions‌. HollySys Technology Group Co., Ltd. LE5118 programmable logic controller has a denial of service vulnerability, which can be exploited by attackers to cause denial of service.
VAR-202504-3642 No CVE HP LaserJet MFP M132nw of HP Trading (Shanghai) Co., Ltd. has a weak password vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
HP LaserJet MFP M132nw is a black and white laser multifunction printer, mainly used for printing, copying and scanning. ‌ HP LaserJet MFP M132nw of HP Trading (Shanghai) Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
VAR-202504-3799 No CVE TP-Link Technologies Co., Ltd. TL-IPC43AN-4GY PTZ IP Camera Has a Denial of Service Vulnerability CVSS V2: 6.1
CVSS V3: -
Severity: MEDIUM
TP-Link Technologies Co., Ltd. is a leading global supplier of network communication equipment, mainly providing network communication equipment and solutions. TP-Link Technologies Co., Ltd. TL-IPC43AN-4GY PTZ network camera has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.
VAR-202504-3641 No CVE Sony (China) Co., Ltd. SONY SNC-CH260 camera has unauthorized access vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Sony (China) Co., Ltd. is a company engaged in investment, product marketing, customer after-sales service contact, etc. in the electronic information industry. Sony (China) Co., Ltd. SONY SNC-CH260 camera has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
VAR-202504-3567 No CVE Emerson Electric (China) Investment Co., Ltd. Emerson DCS DeltaV MQ Controller has a denial of service vulnerability CVSS V2: 6.1
CVSS V3: -
Severity: MEDIUM
Emerson Electric (China) Investment Co., Ltd. is a global technology and engineering company. Emerson DCS DeltaV MQ Controller of Emerson Electric (China) Investment Co., Ltd. has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.
VAR-202504-3640 No CVE HP OfficeJet Pro 8740 has weak password vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
HP OfficeJet Pro 8740 is a multi-function printer with multiple functions such as printing, copying, scanning and faxing. HP OfficeJet Pro 8740 of HP Trading (Shanghai) Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.