VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202504-3524 No CVE Beijing Yakong Technology Development Co., Ltd. KingH5Stream has an unauthorized access vulnerability (CNVD-2024-33960) CVSS V2: 3.6
CVSS V3: -
Severity: LOW
Beijing Yakong Technology Development Co., Ltd. is a high-tech enterprise of industrial automation and information software platform, focusing on independent research and development, marketing and service of domestic industrial software. Beijing Yakong Technology Development Co., Ltd. KingH5Stream has an unauthorized access vulnerability, which can be exploited by attackers to add/delete users beyond their authority.
VAR-202504-3437 CVE-2025-31324 SAP  of  SAP NetWeaver  Vulnerability in unlimited upload of dangerous types of files in CVSS V2: -
CVSS V3: 10.0
Severity: CRITICAL
SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system. SAP of SAP NetWeaver Contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202504-3731 No CVE Brother MFC-L2713DW has weak password vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Brother MFC-L2713DW is a multifunction laser printer with printing, copying, scanning and faxing functions. Brother MFC-L2713DW has a weak password vulnerability that can be exploited by attackers to obtain sensitive information.
VAR-202504-4086 No CVE Fuji Xerox (China) Co., Ltd. DocuCentre-IV 2060 has a weak password vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
DocuCentre-IV 2060 is a medium-speed digital multifunction printer with main functions including copying, printing and scanning. Fuji Xerox (China) Co., Ltd. DocuCentre-IV 2060 has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
VAR-202504-3806 No CVE Brother MFC-J491DW has weak password vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Brother MFC-J491DW is a multi-function color inkjet printer suitable for various office and personal use scenarios. Brother MFC-J491DW has a weak password vulnerability that can be exploited by attackers to obtain sensitive information.
VAR-202504-3805 No CVE D-Link DCS-960L has binary vulnerability CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
D-Link DCS-960L is a network camera product of China's D-Link company. D-Link DCS-960L has a binary vulnerability that can be exploited by attackers to cause a denial of service.
VAR-202504-3507 No CVE Mosa Technology (Shanghai) Co., Ltd. OnCell_3120-LTE-1 has a weak password vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
OnCell 3120-LTE-1 is a low-power LTE modem that supports the world's advanced LTE Cat 1 technology. Mosa Technology (Shanghai) Co., Ltd. OnCell_3120-LTE-1 has a weak password vulnerability that can be exploited by attackers to obtain sensitive information.
VAR-202504-3876 No CVE HP LaserJet Pro MFP 3101-3108 of HP Trading (Shanghai) Co., Ltd. has a command execution vulnerability CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
HP LaserJet Pro MFP 3101-3108 is a multi-function laser printer that supports printing, copying, and scanning functions, suitable for small and medium-sized enterprises and office environments. ‌ HP LaserJet Pro MFP 3101-3108 of HP Trading (Shanghai) Co., Ltd. has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.
VAR-202504-4149 No CVE BWS Systems HA Bridge has an unauthorized access vulnerability CVSS V2: 6.4
CVSS V3: -
Severity: MEDIUM
HA Bridge is a gateway product of BWS Systems. BWS Systems HA Bridge has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information.
VAR-202504-3509 No CVE HP LaserJet Pro MFP 4101 of HP Trading (Shanghai) Co., Ltd. has a command execution vulnerability CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
HP LaserJet Pro MFP 4101 is a multi-function laser printer that integrates printing, copying, scanning and faxing functions, suitable for office use. HP LaserJet Pro MFP 4101 of HP Trading (Shanghai) Co., Ltd. has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.
VAR-202504-3647 No CVE Fuji Xerox (China) Co., Ltd. Xerox® VersaLink® B7030 MFP has a weak password vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Xerox® VersaLink® B7030 MFP is a multi-function printer with multiple functions and performance features. Fuji Xerox (China) Co., Ltd. Xerox® VersaLink® B7030 MFP has a weak password vulnerability that can be exploited by attackers to obtain sensitive information.
VAR-202504-3450 CVE-2025-28028 plural  TOTOLINK  Classic buffer overflow vulnerability in the product CVSS V2: -
CVSS V3: 7.3
Severity: HIGH
TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in downloadFile.cgi through the v5 parameter. A830R firmware, a950rg firmware, A3000RU firmware etc. TOTOLINK The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202504-3438 CVE-2025-28025 plural  TOTOLINK  Classic buffer overflow vulnerability in the product CVSS V2: -
CVSS V3: 7.3
Severity: HIGH
TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in downloadFile.cgi through the v14 parameter. A830R firmware, a950rg firmware, A3000RU firmware etc. TOTOLINK The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202504-3436 CVE-2025-28022 TOTOLINK  of  A810R  Classic buffer overflow vulnerability in firmware CVSS V2: 7.5
CVSS V3: 7.3
Severity: HIGH
TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v25 parameter. TOTOLINK of A810R Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A810R is a wireless dual-band router from China's TOTOLINK Electronics. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
VAR-202504-3476 CVE-2025-28021 TOTOLINK  of  A810R  Classic buffer overflow vulnerability in firmware CVSS V2: 7.5
CVSS V3: 7.3
Severity: HIGH
TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in the downloadFile.cgi through the v14 and v3 parameters. TOTOLINK of A810R Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A810R is a wireless dual-band router from China's TOTOLINK Electronics. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
VAR-202504-3463 CVE-2025-28020 TOTOLINK  of  a800r  Classic buffer overflow vulnerability in firmware CVSS V2: 7.5
CVSS V3: 7.3
Severity: HIGH
TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v25 parameter. TOTOLINK of a800r Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A800R is a wireless router from China's TOTOLINK Electronics. The vulnerability is caused by the failure of the v25 parameter in downloadFile.cgi to correctly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack
VAR-202504-3455 CVE-2025-28019 TOTOLINK  of  a800r  Classic buffer overflow vulnerability in firmware CVSS V2: 7.5
CVSS V3: 7.3
Severity: HIGH
TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in the downloadFile.cgi component. TOTOLINK of a800r Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A800R is a wireless router from China's TOTOLINK Electronics. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
VAR-202504-3472 CVE-2025-28018 TOTOLINK  of  a800r  Classic buffer overflow vulnerability in firmware CVSS V2: 7.5
CVSS V3: 7.3
Severity: HIGH
TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v14 parameter. TOTOLINK of a800r Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A800R is a wireless router from China's TOTOLINK Electronics. The vulnerability is caused by the failure of the v14 parameter in downloadFile.cgi to correctly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
VAR-202504-3444 CVE-2025-28017 TOTOLINK  of  a800r  Command injection vulnerability in firmware CVSS V2: 6.4
CVSS V3: 6.5
Severity: MEDIUM
TOTOLINK A800R V4.1.2cu.5032_B20200408 is vulnerable to Command Injection in downloadFile.cgi via the QUERY_STRING parameter. TOTOLINK of a800r Firmware contains a command injection vulnerability.Information may be obtained and information may be tampered with. TOTOLINK A800R is a wireless router from China's TOTOLINK Electronics. No detailed vulnerability details are currently provided
VAR-202504-3441 CVE-2025-45429 Shenzhen Tenda Technology Co.,Ltd.  of  AC9  Stack-based buffer overflow vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
In the Tenda ac9 v1.0 router with firmware V15.03.05.14_multi, there is a stack overflow vulnerability in /goform/WifiWpsStart, which may lead to remote arbitrary code execution. Shenzhen Tenda Technology Co.,Ltd. of AC9 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC9 has a buffer overflow vulnerability, which is caused by /goform/WifiWpsStart failing to properly verify the length of input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service