VARIoT IoT vulnerabilities database
| VAR-202504-3524 | No CVE | Beijing Yakong Technology Development Co., Ltd. KingH5Stream has an unauthorized access vulnerability (CNVD-2024-33960) |
CVSS V2: 3.6 CVSS V3: - Severity: LOW |
Beijing Yakong Technology Development Co., Ltd. is a high-tech enterprise of industrial automation and information software platform, focusing on independent research and development, marketing and service of domestic industrial software.
Beijing Yakong Technology Development Co., Ltd. KingH5Stream has an unauthorized access vulnerability, which can be exploited by attackers to add/delete users beyond their authority.
| VAR-202504-3437 | CVE-2025-31324 | SAP of SAP NetWeaver Vulnerability in unlimited upload of dangerous types of files in |
CVSS V2: - CVSS V3: 10.0 Severity: CRITICAL |
SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system. SAP of SAP NetWeaver Contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202504-3731 | No CVE | Brother MFC-L2713DW has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Brother MFC-L2713DW is a multifunction laser printer with printing, copying, scanning and faxing functions.
Brother MFC-L2713DW has a weak password vulnerability that can be exploited by attackers to obtain sensitive information.
| VAR-202504-4086 | No CVE | Fuji Xerox (China) Co., Ltd. DocuCentre-IV 2060 has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
DocuCentre-IV 2060 is a medium-speed digital multifunction printer with main functions including copying, printing and scanning.
Fuji Xerox (China) Co., Ltd. DocuCentre-IV 2060 has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202504-3806 | No CVE | Brother MFC-J491DW has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Brother MFC-J491DW is a multi-function color inkjet printer suitable for various office and personal use scenarios.
Brother MFC-J491DW has a weak password vulnerability that can be exploited by attackers to obtain sensitive information.
| VAR-202504-3805 | No CVE | D-Link DCS-960L has binary vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
D-Link DCS-960L is a network camera product of China's D-Link company.
D-Link DCS-960L has a binary vulnerability that can be exploited by attackers to cause a denial of service.
| VAR-202504-3507 | No CVE | Mosa Technology (Shanghai) Co., Ltd. OnCell_3120-LTE-1 has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
OnCell 3120-LTE-1 is a low-power LTE modem that supports the world's advanced LTE Cat 1 technology.
Mosa Technology (Shanghai) Co., Ltd. OnCell_3120-LTE-1 has a weak password vulnerability that can be exploited by attackers to obtain sensitive information.
| VAR-202504-3876 | No CVE | HP LaserJet Pro MFP 3101-3108 of HP Trading (Shanghai) Co., Ltd. has a command execution vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
HP LaserJet Pro MFP 3101-3108 is a multi-function laser printer that supports printing, copying, and scanning functions, suitable for small and medium-sized enterprises and office environments.
HP LaserJet Pro MFP 3101-3108 of HP Trading (Shanghai) Co., Ltd. has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.
| VAR-202504-4149 | No CVE | BWS Systems HA Bridge has an unauthorized access vulnerability |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
HA Bridge is a gateway product of BWS Systems.
BWS Systems HA Bridge has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information.
| VAR-202504-3509 | No CVE | HP LaserJet Pro MFP 4101 of HP Trading (Shanghai) Co., Ltd. has a command execution vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
HP LaserJet Pro MFP 4101 is a multi-function laser printer that integrates printing, copying, scanning and faxing functions, suitable for office use.
HP LaserJet Pro MFP 4101 of HP Trading (Shanghai) Co., Ltd. has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.
| VAR-202504-3647 | No CVE | Fuji Xerox (China) Co., Ltd. Xerox® VersaLink® B7030 MFP has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Xerox® VersaLink® B7030 MFP is a multi-function printer with multiple functions and performance features.
Fuji Xerox (China) Co., Ltd. Xerox® VersaLink® B7030 MFP has a weak password vulnerability that can be exploited by attackers to obtain sensitive information.
| VAR-202504-3450 | CVE-2025-28028 | plural TOTOLINK Classic buffer overflow vulnerability in the product |
CVSS V2: - CVSS V3: 7.3 Severity: HIGH |
TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in downloadFile.cgi through the v5 parameter. A830R firmware, a950rg firmware, A3000RU firmware etc. TOTOLINK The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202504-3438 | CVE-2025-28025 | plural TOTOLINK Classic buffer overflow vulnerability in the product |
CVSS V2: - CVSS V3: 7.3 Severity: HIGH |
TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in downloadFile.cgi through the v14 parameter. A830R firmware, a950rg firmware, A3000RU firmware etc. TOTOLINK The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202504-3436 | CVE-2025-28022 | TOTOLINK of A810R Classic buffer overflow vulnerability in firmware |
CVSS V2: 7.5 CVSS V3: 7.3 Severity: HIGH |
TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v25 parameter. TOTOLINK of A810R Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A810R is a wireless dual-band router from China's TOTOLINK Electronics. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202504-3476 | CVE-2025-28021 | TOTOLINK of A810R Classic buffer overflow vulnerability in firmware |
CVSS V2: 7.5 CVSS V3: 7.3 Severity: HIGH |
TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in the downloadFile.cgi through the v14 and v3 parameters. TOTOLINK of A810R Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A810R is a wireless dual-band router from China's TOTOLINK Electronics. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202504-3463 | CVE-2025-28020 | TOTOLINK of a800r Classic buffer overflow vulnerability in firmware |
CVSS V2: 7.5 CVSS V3: 7.3 Severity: HIGH |
TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v25 parameter. TOTOLINK of a800r Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A800R is a wireless router from China's TOTOLINK Electronics. The vulnerability is caused by the failure of the v25 parameter in downloadFile.cgi to correctly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack
| VAR-202504-3455 | CVE-2025-28019 | TOTOLINK of a800r Classic buffer overflow vulnerability in firmware |
CVSS V2: 7.5 CVSS V3: 7.3 Severity: HIGH |
TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in the downloadFile.cgi component. TOTOLINK of a800r Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A800R is a wireless router from China's TOTOLINK Electronics. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202504-3472 | CVE-2025-28018 | TOTOLINK of a800r Classic buffer overflow vulnerability in firmware |
CVSS V2: 7.5 CVSS V3: 7.3 Severity: HIGH |
TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v14 parameter. TOTOLINK of a800r Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A800R is a wireless router from China's TOTOLINK Electronics. The vulnerability is caused by the failure of the v14 parameter in downloadFile.cgi to correctly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202504-3444 | CVE-2025-28017 | TOTOLINK of a800r Command injection vulnerability in firmware |
CVSS V2: 6.4 CVSS V3: 6.5 Severity: MEDIUM |
TOTOLINK A800R V4.1.2cu.5032_B20200408 is vulnerable to Command Injection in downloadFile.cgi via the QUERY_STRING parameter. TOTOLINK of a800r Firmware contains a command injection vulnerability.Information may be obtained and information may be tampered with. TOTOLINK A800R is a wireless router from China's TOTOLINK Electronics. No detailed vulnerability details are currently provided
| VAR-202504-3441 | CVE-2025-45429 | Shenzhen Tenda Technology Co.,Ltd. of AC9 Stack-based buffer overflow vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
In the Tenda ac9 v1.0 router with firmware V15.03.05.14_multi, there is a stack overflow vulnerability in /goform/WifiWpsStart, which may lead to remote arbitrary code execution. Shenzhen Tenda Technology Co.,Ltd. of AC9 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state.
Tenda AC9 has a buffer overflow vulnerability, which is caused by /goform/WifiWpsStart failing to properly verify the length of input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service