VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202504-3955 No CVE MOBOTIX M1 has an unauthorized access vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
MOBOTIX M1 is a camera. MOBOTIX M1 has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information.
VAR-202504-3734 No CVE MOBOTIX S14 has an unauthorized access vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
MOBOTIX S14 is a camera. MOBOTIX S14 has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information.
VAR-202504-3877 No CVE MOBOTIX D10 has an unauthorized access vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
MOBOTIX D10 is a high-performance smart network camera. MOBOTIX D10 has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information.
VAR-202504-3512 No CVE MOBOTIX P25 has an unauthorized access vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
MOBOTIX P25 is a high-performance smart network camera. MOBOTIX P25 has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information.
VAR-202504-4090 No CVE Shenzhen Jixiang Tengda Technology Co., Ltd. A15 has a binary vulnerability CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
A15 is a dual-band 3G wireless router suitable for fiber-optic homes within 1000M. Shenzhen Jixiang Tengda Technology Co., Ltd. A15 has a binary vulnerability that can be exploited by attackers to cause a denial of service.
VAR-202504-3879 No CVE Shenzhen Bilian Electronics Co., Ltd. BL-LTE300 has a binary vulnerability CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
BL-LTE300 is a home router. Shenzhen Bilian Electronics Co., Ltd. BL-LTE300 has a binary vulnerability that can be exploited by attackers to cause a denial of service.
VAR-202504-3810 No CVE MOBOTIX Q22 has an unauthorized access vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
‌MOBOTIX Q22 is a 360-degree panoramic network camera. ‌MOBOTIX Q22 is a 360-degree panoramic network camera. MOBOTIX Q22 has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information.
VAR-202504-4091 No CVE Shenzhen Jixiang Tengda Technology Co., Ltd. AC8 has a binary vulnerability CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
AC8 is a dual-band three-gigabit wireless router suitable for fiber-optic homes within 1000 megabits, supporting gigabit ports, intelligent frequency selection, parental control and other functions. AC8 of Shenzhen Jixiang Tengda Technology Co., Ltd. has a binary vulnerability that can be exploited by attackers to cause a denial of service.
VAR-202504-3812 No CVE MOBOTIX D22 has an unauthorized access vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
MOBOTIX D22 is a camera. MOBOTIX D22 has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information.
VAR-202504-3735 No CVE Beijing Yakong Technology Development Co., Ltd. kingh5stream has a weak password vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Beijing Yakong Technology Development Co., Ltd. is a high-tech enterprise of industrial automation and information software platform, focusing on independent research and development, marketing and service of domestic industrial software. Beijing Yakong Technology Development Co., Ltd. kingh5stream has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
VAR-202504-3650 No CVE Fuhong Technology Co., Ltd. IP Network Camera has a weak password vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Fuhong Technology Co., Ltd. was established in 1991. It has always been committed to the development and manufacture of image monitoring systems with professional R&D and perfect sales services as its core orientation. Its product systems include environmental monitoring and mobile monitoring, and it achieves comprehensive security protection with the vision of system integration and solutions. Fuhong Technology Co., Ltd. IP Network Camera has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
VAR-202504-3167 CVE-2025-3820 Shenzhen Tenda Technology Co.,Ltd.  of  W12  firmware and  i24  Buffer error vulnerability in firmware CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644) and classified as critical. Affected by this issue is the function cgiSysUplinkCheckSet of the file /bin/httpd. The manipulation of the argument hostIp1/hostIp2 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of W12 firmware and i24 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by improper handling of cgiSysUplinkCheckSet. Attackers can exploit this vulnerability to execute arbitrary code
VAR-202504-3170 CVE-2025-3803 Shenzhen Tenda Technology Co.,Ltd.  of  W12  firmware and  i24  Buffer error vulnerability in firmware CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). It has been rated as critical. This issue affects the function cgiSysScheduleRebootSet of the file /bin/httpd. The manipulation of the argument rebootDate leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of W12 firmware and i24 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Attackers can exploit this vulnerability to execute code and control the affected device
VAR-202504-3188 CVE-2025-3802 Shenzhen Tenda Technology Co.,Ltd.  of  W12  firmware and  i24  Buffer error vulnerability in firmware CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). It has been declared as critical. This vulnerability affects the function cgiPingSet of the file /bin/httpd. The manipulation of the argument pingIP leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of W12 firmware and i24 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. No detailed vulnerability details are provided at present
VAR-202504-2258 No CVE Topsec Technology Group Co., Ltd. Internet Behavior Management System has a command execution vulnerability CVSS V2: 7.1
CVSS V3: -
Severity: HIGH
Topsec Technology Group Co., Ltd. is a high-tech enterprise focusing on network security and cloud computing solutions. ‌ Topsec Technology Group Co., Ltd.'s Internet behavior management system has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.
VAR-202504-1746 CVE-2025-29209 TOTOLINK  of  x18  Command injection vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
TOTOLINK X18 v9.1.0cu.2024_B20220329 has an unauthorized arbitrary command execution in the enable parameter' of the sub_41105C function of cstecgi .cgi. TOTOLINK of x18 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK X18 is a wireless router produced by TOTOLINK, which provides high-speed and stable wireless network connection. Attackers can exploit this vulnerability to execute arbitrary commands
VAR-202504-1213 CVE-2025-3786 Shenzhen Tenda Technology Co.,Ltd.  of  AC15  Classic buffer overflow vulnerability in firmware CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability was found in Tenda AC15 up to 15.03.05.19 and classified as critical. This issue affects the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument mac leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC15 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the parameter mac of the function fromSetWirelessRepeat in the file /goform/WifiExtraSet failing to correctly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack
VAR-202504-1162 CVE-2025-3785 D-Link Systems, Inc.  of  DWR-M961  Buffer error vulnerability in firmware CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability has been found in D-Link DWR-M961 1.1.36 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formStaticDHCP of the component Authorization Interface. The manipulation of the argument Hostname leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.1.49 is able to address this issue. It is recommended to upgrade the affected component. D-Link Systems, Inc. of DWR-M961 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DWR-M961 is a router from D-Link, a Chinese company. D-Link DWR-M961 has a buffer overflow vulnerability. The vulnerability is caused by the failure of the parameter Hostname in the file /boafrm/formStaticDHCP to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
VAR-202504-1580 CVE-2025-2492 plural ASUSTeK COMPUTER Command injection vulnerability in routers manufactured by CVSS V2: 9.7
CVSS V3: -
Severity: Critical
An improper authentication control vulnerability exists in AiCloud. This vulnerability can be triggered by a crafted request, potentially leading to unauthorized execution of functions. Refer to the 'ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information. An arbitrary command may be executed on the affected product with administrator privileges. ‌AiCloud is a cloud service launched by ASUS, which aims to provide easy access to data in devices connected to the router, such as USB or PC, and provides functions such as uploading, downloading, online music playback, online document browsing, sharing links to Facebook, and setting Smart Sync cloud synchronization
VAR-202504-3700 CVE-2025-25427 TP-LINK Technologies  of  wr841n  Cross-site scripting vulnerability in firmware CVSS V2: -
CVSS V3: 5.4
Severity: MEDIUM
A stored cross-site scripting (XSS) vulnerability in the upnp.htm page of the web Interface in TP-Link WR841N v14/v14.6/v14.8 <= Build 241230 Rel. 50788n allows remote attackers to inject arbitrary JavaScript code via the port mapping description. This leads to an execution of the JavaScript payload when the upnp page is loaded. TP-LINK Technologies of wr841n Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with