VARIoT IoT vulnerabilities database
| VAR-202504-1625 | CVE-2024-45543 | Out-of-bounds write vulnerability in multiple Qualcomm products |
CVSS V2: - CVSS V3: 6.6 Severity: MEDIUM |
Memory corruption while accessing MSM channel map and mixer functions. c-v2x 9150 firmware, fastconnect 6200 firmware, fastconnect 6800 Several Qualcomm products, such as firmware, contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202504-0826 | CVE-2025-3346 | Shenzhen Tenda Technology Co.,Ltd. of AC7 Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was found in Tenda AC7 15.03.06.44. It has been rated as critical. Affected by this issue is the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument pptp_server_start_ip/pptp_server_end_ip leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. of AC7 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202504-0757 | CVE-2025-3328 | Shenzhen Tenda Technology Co.,Ltd. of ac1206 Out-of-bounds write vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was found in Tenda AC1206 15.03.06.23. It has been classified as critical. Affected is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid/timeZone leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. of ac1206 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. AC1206 is a high-performance wireless router designed for broadband users of 200M and above. The vulnerability is caused by the form_fast_setting_wifi_set function of the /goform/fast_setting_wifi_set file not performing a valid boundary check on the input of the ssid or timeZone parameters, resulting in a buffer overflow. No detailed vulnerability details are currently provided
| VAR-202504-2061 | No CVE | HPE OfficeConnect Switch 1820 48G PoE+ (370W) J9984A of Hewlett Packard Enterprise (China) Co., Ltd. has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
HPE (China) Co., Ltd. is a company mainly engaged in the research and development, production and manufacturing of computer hardware, software and its peripherals, and operates related electronic products.
HPE OfficeConnect Switch 1820 48G PoE+ (370W) J9984A of HPE (China) Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202504-2263 | No CVE | Wuxi Xinjie Electric Co., Ltd. Xinjie XS3-26T4 PLC has industrial control equipment vulnerability |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
Wuxi Xinjie Electric Co., Ltd. is a listed company that focuses on the research and development and application of industrial automation products.
Wuxi Xinjie Electric Co., Ltd. Xinjie XS3-26T4 PLC has an industrial control equipment vulnerability, which can be exploited by attackers to cause denial of service.
| VAR-202504-2060 | No CVE | ZAVIOZAVIO F531E###ZAVIO F511W has an unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
ZAVIO F531 and ZAVIO F511W have an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information.
| VAR-202504-2456 | No CVE | Shenzhen Yichen Technology Co., Ltd. JCG router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Shenzhen Yichen Technology Co., Ltd. is an all-round company integrating R&D, production and sales, focusing on high-end equipment manufacturing and technology research and development in the network communication industry.
Shenzhen Yichen Technology Co., Ltd. JCG router has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202504-1235 | No CVE | Ricoh (China) Investment Co., Ltd. SP C261SFNw has an unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
SP C261SFNw is a color laser multifunction printer launched by Ricoh.
Ricoh (China) Investment Co., Ltd. SP C261SFNw has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202504-1431 | No CVE | Shenzhen Jixiang Tengda Technology Co., Ltd. AC6 has a binary vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
AC6 is an 11ac dual-band wireless router designed for 100M fiber homes.
AC6 of Shenzhen Jixiang Tengda Technology Co., Ltd. has a binary vulnerability that can be exploited by attackers to cause a denial of service.
| VAR-202504-1852 | No CVE | RICOH MP C4504ex of Ricoh (China) Investment Co., Ltd. has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
RICOH MP C4504ex is a printer product.
RICOH MP C4504ex of Ricoh (China) Investment Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202504-1635 | No CVE | Brother (China) Commercial Co., Ltd. DCP-1610W series has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
DCP-1610W series wireless black and white laser multifunction printer.
Brother (China) Commercial Co., Ltd. DCP-1610W series has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202504-1430 | No CVE | Toshiba e-STUDIO2020AC has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
e-STUDIO2020AC is a printer.
Toshiba e-STUDIO2020AC has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202504-2259 | No CVE | TP-LINK TL-WR841ND has a denial of service vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
TP-LINK TL-WR841ND is a wireless router from TP-LINK of China.
TP-LINK TL-WR841ND has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.
| VAR-202504-0693 | CVE-2025-3259 | Shenzhen Tenda Technology Co.,Ltd. of RX3 Out-of-bounds write vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability, which was classified as critical, has been found in Tenda RX3 16.03.13.11. This issue affects the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of RX3 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Attackers can exploit this vulnerability to cause a denial of service or execute arbitrary code
| VAR-202504-0694 | CVE-2025-3249 | TOTOLINK of a6000r Injection Vulnerability in Firmware |
CVSS V2: 6.5 CVSS V3: 6.3 Severity: Medium |
A vulnerability classified as critical was found in TOTOLINK A6000R 1.0.1-B20201211.2000. Affected by this vulnerability is the function apcli_cancel_wps of the file /usr/lib/lua/luci/controller/mtkwifi.lua. The manipulation leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of a6000r The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A6000R is a wireless router with excellent performance. No detailed vulnerability details are currently provided
| VAR-202504-0695 | CVE-2025-3237 | Shenzhen Tenda Technology Co.,Ltd. of FH1202 Firmware vulnerabilities |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: Medium |
A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects some unknown processing of the file /goform/wrlwpsset. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. of FH1202 There are unspecified vulnerabilities in the firmware.Information may be tampered with. Attackers can use this vulnerability to launch remote attacks to gain access rights
| VAR-202504-0829 | CVE-2025-3236 | Shenzhen Tenda Technology Co.,Ltd. of FH1202 Firmware vulnerabilities |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: Medium |
A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been declared as critical. This vulnerability affects unknown code of the file /goform/VirSerDMZ of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. of FH1202 There are unspecified vulnerabilities in the firmware.Information may be tampered with. No detailed vulnerability details are currently available
| VAR-202504-0831 | CVE-2025-3203 | Shenzhen Tenda Technology Co.,Ltd. of w18e Out-of-bounds write vulnerability in firmware |
CVSS V2: 4.0 CVSS V3: 4.3 Severity: Medium |
A vulnerability classified as problematic was found in Tenda W18E 16.01.0.11. Affected by this vulnerability is the function formSetAccountList of the file /goform/setModules. The manipulation of the argument Password leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of w18e An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Attackers can exploit this vulnerability to cause the program to crash
| VAR-202504-2260 | No CVE | HP Color LaserJet Pro MFP M479fdw of HP Trading (Shanghai) Co., Ltd. has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
HP Color LaserJet Pro MFP M479fdw is a wireless color laser printer.
HP Color LaserJet Pro MFP M479fdw of HP Trading (Shanghai) Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202504-1636 | No CVE | SATO CL4NX-JPlus has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
CL4NX-Jplus is a smart barcode printer.
SATO CL4NX-JPlus has a weak password vulnerability that can be exploited by attackers to obtain sensitive information.