VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202503-2871 CVE-2025-28361 Telesquare  of  TLR-2005KSH  Classic buffer overflow vulnerability in firmware CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
Unauthorized stack overflow vulnerability in Telesquare TLR-2005KSH v.1.1.4 allows a remote attacker to obtain sensitive information via the systemutil.cgi component. Telesquare of TLR-2005KSH Firmware has a classic buffer overflow vulnerability.Information may be obtained
VAR-202503-2870 CVE-2025-26011 Telesquare  of  TLR-2005KSH  Classic buffer overflow vulnerability in firmware CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setUsernamePassword. Telesquare of TLR-2005KSH Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202503-2880 CVE-2025-26010 Telesquare  of  TLR-2005KSH  Access control vulnerabilities in firmware CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
Telesquare TLR-2005KSH 1.1.4 allows unauthorized password modification when requesting the admin.cgi parameter with setUserNamePassword. Telesquare of TLR-2005KSH Firmware contains an access control vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202503-2823 CVE-2025-26009 Telesquare  of  TLR-2005KSH  Information disclosure vulnerability in firmware CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
Telesquare TLR-2005KSH 1.1.4 has an Information Disclosure vulnerability when requesting systemutilit.cgi
VAR-202503-2826 CVE-2025-26008 Telesquare  of  TLR-2005KSH  Classic buffer overflow vulnerability in firmware CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
In Telesquare TLR-2005KSH 1.1.4, an unauthorized stack overflow vulnerability exists when requesting admin.cgi parameter with setSyncTimeHost. Telesquare of TLR-2005KSH Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202503-3482 CVE-2025-26007 Telesquare  of  TLR-2005KSH  Classic buffer overflow vulnerability in firmware CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability in the login interface when requesting systemtil.cgi. Telesquare of TLR-2005KSH Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202503-2818 CVE-2025-26006 Telesquare  of  TLR-2005KSH  Classic buffer overflow vulnerability in firmware CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setAutorest. Telesquare of TLR-2005KSH Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202503-2859 CVE-2025-26005 Telesquare  of  TLR-2005KSH  Classic buffer overflow vulnerability in firmware CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
Telesquare TLR-2005KSH 1.1.4 is vulnerable to unauthorized stack overflow vulnerability when requesting admin.cgi parameter with setNtp. Telesquare of TLR-2005KSH Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202503-2838 CVE-2025-26004 Telesquare  of  TLR-2005KSH  Classic buffer overflow vulnerability in firmware CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
Telesquare TLR-2005KSH 1.1.4 is vulnerable to unauthorized stack buffer overflow vulnerability when requesting admin.cgi parameter with setDdns. Telesquare of TLR-2005KSH Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202503-2809 CVE-2025-26003 Telesquare  of  TLR-2005KSH  Code injection vulnerability in firmware CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized command execution vulnerability when requesting the admin.cgi parameter with setAutorest. Telesquare of TLR-2005KSH A code injection vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202503-2816 CVE-2025-26002 Telesquare  of  TLR-2005KSH  Classic buffer overflow vulnerability in firmware CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setSyncTimeHost. Telesquare of TLR-2005KSH Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202503-2824 CVE-2025-26001 Telesquare  of  TLR-2005KSH  Information disclosure vulnerability in firmware CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
Telesquare TLR-2005KSH 1.1.4 is vulnerable to Information Disclosure via the parameter getUserNamePassword
VAR-202503-4044 CVE-2023-52972 Huawei of YutuFZ-5651S1 SenaryAudio access control vulnerabilities in CVSS V2: 4.6
CVSS V3: 5.5
Severity: MEDIUM
Huawei PCs have a vulnerability that allows low-privilege users to bypass SDDL permission checks . Successful exploitation this vulnerability could lead to termination of some system processes. Information handled by the software will not be rewritten. In addition, the software may stop functioning completely. Furthermore, attacks that exploit this vulnerability will not affect other software. Huawei PCs are a series of computers from the Chinese company Huawei
VAR-202503-3607 CVE-2025-29635 D-Link Systems, Inc.  of  DIR-823X  Command injection vulnerability in firmware CVSS V2: 9.0
CVSS V3: 7.2
Severity: HIGH
A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function, triggering remote command execution. D-Link Systems, Inc. of DIR-823X Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-823X is a wireless router from D-Link, a Chinese company. D-Link DIR-823X has a command injection vulnerability, which is caused by /goform/set_prohibiting failing to properly filter special characters and commands in the constructed command
VAR-202503-2620 CVE-2025-2717 D-Link Systems, Inc.  of  DIR-823X  in the firmware  OS  Command injection vulnerability CVSS V2: 5.8
CVSS V3: 4.7
Severity: Medium
A vulnerability, which was classified as critical, has been found in D-Link DIR-823X 240126/240802. This issue affects the function sub_41710C of the file /goform/diag_nslookup of the component HTTP POST Request Handler. The manipulation of the argument target_addr leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of DIR-823X The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-823X is a wireless router from D-Link, a Chinese company. D-Link DIR-823X has a command injection vulnerability, which is caused by the application failing to properly filter special characters and commands in constructing commands. No detailed vulnerability details are currently available
VAR-202503-2639 CVE-2023-3634 Many Fesco products have denial of service vulnerabilities CVSS V2: 9.0
CVSS V3: 8.8
Severity: HIGH
In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test mode which could lead to a complete loss of confidentiality, integrity and availability. MSE6-D2M-5000-CBUS-S-RG-BAR-VCB-AGD, MSE6-E2M-5000-FB13-AGD, MSE6-E2M-5000-FB37-AGD, etc. are all industrial control components. Many products of festo have denial of service vulnerabilities, which can be exploited by attackers to gain control of the server
VAR-202503-2861 CVE-2025-29135 Shenzhen Tenda Technology Co.,Ltd.  of  AC7  Stack-based buffer overflow vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
A stack-based buffer overflow vulnerability in Tenda AC7 V15.03.06.44 allows a remote attacker to execute arbitrary code through a stack overflow attack using the security parameter of the formWifiBasicSet function. Shenzhen Tenda Technology Co.,Ltd. of AC7 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the formWifiBasicSet function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system
VAR-202503-2831 CVE-2025-29100 Shenzhen Tenda Technology Co.,Ltd.  of  AC8  Stack-based buffer overflow vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Tenda AC8 V16.03.34.06 is vulnerable to Buffer Overflow in the fromSetRouteStatic function via the parameter list. Shenzhen Tenda Technology Co.,Ltd. of AC8 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. AC8 is a wireless router. AC8 has a buffer overflow vulnerability. The vulnerability is caused by the SetRouteStatic function failing to correctly verify the length of the input data. Attackers can use this vulnerability to execute arbitrary code on the system
VAR-202503-2574 CVE-2025-2688 TOTOLINK  of  A3000RU  Vulnerability regarding improper permission settings in firmware CVSS V2: 3.3
CVSS V3: 4.3
Severity: Medium
A vulnerability classified as problematic was found in TOTOLINK A3000RU up to 5.9c.5185. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/ExportSyslog.sh of the component Syslog Configuration File Handler. The manipulation leads to improper access controls. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. TOTOLINK of A3000RU The firmware contains vulnerabilities related to improper permission settings and access control.Information may be obtained. TOTOLINK A3000RU is a wireless router from China's TOTOLINK Electronics. No detailed vulnerability details are currently provided
VAR-202503-2527 CVE-2025-2621 D-Link Systems, Inc.  of  DAP-1620  Out-of-bounds write vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: Critical
A vulnerability was found in D-Link DAP-1620 1.03 and classified as critical. This issue affects the function check_dws_cookie of the file /storage. The manipulation of the argument uid leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DAP-1620 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DAP-1620 is a wireless repeater extender from D-Link, a Chinese company. D-Link DAP-1620 has a stack buffer overflow vulnerability. The vulnerability is caused by improper processing of the parameter uid. Attackers can use this vulnerability to trigger a denial of service or execute malicious code