VARIoT IoT vulnerabilities database
| VAR-202501-1431 | CVE-2025-0492 | D-Link Corporation of DIR-823X Improper Shutdown and Release of Resources in Firmware Vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: High |
A vulnerability has been found in D-Link DIR-823X 240126/240802 and classified as critical. Affected by this vulnerability is the function FUN_00412244. The manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. D-Link Corporation of DIR-823X The firmware contains vulnerabilities related to improper shutdown and release of resources, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. D-Link DIR-823X is a wireless router from D-Link, a Chinese company. No detailed vulnerability details are currently available
| VAR-202501-1452 | CVE-2025-0481 | D-Link Systems, Inc. of DIR-878 Information disclosure vulnerability in firmware |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: Medium |
A vulnerability classified as problematic has been found in D-Link DIR-878 1.03. Affected is an unknown function of the file /dllog.cgi of the component HTTP POST Request Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of DIR-878 The firmware contains vulnerabilities related to information leakage and access control.Information may be obtained. D-Link DIR-878 is a wireless router from D-Link, a Chinese company. Attackers can exploit this vulnerability to obtain sensitive information
| VAR-202501-2166 | CVE-2024-57025 | TOTOLINK of X5000R in the firmware OS Command injection vulnerability |
CVSS V2: 7.2 CVSS V3: 6.8 Severity: MEDIUM |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "desc" parameter in setWiFiScheduleCfg. (DoS) It may be in a state. TOTOLINK X5000R is a router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause arbitrary command execution
| VAR-202501-3190 | CVE-2024-57024 | TOTOLINK of X5000R in the firmware OS Command injection vulnerability |
CVSS V2: 7.2 CVSS V3: 6.8 Severity: MEDIUM |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "eMinute" parameter in setWiFiScheduleCfg. (DoS) It may be in a state. TOTOLINK X5000R is a router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause arbitrary command execution
| VAR-202501-1634 | CVE-2024-57023 | TOTOLINK of X5000R in the firmware OS Command injection vulnerability |
CVSS V2: 7.2 CVSS V3: 6.8 Severity: MEDIUM |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "week" parameter in setWiFiScheduleCfg. (DoS) It may be in a state. TOTOLINK X5000R is a router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause arbitrary command execution
| VAR-202501-1547 | CVE-2024-57022 | TOTOLINK of X5000R in the firmware OS Command injection vulnerability |
CVSS V2: 10.0 CVSS V3: 8.8 Severity: HIGH |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "sHour" parameter in setWiFiScheduleCfg. (DoS) It may be in a state. TOTOLINK X5000R is a router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause arbitrary command execution
| VAR-202501-1794 | CVE-2024-57021 | TOTOLINK of X5000R in the firmware OS Command injection vulnerability |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "eHour" parameter in setWiFiScheduleCfg. (DoS) It may be in a state. TOTOLINK X5000R is a router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause arbitrary command execution
| VAR-202501-1565 | CVE-2024-57020 | TOTOLINK of X5000R in the firmware OS Command injection vulnerability |
CVSS V2: 10.0 CVSS V3: 8.8 Severity: HIGH |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "sMinute" parameter in setWiFiScheduleCfg. (DoS) It may be in a state. TOTOLINK X5000R is a router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause arbitrary command execution
| VAR-202501-1654 | CVE-2024-57019 | TOTOLINK of X5000R in the firmware OS Command injection vulnerability |
CVSS V2: 10.0 CVSS V3: 8.8 Severity: HIGH |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "limit" parameter in setVpnAccountCfg. (DoS) It may be in a state. TOTOLINK X5000R is a router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause arbitrary command execution
| VAR-202501-2779 | CVE-2024-57018 | TOTOLINK of X5000R in the firmware OS Command injection vulnerability |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "desc" parameter in setVpnAccountCfg. (DoS) It may be in a state. TOTOLINK X5000R is a router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause arbitrary command execution
| VAR-202501-1508 | CVE-2024-57017 | TOTOLINK of X5000R in the firmware OS Command injection vulnerability |
CVSS V2: 10.0 CVSS V3: 8.8 Severity: HIGH |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "pass" parameter in setVpnAccountCfg. (DoS) It may be in a state. TOTOLINK X5000R is a router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause arbitrary command execution
| VAR-202501-2167 | CVE-2024-57016 | TOTOLINK of X5000R in the firmware OS Command injection vulnerability |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "user" parameter in setVpnAccountCfg. (DoS) It may be in a state. TOTOLINK X5000R is a router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause arbitrary command execution
| VAR-202501-1509 | CVE-2024-57015 | TOTOLINK of X5000R in the firmware OS Command injection vulnerability |
CVSS V2: 10.0 CVSS V3: 8.8 Severity: HIGH |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "hour" parameter in setScheduleCfg. (DoS) It may be in a state. TOTOLINK X5000R is a router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause arbitrary command execution
| VAR-202501-1520 | CVE-2024-57014 | TOTOLINK of X5000R in the firmware OS Command injection vulnerability |
CVSS V2: 10.0 CVSS V3: 8.8 Severity: HIGH |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "recHour" parameter in setScheduleCfg. (DoS) It may be in a state. TOTOLINK X5000R is a router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause arbitrary command execution
| VAR-202501-1639 | CVE-2024-57013 | TOTOLINK of X5000R in the firmware OS Command injection vulnerability |
CVSS V2: 10.0 CVSS V3: 8.8 Severity: HIGH |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "switch" parameter in setScheduleCfg. (DoS) It may be in a state. TOTOLINK X5000R is a router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause arbitrary command execution
| VAR-202501-1579 | CVE-2024-57012 | TOTOLINK of X5000R in the firmware OS Command injection vulnerability |
CVSS V2: 10.0 CVSS V3: 8.8 Severity: HIGH |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "week" parameter in setScheduleCfg. (DoS) It may be in a state. TOTOLINK X5000R is a router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause arbitrary command execution
| VAR-202501-4232 | CVE-2024-57011 | TOTOLINK of X5000R in the firmware OS Command injection vulnerability |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "minute" parameters in setScheduleCfg. (DoS) It may be in a state. TOTOLINK X5000R is a router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause arbitrary command execution
| VAR-202501-1635 | CVE-2025-22968 | D-Link Systems, Inc. of DWR-M972V Code injection vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
An issue in D-Link DWR-M972V 1.05SSG allows a remote attacker to execute arbitrary code via SSH using root account without restrictions. D-Link Systems, Inc. of DWR-M972V A code injection vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DWR-M972V is a router from D-Link, a Chinese company
| VAR-202501-3355 | CVE-2025-0356 | NEC Aterm Multiple vulnerabilities in the series ( NV25-003 ) |
CVSS V2: - CVSS V3: 7.2 Severity: HIGH |
NEC Corporation Aterm WX1500HP Ver.1.4.2 and earlier and WX3600HP Ver.1.5.3 and earlier allows a attacker to execute arbitrary OS commands via the network. None
| VAR-202501-2751 | CVE-2025-0355 | NEC Aterm Multiple vulnerabilities in the series ( NV25-003 ) |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Missing Authentication for Critical Function vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WF1200CRS Ver.1.6.0 and earlier, WG1200CRS Ver.1.5.0 and earlier, GB1200PE Ver.1.3.0 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3.2 and earlier, WX3000HP Ver.2.4.2 and earlier and WX4200D5 Ver.1.2.4 and earlier allows a attacker to get a Wi-Fi password via the network. None