VARIoT IoT vulnerabilities database
| VAR-202510-3185 | CVE-2025-12217 | An unidentified vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 (CNVD-2025-29092). |
CVSS V2: 9.4 CVSS V3: 9.1 Severity: CRITICAL |
SNMP Default Community String (public).This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both network access controllers from Azure Access Technology, Inc., a US-based company.
Both Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 contain a security vulnerability stemming from the use of a default SNMP community string. An attacker could exploit this vulnerability to gain unauthorized access
| VAR-202510-2770 | CVE-2025-12216 | Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Denial-of-Service Vulnerabilities (CNVD-2025-29089) |
CVSS V2: 4.9 CVSS V3: 5.5 Severity: MEDIUM |
Malicious / Malformed App can be Installed but not Uninstalled/may lead to unavailability.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both network access controllers from Azure Access Technology, Inc., a US-based company.
Both Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 contain a denial-of-service vulnerability. This vulnerability stems from the fact that malicious or malformed applications can be installed but not uninstalled, allowing attackers to exploit this vulnerability to render the service unavailable
| VAR-202510-2089 | CVE-2025-60566 | D-Link DIR600L formSetMACFilter function buffer overflow vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetMACFilter. The D-Link DIR600L is a wireless router designed for home users, belonging to D-Link's "Cloud Router" series. It features an external antenna design, supports the 802.11n standard, and has a maximum wireless transmission rate of 150Mbps.
The D-Link DIR600L contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `curTime` parameter in the `formSetMACFilter` function fails to properly validate the length of the input data. Attackers can exploit this vulnerability to cause a denial-of-service attack
| VAR-202510-2283 | CVE-2025-60565 | D-Link DIR600L formSchedule function buffer overflow vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSchedule. The D-Link DIR600L is a wireless router designed for home users, belonging to D-Link's "Cloud Router" series. It features an external antenna design, supports the 802.11n standard, and has a maximum wireless transmission rate of 150Mbps.
The D-Link DIR600L contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `curTime` parameter in the `formSchedule` function fails to properly validate the length of the input data. Attackers can exploit this vulnerability to cause a denial-of-service attack
| VAR-202510-2147 | CVE-2025-60564 | D-Link DIR600L formSetLog function buffer overflow vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetLog. The D-Link DIR600L is a wireless router designed for home users, belonging to D-Link's "Cloud Router" series. It features an external antenna design, supports the 802.11n standard, and has a maximum wireless transmission rate of 150Mbps.
The D-Link DIR600L contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `curTime` parameter in the `formSetLog` function fails to properly validate the length of the input data. Attackers can exploit this vulnerability to cause a denial-of-service attack
| VAR-202510-2356 | CVE-2025-60563 | D-Link DIR600L formSetPortTr function buffer overflow vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetPortTr. The D-Link DIR600L is a wireless router designed for home users, belonging to D-Link's "Cloud Router" series. It features an external antenna design, supports the 802.11n standard, and has a maximum wireless transmission rate of 150Mbps.
The D-Link DIR600L contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `curTime` parameter in the `formSetPortTr` function fails to properly validate the length of the input data. Attackers can exploit this vulnerability to cause a denial-of-service attack
| VAR-202510-2087 | CVE-2025-60562 | D-Link DIR600L formWlSiteSurvey function buffer overflow vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formWlSiteSurvey. The D-Link DIR600L is a wireless router designed for home users, belonging to D-Link's "Cloud Router" series. It features an external antenna design, supports the 802.11n standard, and has a maximum wireless transmission rate of 150Mbps.
The D-Link DIR600L contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `curTime` parameter in the `formWlSiteSurvey` function fails to properly validate the length of the input data. Attackers can exploit this vulnerability to cause a denial-of-service attack
| VAR-202510-2252 | CVE-2025-60561 | D-Link DIR600L formSetEmail function buffer overflow vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEmail. The D-Link DIR600L is a wireless router designed for home users, belonging to D-Link's "Cloud Router" series. It features an external antenna design, supports the 802.11n standard, and has a maximum wireless transmission rate of 150Mbps.
The D-Link DIR600L contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `curTime` parameter in the `formSetEmail` function fails to properly validate the length of the input data. Attackers can exploit this vulnerability to cause a denial-of-service attack
| VAR-202510-2148 | CVE-2025-60559 | D-Link DIR600L formSetDomainFilter function buffer overflow vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetDomainFilter. The D-Link DIR600L is a wireless router designed for home users, belonging to D-Link's "Cloud Router" series. It features an external antenna design, supports the 802.11n standard, and has a maximum wireless transmission rate of 150Mbps.
The D-Link DIR600L contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `curTime` parameter in the `formSetDomainFilter` function fails to properly validate the length of the input data. Attackers can exploit this vulnerability to cause a denial-of-service attack
| VAR-202510-2354 | CVE-2025-60558 | D-Link DIR600L formVirtualServ function buffer overflow vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formVirtualServ. The D-Link DIR600L is a wireless router designed for home users, belonging to D-Link's "Cloud Router" series. It features an external antenna design, supports the 802.11n standard, and has a maximum wireless transmission rate of 150Mbps.
The D-Link DIR600L contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `curTime` parameter in the `formVirtualServ` function fails to properly validate the length of the input data. Attackers can exploit this vulnerability to cause a denial-of-service attack
| VAR-202510-2090 | CVE-2025-60557 | D-Link DIR600L formSetEasy_Wizard function buffer overflow vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEasy_Wizard. The D-Link DIR600L is a wireless router designed for home users, belonging to D-Link's "Cloud Router" series. It features an external antenna design, supports the 802.11n standard, and has a maximum wireless transmission rate of 150Mbps.
The D-Link DIR600L contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `curTime` parameter in the `formSetEasy_Wizard` function fails to properly validate the length of the input data. Attackers can exploit this vulnerability to cause a denial-of-service attack
| VAR-202510-2355 | CVE-2025-60556 | D-Link DIR600L formSetWizard1 function buffer overflow vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWizard1. The D-Link DIR600L is a wireless router designed for home users, belonging to D-Link's "Cloud Router" series. It features an external antenna design, supports the 802.11n standard, and has a maximum wireless transmission rate of 150Mbps.
The D-Link DIR600L contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `curTime` parameter in the `formSetWizard1` function fails to properly validate the length of the input data. Attackers can exploit this vulnerability to cause a denial-of-service attack
| VAR-202510-2280 | CVE-2025-60555 | D-Link DIR600L formSetWizardSelectMode function buffer overflow vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWizardSelectMode. The D-Link DIR600L is a wireless router designed for home users, belonging to D-Link's "Cloud Router" series. It features an external antenna design, supports the 802.11n standard, and has a maximum wireless transmission rate of 150Mbps.
The D-Link DIR600L contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `curTime` parameter in the `formSetWizardSelectMode` function fails to properly validate the length of the input data. Attackers can exploit this vulnerability to cause a denial-of-service attack
| VAR-202510-2282 | CVE-2025-60554 | D-Link DIR600L formSetEnableWizard function buffer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEnableWizard. The D-Link DIR600L is a wireless router designed for home users, belonging to D-Link's "Cloud Router" series. It features an external antenna design, supports the 802.11n standard, and has a maximum wireless transmission rate of 150Mbps.
The D-Link DIR600L contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `curTime` parameter in the `formSetEnableWizard` function fails to properly validate the length of the input data. Attackers could exploit this vulnerability to execute arbitrary code or cause a denial-of-service attack
| VAR-202510-2146 | CVE-2025-60553 | D-Link DIR600L formSetWAN_Wizard52 function buffer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWAN_Wizard52. The D-Link DIR600L is a wireless router designed for home users, belonging to D-Link's "Cloud Router" series. It features an external antenna design, supports the 802.11n standard, and has a maximum wireless transmission rate of 150Mbps.
The D-Link DIR600L contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `curTime` parameter in the `formSetWAN_Wizard52` function fails to properly validate the length of the input data. Attackers could exploit this vulnerability to execute arbitrary code or cause a denial-of-service attack
| VAR-202510-2279 | CVE-2025-60552 | D-Link DIR600L formTcpipSetup function buffer overflow vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formTcpipSetup. The D-Link DIR600L is a wireless router designed for home users, belonging to D-Link's "Cloud Router" series. It features an external antenna design, supports the 802.11n standard, and has a maximum wireless transmission rate of 150Mbps.
The D-Link DIR600L contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `curTime` parameter in the `formTcpipSetup` function fails to properly validate the length of the input data. Attackers can exploit this vulnerability to cause a denial-of-service attack
| VAR-202510-2359 | CVE-2025-60551 | D-Link DIR600L formDeviceReboot function buffer overflow vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the next_page parameter in the function formDeviceReboot. The D-Link DIR600L is a wireless router designed for home users, belonging to D-Link's "Cloud Router" series. It features an external antenna design, supports the 802.11n standard, and has a maximum wireless transmission rate of 150Mbps.
The D-Link DIR600L contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `next_page` parameter in the `formDeviceReboot` function fails to properly validate the length of the input data. Attackers can exploit this vulnerability to cause a denial-of-service attack
| VAR-202510-2192 | CVE-2025-60550 | D-Link DIR600L formEasySetTimezone function buffer overflow vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formEasySetTimezone. The D-Link DIR600L is a wireless router designed for home users, belonging to D-Link's "Cloud Router" series. It features an external antenna design, supports the 802.11n standard, and has a maximum wireless transmission rate of 150Mbps.
The D-Link DIR600L contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `curTime` parameter in the `formEasySetTimezone` function fails to properly validate the length of the input data. Attackers can exploit this vulnerability to cause a denial-of-service attack
| VAR-202510-2336 | CVE-2025-60549 | D-Link DIR600L formAutoDetecWAN_wizard4 function buffer overflow vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAutoDetecWAN_wizard4. The D-Link DIR600L is a wireless router designed for home users, belonging to D-Link's "Cloud Router" series. It features an external antenna design, supports the 802.11n standard, and has a maximum wireless transmission rate of 150Mbps.
The D-Link DIR600L contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `curTime` parameter in the `formAutoDetecWAN_wizard4` function fails to properly validate the length of the input data. Attackers can exploit this vulnerability to cause a denial-of-service attack
| VAR-202510-2357 | CVE-2025-60548 | D-Link DIR600L formLanSetupRouterSettings function buffer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formLanSetupRouterSettings. The D-Link DIR600L is a wireless router designed for home users, belonging to D-Link's "Cloud Router" series. It features an external antenna design, supports the 802.11n standard, and has a maximum wireless transmission rate of 150Mbps.
The D-Link DIR600L contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `curTime` parameter in the `formLanSetupRouterSettings` function fails to properly validate the length of the input data. Attackers could exploit this vulnerability to execute arbitrary code or cause a denial-of-service attack