VARIoT IoT vulnerabilities database
| VAR-202503-0082 | CVE-2025-1829 | TOTOLINK of x18 in the firmware OS Command injection vulnerability |
CVSS V2: 6.5 CVSS V3: 6.3 Severity: Medium |
A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329. It has been declared as critical. This vulnerability affects the function setMtknatCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument mtkhnatEnable leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of x18 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK X18 is a Gigabit router from China's TOTOLINK Electronics. No detailed vulnerability details are provided at present
| VAR-202503-0050 | CVE-2025-1819 | Shenzhen Tenda Technology Co.,Ltd. of AC7 Command injection vulnerability in firmware |
CVSS V2: 6.5 CVSS V3: 6.3 Severity: Medium |
A vulnerability, which was classified as critical, was found in Tenda AC7 1200M 15.03.06.44. Affected is the function TendaTelnet of the file /goform/telnet. The manipulation of the argument lan_ip leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the TendaTelnet function in the /goform/telnet file failing to properly filter special characters and commands in the constructed command. Attackers can exploit this vulnerability to cause arbitrary command execution
| VAR-202503-0075 | CVE-2025-1814 | Shenzhen Tenda Technology Co.,Ltd. of AC6 Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability, which was classified as critical, has been found in Tenda AC6 15.03.05.16. Affected by this issue is some unknown functionality of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC6 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC6 is a dual-band wireless router produced by China's Tenda Company in 2016. By manipulating the parameter wpapsk_crypto, it will cause a stack-based buffer overflow, and attackers can exploit this vulnerability to execute arbitrary code
| VAR-202503-0084 | CVE-2025-1800 | D-Link Systems, Inc. of dar-7000 Command injection vulnerability in firmware |
CVSS V2: 6.5 CVSS V3: 6.3 Severity: Medium |
A vulnerability has been found in D-Link DAR-7000 3.2 and classified as critical. This vulnerability affects the function get_ip_addr_details of the file /view/vpn/sxh_vpn/sxh_vpnlic.php of the component HTTP POST Request Handler. The manipulation of the argument ethname leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of dar-7000 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DAR-7000 is an Internet behavior management and auditing gateway device that provides Internet behavior management and auditing functions.
D-Link DAR-7000 has a command injection vulnerability, which stems from the fact that the ethname parameter of the get_ip_addr_details function in the /view/vpn/sxh_vpn/sxh_vpnlic.php file is not properly filtered or validated. No detailed vulnerability details are currently available
| VAR-202503-3931 | No CVE | RICOH IM C3000 has an unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
RICOH IM C3000 is a color copier.
RICOH IM C3000 has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information.
| VAR-202503-3417 | No CVE | Beijing Xingwang Ruijie Network Technology Co., Ltd. RG-UAC-6000-E20 has a command execution vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Beijing StarNet Ruijie Network Technology Co., Ltd. is an industry-leading ICT infrastructure and industry solution provider. Its main business is the research, design and sales of network equipment, network security products and cloud desktop solutions.
Beijing StarNet Ruijie Network Technology Co., Ltd. RG-UAC-6000-E20 has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.
| VAR-202503-2887 | No CVE | Red Lion SIXNET SYS-800-021 has a command injection vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Red Lion is an American company, Red Lion Controls, which provides a complete line of high-performance products to meet the needs of global customers.
Red Lion SIXNET SYS-800-021 has a command injection vulnerability that can be exploited by attackers to gain server privileges.
| VAR-202503-3552 | No CVE | Linsys E5600 has a command execution vulnerability |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
Linksys E5600 is a router product.
Linksys E5600 has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.
| VAR-202503-4055 | No CVE | TP-Link Technology Co., Ltd. TL-R479GP-AC has a command execution vulnerability |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
TL-R479GP-AC is an enterprise router from TP-Link Technologies Co., Ltd.
TL-R479GP-AC from TP-Link Technologies Co., Ltd. has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.
| VAR-202503-2888 | No CVE | Samsung printer models have unauthorized access vulnerability |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
Samsung (China) Investment Co., Ltd. is a company whose main business is: televisions, wires, audio-visual accessories, communication accessories, computers, computer network equipment, etc.
Samsung's multi-model printer series has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information and perform unauthorized operations.
| VAR-202503-3418 | No CVE | TP-Link Technology Co., Ltd. TL-R480GPM-AC has a command execution vulnerability |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
TL-R480GPM-AC is a router.
TL-R480GPM-AC of TP-Link Technologies Co., Ltd. has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.
| VAR-202503-3932 | No CVE | Samsung (China) Investment Co., Ltd. Samsung sl-j3520w has an unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Samsung (China) Investment Co., Ltd. is a company whose main business is: televisions, wires, audio-visual accessories, communication accessories, computers, computer network equipment, etc.
Samsung (China) Investment Co., Ltd. Samsung sl-j3520w has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202503-3553 | No CVE | MIKAPU Bluetooth model of Mikasha (Shenzhen) Technology Co., Ltd. has a logic defect vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Mikasha (Shenzhen) Technology Co., Ltd. is a technology company that focuses on the research and development and production of smart drinking water equipment.
Mikasha (Shenzhen) Technology Co., Ltd.'s MIKAPU Bluetooth model has a logic defect vulnerability, which can be exploited by attackers to unlock the water cup via Bluetooth and send Bluetooth commands to delete the user's fingerprint.
| VAR-202503-3554 | No CVE | TP-Link Technology Co., Ltd. TL-R5406PE-AC has a command execution vulnerability |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
TL-R5406PE-AC is a router.
TL-R5406PE-AC of TP-Link Technologies Co., Ltd. has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.
| VAR-202503-4054 | No CVE | Beijing Digital China Cloud Technology Co., Ltd. DCME-320 has an arbitrary file deletion vulnerability |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
DCME-320 is a high-performance Internet egress gateway.
Beijing Digital China Cloud Technology Co., Ltd. DCME-320 has an arbitrary file deletion vulnerability, which can be exploited by attackers to delete arbitrary files.
| VAR-202502-2734 | CVE-2025-25635 | TOTOLINK of A3002R Classic buffer overflow vulnerability in firmware |
CVSS V2: 7.7 CVSS V3: 8.0 Severity: HIGH |
TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the pppoe_dns1 parameter in the formIpv6Setup interface of /bin/boa. TOTOLINK of A3002R Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3002R is a wireless router from China's TOTOLINK Electronics. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack
| VAR-202502-2112 | CVE-2025-25610 | TOTOLINK of A3002R Classic buffer overflow vulnerability in firmware |
CVSS V2: 8.3 CVSS V3: 8.0 Severity: HIGH |
TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the static_gw parameter in the formIpv6Setup interface of /bin/boa. TOTOLINK of A3002R Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3002R is a wireless router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202502-2113 | CVE-2025-25609 | TOTOLINK of A3002R Classic buffer overflow vulnerability in firmware |
CVSS V2: 8.3 CVSS V3: 8.0 Severity: HIGH |
TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the static_ipv6 parameter in the formIpv6Setup interface of /bin/boa. TOTOLINK of A3002R Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3002R is a wireless router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202502-2738 | CVE-2025-25429 | TRENDnet of TEW-929DRU Cross-site scripting vulnerability in |
CVSS V2: 4.1 CVSS V3: 4.8 Severity: MEDIUM |
Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (XSS) vulnerability via the r_name variable inside the have_same_name function on the /addschedule.htm page. TRENDnet of TEW-929DRU Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. TRENDnet TEW-929DRU is a wireless router from TRENDnet, an American company. Attackers can exploit this vulnerability to execute arbitrary web scripts or HTML by injecting carefully designed payloads
| VAR-202502-2917 | CVE-2025-25428 | TRENDnet of TEW-929DRU Vulnerability related to the use of hard-coded passwords in |
CVSS V2: 7.7 CVSS V3: 8.0 Severity: HIGH |
TRENDnet TEW-929DRU 1.0.0.10 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. TRENDnet of TEW-929DRU contains a vulnerability related to the use of hardcoded passwords.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TRENDnet TEW-929DRU is a wireless router from TRENDnet, an American company