VARIoT IoT vulnerabilities database
| VAR-202502-3792 | No CVE | Beijing Xingwang Ruijie Network Technology Co., Ltd. RG-UAC-6000-E20 has a command execution vulnerability |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
Beijing Xingwang Ruijie Network Technology Co., Ltd. is a provider of ICT infrastructure and industry solutions. Its main business is the research, design and sales of network equipment, network security products and cloud desktop solutions.
Beijing Xingwang Ruijie Network Technology Co., Ltd. RG-UAC-6000-E20 has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.
| VAR-202502-3808 | No CVE | Sony Group Corporation SNC-RZ50N has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
SNC-RZ50N is a network camera with day and night switching function.
Sony Group Corporation SNC-RZ50N has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202502-3799 | No CVE | KONICA MINOLTA, INC. bizhub C258 has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
bizhub C258 is a color multifunction printer.
KONICA MINOLTA, INC. bizhub C258 has a weak password vulnerability that can be exploited by attackers to obtain sensitive information.
| VAR-202502-2329 | CVE-2025-22881 | Delta Electronics CNCSoft-G2 Buffer Overflow Vulnerability (CNVD-2025-12364) |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics CNCSoft-G2 is a human-machine interface (HMI) software from Delta Electronics, a Chinese company
| VAR-202502-3815 | No CVE | TOTOlink A3002R of Jiong Electronics (Shenzhen) Co., Ltd. has a denial of service vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Jiong Electronics (Shenzhen) Co., Ltd. is a high-tech foreign-invested enterprise specializing in the research and development, design, manufacturing and sales of various network products.
Jiong Electronics (Shenzhen) Co., Ltd. TOTOlink A3002R has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.
| VAR-202502-2173 | CVE-2024-51539 | Dell's secure connect gateway In SQL Injection vulnerability |
CVSS V2: - CVSS V3: 2.3 Severity: LOW |
The Dell Secure Connect Gateway (SCG) Application and Appliance, versions prior to 5.28, contains a SQL injection vulnerability due to improper neutralization of special elements used in an SQL command. This vulnerability can only be exploited locally on the affected system. A high-privilege attacker with access to the system could potentially exploit this vulnerability, leading to the disclosure of non-sensitive information that does not include any customer data. However, the information handled by the software will not be rewritten. Furthermore, the software will not stop. Furthermore, attacks that exploit this vulnerability will not affect other software
| VAR-202502-3790 | No CVE | Samsung C430W has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
C430W is a laser printer.
Samsung C430W has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202502-3813 | No CVE | Sony SNC-RH164 has unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
SNC-RH164 is a network high-definition speed dome camera.
Sony SNC-RH164 has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202502-3853 | No CVE | Samsung (China) Investment Co., Ltd. C563FW has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Samsung (China) Investment Co., Ltd. is a company mainly engaged in investment activities, covering multiple fields, including sales and services of home appliances, electronic products, communication equipment, computer hardware and software, and auxiliary equipment.
Samsung (China) Investment Co., Ltd. C563FW has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202502-3807 | No CVE | NETGEAR-WN3000RP has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
NETGEAR WN3000RP is a wireless access point with a frequency range of 2.4GHz.
NETGEAR WN3000RP has a weak password vulnerability that can be exploited by attackers to obtain sensitive information.
| VAR-202502-3797 | No CVE | Samsung C3010ND has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
C3010ND is a laser printer.
Samsung C3010ND has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202502-1747 | CVE-2025-1618 | Vtiger of Vtiger CRM Multiple vulnerabilities in |
CVSS V2: 5.0 CVSS V3: 4.3 Severity: Medium |
A vulnerability has been found in vTiger CRM 6.4.0/6.5.0 and classified as problematic. This vulnerability affects unknown code of the file /modules/Mobile/index.php. The manipulation of the argument _operation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0 is able to address this issue. It is recommended to upgrade the affected component. The exploitation methods for this vulnerability are publicly available and can be exploited. Also, some of the information handled by the software may be rewritten. Furthermore, the software will not stop. Furthermore, attacks exploiting this vulnerability may affect other software
| VAR-202502-3816 | No CVE | Samsung ML-331x has unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Samsung ML-331x is a laser printer.
Samsung ML-331x has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information.
| VAR-202502-3817 | No CVE | Shenzhen Jixiang Tengda Technology Co., Ltd. A18 has a binary vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Shenzhen Jixiang Tengda Technology Co., Ltd. A18 is a 1200M WiFi 5 signal amplifier.
Shenzhen Jixiang Tengda Technology Co., Ltd. A18 has a binary vulnerability that can be exploited by attackers to cause a denial of service.
| VAR-202502-3793 | No CVE | HP LaserJet Pro MFP M128fn and HP LaserJet MFP M233sdw have unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
HP LaserJet Pro MFP M128fn and HP LaserJet MFP M233sdw are both printer products.
HP LaserJet Pro MFP M128fn and HP LaserJet MFP M233sdw have an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information.
| VAR-202502-3810 | No CVE | Ricoh Company, Ltd. SP 230SFNw has unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Ricoh Company, Ltd. SP 230SFNw is an all-in-one driver.
Ricoh Company, Ltd. SP 230SFNw has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information.
| VAR-202502-3783 | No CVE | Beijing Topsec Technology Co., Ltd.'s Internet Behavior Management has a command execution vulnerability |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
Beijing Topsec Technology Co., Ltd. is an information security product and service solution provider.
Beijing Topsec Technology Co., Ltd. has a command execution vulnerability in its online behavior management, which can be exploited by attackers to execute arbitrary commands.
| VAR-202502-3845 | No CVE | Samsung C3060FR has unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Samsung C3060FR is a high-performance color laser printer.
Samsung C3060FR has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202502-3855 | No CVE | Mitsubishi Electric (China) Co., Ltd. Mitsubishi M70 BND-1000W022-K1 has industrial control equipment vulnerabilities |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
M70 BND-1000W022-K1 is a digital controller.
Mitsubishi Electric (China) Co., Ltd. Mitsubishi M70 BND-1000W022-K1 has an industrial control device vulnerability, which can be exploited by attackers to cause denial of service.
| VAR-202502-3819 | No CVE | Lexmark MC2535adwe has unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Lexmark MC2535adwe is a color multifunction laser printer.
Lexmark MC2535adwe has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information.