VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202502-3792 No CVE Beijing Xingwang Ruijie Network Technology Co., Ltd. RG-UAC-6000-E20 has a command execution vulnerability CVSS V2: 7.1
CVSS V3: -
Severity: HIGH
Beijing Xingwang Ruijie Network Technology Co., Ltd. is a provider of ICT infrastructure and industry solutions. Its main business is the research, design and sales of network equipment, network security products and cloud desktop solutions. Beijing Xingwang Ruijie Network Technology Co., Ltd. RG-UAC-6000-E20 has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.
VAR-202502-3808 No CVE Sony Group Corporation SNC-RZ50N has weak password vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
SNC-RZ50N is a network camera with day and night switching function. Sony Group Corporation SNC-RZ50N has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
VAR-202502-3799 No CVE KONICA MINOLTA, INC. bizhub C258 has weak password vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
bizhub C258 is a color multifunction printer. KONICA MINOLTA, INC. bizhub C258 has a weak password vulnerability that can be exploited by attackers to obtain sensitive information.
VAR-202502-2329 CVE-2025-22881 Delta Electronics CNCSoft-G2 Buffer Overflow Vulnerability (CNVD-2025-12364) CVSS V2: 7.2
CVSS V3: 7.8
Severity: HIGH
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics CNCSoft-G2 is a human-machine interface (HMI) software from Delta Electronics, a Chinese company
VAR-202502-3815 No CVE TOTOlink A3002R of Jiong Electronics (Shenzhen) Co., Ltd. has a denial of service vulnerability CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
Jiong Electronics (Shenzhen) Co., Ltd. is a high-tech foreign-invested enterprise specializing in the research and development, design, manufacturing and sales of various network products. Jiong Electronics (Shenzhen) Co., Ltd. TOTOlink A3002R has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.
VAR-202502-2173 CVE-2024-51539 Dell's secure connect gateway In SQL  Injection vulnerability CVSS V2: -
CVSS V3: 2.3
Severity: LOW
The Dell Secure Connect Gateway (SCG) Application and Appliance, versions prior to 5.28, contains a SQL injection vulnerability due to improper neutralization of special elements used in an SQL command. This vulnerability can only be exploited locally on the affected system. A high-privilege attacker with access to the system could potentially exploit this vulnerability, leading to the disclosure of non-sensitive information that does not include any customer data. However, the information handled by the software will not be rewritten. Furthermore, the software will not stop. Furthermore, attacks that exploit this vulnerability will not affect other software
VAR-202502-3790 No CVE Samsung C430W has weak password vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
C430W is a laser printer. Samsung C430W has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
VAR-202502-3813 No CVE Sony SNC-RH164 has unauthorized access vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
SNC-RH164 is a network high-definition speed dome camera. Sony SNC-RH164 has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
VAR-202502-3853 No CVE Samsung (China) Investment Co., Ltd. C563FW has a weak password vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Samsung (China) Investment Co., Ltd. is a company mainly engaged in investment activities, covering multiple fields, including sales and services of home appliances, electronic products, communication equipment, computer hardware and software, and auxiliary equipment. Samsung (China) Investment Co., Ltd. C563FW has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
VAR-202502-3807 No CVE NETGEAR-WN3000RP has a weak password vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
NETGEAR WN3000RP is a wireless access point with a frequency range of 2.4GHz. NETGEAR WN3000RP has a weak password vulnerability that can be exploited by attackers to obtain sensitive information.
VAR-202502-3797 No CVE Samsung C3010ND has weak password vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
C3010ND is a laser printer. Samsung C3010ND has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
VAR-202502-1747 CVE-2025-1618 Vtiger of Vtiger CRM Multiple vulnerabilities in CVSS V2: 5.0
CVSS V3: 4.3
Severity: Medium
A vulnerability has been found in vTiger CRM 6.4.0/6.5.0 and classified as problematic. This vulnerability affects unknown code of the file /modules/Mobile/index.php. The manipulation of the argument _operation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0 is able to address this issue. It is recommended to upgrade the affected component. The exploitation methods for this vulnerability are publicly available and can be exploited. Also, some of the information handled by the software may be rewritten. Furthermore, the software will not stop. Furthermore, attacks exploiting this vulnerability may affect other software
VAR-202502-3816 No CVE Samsung ML-331x has unauthorized access vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Samsung ML-331x is a laser printer. Samsung ML-331x has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information.
VAR-202502-3817 No CVE Shenzhen Jixiang Tengda Technology Co., Ltd. A18 has a binary vulnerability CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
Shenzhen Jixiang Tengda Technology Co., Ltd. A18 is a 1200M WiFi 5 signal amplifier. Shenzhen Jixiang Tengda Technology Co., Ltd. A18 has a binary vulnerability that can be exploited by attackers to cause a denial of service.
VAR-202502-3793 No CVE HP LaserJet Pro MFP M128fn and HP LaserJet MFP M233sdw have unauthorized access vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
HP LaserJet Pro MFP M128fn and HP LaserJet MFP M233sdw are both printer products. HP LaserJet Pro MFP M128fn and HP LaserJet MFP M233sdw have an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information.
VAR-202502-3810 No CVE Ricoh Company, Ltd. SP 230SFNw has unauthorized access vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Ricoh Company, Ltd. SP 230SFNw is an all-in-one driver. Ricoh Company, Ltd. SP 230SFNw has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information.
VAR-202502-3783 No CVE Beijing Topsec Technology Co., Ltd.'s Internet Behavior Management has a command execution vulnerability CVSS V2: 7.1
CVSS V3: -
Severity: HIGH
Beijing Topsec Technology Co., Ltd. is an information security product and service solution provider. Beijing Topsec Technology Co., Ltd. has a command execution vulnerability in its online behavior management, which can be exploited by attackers to execute arbitrary commands.
VAR-202502-3845 No CVE Samsung C3060FR has unauthorized access vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Samsung C3060FR is a high-performance color laser printer. Samsung C3060FR has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
VAR-202502-3855 No CVE Mitsubishi Electric (China) Co., Ltd. Mitsubishi M70 BND-1000W022-K1 has industrial control equipment vulnerabilities CVSS V2: 6.1
CVSS V3: -
Severity: MEDIUM
M70 BND-1000W022-K1 is a digital controller. Mitsubishi Electric (China) Co., Ltd. Mitsubishi M70 BND-1000W022-K1 has an industrial control device vulnerability, which can be exploited by attackers to cause denial of service.
VAR-202502-3819 No CVE Lexmark MC2535adwe has unauthorized access vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Lexmark MC2535adwe is a color multifunction laser printer. Lexmark MC2535adwe has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information.