VARIoT IoT vulnerabilities database
| VAR-202502-0753 | CVE-2024-57520 | Sangoma of Asterisk Vulnerability in improper permission assignment for critical resources in |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Insecure Permissions vulnerability in asterisk v22 allows a remote attacker to execute arbitrary code via the action_createconfig function. NOTE: this is disputed by the Supplier because the impact is limited to creating empty files outside of the Asterisk product directory (aka directory traversal) and the attack can only be performed by a privileged user who has the ability to manage the configuration. Sangoma of Asterisk Contains a vulnerability in improper permission assignment for critical resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202502-1078 | CVE-2024-23690 | NETGEAR FVS336G Command Injection Vulnerability |
CVSS V2: 8.3 CVSS V3: 7.2 Severity: HIGH |
The end-of-life Netgear FVS336Gv2 and FVS336Gv3 are affected by a command injection vulnerability in the Telnet interface. An authenticated and remote attacker can execute arbitrary OS commands as root over Telnet by sending crafted "util backup_configuration" commands. NETGEAR FVS336G is a VPN (virtual private network) firewall router from NETGEAR. The vulnerability is caused by the application's failure to properly filter special characters and commands in constructing commands
| VAR-202502-0737 | CVE-2025-20895 |
CVSS V2: - CVSS V3: 3.2 Severity: LOW |
Authentication Bypass Using an Alternate Path in Galaxy Store prior to version 4.5.87.6 allows physical attackers to install arbitrary applications to bypass restrictions of Setupwizard.
| VAR-202502-3258 | No CVE | Fujifilm Business Innovation (China) Co., Ltd. AltaLink® C8245 Color Multifunction Printer has an unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
AltaLink® C8245 Color Multifunction Printer is a printer product.
Fujifilm Business Innovation (China) Co., Ltd. AltaLink® C8245 Color Multifunction Printer has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202502-2081 | No CVE | Fujifilm Business Innovation (China) Co., Ltd. C405DN MFP has a command execution vulnerability |
CVSS V2: 9.0 CVSS V3: - Severity: HIGH |
C405DN MFP is a printer product.
Fujifilm Business Innovation (China) Co., Ltd. C405DN MFP has a command execution vulnerability, which can be exploited by attackers to execute printer commands.
| VAR-202502-0097 | CVE-2024-38416 | Out-of-bounds read vulnerability in multiple Qualcomm products |
CVSS V2: - CVSS V3: 6.1 Severity: MEDIUM |
Information disclosure during audio playback. AR8035 firmware, c-v2x 9150 firmware, fastconnect 6800 Multiple Qualcomm products, such as firmware, contain an out-of-bounds read vulnerability.Information may be obtained
| VAR-202502-0055 | CVE-2025-20634 | Out-of-bounds write vulnerability in multiple MediaTek products |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01289384; Issue ID: MSV-2436. media tech's nr16 , NR17 , NR17R Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202502-2085 | No CVE | Beijing Netcom Technology Co., Ltd. NS-ASG application security gateway has a SQL injection vulnerability |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
NS-ASG Application Security Gateway is an application security access product that integrates software and hardware, has excellent performance, and integrates IPSEC and SSL.
Beijing Netcom Technology Co., Ltd.'s NS-ASG Application Security Gateway has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the database.
| VAR-202502-2289 | No CVE | Brother (China) Commercial Co., Ltd. DCP-T500W has a command execution vulnerability |
CVSS V2: 9.0 CVSS V3: - Severity: HIGH |
DCP-T500W is a printer.
Brother (China) Commercial Co., Ltd. DCP-T500W has a command execution vulnerability, which can be exploited by attackers to execute printer commands.
| VAR-202502-2084 | No CVE | Jiong Electronics (Shenzhen) Co., Ltd. TOTOLINK N210RE command execution vulnerability |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
TOTOLINK N210RE is a wireless router.
Jiong Electronics (Shenzhen) Co., Ltd. TOTOLINK N210RE command execution vulnerability, attackers can exploit this vulnerability to execute arbitrary commands.
| VAR-202502-2082 | No CVE | D-Link Electronics (Shanghai) Co., Ltd. Dlink dap-1522-reva has a binary vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
D-Link Electronics (Shanghai) Co., Ltd. is a company that provides high-quality network solutions for enterprises.
D-Link Electronics (Shanghai) Co., Ltd. Dlink dap-1522-reva has a binary vulnerability that can be exploited by attackers to cause a denial of service.
| VAR-202502-2479 | No CVE | Canon (China) Co., Ltd. LBP621C has a command execution vulnerability |
CVSS V2: 9.0 CVSS V3: - Severity: HIGH |
LBP621C is a color laser printer.
Canon (China) Co., Ltd. LBP621C has a command execution vulnerability, which can be exploited by attackers to execute printer commands.
| VAR-202502-2478 | No CVE | D-Link Electronics (Shanghai) Co., Ltd. Dlink dap_1620-reva has a binary vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
D-Link Electronics (Shanghai) Co., Ltd. is a company that provides high-quality network solutions for enterprises.
D-Link Electronics (Shanghai) Co., Ltd. Dlink dap_1620-reva has a binary vulnerability that can be exploited by attackers to cause a denial of service.
| VAR-202502-2083 | No CVE | Fujifilm Business Innovation (China) Co., Ltd. ApeosPort C3060 has a command execution vulnerability |
CVSS V2: 9.0 CVSS V3: - Severity: HIGH |
ApeosPort C3060 is a color A3 format digital multifunction copier.
Fujifilm Business Innovation (China) Co., Ltd. ApeosPort C3060 has a command execution vulnerability, which can be exploited by attackers to execute printer commands.
| VAR-202502-2290 | No CVE | Schneider Electric Schneider PLC M340 has a denial of service vulnerability |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
Schneider Electric is an expert in energy efficiency management and automation.
Schneider Electric Schneider PLC M340 has a denial of service vulnerability that can be exploited by attackers to cause a denial of service.
| VAR-202502-2291 | No CVE | D-Link DWR-M961 has a command execution vulnerability |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
DWR-M961 is a router.
D-Link DWR-M961 has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.
| VAR-202502-2086 | No CVE | RICOH IM 430 and RICOH IM C2000 have a command execution vulnerability |
CVSS V2: 8.5 CVSS V3: - Severity: HIGH |
RICOH IM 430 is a black and white laser multifunction printer. RICOH IM C2000 is a color digital multifunction printer.
RICOH IM 430 and RICOH IM C2000 have command execution vulnerabilities. Attackers can exploit this vulnerability to execute printer commands and operate the printer, which may cause the printer to lose response, thus affecting the printing service.
| VAR-202502-2087 | No CVE | D-Link DWR-M961 has a command execution vulnerability |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
DWR-M961 is a router.
D-Link DWR-M961 has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.
| VAR-202502-0267 | CVE-2024-51534 | Dell's data domain operating system Past traversal vulnerability in |
CVSS V2: 6.2 CVSS V3: 7.1 Severity: HIGH |
Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path traversal vulnerability. A local low privileged could potentially exploit this vulnerability to gain unauthorized overwrite of OS files stored on the server filesystem. Exploitation could lead to denial of service. Dell's data domain operating system Exists in a past traversal vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be in a state. Dell PowerProtect DD is a series of data protection storage appliances from Dell, built on the Data Domain platform and designed specifically for enterprise users.
Dell PowerProtect DD contains a path traversal vulnerability that could allow an attacker to illegally overwrite operating system files in the server file system, causing a denial of service
| VAR-202501-3669 | CVE-2025-0848 | Shenzhen Tenda Technology Co.,Ltd. of A18 Buffer error vulnerability in firmware |
CVSS V2: 6.8 CVSS V3: 6.5 Severity: High |
A vulnerability was found in Tenda A18 up to 15.13.07.09. It has been rated as critical. This issue affects the function SetCmdlineRun of the file /goform/SetCmdlineRun of the component HTTP POST Request Handler. The manipulation of the argument wpapsk_crypto5g leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. of A18 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the parameter wpapsk_crypto5g failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system and cause a denial of service