VARIoT IoT vulnerabilities database

VAR-202505-2315 | CVE-2025-44881 | WAVLINK of WL-WN579A3 Code injection vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
A command injection vulnerability in the component /cgi-bin/qos.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input. WAVLINK of WL-WN579A3 A code injection vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. WAVLINK WL-WN579A3 is a high-performance dual-band wireless network card from WAVLINK, a Chinese company. No detailed vulnerability details are currently available
VAR-202505-2312 | CVE-2025-44084 | D-Link Systems, Inc. of di-8100g Command injection vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
D-link DI-8100 16.07.26A1 is vulnerable to Command Injection. An attacker can exploit this vulnerability by crafting specific HTTP requests, triggering the command execution flaw and gaining the highest privilege shell access to the firmware system. D-Link Systems, Inc. of di-8100g Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DI-8100 is a broadband router designed by D-Link for small and medium-sized network environments. The vulnerability is caused by the lack of strict input filtering in the logic code
VAR-202505-1885 | CVE-2025-4980 | of netgear DGND3700 Information disclosure vulnerability in firmware |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: Medium |
A vulnerability has been found in Netgear DGND3700 1.1.00.15_1.00.15NA and classified as problematic. This vulnerability affects unknown code of the file /currentsetting.htm of the component mini_http. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure. of netgear DGND3700 The firmware contains vulnerabilities related to information leakage and access control.Information may be obtained. Netgear DGND3700 is a wireless router that integrates multiple functions and is suitable for home and small office environments. Attackers can exploit this vulnerability to remotely manipulate the file over the network, resulting in sensitive information leakage
VAR-202505-2141 | CVE-2025-45862 | TOTOLINK of A3002R Stack-based buffer overflow vulnerability in firmware |
CVSS V2: 6.4 CVSS V3: 6.5 Severity: MEDIUM |
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the interfacenameds parameter in the formDhcpv6s interface. TOTOLINK of A3002R A stack-based buffer overflow vulnerability exists in the firmware.Information may be obtained and information may be tampered with. TOTOLINK A3002R is a wireless router produced by China's TOTOLINK Electronics. The vulnerability is caused by the interfacenameds parameter in the formDhcpv6s interface failing to correctly verify the length of the input data. No detailed vulnerability details are currently provided
VAR-202505-1902 | CVE-2025-4978 | of netgear DGND3700 Authentication vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: Critical |
A vulnerability, which was classified as very critical, was found in Netgear DGND3700 1.1.00.15_1.00.15NA. This affects an unknown part of the file /BRS_top.html of the component Basic Authentication. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure. of netgear DGND3700 An authentication vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202505-1905 | CVE-2025-4977 | of netgear DGND3700 Information disclosure vulnerability in firmware |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: Medium |
A vulnerability, which was classified as problematic, has been found in Netgear DGND3700 1.1.00.15_1.00.15NA. Affected by this issue is some unknown functionality of the file /BRS_top.html. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure. of netgear DGND3700 The firmware contains vulnerabilities related to information leakage and access control.Information may be obtained. Netgear DGND3700 is a modem router from NETGEAR.
Netgear DGND3700 has an information disclosure vulnerability, which is caused by improper processing of the file /BRS_top.html. Attackers can exploit this vulnerability to cause information leakage
VAR-202505-1878 | CVE-2025-4904 | D-Link Systems, Inc. of di-7003g Firmware vulnerabilities |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: Medium |
A vulnerability has been found in D-Link DI-7003GV2 24.04.18D1 R(68125) and classified as problematic. This vulnerability affects the function sub_41F0FC of the file /H5/webgl.data. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of di-7003g There are unspecified vulnerabilities in the firmware.Information may be obtained. D-Link DI-7003GV2 is a router from D-Link, a Chinese company. Attackers can exploit this vulnerability to cause information leakage
VAR-202505-1801 | CVE-2025-4903 | D-Link Systems, Inc. of di-7003g Unverified password change vulnerability in firmware |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: Medium |
A vulnerability, which was classified as critical, was found in D-Link DI-7003GV2 24.04.18D1 R(68125). This affects the function sub_41F4F0 of the file /H5/webgl.asp?tggl_port=0&remote_management=0&http_passwd=game&exec_service=admin-restart. The manipulation leads to unverified password change. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. D-Link DI-7003GV2 is a router from D-Link, a Chinese company. Attackers can exploit this vulnerability to cause unauthenticated password changes
VAR-202505-1816 | CVE-2025-4902 | D-Link Systems, Inc. of di-7003g Firmware vulnerabilities |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: Medium |
A vulnerability, which was classified as problematic, has been found in D-Link DI-7003GV2 24.04.18D1 R(68125). Affected by this issue is the function sub_48F4F0 of the file /H5/versionupdate.data. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of di-7003g There are unspecified vulnerabilities in the firmware.Information may be obtained. D-Link DI-7003GV2 is a router from D-Link, a Chinese company. Attackers can exploit this vulnerability to cause information leakage
VAR-202505-1833 | CVE-2025-4901 | D-Link Systems, Inc. of di-7003g Firmware vulnerabilities |
CVSS V2: 3.3 CVSS V3: 4.3 Severity: Medium |
A vulnerability classified as problematic was found in D-Link DI-7003GV2 24.04.18D1 R(68125). Affected by this vulnerability is the function sub_41E304 of the file /H5/state_view.data of the component HTTP Endpoint. The manipulation leads to information disclosure. The attack can only be done within the local network. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of di-7003g There are unspecified vulnerabilities in the firmware.Information may be obtained. D-Link DI-7003GV2 is a router from D-Link, a Chinese company. Attackers can exploit this vulnerability to cause information leakage
VAR-202505-3385 | No CVE | D-Link DIR-823x has a denial of service vulnerability |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
D-Link DIR-823X is a wireless router from D-Link, a Chinese company.
D-Link DIR-823x has a denial of service vulnerability that an attacker can exploit to cause a denial of service.
VAR-202505-1817 | CVE-2025-4897 | Shenzhen Tenda Technology Co.,Ltd. of A15 Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was found in Tenda A15 15.13.07.09/15.13.07.13. It has been classified as critical. This affects an unknown part of the file /goform/multimodalAdd of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. of A15 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state
VAR-202505-1772 | CVE-2025-4896 | Shenzhen Tenda Technology Co.,Ltd. of AC10 Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. Affected by this issue is some unknown functionality of the file /goform/UserCongratulationsExec. The manipulation of the argument getuid leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC10 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state.
Tenda AC10 has a buffer overflow vulnerability, which is caused by the parameter getuid in the file /goform/UserCongratulationsExec failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
VAR-202505-1775 | CVE-2025-4883 | D-Link Systems, Inc. of di-8100g Out-of-bounds write vulnerability in firmware |
CVSS V2: 8.3 CVSS V3: 7.2 Severity: High |
A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been declared as critical. This vulnerability affects the function ctxz_asp of the file /ctxz.asp of the component Connection Limit Page. The manipulation of the argument def/defTcp/defUdp/defIcmp/defOther leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of di-8100g An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DI-8100 is a wireless broadband router designed for small and medium-sized network environments by D-Link, a Chinese company.
D-Link DI-8100 has a buffer overflow vulnerability, which is caused by the failure to properly verify the length of the input data in the parameter def/defTcp/defUdp/defIcmp/defOther in the file /ctx.asp. Attackers can use this vulnerability to execute arbitrary code on the system or cause a denial of service
VAR-202505-1738 | CVE-2025-4867 | Shenzhen Tenda Technology Co.,Ltd. of A15 Improper Shutdown and Release of Resources in Firmware Vulnerability |
CVSS V2: 6.8 CVSS V3: 6.5 Severity: High |
A vulnerability was found in Tenda A15 15.13.07.13. It has been declared as problematic. Affected by this vulnerability is the function formArpNerworkSet of the file /goform/ArpNerworkSet. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. of A15 A vulnerability exists in firmware related to improper shutdown and release of resources.Service operation interruption (DoS) It may be in a state
VAR-202505-1749 | CVE-2025-4860 | D-Link Systems, Inc. of DAP-2695 Cross-site scripting vulnerability in firmware |
CVSS V2: 3.3 CVSS V3: 2.4 Severity: Medium |
A vulnerability classified as problematic has been found in D-Link DAP-2695 120b36r137_ALL_en_20210528. Affected is an unknown function of the file /adv_dhcps.php of the component Static Pool Settings Page. The manipulation of the argument f_mac leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DAP-2695 Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. D-Link DAP-2695 is a high-performance dual-band wireless access point from D-Link.
D-Link DAP-2695 has a cross-site scripting vulnerability, which is caused by the lack of effective filtering and escaping of user-supplied data by the parameter f_mac in the file /adv_dhcps.php. No detailed vulnerability details are currently provided
VAR-202505-1895 | CVE-2025-4859 | D-Link Systems, Inc. of DAP-2695 Cross-site scripting vulnerability in firmware |
CVSS V2: 3.3 CVSS V3: 2.4 Severity: Medium |
A vulnerability was found in D-Link DAP-2695 120b36r137_ALL_en_20210528. It has been rated as problematic. This issue affects some unknown processing of the file /adv_macbypass.php of the component MAC Bypass Settings Page. The manipulation of the argument f_mac leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DAP-2695 Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. D-Link DAP-2695 is a high-performance dual-band wireless access point from D-Link.
D-Link DAP-2695 has a cross-site scripting vulnerability, which is caused by the lack of effective filtering and escaping of user-supplied data by the parameter f_mac in the file /adv_macbypass.php. No detailed vulnerability details are currently provided
VAR-202505-1805 | CVE-2025-4858 | D-Link Systems, Inc. of DAP-2695 Cross-site scripting vulnerability in firmware |
CVSS V2: 3.3 CVSS V3: 2.4 Severity: Medium |
A vulnerability was found in D-Link DAP-2695 120b36r137_ALL_en_20210528. It has been declared as problematic. This vulnerability affects unknown code of the file /adv_arpspoofing.php of the component ARP Spoofing Prevention Page. The manipulation of the argument harp_mac leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DAP-2695 Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. D-Link DAP-2695 is a high-performance dual-band wireless access point from D-Link.
D-Link DAP-2695 has a cross-site scripting vulnerability, which is caused by the lack of effective filtering and escaping of user-supplied data by the parameter harp_mac in the file /adv_arpspoofing.php. No detailed vulnerability details are currently provided
VAR-202505-1839 | CVE-2025-4852 | TOTOLINK of A3002R Cross-site scripting vulnerability in firmware |
CVSS V2: 3.3 CVSS V3: 2.4 Severity: Medium |
A vulnerability, which was classified as problematic, has been found in TOTOLINK A3002R 2.1.1-B20230720.1011. This issue affects some unknown processing of the component VPN Page. The manipulation of the argument Comment leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of A3002R Firmware has a cross-site scripting vulnerability.Information may be tampered with. TOTOLINK A3002R is a wireless router from China's TOTOLINK Electronics.
TOTOLINK A3002R has a cross-site scripting vulnerability, which is caused by the lack of effective filtering and escaping of user-provided data in the parameter Comment in the component VPN Page. No detailed vulnerability details are currently provided
VAR-202505-1840 | CVE-2025-4851 | TOTOLINK of N300RH Injection Vulnerability in Firmware |
CVSS V2: 6.5 CVSS V3: 6.3 Severity: Medium |
A vulnerability classified as critical was found in TOTOLINK N300RH 6.1c.1390_B20191101. This vulnerability affects the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of N300RH The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N300RH is a long-distance wireless router from China's TOTOLINK Electronics.
TOTOLINK N300RH has a command injection vulnerability, which is caused by the parameter FileName in the file /cgi-bin/cstecgi.cgi failing to properly filter special characters and commands in the constructed command. No detailed vulnerability details are currently provided