VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202506-1323 CVE-2025-6614 D-Link DIR-619L Stack Buffer Overflow Vulnerability (CNVD-2025-14221) CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability, which was classified as critical, has been found in D-Link DIR-619L 2.06B01. Affected by this issue is the function formSetWANType_Wizard5 of the file /goform/formSetWANType_Wizard5. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link DIR-619L is a wireless router from D-Link, a Chinese company. D-Link DIR-619L has a stack buffer overflow vulnerability, which is caused by incorrect bounds checking in the function formSetWANType_Wizard5 of the file /goform/formSetWANType_Wizard5. An attacker can exploit this vulnerability to cause a buffer overflow, execute arbitrary code on the system, or cause the application to crash
VAR-202506-2577 No CVE D-Link DI-500WF-WT has a command execution vulnerability CVSS V2: 7.1
CVSS V3: -
Severity: HIGH
DI-500WF-WT is a wireless network coverage device produced by D-Link of China. D-Link DI-500WF-WT has a command execution vulnerability, which can be exploited by attackers to execute commands.
VAR-202506-1246 CVE-2025-6568 TOTOLINK  of  ex1200t  Buffer error vulnerability in firmware CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability classified as critical has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formIpv6Setup of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of ex1200t The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a dual-band wireless signal amplifier, mainly used to extend the coverage of existing wireless networks. No detailed vulnerability details are currently provided
VAR-202506-1768 No CVE HP LaserJet Pro MFP M126nw of HP Trading (Shanghai) Co., Ltd. has a weak password vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
HP LaserJet Pro MFP M126nw is a black and white laser all-in-one printer. HP LaserJet Pro MFP M126nw of HP Trading (Shanghai) Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to log in to the system and obtain sensitive information.
VAR-202506-2380 No CVE Epson (China) Co., Ltd. L6490 has a logic defect vulnerability CVSS V2: 6.4
CVSS V3: -
Severity: MEDIUM
L6490 is a series of printer products. Epson (China) Co., Ltd. L6490 has a logic defect vulnerability, which can be exploited by attackers to reset the password.
VAR-202506-2988 No CVE HP Color LaserJet MFP M476dw of HP Trading (Shanghai) Co., Ltd. has a weak password vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
HP Color LaserJet MFP M476dw is a color laser multifunction printer. HP Color LaserJet MFP M476dw of HP Trading (Shanghai) Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to log in to the system and obtain sensitive information.
VAR-202506-2180 No CVE PX4 has a logic flaw vulnerability CVSS V2: 2.1
CVSS V3: -
Severity: LOW
PX4 is an open source autopilot. PX4 has a logic flaw vulnerability that can be exploited by attackers to cause an oscillation loop, causing the device to repeatedly collide with obstacles, resulting in a denial of service.
VAR-202506-2791 No CVE H3C N12 of H3C Technologies Co., Ltd. has a denial of service vulnerability CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
H3C N12 is a wireless router of H3C, a Chinese company. H3C N12 of H3C Technologies Co., Ltd. has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.
VAR-202506-1774 No CVE H3C NX54 of H3C Technologies Co., Ltd. has a command execution vulnerability CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
H3C NX54 is a Gigabit dual-band router that supports Wi-Fi 6 (802.11ax) protocol. H3C NX54 of H3C Technologies Co., Ltd. has a command execution vulnerability, which can be exploited by attackers to execute commands.
VAR-202506-2786 No CVE HP Color LaserJet M254nw of HP Trading (Shanghai) Co., Ltd. has a weak password vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
HP Color LaserJet M254nw is a color laser printer. HP Color LaserJet M254nw of HP Trading (Shanghai) Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to log in to the system and obtain sensitive information.
VAR-202506-1769 No CVE Shenzhen Jixiang Tengda Technology Co., Ltd. FH451 has a binary vulnerability CVSS V2: 2.1
CVSS V3: -
Severity: LOW
FH451 is a 450Mbps home wireless router launched by Tenda. Shenzhen Jixiang Tenda Technology Co., Ltd. FH451 has a binary vulnerability that can be exploited by attackers to cause a denial of service.
VAR-202506-2579 No CVE H3C NX54 of H3C Technologies Co., Ltd. has a denial of service vulnerability CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
H3C NX54 is a Gigabit dual-band router that supports Wi-Fi 6 (802.11ax) protocol. H3C NX54 of H3C Technologies Co., Ltd. has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.
VAR-202506-1174 CVE-2025-6487 TOTOLINK  of  A3002R  Buffer error vulnerability in firmware CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been rated as critical. This issue affects the function formRoute of the file /boafrm/formRoute. The manipulation of the argument subnet leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of A3002R The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3002R is a wireless router produced by China's TOTOLINK Electronics Company. TOTOLINK A3002R has a stack buffer overflow vulnerability. The vulnerability is caused by the failure of the parameter subnet in the file /boafrm/formRoute to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
VAR-202506-1267 CVE-2025-6486 TOTOLINK  of  A3002R  Buffer error vulnerability in firmware CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been declared as critical. This vulnerability affects the function formWlanMultipleAP of the file /boafrm/formWlanMultipleAP. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of A3002R The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3002R is a wireless router produced by China's TOTOLINK Electronics. The vulnerability is caused by the parameter submit-url in the file /boafrm/formWlanMultipleAP failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
VAR-202506-1156 CVE-2025-6485 TOTOLINK A3002R Command Injection Vulnerability CVSS V2: 6.5
CVSS V3: 6.3
Severity: Low
A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been classified as critical. This affects the function formWlSiteSurvey of the file /boafrm/formWlSiteSurvey. The manipulation of the argument wlanif leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK A3002R is a wireless router from China's TOTOLINK Electronics. TOTOLINK A3002R has a command injection vulnerability, which is caused by the parameter wlanif in the file /boafrm/formWlSiteSurvey failing to properly filter special characters and commands in the constructed command. No detailed vulnerability details are currently available
VAR-202506-2790 No CVE H3C NX15 of H3C Technologies Co., Ltd. has a command execution vulnerability CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
H3C NX15 is a home wireless router. H3C NX15 of H3C Technologies Co., Ltd. has a command execution vulnerability, and attackers can exploit the vulnerability to execute commands.
VAR-202506-2787 No CVE D-Link DI-8200 has a command injection vulnerability CVSS V2: 7.1
CVSS V3: -
Severity: HIGH
DI-8200 is an enterprise-level router from China's D-Link. D-Link DI-8200 has a command injection vulnerability that can be exploited by attackers to execute arbitrary commands.
VAR-202506-1772 No CVE H3C NX15 of H3C Technologies Co., Ltd. has an unauthorized access vulnerability CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
H3C NX15 is a home wireless router. H3C NX15 of H3C Technologies Co., Ltd. has an unauthorized access vulnerability. Attackers can use this vulnerability to log in to telnet and obtain system permissions.
VAR-202506-2989 No CVE Quanxun Huiju Network Technology (Beijing) Co., Ltd. iKuai has an arbitrary file read vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Quanxun Huiju Network Technology (Beijing) Co., Ltd. was established in 2013. iKuai is the company's product brand, and iKuic is the company's overseas product brand. iKuai of Quanxun Huiju Network Technology (Beijing) Co., Ltd. has an arbitrary file read vulnerability, and attackers can exploit the vulnerability to obtain sensitive information.
VAR-202506-2383 No CVE H3C NX15 of H3C Technologies Co., Ltd. has a command execution vulnerability CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
H3C NX15 is a home wireless router. H3C NX15 of H3C Technologies Co., Ltd. has a command execution vulnerability, and attackers can exploit the vulnerability to execute commands.