VARIoT IoT vulnerabilities database

VAR-202506-1323 | CVE-2025-6614 | D-Link DIR-619L Stack Buffer Overflow Vulnerability (CNVD-2025-14221) |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability, which was classified as critical, has been found in D-Link DIR-619L 2.06B01. Affected by this issue is the function formSetWANType_Wizard5 of the file /goform/formSetWANType_Wizard5. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link DIR-619L is a wireless router from D-Link, a Chinese company.
D-Link DIR-619L has a stack buffer overflow vulnerability, which is caused by incorrect bounds checking in the function formSetWANType_Wizard5 of the file /goform/formSetWANType_Wizard5. An attacker can exploit this vulnerability to cause a buffer overflow, execute arbitrary code on the system, or cause the application to crash
VAR-202506-2577 | No CVE | D-Link DI-500WF-WT has a command execution vulnerability |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
DI-500WF-WT is a wireless network coverage device produced by D-Link of China.
D-Link DI-500WF-WT has a command execution vulnerability, which can be exploited by attackers to execute commands.
VAR-202506-1246 | CVE-2025-6568 | TOTOLINK of ex1200t Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability classified as critical has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formIpv6Setup of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of ex1200t The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a dual-band wireless signal amplifier, mainly used to extend the coverage of existing wireless networks. No detailed vulnerability details are currently provided
VAR-202506-1768 | No CVE | HP LaserJet Pro MFP M126nw of HP Trading (Shanghai) Co., Ltd. has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
HP LaserJet Pro MFP M126nw is a black and white laser all-in-one printer.
HP LaserJet Pro MFP M126nw of HP Trading (Shanghai) Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to log in to the system and obtain sensitive information.
VAR-202506-2380 | No CVE | Epson (China) Co., Ltd. L6490 has a logic defect vulnerability |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
L6490 is a series of printer products.
Epson (China) Co., Ltd. L6490 has a logic defect vulnerability, which can be exploited by attackers to reset the password.
VAR-202506-2988 | No CVE | HP Color LaserJet MFP M476dw of HP Trading (Shanghai) Co., Ltd. has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
HP Color LaserJet MFP M476dw is a color laser multifunction printer.
HP Color LaserJet MFP M476dw of HP Trading (Shanghai) Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to log in to the system and obtain sensitive information.
VAR-202506-2180 | No CVE | PX4 has a logic flaw vulnerability |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
PX4 is an open source autopilot.
PX4 has a logic flaw vulnerability that can be exploited by attackers to cause an oscillation loop, causing the device to repeatedly collide with obstacles, resulting in a denial of service.
VAR-202506-2791 | No CVE | H3C N12 of H3C Technologies Co., Ltd. has a denial of service vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
H3C N12 is a wireless router of H3C, a Chinese company.
H3C N12 of H3C Technologies Co., Ltd. has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.
VAR-202506-1774 | No CVE | H3C NX54 of H3C Technologies Co., Ltd. has a command execution vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
H3C NX54 is a Gigabit dual-band router that supports Wi-Fi 6 (802.11ax) protocol.
H3C NX54 of H3C Technologies Co., Ltd. has a command execution vulnerability, which can be exploited by attackers to execute commands.
VAR-202506-2786 | No CVE | HP Color LaserJet M254nw of HP Trading (Shanghai) Co., Ltd. has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
HP Color LaserJet M254nw is a color laser printer.
HP Color LaserJet M254nw of HP Trading (Shanghai) Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to log in to the system and obtain sensitive information.
VAR-202506-1769 | No CVE | Shenzhen Jixiang Tengda Technology Co., Ltd. FH451 has a binary vulnerability |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
FH451 is a 450Mbps home wireless router launched by Tenda.
Shenzhen Jixiang Tenda Technology Co., Ltd. FH451 has a binary vulnerability that can be exploited by attackers to cause a denial of service.
VAR-202506-2579 | No CVE | H3C NX54 of H3C Technologies Co., Ltd. has a denial of service vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
H3C NX54 is a Gigabit dual-band router that supports Wi-Fi 6 (802.11ax) protocol.
H3C NX54 of H3C Technologies Co., Ltd. has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.
VAR-202506-1174 | CVE-2025-6487 | TOTOLINK of A3002R Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been rated as critical. This issue affects the function formRoute of the file /boafrm/formRoute. The manipulation of the argument subnet leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of A3002R The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3002R is a wireless router produced by China's TOTOLINK Electronics Company.
TOTOLINK A3002R has a stack buffer overflow vulnerability. The vulnerability is caused by the failure of the parameter subnet in the file /boafrm/formRoute to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
VAR-202506-1267 | CVE-2025-6486 | TOTOLINK of A3002R Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been declared as critical. This vulnerability affects the function formWlanMultipleAP of the file /boafrm/formWlanMultipleAP. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of A3002R The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3002R is a wireless router produced by China's TOTOLINK Electronics. The vulnerability is caused by the parameter submit-url in the file /boafrm/formWlanMultipleAP failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
VAR-202506-1156 | CVE-2025-6485 | TOTOLINK A3002R Command Injection Vulnerability |
CVSS V2: 6.5 CVSS V3: 6.3 Severity: Low |
A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been classified as critical. This affects the function formWlSiteSurvey of the file /boafrm/formWlSiteSurvey. The manipulation of the argument wlanif leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK A3002R is a wireless router from China's TOTOLINK Electronics.
TOTOLINK A3002R has a command injection vulnerability, which is caused by the parameter wlanif in the file /boafrm/formWlSiteSurvey failing to properly filter special characters and commands in the constructed command. No detailed vulnerability details are currently available
VAR-202506-2790 | No CVE | H3C NX15 of H3C Technologies Co., Ltd. has a command execution vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
H3C NX15 is a home wireless router.
H3C NX15 of H3C Technologies Co., Ltd. has a command execution vulnerability, and attackers can exploit the vulnerability to execute commands.
VAR-202506-2787 | No CVE | D-Link DI-8200 has a command injection vulnerability |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
DI-8200 is an enterprise-level router from China's D-Link.
D-Link DI-8200 has a command injection vulnerability that can be exploited by attackers to execute arbitrary commands.
VAR-202506-1772 | No CVE | H3C NX15 of H3C Technologies Co., Ltd. has an unauthorized access vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
H3C NX15 is a home wireless router.
H3C NX15 of H3C Technologies Co., Ltd. has an unauthorized access vulnerability. Attackers can use this vulnerability to log in to telnet and obtain system permissions.
VAR-202506-2989 | No CVE | Quanxun Huiju Network Technology (Beijing) Co., Ltd. iKuai has an arbitrary file read vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Quanxun Huiju Network Technology (Beijing) Co., Ltd. was established in 2013. iKuai is the company's product brand, and iKuic is the company's overseas product brand.
iKuai of Quanxun Huiju Network Technology (Beijing) Co., Ltd. has an arbitrary file read vulnerability, and attackers can exploit the vulnerability to obtain sensitive information.
VAR-202506-2383 | No CVE | H3C NX15 of H3C Technologies Co., Ltd. has a command execution vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
H3C NX15 is a home wireless router.
H3C NX15 of H3C Technologies Co., Ltd. has a command execution vulnerability, and attackers can exploit the vulnerability to execute commands.