VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202512-0021 CVE-2025-66584 AzeoTech DAQFactory Stack Buffer Overflow Vulnerability CVSS V2: 6.2
CVSS V3: -
Severity: MEDIUM
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. AzeoTech DAQFactory is a data acquisition and monitoring software developed by AzeoTech, a US-based company, commonly used in industrial automation. AzeoTech DAQFactory contains a stack buffer overflow vulnerability. This vulnerability stems from a stack buffer overflow that occurs when parsing specially crafted .ctl files, allowing attackers to execute arbitrary code
VAR-202512-0195 CVE-2025-14528 D-Link Corporation  of  DIR-803  Firmware vulnerabilities CVSS V2: 5.0
CVSS V3: 5.3
Severity: Medium
A vulnerability was detected in D-Link DIR-803 up to 1.04. Impacted is an unknown function of the file /getcfg.php of the component Configuration Handler. The manipulation of the argument AUTHORIZED_GROUP results in information disclosure. The attack may be performed from remote. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Corporation of DIR-803 There are unspecified vulnerabilities in the firmware.Information may be obtained
VAR-202512-0002 CVE-2025-14526 Tenda CH22 buffer overflow vulnerability (CNVD-2025-3077012) CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A security flaw has been discovered in Tenda CH22 1.0.0.1. This affects the function frmL7ImForm of the file /goform/L7Im. Performing a manipulation of the argument page results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The Tenda CH22 is an enterprise-grade wireless router suitable for small and medium-sized businesses or home office environments. It supports a single-band 2.4GHz wireless network with a maximum transmission rate of 450Mbps. A buffer overflow vulnerability exists in version 1.0.0.1 of the Tenda CH22. This vulnerability is related to the `frmL7ImForm` function on the `/goform/L7Im` interface and arises from the lack of valid length validation for the passed `page` parameter. A remote attacker could exploit this vulnerability to execute arbitrary code, thereby gaining complete control of the device or causing service disruption
VAR-202512-0920 CVE-2025-64156 CVSS V2: -
CVSS V3: 7.2
Severity: HIGH
An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7, FortiVoice 6.4 all versions, FortiVoice 6.0 all versions may allow an authenticated privileged attacker to execute unauthorized code or commands via crafted requests
VAR-202512-4489 CVE-2025-64153 CVSS V2: -
CVSS V3: 7.2
Severity: HIGH
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiExtender 7.6.0 through 7.6.3, FortiExtender 7.4.0 through 7.4.7, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated attacker to execute unauthorized code or commands via a specific HTTP request.
VAR-202512-4271 CVE-2025-60024 CVSS V2: -
CVSS V3: 8.8
Severity: HIGH
Multiple Improper Limitations of a Pathname to a Restricted Directory ('Path Traversal') vulnerabilities [CWE-22] vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 may allow a privileged authenticated attacker to write arbitrary files via specifically HTTP or HTTPS commands
VAR-202512-0954 CVE-2025-54353 Fortinet FortiSandbox hcproxy Cross-Site Scripting Remote Code Execution Vulnerability CVSS V2: -
CVSS V3: 5.4
Severity: MEDIUM
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an attacker to perform an XSS attack via crafted HTTP requests. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fortinet FortiSandbox. Minimal user interaction is required to exploit this vulnerability.The specific flaw exists within the handling of HA cluster paths. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of arbitrary script. An attacker can leverage this vulnerability to interact with the application in the context of a target user
VAR-202512-0955 CVE-2025-53949 Fortinet FortiSandbox name Parameter Command Injection Remote Code Execution Vulnerability CVSS V2: -
CVSS V3: 8.8
Severity: HIGH
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fortinet FortiSandbox. Authentication is required to exploit this vulnerability.The specific flaw exists within the handling of the names parameter provided to the admindel_confirm endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root
VAR-202512-1753 CVE-2025-53679 fortinet's FortiSandbox In multiple products such as OS  Command injection vulnerability CVSS V2: -
CVSS V3: 7.2
Severity: HIGH
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox Cloud 24.1, FortiSandbox Cloud 23 all versions allows a remote privileged attacker to execute unauthorized code or commands via crafted HTTP or HTTPS requests. This vulnerability allows a remotely privileged attacker to craft a specially made attack. HTTP or HTTPS It is possible to execute malicious code or commands through requests.- All information handled by the software may be leaked to external parties. - All information handled by the software may be overwritten. - The software may completely shut down
VAR-202512-4870 CVE-2025-12946 of netgear MR90 FIRMWARE Vulnerabilities related to input confirmation in multiple products such as CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
A vulnerability in the speedtest feature of affected NETGEAR Nighthawk routers, caused by improper input validation, can allow attackers on the router's WAN side, using attacker-in-the-middle techniques (MiTM) to manipulate DNS responses and execute commands when speedtests are run. This issue affects RS700: through 1.0.7.82; RAX54Sv2 : before V1.1.6.36; RAX41v2: before V1.1.6.36; RAX50: before V1.2.14.114; RAXE500: before V1.2.14.114; RAX41: before V1.0.17.142; RAX43: before V1.0.17.142; RAX35v2: before V1.0.17.142; RAXE450: before V1.2.14.114; RAX43v2: before V1.1.6.36; RAX42: before V1.0.17.142; RAX45: before V1.0.17.142; RAX50v2: before V1.1.6.36; MR90: before V1.0.2.46; MS90: before V1.0.2.46; RAX42v2: before V1.1.6.36; RAX49S: before V1.1.6.36. This vulnerability affects the following products: RS700 teeth 1.0.7.82 to, RAX54Sv2 teeth V1.1.6.36 Before, RAX41v2 teeth V1.1.6.36 Before, RAX50 teeth V1.2.14.114 Before, RAXE500 teeth V1.2.14.114 Before, RAX41 teeth V1.0.17.142 Before, RAX43 teeth V1.0.17.142 Before, RAX35v2 teeth V1.0.17.142 Before, RAXE450 teeth V1.2.14.114 Before, RAX43v2 teeth V1.1.6.36 Before, RAX42 teeth V1.0.17.142 Before, RAX45 teeth V1.0.17.142 Before, RAX50v2 teeth V1.1.6.36 Before, MR90 teeth V1.0.2.46 Before, MS90 teeth V1.0.2.46 Before, RAX42v2 teeth V1.1.6.36 Before, RAX49S teeth V1.1.6.36 It affects earlier.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software
VAR-202512-0788 CVE-2025-12945 of netgear R7000P  Firmware Input Validation Vulnerability CVSS V2: -
CVSS V3: 7.2
Severity: HIGH
A vulnerability in NETGEAR Nighthawk R7000P routers lets an authenticated admin execute OS command injections due to improper input validation. This issue affects R7000P: through 1.3.3.154. OS There is a vulnerability that allows command injection. R7000P version of 1.3.3.154 It will affect up to.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software
VAR-202512-0065 CVE-2025-40819 CVSS V2: -
CVSS V3: 4.3
Severity: MEDIUM
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP4). Affected applications do not properly validate license restrictions against the database, allowing direct modification of the system_ticketinfo table to bypass license limitations without proper enforcement checks. This could allow with database access to circumvent licensing restrictions by directly modifying database values and potentially enabling unauthorized use beyond the permitted scope.
VAR-202512-0066 CVE-2025-40818 CVSS V2: -
CVSS V3: 3.3
Severity: LOW
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP4). Affected applications contain private SSL/TLS keys on the server that are not properly protected allowing any user with server access to read these keys. This could allow an authenticated attacker to impersonate the server potentially enabling man-in-the-middle, traffic decryption or unauthorized access to services that trust these certificates.
VAR-202512-0198 CVE-2025-14286 CVSS V2: 5.0
CVSS V3: 5.3
Severity: Medium
A vulnerability was determined in Tenda AC9 15.03.05.14_multi. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/DownloadCfg.jpg of the component Configuration File Handler. This manipulation causes information disclosure. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
VAR-202512-0222 CVE-2024-56840 CVSS V2: -
CVSS V3: 7.2
Severity: High
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). Under certain conditions, IPsec may allow code injection in the affected device. An attacker could leverage this scenario to execute arbitrary code as root user.
VAR-202512-0223 CVE-2024-56839 CVSS V2: -
CVSS V3: 7.2
Severity: High
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). Code injection can be achieved when the affected device is using VRF (Virtual Routing and Forwarding). An attacker could leverage this scenario to execute arbitrary code as root user.
VAR-202512-0220 CVE-2024-56838 CVSS V2: -
CVSS V3: 7.2
Severity: High
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). The SCEP client available in the affected device for secure certificate enrollment lacks validation of multiple fields. An attacker could leverage this scenario to execute arbitrary code as root user.
VAR-202512-0221 CVE-2024-56837 CVSS V2: -
CVSS V3: 7.2
Severity: High
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). Due to the insufficient validation during the installation and load of certain configuration files of the affected device, an attacker could spawn a reverse shell and gain root access on the affected system.
VAR-202512-0219 CVE-2024-56836 CVSS V2: -
CVSS V3: 7.5
Severity: High
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). During the Dynamic DNS configuration of the affected product it is possible to inject additional configuration parameters. Under certain circumstances, an attacker could leverage this vulnerability to spawn a reverse shell and gain root access on the affected system.
VAR-202512-0224 CVE-2024-56835 CVSS V2: -
CVSS V3: 8.8
Severity: High
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). The DHCP Server configuration file of the affected products is subject to code injection. An attacker could leverage this vulnerability to spawn a reverse shell and gain root access on the affected system.