VARIoT IoT vulnerabilities database
| VAR-202512-0021 | CVE-2025-66584 | AzeoTech DAQFactory Stack Buffer Overflow Vulnerability |
CVSS V2: 6.2 CVSS V3: - Severity: MEDIUM |
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. AzeoTech DAQFactory is a data acquisition and monitoring software developed by AzeoTech, a US-based company, commonly used in industrial automation.
AzeoTech DAQFactory contains a stack buffer overflow vulnerability. This vulnerability stems from a stack buffer overflow that occurs when parsing specially crafted .ctl files, allowing attackers to execute arbitrary code
| VAR-202512-0195 | CVE-2025-14528 | D-Link Corporation of DIR-803 Firmware vulnerabilities |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: Medium |
A vulnerability was detected in D-Link DIR-803 up to 1.04. Impacted is an unknown function of the file /getcfg.php of the component Configuration Handler. The manipulation of the argument AUTHORIZED_GROUP results in information disclosure. The attack may be performed from remote. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Corporation of DIR-803 There are unspecified vulnerabilities in the firmware.Information may be obtained
| VAR-202512-0002 | CVE-2025-14526 | Tenda CH22 buffer overflow vulnerability (CNVD-2025-3077012) |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A security flaw has been discovered in Tenda CH22 1.0.0.1. This affects the function frmL7ImForm of the file /goform/L7Im. Performing a manipulation of the argument page results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The Tenda CH22 is an enterprise-grade wireless router suitable for small and medium-sized businesses or home office environments. It supports a single-band 2.4GHz wireless network with a maximum transmission rate of 450Mbps.
A buffer overflow vulnerability exists in version 1.0.0.1 of the Tenda CH22. This vulnerability is related to the `frmL7ImForm` function on the `/goform/L7Im` interface and arises from the lack of valid length validation for the passed `page` parameter. A remote attacker could exploit this vulnerability to execute arbitrary code, thereby gaining complete control of the device or causing service disruption
| VAR-202512-0920 | CVE-2025-64156 |
CVSS V2: - CVSS V3: 7.2 Severity: HIGH |
An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7, FortiVoice 6.4 all versions, FortiVoice 6.0 all versions may allow an authenticated privileged attacker to execute unauthorized code or commands via crafted requests
| VAR-202512-4489 | CVE-2025-64153 |
CVSS V2: - CVSS V3: 7.2 Severity: HIGH |
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiExtender 7.6.0 through 7.6.3, FortiExtender 7.4.0 through 7.4.7, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated attacker to execute unauthorized code or commands via a specific HTTP request.
| VAR-202512-4271 | CVE-2025-60024 |
CVSS V2: - CVSS V3: 8.8 Severity: HIGH |
Multiple Improper Limitations of a Pathname to a Restricted Directory ('Path Traversal') vulnerabilities [CWE-22] vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 may allow a privileged authenticated attacker to write arbitrary files via specifically HTTP or HTTPS commands
| VAR-202512-0954 | CVE-2025-54353 | Fortinet FortiSandbox hcproxy Cross-Site Scripting Remote Code Execution Vulnerability |
CVSS V2: - CVSS V3: 5.4 Severity: MEDIUM |
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an attacker to perform an XSS attack via crafted HTTP requests. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fortinet FortiSandbox. Minimal user interaction is required to exploit this vulnerability.The specific flaw exists within the handling of HA cluster paths. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of arbitrary script. An attacker can leverage this vulnerability to interact with the application in the context of a target user
| VAR-202512-0955 | CVE-2025-53949 | Fortinet FortiSandbox name Parameter Command Injection Remote Code Execution Vulnerability |
CVSS V2: - CVSS V3: 8.8 Severity: HIGH |
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fortinet FortiSandbox. Authentication is required to exploit this vulnerability.The specific flaw exists within the handling of the names parameter provided to the admindel_confirm endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root
| VAR-202512-1753 | CVE-2025-53679 | fortinet's FortiSandbox In multiple products such as OS Command injection vulnerability |
CVSS V2: - CVSS V3: 7.2 Severity: HIGH |
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox Cloud 24.1, FortiSandbox Cloud 23 all versions allows a remote privileged attacker to execute unauthorized code or commands via crafted HTTP or HTTPS requests. This vulnerability allows a remotely privileged attacker to craft a specially made attack. HTTP or HTTPS It is possible to execute malicious code or commands through requests.- All information handled by the software may be leaked to external parties. - All information handled by the software may be overwritten. - The software may completely shut down
| VAR-202512-4870 | CVE-2025-12946 | of netgear MR90 FIRMWARE Vulnerabilities related to input confirmation in multiple products such as |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
A vulnerability in the speedtest feature of affected NETGEAR Nighthawk routers, caused by improper input validation, can allow attackers on the router's WAN side, using attacker-in-the-middle techniques (MiTM) to manipulate DNS responses and execute commands when speedtests are run.
This issue affects RS700: through 1.0.7.82; RAX54Sv2 : before V1.1.6.36; RAX41v2: before V1.1.6.36; RAX50: before V1.2.14.114; RAXE500: before V1.2.14.114; RAX41: before V1.0.17.142; RAX43: before V1.0.17.142; RAX35v2: before V1.0.17.142; RAXE450: before V1.2.14.114; RAX43v2: before V1.1.6.36; RAX42: before V1.0.17.142; RAX45: before V1.0.17.142; RAX50v2: before V1.1.6.36; MR90: before V1.0.2.46; MS90: before V1.0.2.46; RAX42v2: before V1.1.6.36; RAX49S: before V1.1.6.36. This vulnerability affects the following products: RS700 teeth 1.0.7.82 to, RAX54Sv2 teeth V1.1.6.36 Before, RAX41v2 teeth V1.1.6.36 Before, RAX50 teeth V1.2.14.114 Before, RAXE500 teeth V1.2.14.114 Before, RAX41 teeth V1.0.17.142 Before, RAX43 teeth V1.0.17.142 Before, RAX35v2 teeth V1.0.17.142 Before, RAXE450 teeth V1.2.14.114 Before, RAX43v2 teeth V1.1.6.36 Before, RAX42 teeth V1.0.17.142 Before, RAX45 teeth V1.0.17.142 Before, RAX50v2 teeth V1.1.6.36 Before, MR90 teeth V1.0.2.46 Before, MS90 teeth V1.0.2.46 Before, RAX42v2 teeth V1.1.6.36 Before, RAX49S teeth V1.1.6.36 It affects earlier.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software
| VAR-202512-0788 | CVE-2025-12945 | of netgear R7000P Firmware Input Validation Vulnerability |
CVSS V2: - CVSS V3: 7.2 Severity: HIGH |
A vulnerability in NETGEAR Nighthawk R7000P routers lets an authenticated admin execute OS command injections due to improper input validation.
This issue affects R7000P: through 1.3.3.154. OS There is a vulnerability that allows command injection. R7000P version of 1.3.3.154 It will affect up to.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software
| VAR-202512-0065 | CVE-2025-40819 |
CVSS V2: - CVSS V3: 4.3 Severity: MEDIUM |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP4). Affected applications do not properly validate license restrictions against the database, allowing direct modification of the system_ticketinfo table to bypass license limitations without proper enforcement checks. This could allow with database access to circumvent licensing restrictions by directly modifying database values and potentially enabling unauthorized use beyond the permitted scope.
| VAR-202512-0066 | CVE-2025-40818 |
CVSS V2: - CVSS V3: 3.3 Severity: LOW |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP4). Affected applications contain private SSL/TLS keys on the server that are not properly protected allowing any user with server access to read these keys. This could allow an authenticated attacker to impersonate the server potentially enabling man-in-the-middle, traffic decryption or unauthorized access to services that trust these certificates.
| VAR-202512-0198 | CVE-2025-14286 |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: Medium |
A vulnerability was determined in Tenda AC9 15.03.05.14_multi. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/DownloadCfg.jpg of the component Configuration File Handler. This manipulation causes information disclosure. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
| VAR-202512-0222 | CVE-2024-56840 |
CVSS V2: - CVSS V3: 7.2 Severity: High |
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). Under certain conditions, IPsec may allow code injection in the affected device. An attacker could leverage this scenario to execute arbitrary code as root user.
| VAR-202512-0223 | CVE-2024-56839 |
CVSS V2: - CVSS V3: 7.2 Severity: High |
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). Code injection can be achieved when the affected device is using VRF (Virtual Routing and Forwarding). An attacker could leverage this scenario to execute arbitrary code as root user.
| VAR-202512-0220 | CVE-2024-56838 |
CVSS V2: - CVSS V3: 7.2 Severity: High |
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). The SCEP client available in the affected device for secure certificate enrollment lacks validation of multiple fields. An attacker could leverage this scenario to execute arbitrary code as root user.
| VAR-202512-0221 | CVE-2024-56837 |
CVSS V2: - CVSS V3: 7.2 Severity: High |
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). Due to the insufficient validation during the installation and load of certain configuration files of the affected device, an attacker could spawn a reverse shell and gain root access on the affected system.
| VAR-202512-0219 | CVE-2024-56836 |
CVSS V2: - CVSS V3: 7.5 Severity: High |
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). During the Dynamic DNS configuration of the affected product it is possible to inject additional configuration parameters. Under certain circumstances, an attacker could leverage this vulnerability to spawn a reverse shell and gain root access on the affected system.
| VAR-202512-0224 | CVE-2024-56835 |
CVSS V2: - CVSS V3: 8.8 Severity: High |
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). The DHCP Server configuration file of the affected products is subject to code injection. An attacker could leverage this vulnerability to spawn a reverse shell and gain root access on the affected system.