VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202511-0413 CVE-2025-46362 Dell's  Alienware Command Center  access control vulnerabilities in CVSS V2: -
CVSS V3: 6.6
Severity: MEDIUM
Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information Tampering
VAR-202511-1037 CVE-2025-60676 CVSS V2: -
CVSS V3: 6.5
Severity: MEDIUM
An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetNetworkSettings' functionality of prog.cgi, where the 'IPAddress' and 'SubnetMask' parameters are directly concatenated into shell commands executed via system(). An attacker can exploit this vulnerability remotely without authentication by sending a specially crafted HTTP request, leading to arbitrary command execution on the device.
VAR-202511-1190 CVE-2025-60675 D-Link Corporation  of  DIR-823G  Command injection vulnerability in firmware CVSS V2: 5.5
CVSS V3: 5.4
Severity: MEDIUM
A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823G_V1.0.2B05_20181207.bin in the timelycheck and sysconf binaries, which process the /tmp/new_qos.rule configuration file. The vulnerability occurs because parsed fields from the configuration file are concatenated into command strings and executed via system() without any sanitization. An attacker with write access to /tmp/new_qos.rule can execute arbitrary commands on the device. D-Link Corporation of DIR-823G Firmware contains a command injection vulnerability.Information may be obtained and information may be tampered with. The D-Link DIR-823G is a wireless router manufactured by D-Link, a Chinese company
VAR-202511-1189 CVE-2025-60674 D-Link Corporation  of  DIR-878  Stack-based buffer overflow vulnerability in firmware CVSS V2: -
CVSS V3: 6.8
Severity: MEDIUM
A stack buffer overflow vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin in the rc binary's USB storage handling module. The vulnerability occurs when the "Serial Number" field from a USB device is read via sscanf into a 64-byte stack buffer, while fgets reads up to 127 bytes, causing a stack overflow. An attacker with physical access or control over a USB device can exploit this vulnerability to potentially execute arbitrary code on the device. D-Link Corporation of DIR-878 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202511-1325 CVE-2025-60673 D-Link Corporation  of  DIR-878  Command injection vulnerability in firmware CVSS V2: -
CVSS V3: 6.5
Severity: MEDIUM
An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetDMZSettings' functionality, where the 'IPAddress' parameter in prog.cgi is stored in NVRAM and later used by librcm.so to construct iptables commands executed via twsystem(). An attacker can exploit this vulnerability remotely without authentication by sending a specially crafted HTTP request, leading to arbitrary command execution on the device
VAR-202511-0385 CVE-2025-60672 D-Link Corporation  of  DIR-878  Command injection vulnerability in firmware CVSS V2: -
CVSS V3: 6.5
Severity: MEDIUM
An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetDynamicDNSSettings' functionality, where the 'ServerAddress' and 'Hostname' parameters in prog.cgi are stored in NVRAM and later used by rc to construct system commands executed via twsystem(). An attacker can exploit this vulnerability remotely without authentication by sending a specially crafted HTTP request, leading to arbitrary command execution on the device
VAR-202511-1191 CVE-2025-60701 D-Link Corporation  of  DIR-882  Command injection vulnerability in firmware CVSS V2: -
CVSS V3: 6.5
Severity: MEDIUM
A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `rc` binaries. The `sub_433188` function in `prog.cgi` stores user-supplied email configuration parameters (`EmailFrom`, `EmailTo`, `SMTPServerAddress`, `SMTPServerPort`, `AccountName`) in NVRAM via `nvram_safe_set`. These values are later retrieved in the `sub_448FDC` function of `rc` using `nvram_safe_get` and concatenated into shell commands executed via `twsystem()` without sanitization. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary commands on the device through specially crafted HTTP requests to the router's web interface
VAR-202511-0547 CVE-2025-60700 CVSS V2: -
CVSS V3: 6.5
Severity: MEDIUM
A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `librcm.so` binaries. The `sub_4455BC` function in `prog.cgi` stores user-supplied `SetDMZSettings/IPAddress` values in NVRAM via `nvram_safe_set("dmz_ipaddr", ...)`. These values are later retrieved in the `DMZ_run` function of `librcm.so` using `nvram_safe_get` and concatenated into `iptables` shell commands executed via `twsystem()` without any sanitization. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary commands on the device through specially crafted HTTP requests to the router's web interface.
VAR-202511-1035 CVE-2025-60698 D-Link Corporation  of  DIR-882  Command injection vulnerability in firmware CVSS V2: -
CVSS V3: 7.3
Severity: HIGH
A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `rc` binaries. The `sub_432F60` function in `prog.cgi` stores user-supplied `SetSysLogSettings/IPAddress` values in NVRAM via `nvram_safe_set("SysLogRemote_IPAddress", ...)`. These values are later retrieved in the `sub_448DCC` function of `rc` using `nvram_safe_get` and concatenated into a shell command executed via `twsystem()` without any sanitization. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary commands on the device through specially crafted HTTP requests to the router's web interface. D-Link Corporation of DIR-882 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202511-1433 CVE-2025-60697 CVSS V2: -
CVSS V3: 7.3
Severity: HIGH
A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `rc` binaries. The `sub_4438A4` function in `prog.cgi` stores user-supplied DDNS parameters (`ServerAddress` and `Hostname`) in NVRAM via `nvram_safe_set`. These values are later retrieved in the `start_DDNS_ipv4` function of `rc` using `nvram_safe_get` and concatenated into DDNS shell commands executed via `twsystem()` without proper sanitization. Partial string comparison is performed but is insufficient to prevent command injection. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary commands on the device through specially crafted HTTP requests to the router's web interface.
VAR-202511-0870 CVE-2025-60693 CVSS V2: -
CVSS V3: 6.5
Severity: MEDIUM
A stack-based buffer overflow exists in the get_merge_mac function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The function concatenates up to six user-supplied CGI parameters matching <parameter>_0~5 into a fixed-size buffer (a2) without proper bounds checking, appending colon delimiters during concatenation. Remote attackers can exploit this vulnerability via specially crafted HTTP requests to execute arbitrary code or cause denial of service without authentication.
VAR-202511-0872 CVE-2025-60671 D-Link Corporation  of  DIR-823G  Command injection vulnerability in firmware CVSS V2: -
CVSS V3: 5.4
Severity: MEDIUM
A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823G_V1.0.2B05_20181207.bin in the timelycheck and sysconf binaries, which process the /var/system/linux_vlan_reinit file. The vulnerability occurs because content read from this file is only partially validated for a prefix and then formatted using vsnprintf() before being executed with system(), allowing an attacker with write access to /var/system/linux_vlan_reinit to execute arbitrary commands on the device
VAR-202511-1192 CVE-2025-60695 Linksys  of  E7350  Stack-based buffer overflow vulnerability in firmware CVSS V2: -
CVSS V3: 5.9
Severity: MEDIUM
A stack-based buffer overflow vulnerability exists in the mtk_dut binary of Linksys E7350 routers (Firmware 1.1.00.032). The function sub_4045A8 reads up to 256 bytes from /sys/class/net/%s/address into a local buffer and then copies it into caller-provided buffer a1 using strcpy without boundary checks. Since a1 is often allocated with significantly smaller sizes (20-32 bytes), local attackers controlling the contents of /sys/class/net/%s/address can trigger buffer overflows, leading to memory corruption, denial of service, or potential arbitrary code execution. (DoS) It may be in a state
VAR-202511-0383 CVE-2025-60694 Linksys  of  E1200  Stack-based buffer overflow vulnerability in firmware CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
A stack-based buffer overflow exists in the validate_static_route function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The function improperly concatenates user-supplied CGI parameters (route_ipaddr_0~3, route_netmask_0~3, route_gateway_0~3) into fixed-size buffers (v6, v10, v14) without proper bounds checking. Remote attackers can exploit this vulnerability via specially crafted HTTP requests to execute arbitrary code or cause denial of service without authentication
VAR-202511-1199 CVE-2025-60692 Linksys  of  E1200  Stack-based buffer overflow vulnerability in firmware CVSS V2: -
CVSS V3: 8.4
Severity: HIGH
A stack-based buffer overflow vulnerability exists in the libshared.so library of Cisco Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The functions get_mac_from_ip and get_ip_from_mac use sscanf with overly permissive "%100s" format specifiers to parse entries from /proc/net/arp into fixed-size buffers (v6: 50 bytes, v7 sub-arrays: 50 bytes). This allows local attackers controlling the contents of /proc/net/arp to overflow stack buffers, leading to memory corruption, denial of service, or potential arbitrary code execution. (DoS) It may be in a state
VAR-202511-0548 CVE-2025-60691 Linksys  of  E1200  Stack-based buffer overflow vulnerability in firmware CVSS V2: -
CVSS V3: 8.8
Severity: HIGH
A stack-based buffer overflow exists in the httpd binary of Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The apply_cgi and block_cgi functions copy user-supplied input from the "url" CGI parameter into stack buffers (v36, v29) using sprintf without bounds checking. Because these buffers are allocated as single-byte variables, any non-empty input will trigger a buffer overflow. Remote attackers can exploit this vulnerability via crafted HTTP requests to execute arbitrary code or cause denial of service without authentication. (DoS) It may be in a state
VAR-202511-0715 CVE-2025-60690 Linksys E1200 stack buffer overflow vulnerability CVSS V2: 8.3
CVSS V3: 8.8
Severity: HIGH
A stack-based buffer overflow exists in the get_merge_ipaddr function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The function concatenates up to four user-supplied CGI parameters matching <parameter>_0~3 into a fixed-size buffer (a2) without bounds checking. Remote attackers can exploit this vulnerability via specially crafted HTTP requests to execute arbitrary code or cause denial of service without authentication. The Linksys E1200 is a router manufactured by Linksys, Inc
VAR-202511-1036 CVE-2025-60689 Linksys  of  E1200  Command injection vulnerability in firmware CVSS V2: 4.8
CVSS V3: 5.4
Severity: MEDIUM
An unauthenticated command injection vulnerability exists in the Start_EPI function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The vulnerability occurs because user-supplied CGI parameters (wl_ant, wl_ssid, wl_rate, ttcp_num, ttcp_ip, ttcp_size) are concatenated into system command strings without proper sanitization and executed via wl_exec_cmd. Successful exploitation allows remote attackers to execute arbitrary commands on the device without authentication. The Linksys E1200 is a router manufactured by Linksys, Inc
VAR-202511-1434 CVE-2025-60688 CVSS V2: -
CVSS V3: 6.5
Severity: MEDIUM
A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) Router firmware within the cstecgi.cgi binary (setDefResponse function). The binary reads the "IpAddress" parameter from a web request and copies it into a fixed-size stack buffer using strcpy() without any length validation. Maliciously crafted input can overflow the buffer, leading to potential arbitrary code execution or memory corruption, without requiring authentication.
VAR-202511-1845 CVE-2025-60687 TOTOLINK  of  lr1200gb  Command injection vulnerability in firmware CVSS V2: 6.4
CVSS V3: 6.5
Severity: MEDIUM
An unauthenticated command injection vulnerability exists in the ToToLink LR1200GB Router firmware V9.1.0u.6619_B20230130 within the cstecgi.cgi binary (sub_41EC68 function). The binary reads the "imei" parameter from a web request and verifies only that it is 15 characters long. The parameter is then directly inserted into a system command using sprintf() and executed with system(). Maliciously crafted IMEI input can execute arbitrary commands on the router without authentication. The TOTOLINK LR1200GB is a dual-band 4G LTE router launched by TOTOLINK, a Chinese electronics company, supporting both 2.4GHz and 5GHz dual-band networks. This vulnerability stems from the cstecgi.cgi binary file failing to properly filter special characters and commands used in command construction. Detailed vulnerability information is currently unavailable