VARIoT IoT vulnerabilities database
| VAR-202511-1324 | CVE-2025-60686 | plural TOTOLINK Stack-based buffer overflow vulnerability in products |
CVSS V2: - CVSS V3: 5.1 Severity: MEDIUM |
A local stack-based buffer overflow vulnerability exists in the infostat.cgi and cstecgi.cgi binaries of ToToLink routers (A720R V4.1.5cu.614_B20230630, LR1200GB V9.1.0u.6619_B20230130, and NR1800X V9.1.0u.6681_B20230703). Both programs parse the contents of /proc/net/arp using sscanf() with "%s" format specifiers into fixed-size stack buffers without length validation. Specifically, one function writes user-controlled data into a single-byte buffer, and the other into adjacent small arrays without bounds checking. An attacker who controls the contents of /proc/net/arp can trigger memory corruption, leading to denial of service or potential arbitrary code execution
| VAR-202511-0384 | CVE-2025-60685 | TOTOLINK of A720R Stack-based buffer overflow vulnerability in firmware |
CVSS V2: 3.6 CVSS V3: 5.1 Severity: MEDIUM |
A stack buffer overflow exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the sysconf binary (sub_401EE0 function). The binary reads the /proc/stat file using fgets() into a local buffer and subsequently parses the line using sscanf() into a single-byte variable with the %s format specifier. Maliciously crafted /proc/stat content can overwrite adjacent stack memory, potentially allowing an attacker with filesystem write privileges to execute arbitrary code on the device. TOTOLINK of A720R A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained and service operation is interrupted (DoS) It may be in a state. The TOTOLINK A720R is a wireless router launched by TOTOLINK, a Chinese electronics company. It features dual-band Wi-Fi and emphasizes high-speed network and signal coverage. This vulnerability stems from a failure to properly validate the length of input data in the sysconf binary. Detailed vulnerability information is currently unavailable
| VAR-202511-0871 | CVE-2025-60684 | TOTOLINK of lr1200gb firmware and nr1800x Stack-based buffer overflow vulnerability in firmware |
CVSS V2: - CVSS V3: 6.5 Severity: MEDIUM |
A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) Router firmware within the cstecgi.cgi binary (sub_42F32C function). The web interface reads the "lang" parameter and constructs Help URL strings using sprintf() into fixed-size stack buffers without proper length validation. Maliciously crafted input can overflow these buffers, potentially leading to arbitrary code execution or memory corruption, without requiring authentication
| VAR-202511-2063 | CVE-2025-60683 | TOTOLINK A720R Command Injection Vulnerability (CNVD-2025-29711) |
CVSS V2: 6.4 CVSS V3: 6.5 Severity: MEDIUM |
A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the sysconf binary, specifically in the sub_40BFA4 function that handles network interface reinitialization from '/var/system/linux_vlan_reinit'. Input is only partially validated by checking the prefix of interface names, and is concatenated into shell commands executed via system() without escaping. An attacker with write access to this file can execute arbitrary commands on the device. The TOTOLINK A720R is a wireless router launched by TOTOLINK, a Chinese electronics company. It features dual-band Wi-Fi and emphasizes high-speed network and signal coverage.
The TOTOLINK A720R contains a command injection vulnerability. This vulnerability stems from insufficient validation in the sysconf binary's handling of the `/var/system/linux_vlan_reinit` file. Detailed vulnerability information is currently unavailable
| VAR-202511-0549 | CVE-2025-60682 | TOTOLINK of A720R Command injection vulnerability in firmware |
CVSS V2: 6.4 CVSS V3: 6.5 Severity: MEDIUM |
A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the cloudupdate_check binary, specifically in the sub_402414 function that handles cloud update parameters. User-supplied 'magicid' and 'url' values are directly concatenated into shell commands and executed via system() without any sanitization or escaping. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary commands on the device. TOTOLINK of A720R Firmware contains a command injection vulnerability.Information may be obtained and information may be tampered with. The TOTOLINK A720R is a wireless router launched by TOTOLINK, a Chinese electronics company. It features dual-band Wi-Fi and emphasizes high-speed network and signal coverage. This vulnerability stems from the unverified magicid and url parameters in the cloudupdate_check binary file. Detailed vulnerability information is currently unavailable
| VAR-202511-0848 | CVE-2025-63666 | Tenda AC15 Access Control Error Vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC15 v15.03.05.18_multi) issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker with network access or the ability to run JS in a victim browser can steal the cookie and replay it to access protected resources. The Tenda AC15 is a wireless router product from Tenda.
A security vulnerability exists in Tenda AC15 version 15.03.05.18multi
| VAR-202511-1888 | CVE-2025-12944 |
CVSS V2: - CVSS V3: 8.8 Severity: HIGH |
Improper input validation
in NETGEAR DGN2200v4 (N300 Wireless ADSL2+ Modem Router) allows attackers with
direct network access to the device to potentially execute code on the device.
Please check the firmware version and update to the latest.
Fixed
in:
DGN2200v4
firmware 1.0.0.132 or later
| VAR-202511-1682 | CVE-2025-12943 |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Improper certificate
validation in firmware update logic in NETGEAR RAX30 (Nighthawk AX5 5-Stream
AX2400 WiFi 6 Router) and RAXE300 (Nighthawk AXE7800 Tri-Band
WiFi 6E Router) allows attackers with the ability to intercept and
tamper traffic destined to the device to execute arbitrary commands on the
device.
Devices
with automatic updates enabled may already have this patch applied. If not,
please check the firmware version and update to the
latest.
Fixed in:
RAX30 firmware
1.0.14.108 or later.
RAXE300 firmware
1.0.9.82 or later
| VAR-202511-1472 | CVE-2025-12942 |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Improper Input Validation vulnerability in NETGEAR R6260 and NETGEAR R6850 allows unauthenticated attackers connected to LAN with ability to perform MiTM attacks and control over DNS Server to perform command execution.This issue affects R6260: through 1.1.0.86; R6850: through 1.1.0.86.
| VAR-202511-1019 | CVE-2025-63149 | Shenzhen Tenda Technology Co.,Ltd. of AX3 Stack-based buffer overflow vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the urls parameter of the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of AX3 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda AX3 is a dual-band gigabit wireless router for home use, launched by Tenda Technology. It supports the Wi-Fi 6 (802.11ax) standard and emphasizes high-performance network coverage and stable connections. This vulnerability stems from the fact that the `urls` parameter in the `get_parentControl_list_Info` function fails to properly validate the length of the input data
| VAR-202511-0360 | CVE-2025-63835 | Tenda AC18 guestSsid parameter stack buffer overflow vulnerability |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
A stack-based buffer overflow vulnerability was discovered in Tenda AC18 v15.03.05.05_multi. The vulnerability exists in the guestSsid parameter of the /goform/WifiGuestSet interface. Remote attackers can exploit this vulnerability by sending oversized data to the guestSsid parameter, leading to denial of service (device crash) or potential remote code execution. The Tenda AC18 is a dual-band wireless router launched in July 2016 by Shenzhen Jixiang Tenda Technology Co., Ltd., primarily targeting villa and large-apartment users. This vulnerability stems from the fact that the guestSsid parameter of the /goform/WifiGuestSet interface fails to properly validate the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial-of-service attack
| VAR-202511-0844 | CVE-2025-63834 | Shenzhen Tenda Technology Co.,Ltd. of AC18 Cross-site scripting vulnerability in firmware |
CVSS V2: 5.5 CVSS V3: 5.4 Severity: MEDIUM |
A stored cross-site scripting (XSS) vulnerability was discovered in Tenda AC18 v15.03.05.05_multi. The vulnerability exists in the ssid parameter of the wireless settings. Remote attackers can inject malicious payloads that execute when any user visits the router's homepage. Shenzhen Tenda Technology Co.,Ltd. The Tenda AC18 is a dual-band wireless router launched in July 2016 by Shenzhen Jixiang Tenda Technology Co., Ltd., primarily targeting villa and large-apartment users
| VAR-202511-1014 | CVE-2025-63457 | Tenda AX-1803 sub_4F55C function stack buffer overflow vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the wanMTU parameter in the sub_4F55C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. The Tenda AX-1803 is a dual-band gigabit WiFi 6 wireless router from Tenda, supporting both 2.4GHz and 5GHz bands with a maximum transmission rate of 1774Mbps, suitable for home or small office environments. This vulnerability stems from the fact that the wanMTU parameter in the sub_4F55C function fails to properly validate the length of the input data. An attacker could exploit this vulnerability to cause a denial-of-service attack
| VAR-202511-2049 | CVE-2025-63456 | Shenzhen Tenda Technology Co.,Ltd. of ax1803 Out-of-bounds write vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the time parameter in the SetSysTimeCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of ax1803 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. The Tenda AX-1803 is a dual-band gigabit WiFi 6 wireless router from Tenda, supporting both 2.4GHz and 5GHz bands with a maximum transmission rate of 1774Mbps, suitable for home or small office environments. This vulnerability stems from the fact that the `time` parameter in the `SetSysTimeCfg` function fails to properly validate the length of the input data
| VAR-202511-1167 | CVE-2025-63455 | Shenzhen Tenda Technology Co.,Ltd. of AX3 Stack-based buffer overflow vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of AX3 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda AX3 is a dual-band gigabit wireless router for home use, launched by Tenda Technology. It supports the Wi-Fi 6 (802.11ax) standard and emphasizes high-performance network coverage and stable connections. This vulnerability stems from the fact that the `shareSpeed` parameter in the `fromSetWifiGusetBasic` function fails to properly validate the length of the input data
| VAR-202511-1827 | CVE-2025-63147 | Tenda AX3 saveParentControlInfo function stack buffer overflow vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the deviceId parameter of the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. The Tenda AX3 is a dual-band gigabit wireless router for home use, launched by Tenda Technology. It supports the Wi-Fi 6 (802.11ax) standard and emphasizes high-performance network coverage and stable connections. This vulnerability stems from the fact that the `deviceId` parameter in the `saveParentControlInfo` function fails to properly validate the length of the input data
| VAR-202511-1954 | CVE-2025-63154 | TOTOLINK A7000R Stack Buffer Overflow Vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow in the addEffect parameter of the urldecode function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. The TOTOLINK A7000R is a wireless router launched by TOTOLINK Electronics Co., Ltd. in China. It supports WiFi 7 technology and is suitable for home or small business network environments. This vulnerability stems from the fact that the `addEffect` parameter of the `urldecode` function fails to properly validate the length of the input data
| VAR-202511-0855 | CVE-2025-63153 | TOTOLINK A7000R urldecode function stack buffer overflow vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow in the ssid parameter of the urldecode function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. The TOTOLINK A7000R is a wireless router launched by TOTOLINK Electronics Co., Ltd. in China. It supports WiFi 7 technology and is suitable for home or small business network environments.
The TOTOLINK A7000R contains a stack buffer overflow vulnerability. This vulnerability stems from the fact that the SSID parameter of the urldecode function fails to properly validate the length of the input data
| VAR-202511-0367 | CVE-2025-63152 | Shenzhen Tenda Technology Co.,Ltd. of AX3 Stack-based buffer overflow vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the wpapsk_crypto parameter of the wlSetExternParameter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of AX3 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda AX3 is a dual-band gigabit wireless router for home use, launched by Tenda Technology. It supports the Wi-Fi 6 (802.11ax) standard and emphasizes high-performance network coverage and stable connections. This vulnerability stems from the fact that the `wpapsk_crypto` parameter of the `wlSetExternParameter` function fails to properly validate the length of the input data
| VAR-202511-1093 | CVE-2025-34247 | Advantech WebAccess/VPN NetworksController.addNetworkAction function SQL injection vulnerability |
CVSS V2: 6.8 CVSS V3: 6.5 Severity: MEDIUM |
Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in NetworksController.addNetworkAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. Advantech WebAccess/VPN is a virtual private network function integrated into Advantech's WebAccess/SCADA software, designed to provide secure and reliable network connectivity solutions for industrial automation and remote monitoring systems.
Advantech WebAccess/VPN contains an SQL injection vulnerability. This vulnerability stems from the fact that the NetworksController.addNetworkAction function does not properly filter datatable search parameters. Attackers can exploit this vulnerability to execute illegal SQL commands and steal sensitive database data