VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202511-1324 CVE-2025-60686 plural  TOTOLINK  Stack-based buffer overflow vulnerability in products CVSS V2: -
CVSS V3: 5.1
Severity: MEDIUM
A local stack-based buffer overflow vulnerability exists in the infostat.cgi and cstecgi.cgi binaries of ToToLink routers (A720R V4.1.5cu.614_B20230630, LR1200GB V9.1.0u.6619_B20230130, and NR1800X V9.1.0u.6681_B20230703). Both programs parse the contents of /proc/net/arp using sscanf() with "%s" format specifiers into fixed-size stack buffers without length validation. Specifically, one function writes user-controlled data into a single-byte buffer, and the other into adjacent small arrays without bounds checking. An attacker who controls the contents of /proc/net/arp can trigger memory corruption, leading to denial of service or potential arbitrary code execution
VAR-202511-0384 CVE-2025-60685 TOTOLINK  of  A720R  Stack-based buffer overflow vulnerability in firmware CVSS V2: 3.6
CVSS V3: 5.1
Severity: MEDIUM
A stack buffer overflow exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the sysconf binary (sub_401EE0 function). The binary reads the /proc/stat file using fgets() into a local buffer and subsequently parses the line using sscanf() into a single-byte variable with the %s format specifier. Maliciously crafted /proc/stat content can overwrite adjacent stack memory, potentially allowing an attacker with filesystem write privileges to execute arbitrary code on the device. TOTOLINK of A720R A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained and service operation is interrupted (DoS) It may be in a state. The TOTOLINK A720R is a wireless router launched by TOTOLINK, a Chinese electronics company. It features dual-band Wi-Fi and emphasizes high-speed network and signal coverage. This vulnerability stems from a failure to properly validate the length of input data in the sysconf binary. Detailed vulnerability information is currently unavailable
VAR-202511-0871 CVE-2025-60684 TOTOLINK  of  lr1200gb  firmware and  nr1800x  Stack-based buffer overflow vulnerability in firmware CVSS V2: -
CVSS V3: 6.5
Severity: MEDIUM
A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) Router firmware within the cstecgi.cgi binary (sub_42F32C function). The web interface reads the "lang" parameter and constructs Help URL strings using sprintf() into fixed-size stack buffers without proper length validation. Maliciously crafted input can overflow these buffers, potentially leading to arbitrary code execution or memory corruption, without requiring authentication
VAR-202511-2063 CVE-2025-60683 TOTOLINK A720R Command Injection Vulnerability (CNVD-2025-29711) CVSS V2: 6.4
CVSS V3: 6.5
Severity: MEDIUM
A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the sysconf binary, specifically in the sub_40BFA4 function that handles network interface reinitialization from '/var/system/linux_vlan_reinit'. Input is only partially validated by checking the prefix of interface names, and is concatenated into shell commands executed via system() without escaping. An attacker with write access to this file can execute arbitrary commands on the device. The TOTOLINK A720R is a wireless router launched by TOTOLINK, a Chinese electronics company. It features dual-band Wi-Fi and emphasizes high-speed network and signal coverage. The TOTOLINK A720R contains a command injection vulnerability. This vulnerability stems from insufficient validation in the sysconf binary's handling of the `/var/system/linux_vlan_reinit` file. Detailed vulnerability information is currently unavailable
VAR-202511-0549 CVE-2025-60682 TOTOLINK  of  A720R  Command injection vulnerability in firmware CVSS V2: 6.4
CVSS V3: 6.5
Severity: MEDIUM
A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the cloudupdate_check binary, specifically in the sub_402414 function that handles cloud update parameters. User-supplied 'magicid' and 'url' values are directly concatenated into shell commands and executed via system() without any sanitization or escaping. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary commands on the device. TOTOLINK of A720R Firmware contains a command injection vulnerability.Information may be obtained and information may be tampered with. The TOTOLINK A720R is a wireless router launched by TOTOLINK, a Chinese electronics company. It features dual-band Wi-Fi and emphasizes high-speed network and signal coverage. This vulnerability stems from the unverified magicid and url parameters in the cloudupdate_check binary file. Detailed vulnerability information is currently unavailable
VAR-202511-0848 CVE-2025-63666 Tenda AC15 Access Control Error Vulnerability CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Tenda AC15 v15.03.05.18_multi) issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker with network access or the ability to run JS in a victim browser can steal the cookie and replay it to access protected resources. The Tenda AC15 is a wireless router product from Tenda. A security vulnerability exists in Tenda AC15 version 15.03.05.18multi
VAR-202511-1888 CVE-2025-12944 CVSS V2: -
CVSS V3: 8.8
Severity: HIGH
Improper input validation in NETGEAR DGN2200v4 (N300 Wireless ADSL2+ Modem Router) allows attackers with direct network access to the device to potentially execute code on the device. Please check the firmware version and update to the latest. Fixed in:  DGN2200v4 firmware 1.0.0.132 or later
VAR-202511-1682 CVE-2025-12943 CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
Improper certificate validation in firmware update logic in NETGEAR RAX30 (Nighthawk AX5 5-Stream AX2400 WiFi 6 Router) and RAXE300 (Nighthawk AXE7800 Tri-Band WiFi 6E Router) allows attackers with the ability to intercept and tamper traffic destined to the device to execute arbitrary commands on the device. Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update to the latest. Fixed in: RAX30 firmware 1.0.14.108 or later. RAXE300 firmware 1.0.9.82 or later
VAR-202511-1472 CVE-2025-12942 CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
Improper Input Validation vulnerability in NETGEAR R6260 and NETGEAR R6850 allows unauthenticated attackers connected to LAN with ability to perform MiTM attacks and control over DNS Server to perform command execution.This issue affects R6260: through 1.1.0.86; R6850: through 1.1.0.86.
VAR-202511-1019 CVE-2025-63149 Shenzhen Tenda Technology Co.,Ltd.  of  AX3  Stack-based buffer overflow vulnerability in firmware CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the urls parameter of the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of AX3 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda AX3 is a dual-band gigabit wireless router for home use, launched by Tenda Technology. It supports the Wi-Fi 6 (802.11ax) standard and emphasizes high-performance network coverage and stable connections. This vulnerability stems from the fact that the `urls` parameter in the `get_parentControl_list_Info` function fails to properly validate the length of the input data
VAR-202511-0360 CVE-2025-63835 Tenda AC18 guestSsid parameter stack buffer overflow vulnerability CVSS V2: 9.0
CVSS V3: 8.8
Severity: HIGH
A stack-based buffer overflow vulnerability was discovered in Tenda AC18 v15.03.05.05_multi. The vulnerability exists in the guestSsid parameter of the /goform/WifiGuestSet interface. Remote attackers can exploit this vulnerability by sending oversized data to the guestSsid parameter, leading to denial of service (device crash) or potential remote code execution. The Tenda AC18 is a dual-band wireless router launched in July 2016 by Shenzhen Jixiang Tenda Technology Co., Ltd., primarily targeting villa and large-apartment users. This vulnerability stems from the fact that the guestSsid parameter of the /goform/WifiGuestSet interface fails to properly validate the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial-of-service attack
VAR-202511-0844 CVE-2025-63834 Shenzhen Tenda Technology Co.,Ltd.  of  AC18  Cross-site scripting vulnerability in firmware CVSS V2: 5.5
CVSS V3: 5.4
Severity: MEDIUM
A stored cross-site scripting (XSS) vulnerability was discovered in Tenda AC18 v15.03.05.05_multi. The vulnerability exists in the ssid parameter of the wireless settings. Remote attackers can inject malicious payloads that execute when any user visits the router's homepage. Shenzhen Tenda Technology Co.,Ltd. The Tenda AC18 is a dual-band wireless router launched in July 2016 by Shenzhen Jixiang Tenda Technology Co., Ltd., primarily targeting villa and large-apartment users
VAR-202511-1014 CVE-2025-63457 Tenda AX-1803 sub_4F55C function stack buffer overflow vulnerability CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the wanMTU parameter in the sub_4F55C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. The Tenda AX-1803 is a dual-band gigabit WiFi 6 wireless router from Tenda, supporting both 2.4GHz and 5GHz bands with a maximum transmission rate of 1774Mbps, suitable for home or small office environments. This vulnerability stems from the fact that the wanMTU parameter in the sub_4F55C function fails to properly validate the length of the input data. An attacker could exploit this vulnerability to cause a denial-of-service attack
VAR-202511-2049 CVE-2025-63456 Shenzhen Tenda Technology Co.,Ltd.  of  ax1803  Out-of-bounds write vulnerability in firmware CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the time parameter in the SetSysTimeCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of ax1803 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. The Tenda AX-1803 is a dual-band gigabit WiFi 6 wireless router from Tenda, supporting both 2.4GHz and 5GHz bands with a maximum transmission rate of 1774Mbps, suitable for home or small office environments. This vulnerability stems from the fact that the `time` parameter in the `SetSysTimeCfg` function fails to properly validate the length of the input data
VAR-202511-1167 CVE-2025-63455 Shenzhen Tenda Technology Co.,Ltd.  of  AX3  Stack-based buffer overflow vulnerability in firmware CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of AX3 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda AX3 is a dual-band gigabit wireless router for home use, launched by Tenda Technology. It supports the Wi-Fi 6 (802.11ax) standard and emphasizes high-performance network coverage and stable connections. This vulnerability stems from the fact that the `shareSpeed` parameter in the `fromSetWifiGusetBasic` function fails to properly validate the length of the input data
VAR-202511-1827 CVE-2025-63147 Tenda AX3 saveParentControlInfo function stack buffer overflow vulnerability CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the deviceId parameter of the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. The Tenda AX3 is a dual-band gigabit wireless router for home use, launched by Tenda Technology. It supports the Wi-Fi 6 (802.11ax) standard and emphasizes high-performance network coverage and stable connections. This vulnerability stems from the fact that the `deviceId` parameter in the `saveParentControlInfo` function fails to properly validate the length of the input data
VAR-202511-1954 CVE-2025-63154 TOTOLINK A7000R Stack Buffer Overflow Vulnerability CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow in the addEffect parameter of the urldecode function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. The TOTOLINK A7000R is a wireless router launched by TOTOLINK Electronics Co., Ltd. in China. It supports WiFi 7 technology and is suitable for home or small business network environments. This vulnerability stems from the fact that the `addEffect` parameter of the `urldecode` function fails to properly validate the length of the input data
VAR-202511-0855 CVE-2025-63153 TOTOLINK A7000R urldecode function stack buffer overflow vulnerability CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow in the ssid parameter of the urldecode function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. The TOTOLINK A7000R is a wireless router launched by TOTOLINK Electronics Co., Ltd. in China. It supports WiFi 7 technology and is suitable for home or small business network environments. The TOTOLINK A7000R contains a stack buffer overflow vulnerability. This vulnerability stems from the fact that the SSID parameter of the urldecode function fails to properly validate the length of the input data
VAR-202511-0367 CVE-2025-63152 Shenzhen Tenda Technology Co.,Ltd.  of  AX3  Stack-based buffer overflow vulnerability in firmware CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the wpapsk_crypto parameter of the wlSetExternParameter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of AX3 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda AX3 is a dual-band gigabit wireless router for home use, launched by Tenda Technology. It supports the Wi-Fi 6 (802.11ax) standard and emphasizes high-performance network coverage and stable connections. This vulnerability stems from the fact that the `wpapsk_crypto` parameter of the `wlSetExternParameter` function fails to properly validate the length of the input data
VAR-202511-1093 CVE-2025-34247 Advantech WebAccess/VPN NetworksController.addNetworkAction function SQL injection vulnerability CVSS V2: 6.8
CVSS V3: 6.5
Severity: MEDIUM
Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in NetworksController.addNetworkAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. Advantech WebAccess/VPN is a virtual private network function integrated into Advantech's WebAccess/SCADA software, designed to provide secure and reliable network connectivity solutions for industrial automation and remote monitoring systems. Advantech WebAccess/VPN contains an SQL injection vulnerability. This vulnerability stems from the fact that the NetworksController.addNetworkAction function does not properly filter datatable search parameters. Attackers can exploit this vulnerability to execute illegal SQL commands and steal sensitive database data