VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202508-1093 CVE-2025-50613 Netis Systems Co., Ltd.  of  WF2880  Classic buffer overflow vulnerability in firmware CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00475e1c function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wds_key_wep in the payload, which can cause the program to crash and potentially lead to a Denial of Service (DoS) attack. Netis Systems Co., Ltd. of WF2880 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. The Netis WF2880 is a wireless router from the Chinese company Netis
VAR-202508-1677 CVE-2025-50612 Netis Systems Co., Ltd.  of  WF2880  Classic buffer overflow vulnerability in firmware CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
A buffer overflow vulnerability has been discovered in the Netis WF2880 v2.1.40207 in the FUN_004743f8 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_sec_set in the payload, which may cause the program to crash and potentially lead to a Denial of Service (DoS) attack. Netis Systems Co., Ltd. of WF2880 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. The Netis WF2880 is a wireless router from the Chinese company Netis
VAR-202508-1556 CVE-2025-50611 Netis Systems Co., Ltd.  of  WF2880  Classic buffer overflow vulnerability in firmware CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00473154 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_sec_set_5g and wl_sec_rp_set_5g in the payload, which can cause the program to crash and potentially lead to a Denial of Service (DoS) attack. Netis Systems Co., Ltd. of WF2880 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. The Netis WF2880 is a wireless router from the Chinese company Netis
VAR-202508-1332 CVE-2025-50610 Netis WF2880 FUN_00476598 function buffer overflow vulnerability CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00476598 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_base_set_5g in the payload, which can cause the program to crash and potentially lead to a Denial of Service (DoS) attack. The Netis WF2880 is a wireless router from the Chinese company Netis
VAR-202508-1934 CVE-2025-50609 Netis Systems Co., Ltd.  of  WF2880  Classic buffer overflow vulnerability in firmware CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the Function_00465620 of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of specify_parame in the payload, which can cause the program to crash and potentially lead to a Denial of Service (DoS) attack. Netis Systems Co., Ltd. of WF2880 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. The Netis WF2880 is a wireless router from the Chinese company Netis
VAR-202508-0955 CVE-2025-50608 Netis Systems Co., Ltd.  of  WF2880  Classic buffer overflow vulnerability in firmware CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00471994 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_base_set in the payload, which can cause the program to crash and potentially lead to a Denial of Service (DoS) attack. Netis Systems Co., Ltd. of WF2880 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. The Netis WF2880 is a wireless router from the Chinese company Netis
VAR-202508-0742 CVE-2024-40588 Relative Path Traversal Vulnerability in Multiple Fortinet Products CVSS V2: -
CVSS V3: 4.4
Severity: MEDIUM
Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiMail version 7.6.0 through 7.6.1 and before 7.4.3, FortiVoice version 7.0.0 through 7.0.5 and before 7.4.9, FortiRecorder version 7.2.0 through 7.2.1 and before 7.0.4, FortiCamera & FortiNDR version 7.6.0 and before 7.4.6 may allow a privileged attacker to read files from the underlying filesystem via crafted CLI requests. FortiCamera firmware, FortiMail , FortiNDR Multiple Fortinet products, including the following, contain a relative path traversal vulnerability.Information may be obtained
VAR-202508-0879 CVE-2025-26863 Intel 700 Series Ethernet Denial of Service Vulnerability CVSS V2: 1.7
CVSS V3: 3.8
Severity: Medium
Uncontrolled resource consumption in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable denial of service. The Intel 700 Series Ethernet is a high-performance Ethernet controller family from Intel Corporation. An attacker could exploit this vulnerability to cause a denial of service
VAR-202508-1707 CVE-2025-26697 Intel 700 Series Ethernet Denial of Service Vulnerability (CNVD-2025-19268) CVSS V2: 1.7
CVSS V3: 3.3
Severity: Medium
Uncontrolled resource consumption in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable denial of service. The Intel 700 Series Ethernet is a high-performance Ethernet controller family from Intel Corporation. An attacker could exploit this vulnerability to cause a denial of service
VAR-202508-1590 CVE-2025-25273 Intel 700 Series Ethernet Privilege Escalation Vulnerability CVSS V2: 6.0
CVSS V3: 7.8
Severity: High
Insufficient control flow management in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable escalation of privilege via local access. The Intel 700 Series Ethernet is a high-performance Ethernet controller family from Intel Corporation. An attacker could exploit this vulnerability to escalate privileges
VAR-202508-0992 CVE-2025-24486 Intel 700 Series Ethernet Input Validation Error Vulnerability CVSS V2: 6.0
CVSS V3: 7.8
Severity: High
Improper input validation in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable escalation of privilege via local access. The Intel 700 Series Ethernet is a high-performance Ethernet controller family from Intel Corporation
VAR-202508-2143 CVE-2025-21086 Intel 700 Series Ethernet Input Validation Error Vulnerability CVSS V2: 5.5
CVSS V3: 7.5
Severity: Medium
Improper input validation in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable escalation of privilege. The Intel 700 Series Ethernet is a high-performance Ethernet controller family from Intel Corporation. Detailed vulnerability details are currently unavailable
VAR-202508-0356 CVE-2025-40751 Siemens'  SIMATIC RTLS Locating Manager  Vulnerability regarding insufficient protection of authentication information in CVSS V2: -
CVSS V3: 6.3
Severity: Medium
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.3). Affected SIMATIC RTLS Locating Manager Report Clients do not properly protect credentials that are used to authenticate to the server. This could allow an authenticated local attacker to extract the credentials and use them to escalate their access rights from the Manager to the Systemadministrator role. Siemens' SIMATIC RTLS Locating Manager There are vulnerabilities in inadequate protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202508-0383 CVE-2025-40746 Siemens'  SIMATIC RTLS Locating Manager  Vulnerability in CVSS V2: -
CVSS V3: 9.1
Severity: Critical
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.2). Affected products do not properly validate input for a backup script. This could allow an authenticated remote attacker with high privileges in the application to execute arbitrary code with 'NT Authority/SYSTEM' privileges. Siemens' SIMATIC RTLS Locating Manager Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202508-0355 CVE-2025-30034 Siemens'  SIMATIC RTLS Locating Manager  Reachable Assertiveness Vulnerability in CVSS V2: -
CVSS V3: 6.2
Severity: Medium
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.3). Affected devices do not properly validate input sent to its listening port on the local loopback interface. This could allow an unauthenticated local attacker to cause a denial of service condition. Siemens' SIMATIC RTLS Locating Manager Exists in a reachable assertiveness vulnerability.Service operation interruption (DoS) It may be in a state
VAR-202508-0348 CVE-2025-40570 Siemens SIPROTEC 5 Compact 7SX800 (CP050) Local USB Port Network Packet Bandwidth Limit Improper Vulnerability CVSS V2: 2.1
CVSS V3: 2.4
Severity: Low
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V10.0), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7KE85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SA82 (CP150) (All versions < V10.0), SIPROTEC 5 7SA86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SA87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SD82 (CP150) (All versions < V10.0), SIPROTEC 5 7SD86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SD87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SJ81 (CP150) (All versions < V10.0), SIPROTEC 5 7SJ82 (CP150) (All versions < V10.0), SIPROTEC 5 7SJ85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SJ86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SK82 (CP150) (All versions < V10.0), SIPROTEC 5 7SK85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SL82 (CP150) (All versions < V10.0), SIPROTEC 5 7SL86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SL87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SS85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7ST85 (CP300) (All versions < V10.0), SIPROTEC 5 7ST86 (CP300) (All versions < V10.0), SIPROTEC 5 7SX82 (CP150) (All versions < V10.0), SIPROTEC 5 7SX85 (CP300) (All versions < V10.0), SIPROTEC 5 7SY82 (CP150) (All versions < V10.0), SIPROTEC 5 7UM85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7UT82 (CP150) (All versions < V10.0), SIPROTEC 5 7UT85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7UT86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7UT87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7VE85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7VK87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7VU85 (CP300) (All versions < V10.0), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V10.0). Affected devices do not properly limit the bandwidth for incoming network packets over their local USB port. This could allow an attacker with physical access to send specially crafted packets with high bandwidth to the affected devices thus forcing them to exhaust their memory and stop responding to any network traffic via the local USB port. Affected devices reset themselves automatically after a successful attack. The protection function is not affected of this vulnerability. The SIPROTEC 5 Compact 7SX800 (CP050) provides a range of integrated protection, control, measurement, and automation functions for substations and other applications
VAR-202508-0342 CVE-2025-40752 Siemens POWER METER SICAM Q100/Q200 Information Disclosure Vulnerability CVSS V2: 4.9
CVSS V3: 6.2
Severity: Medium
A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q200 family (All versions >= V2.70 < V2.80). Affected devices store the password for the SMTP account as plain text. This could allow an authenticated local attacker to extract it and use the configured SMTP service for arbitrary purposes
VAR-202508-2142 No CVE Multiple vulnerabilities in Siemens SINEC OS third-party components CVSS V2: 7.2
CVSS V3: -
Severity: HIGH
The RUGGEDCOM RST2428P is a Layer 2 Ethernet switch based on the SINEC operating system with up to 28 non-blocking interfaces. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) or human-machine interfaces (HMIs). Multiple vulnerabilities in third-party components of Siemens' SINEC OS could allow attackers to gain control of the server.
VAR-202508-0343 CVE-2025-40753 Siemens POWER METER SICAM Q100/Q200 Information Disclosure Vulnerability CVSS V2: 4.9
CVSS V3: 6.2
Severity: Medium
A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q200 family (All versions >= V2.70 < V2.80). Affected devices export the password for the SMTP account as plain text in the Configuration File. This could allow an authenticated local attacker to extract it and use the configured SMTP service for arbitrary purposes
VAR-202508-1859 No CVE MOXA ioLogik E1213 has an unauthorized access vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The MOXA ioLogik E1213 is an industrial-grade remote Ethernet I/O module. The MOXA ioLogik E1213 has an unauthorized access vulnerability that could allow attackers to obtain sensitive information.