VARIoT IoT vulnerabilities database

A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical. Affected by this vulnerability is the function WPS of the file /goform/WPS. The manipulation of the argument PIN leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Linksys of RE9000 Firmware and other products from multiple vendors contain injection vulnerabilities and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

In ims service, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01394606; Issue ID: MSV-2739. LR12A , LR13 , NR15 There is a recursion control vulnerability in multiple MediaTek products, including:Service operation interruption (DoS) It may be in a state

TRENDnet is a leading global network equipment supplier, focusing on providing innovative network solutions for enterprises and individual users. TRENDnet TEW-751DR has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.

TEW-751DR is a dual-band wireless router. TRENDnet TEW-751DR has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information.

An issue in Tenda W18E v.2.0 v.16.01.0.11 allows an attacker to execute arbitrary code via the editing functionality of the account module in the goform/setmodules route. Shenzhen Tenda Technology Co.,Ltd. of w18e Firmware contains an access control vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A15 is a dual-band 3G wireless router suitable for fiber-optic homes within 1000M. Shenzhen Jixiang Tengda Technology Co., Ltd. A15 has a binary vulnerability that can be exploited by attackers to cause a denial of service.

AC10 is a high-performance router with Gigabit ports for both WAN and LAN ports. Shenzhen Jixiang Tengda Technology Co., Ltd. AC10 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

TP-Link Technologies Co., Ltd. is a leading ICT equipment and solution provider. TP-Link VN020-F3v has a binary vulnerability that can be exploited by attackers to cause a denial of service.

H3C GR-1200W is a high-performance enterprise-class Gigabit wireless router launched by H3C Technologies Co., Ltd. (H3C for short). H3C GR-1200W of H3C Technologies Co., Ltd. has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

TEW-751DR is a wireless Gigabit router. TRENDnet TEW-751DR has an information leakage vulnerability that can be exploited by attackers to obtain sensitive information.

In the function process_crypto_cmd, the values of ptrs[i] can be potentially equal to NULL which is valid value after calling slice_map_array(). Later this values will be derefenced without prior NULL check, which can lead to local Temporary DoS or OOB Read, leading to information disclosure. Google of Android for, NULL There is a vulnerability in pointer dereference.Information may be obtained. Google Pixel is a smartphone produced by Google Inc. in the United States. Google Pixel has an information leakage vulnerability that can be exploited by attackers to cause out-of-bounds reading

There is a possible bypass of carrier restrictions due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Google Pixel is a smartphone produced by Google in the United States

There is a possible disclosure of Bluetooth adapter details due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Google of Android There is a vulnerability related to information leakage.Information may be obtained and information may be tampered with. Google Pixel is a smartphone produced by Google in the United States

A vulnerability was found in D-Link DI-8100 up to 20250523. It has been classified as critical. Affected is the function httpd_get_parm of the file /login.cgi of the component jhttpd. The manipulation of the argument notify leads to stack-based buffer overflow. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of di-8100 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DI-8100 is a wireless broadband router designed for small and medium-sized network environments by D-Link, a Chinese company. The vulnerability is caused by the parameter notify in the file /login.cgi failing to properly verify the length of the input data. Attackers can use this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability classified as critical has been found in D-Link DCS-5020L 1.01_B2. This affects the function websReadEvent of the file /rame/ptdc.cgi. The manipulation of the argument Authorization leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DCS-5020L An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DCS-5020L is a DCS series IP camera from D-Link of China. D-Link DCS-5020L has a buffer overflow vulnerability. The vulnerability is caused by the failure of the parameter Authorization in the file /rame/ptdc.cgi to correctly verify the length of the input data. Attackers can use this vulnerability to execute arbitrary code on the system or cause a denial of service

N300 Wi-Fi Router is a high-performance wireless router. EDIMAX N300 Wi-Fi Router has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.

H3C NX54 is a Gigabit dual-band router that supports Wi-Fi 6 (802.11ax) protocol. H3C NX54 of H3C Technologies Co., Ltd. has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.

N300 Wi-Fi Router is a high-performance wireless router. EDIMAX N300 Wi-Fi Router has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.

D-Link DI-7003GV2 is a router from D-Link, a Chinese company. D-Link DI-7003GV2 has a logic flaw that can be exploited by attackers to cause a denial of service.

QUANTUM D2G is a dual-gigabit home router. Ruiyin Technology (Shenzhen) Co., Ltd. QUANTUM D2G has a logic defect vulnerability, which can be exploited by attackers to obtain sensitive information.