VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202510-2355 CVE-2025-60556 D-Link DIR600L formSetWizard1 function buffer overflow vulnerability CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWizard1. The D-Link DIR600L is a wireless router designed for home users, belonging to D-Link's "Cloud Router" series. It features an external antenna design, supports the 802.11n standard, and has a maximum wireless transmission rate of 150Mbps. The D-Link DIR600L contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `curTime` parameter in the `formSetWizard1` function fails to properly validate the length of the input data. Attackers can exploit this vulnerability to cause a denial-of-service attack
VAR-202510-2280 CVE-2025-60555 D-Link DIR600L formSetWizardSelectMode function buffer overflow vulnerability CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWizardSelectMode. The D-Link DIR600L is a wireless router designed for home users, belonging to D-Link's "Cloud Router" series. It features an external antenna design, supports the 802.11n standard, and has a maximum wireless transmission rate of 150Mbps. The D-Link DIR600L contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `curTime` parameter in the `formSetWizardSelectMode` function fails to properly validate the length of the input data. Attackers can exploit this vulnerability to cause a denial-of-service attack
VAR-202510-2282 CVE-2025-60554 D-Link DIR600L formSetEnableWizard function buffer overflow vulnerability CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEnableWizard. The D-Link DIR600L is a wireless router designed for home users, belonging to D-Link's "Cloud Router" series. It features an external antenna design, supports the 802.11n standard, and has a maximum wireless transmission rate of 150Mbps. The D-Link DIR600L contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `curTime` parameter in the `formSetEnableWizard` function fails to properly validate the length of the input data. Attackers could exploit this vulnerability to execute arbitrary code or cause a denial-of-service attack
VAR-202510-2146 CVE-2025-60553 D-Link DIR600L formSetWAN_Wizard52 function buffer overflow vulnerability CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWAN_Wizard52. The D-Link DIR600L is a wireless router designed for home users, belonging to D-Link's "Cloud Router" series. It features an external antenna design, supports the 802.11n standard, and has a maximum wireless transmission rate of 150Mbps. The D-Link DIR600L contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `curTime` parameter in the `formSetWAN_Wizard52` function fails to properly validate the length of the input data. Attackers could exploit this vulnerability to execute arbitrary code or cause a denial-of-service attack
VAR-202510-2279 CVE-2025-60552 D-Link DIR600L formTcpipSetup function buffer overflow vulnerability CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formTcpipSetup. The D-Link DIR600L is a wireless router designed for home users, belonging to D-Link's "Cloud Router" series. It features an external antenna design, supports the 802.11n standard, and has a maximum wireless transmission rate of 150Mbps. The D-Link DIR600L contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `curTime` parameter in the `formTcpipSetup` function fails to properly validate the length of the input data. Attackers can exploit this vulnerability to cause a denial-of-service attack
VAR-202510-2359 CVE-2025-60551 D-Link DIR600L formDeviceReboot function buffer overflow vulnerability CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the next_page parameter in the function formDeviceReboot. The D-Link DIR600L is a wireless router designed for home users, belonging to D-Link's "Cloud Router" series. It features an external antenna design, supports the 802.11n standard, and has a maximum wireless transmission rate of 150Mbps. The D-Link DIR600L contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `next_page` parameter in the `formDeviceReboot` function fails to properly validate the length of the input data. Attackers can exploit this vulnerability to cause a denial-of-service attack
VAR-202510-2192 CVE-2025-60550 D-Link DIR600L formEasySetTimezone function buffer overflow vulnerability CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formEasySetTimezone. The D-Link DIR600L is a wireless router designed for home users, belonging to D-Link's "Cloud Router" series. It features an external antenna design, supports the 802.11n standard, and has a maximum wireless transmission rate of 150Mbps. The D-Link DIR600L contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `curTime` parameter in the `formEasySetTimezone` function fails to properly validate the length of the input data. Attackers can exploit this vulnerability to cause a denial-of-service attack
VAR-202510-2336 CVE-2025-60549 D-Link DIR600L formAutoDetecWAN_wizard4 function buffer overflow vulnerability CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAutoDetecWAN_wizard4. The D-Link DIR600L is a wireless router designed for home users, belonging to D-Link's "Cloud Router" series. It features an external antenna design, supports the 802.11n standard, and has a maximum wireless transmission rate of 150Mbps. The D-Link DIR600L contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `curTime` parameter in the `formAutoDetecWAN_wizard4` function fails to properly validate the length of the input data. Attackers can exploit this vulnerability to cause a denial-of-service attack
VAR-202510-2357 CVE-2025-60548 D-Link DIR600L formLanSetupRouterSettings function buffer overflow vulnerability CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formLanSetupRouterSettings. The D-Link DIR600L is a wireless router designed for home users, belonging to D-Link's "Cloud Router" series. It features an external antenna design, supports the 802.11n standard, and has a maximum wireless transmission rate of 150Mbps. The D-Link DIR600L contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `curTime` parameter in the `formLanSetupRouterSettings` function fails to properly validate the length of the input data. Attackers could exploit this vulnerability to execute arbitrary code or cause a denial-of-service attack
VAR-202510-2088 CVE-2025-60547 D-Link DIR600L formSetWAN_Wizard7 function buffer overflow vulnerability CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWAN_Wizard7. The D-Link DIR600L is a wireless router designed for home users, belonging to D-Link's "Cloud Router" series. It features an external antenna design, supports the 802.11n standard, and has a maximum wireless transmission rate of 150Mbps. The D-Link DIR600L contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `curTime` parameter in the `formSetWAN_Wizard7` function fails to properly validate the length of the input data. Attackers can exploit this vulnerability to cause a denial-of-service attack
VAR-202510-3393 CVE-2025-12176 An unidentified vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 (CNVD-2025-29088). CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Undocumented administrative accounts were getting created to facilitate access for applications running on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both network access controllers from Azure Access Technology, Inc., a US-based company. Attackers could exploit this vulnerability to gain unauthorized access
VAR-202510-2193 CVE-2025-60572 D-Link DIR600L formAdvNetwork function buffer overflow vulnerability CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAdvNetwork. The D-Link DIR600L is a wireless router designed for home users, belonging to D-Link's "Cloud Router" series. It features an external antenna design, supports the 802.11n standard, and has a maximum wireless transmission rate of 150Mbps. The D-Link DIR600L contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `curTime` parameter in the `formAdvNetwork` function fails to properly validate the length of the input data. Attackers can exploit this vulnerability to cause a denial-of-service attack
VAR-202510-2281 CVE-2025-60571 D-Link DIR600L formSetQoS function buffer overflow vulnerability CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
D-Link DIR600LAx FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetQoS. The D-Link DIR600L is a wireless router designed for home users, belonging to D-Link's "Cloud Router" series. It features an external antenna design, supports the 802.11n standard, and has a maximum wireless transmission rate of 150Mbps. This vulnerability stems from the fact that the `curTime` parameter in the `formSetQoS` function fails to properly validate the length of the input data. Attackers can exploit this vulnerability to cause a denial-of-service attack
VAR-202510-2358 CVE-2025-60570 D-Link DIR600L formLogDnsquery function buffer overflow vulnerability CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formLogDnsquery. The D-Link DIR600L is a wireless router designed for home users, belonging to D-Link's "Cloud Router" series. It features an external antenna design, supports the 802.11n standard, and has a maximum wireless transmission rate of 150Mbps. The D-Link DIR600L contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `curTime` parameter in the `formLogDnsquery` function fails to properly validate the length of the input data. Attackers can exploit this vulnerability to cause a denial-of-service attack
VAR-202510-2251 CVE-2025-60569 D-Link DIR600L formSetRoute function buffer overflow vulnerability CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetRoute. The D-Link DIR600L is a wireless router designed for home users, belonging to D-Link's "Cloud Router" series. It features an external antenna design, supports the 802.11n standard, and has a maximum wireless transmission rate of 150Mbps. The D-Link DIR600L contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `curTime` parameter in the `formSetRoute` function fails to properly validate the length of the input data. Attackers can exploit this vulnerability to cause a denial-of-service attack
VAR-202510-2149 CVE-2025-60568 D-Link DIR600L formAdvFirewall function buffer overflow vulnerability CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAdvFirewall. The D-Link DIR600L is a wireless router designed for home users, belonging to D-Link's "Cloud Router" series. It features an external antenna design, supports the 802.11n standard, and has a maximum wireless transmission rate of 150Mbps. The D-Link DIR600L contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `curTime` parameter in the `formAdvFirewall` function fails to properly validate the length of the input data. Attackers can exploit this vulnerability to cause a denial-of-service attack
VAR-202510-4397 No CVE Huawei Technologies Co., Ltd.'s Huawei HG532n has a weak password vulnerability. CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The Huawei HG532n is a SOHO-class wireless router designed for home users. The Huawei HG532n, manufactured by Huawei Technologies Co., Ltd., has a weak password vulnerability that attackers could exploit to obtain sensitive information.
VAR-202510-4416 No CVE Canon (China) Co., Ltd.'s iR-ADV C3520 III has a weak password vulnerability. CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The iR-ADV C3520 III is a multifunction printer designed for modern office environments. The Canon (China) Co., Ltd. iR-ADV C3520 III contains a weak password vulnerability that attackers could exploit to obtain sensitive information.
VAR-202510-4378 No CVE Mosa Technology (Shanghai) Co., Ltd.'s ioLogik E1200 series has an unauthorized access vulnerability. CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The ioLogik E1200 series is an industrial Ethernet remote I/O device designed for flexible data acquisition and device communication, suitable for various scenarios such as factory automation, security monitoring, and energy management. Mosa Technologies (Shanghai) Co., Ltd.'s ioLogik E1200 series contains an unauthorized access vulnerability, which attackers could exploit to obtain sensitive information.
VAR-202510-4377 CVE-2025-12114 Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 information disclosure vulnerabilities (CNVD-2025-29086) CVSS V2: 4.6
CVSS V3: 5.5
Severity: MEDIUM
Enabled serial console could potentially leak information that might help attacker to find vulnerabilities.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both network access controllers from Azure Access Technology, Inc., a US-based company. Both Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 contain an information disclosure vulnerability caused by a flaw in the serial console. Attackers could exploit this vulnerability to obtain sensitive information