VARIoT IoT vulnerabilities database
| VAR-202510-2355 | CVE-2025-60556 | D-Link DIR600L formSetWizard1 function buffer overflow vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWizard1. The D-Link DIR600L is a wireless router designed for home users, belonging to D-Link's "Cloud Router" series. It features an external antenna design, supports the 802.11n standard, and has a maximum wireless transmission rate of 150Mbps.
The D-Link DIR600L contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `curTime` parameter in the `formSetWizard1` function fails to properly validate the length of the input data. Attackers can exploit this vulnerability to cause a denial-of-service attack
| VAR-202510-2280 | CVE-2025-60555 | D-Link DIR600L formSetWizardSelectMode function buffer overflow vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWizardSelectMode. The D-Link DIR600L is a wireless router designed for home users, belonging to D-Link's "Cloud Router" series. It features an external antenna design, supports the 802.11n standard, and has a maximum wireless transmission rate of 150Mbps.
The D-Link DIR600L contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `curTime` parameter in the `formSetWizardSelectMode` function fails to properly validate the length of the input data. Attackers can exploit this vulnerability to cause a denial-of-service attack
| VAR-202510-2282 | CVE-2025-60554 | D-Link DIR600L formSetEnableWizard function buffer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEnableWizard. The D-Link DIR600L is a wireless router designed for home users, belonging to D-Link's "Cloud Router" series. It features an external antenna design, supports the 802.11n standard, and has a maximum wireless transmission rate of 150Mbps.
The D-Link DIR600L contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `curTime` parameter in the `formSetEnableWizard` function fails to properly validate the length of the input data. Attackers could exploit this vulnerability to execute arbitrary code or cause a denial-of-service attack
| VAR-202510-2146 | CVE-2025-60553 | D-Link DIR600L formSetWAN_Wizard52 function buffer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWAN_Wizard52. The D-Link DIR600L is a wireless router designed for home users, belonging to D-Link's "Cloud Router" series. It features an external antenna design, supports the 802.11n standard, and has a maximum wireless transmission rate of 150Mbps.
The D-Link DIR600L contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `curTime` parameter in the `formSetWAN_Wizard52` function fails to properly validate the length of the input data. Attackers could exploit this vulnerability to execute arbitrary code or cause a denial-of-service attack
| VAR-202510-2279 | CVE-2025-60552 | D-Link DIR600L formTcpipSetup function buffer overflow vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formTcpipSetup. The D-Link DIR600L is a wireless router designed for home users, belonging to D-Link's "Cloud Router" series. It features an external antenna design, supports the 802.11n standard, and has a maximum wireless transmission rate of 150Mbps.
The D-Link DIR600L contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `curTime` parameter in the `formTcpipSetup` function fails to properly validate the length of the input data. Attackers can exploit this vulnerability to cause a denial-of-service attack
| VAR-202510-2359 | CVE-2025-60551 | D-Link DIR600L formDeviceReboot function buffer overflow vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the next_page parameter in the function formDeviceReboot. The D-Link DIR600L is a wireless router designed for home users, belonging to D-Link's "Cloud Router" series. It features an external antenna design, supports the 802.11n standard, and has a maximum wireless transmission rate of 150Mbps.
The D-Link DIR600L contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `next_page` parameter in the `formDeviceReboot` function fails to properly validate the length of the input data. Attackers can exploit this vulnerability to cause a denial-of-service attack
| VAR-202510-2192 | CVE-2025-60550 | D-Link DIR600L formEasySetTimezone function buffer overflow vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formEasySetTimezone. The D-Link DIR600L is a wireless router designed for home users, belonging to D-Link's "Cloud Router" series. It features an external antenna design, supports the 802.11n standard, and has a maximum wireless transmission rate of 150Mbps.
The D-Link DIR600L contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `curTime` parameter in the `formEasySetTimezone` function fails to properly validate the length of the input data. Attackers can exploit this vulnerability to cause a denial-of-service attack
| VAR-202510-2336 | CVE-2025-60549 | D-Link DIR600L formAutoDetecWAN_wizard4 function buffer overflow vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAutoDetecWAN_wizard4. The D-Link DIR600L is a wireless router designed for home users, belonging to D-Link's "Cloud Router" series. It features an external antenna design, supports the 802.11n standard, and has a maximum wireless transmission rate of 150Mbps.
The D-Link DIR600L contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `curTime` parameter in the `formAutoDetecWAN_wizard4` function fails to properly validate the length of the input data. Attackers can exploit this vulnerability to cause a denial-of-service attack
| VAR-202510-2357 | CVE-2025-60548 | D-Link DIR600L formLanSetupRouterSettings function buffer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formLanSetupRouterSettings. The D-Link DIR600L is a wireless router designed for home users, belonging to D-Link's "Cloud Router" series. It features an external antenna design, supports the 802.11n standard, and has a maximum wireless transmission rate of 150Mbps.
The D-Link DIR600L contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `curTime` parameter in the `formLanSetupRouterSettings` function fails to properly validate the length of the input data. Attackers could exploit this vulnerability to execute arbitrary code or cause a denial-of-service attack
| VAR-202510-2088 | CVE-2025-60547 | D-Link DIR600L formSetWAN_Wizard7 function buffer overflow vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWAN_Wizard7. The D-Link DIR600L is a wireless router designed for home users, belonging to D-Link's "Cloud Router" series. It features an external antenna design, supports the 802.11n standard, and has a maximum wireless transmission rate of 150Mbps.
The D-Link DIR600L contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `curTime` parameter in the `formSetWAN_Wizard7` function fails to properly validate the length of the input data. Attackers can exploit this vulnerability to cause a denial-of-service attack
| VAR-202510-3393 | CVE-2025-12176 | An unidentified vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 (CNVD-2025-29088). |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Undocumented administrative accounts were getting created to facilitate access for applications running on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both network access controllers from Azure Access Technology, Inc., a US-based company. Attackers could exploit this vulnerability to gain unauthorized access
| VAR-202510-2193 | CVE-2025-60572 | D-Link DIR600L formAdvNetwork function buffer overflow vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAdvNetwork. The D-Link DIR600L is a wireless router designed for home users, belonging to D-Link's "Cloud Router" series. It features an external antenna design, supports the 802.11n standard, and has a maximum wireless transmission rate of 150Mbps.
The D-Link DIR600L contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `curTime` parameter in the `formAdvNetwork` function fails to properly validate the length of the input data. Attackers can exploit this vulnerability to cause a denial-of-service attack
| VAR-202510-2281 | CVE-2025-60571 | D-Link DIR600L formSetQoS function buffer overflow vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR600LAx FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetQoS. The D-Link DIR600L is a wireless router designed for home users, belonging to D-Link's "Cloud Router" series. It features an external antenna design, supports the 802.11n standard, and has a maximum wireless transmission rate of 150Mbps. This vulnerability stems from the fact that the `curTime` parameter in the `formSetQoS` function fails to properly validate the length of the input data. Attackers can exploit this vulnerability to cause a denial-of-service attack
| VAR-202510-2358 | CVE-2025-60570 | D-Link DIR600L formLogDnsquery function buffer overflow vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formLogDnsquery. The D-Link DIR600L is a wireless router designed for home users, belonging to D-Link's "Cloud Router" series. It features an external antenna design, supports the 802.11n standard, and has a maximum wireless transmission rate of 150Mbps.
The D-Link DIR600L contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `curTime` parameter in the `formLogDnsquery` function fails to properly validate the length of the input data. Attackers can exploit this vulnerability to cause a denial-of-service attack
| VAR-202510-2251 | CVE-2025-60569 | D-Link DIR600L formSetRoute function buffer overflow vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetRoute. The D-Link DIR600L is a wireless router designed for home users, belonging to D-Link's "Cloud Router" series. It features an external antenna design, supports the 802.11n standard, and has a maximum wireless transmission rate of 150Mbps.
The D-Link DIR600L contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `curTime` parameter in the `formSetRoute` function fails to properly validate the length of the input data. Attackers can exploit this vulnerability to cause a denial-of-service attack
| VAR-202510-2149 | CVE-2025-60568 | D-Link DIR600L formAdvFirewall function buffer overflow vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAdvFirewall. The D-Link DIR600L is a wireless router designed for home users, belonging to D-Link's "Cloud Router" series. It features an external antenna design, supports the 802.11n standard, and has a maximum wireless transmission rate of 150Mbps.
The D-Link DIR600L contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `curTime` parameter in the `formAdvFirewall` function fails to properly validate the length of the input data. Attackers can exploit this vulnerability to cause a denial-of-service attack
| VAR-202510-4397 | No CVE | Huawei Technologies Co., Ltd.'s Huawei HG532n has a weak password vulnerability. |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The Huawei HG532n is a SOHO-class wireless router designed for home users.
The Huawei HG532n, manufactured by Huawei Technologies Co., Ltd., has a weak password vulnerability that attackers could exploit to obtain sensitive information.
| VAR-202510-4416 | No CVE | Canon (China) Co., Ltd.'s iR-ADV C3520 III has a weak password vulnerability. |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The iR-ADV C3520 III is a multifunction printer designed for modern office environments.
The Canon (China) Co., Ltd. iR-ADV C3520 III contains a weak password vulnerability that attackers could exploit to obtain sensitive information.
| VAR-202510-4378 | No CVE | Mosa Technology (Shanghai) Co., Ltd.'s ioLogik E1200 series has an unauthorized access vulnerability. |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The ioLogik E1200 series is an industrial Ethernet remote I/O device designed for flexible data acquisition and device communication, suitable for various scenarios such as factory automation, security monitoring, and energy management.
Mosa Technologies (Shanghai) Co., Ltd.'s ioLogik E1200 series contains an unauthorized access vulnerability, which attackers could exploit to obtain sensitive information.
| VAR-202510-4377 | CVE-2025-12114 | Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 information disclosure vulnerabilities (CNVD-2025-29086) |
CVSS V2: 4.6 CVSS V3: 5.5 Severity: MEDIUM |
Enabled serial console could potentially leak information that might help attacker to find vulnerabilities.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both network access controllers from Azure Access Technology, Inc., a US-based company.
Both Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 contain an information disclosure vulnerability caused by a flaw in the serial console. Attackers could exploit this vulnerability to obtain sensitive information