VARIoT IoT vulnerabilities database
| VAR-202510-0318 | CVE-2025-11549 | Tenda W12 Buffer Overflow Vulnerability |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability has been found in Tenda W12 3.0.0.6(3948). The affected element is the function wifiMacFilterSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument mac leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The W12 is a high-performance wireless access point from China's Tenda company.
Shenzhen Jixiang Tenda Technology Co., Ltd.'s W12 version 3.0.0.6 suffers from a buffer overflow vulnerability. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202510-0895 | CVE-2025-61577 | D-Link DIR-816A2 Buffer Overflow Vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR-816A2_FWv1.10CNB05 was discovered to contain a stack overflow via the statuscheckpppoeuser parameter in the dir_setWanWifi function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. The D-Link DIR-816A2 is a router manufactured by D-Link, a Chinese company.
The D-Link DIR-816A2 version FWv1.10CNB05 contains a buffer overflow vulnerability. This vulnerability stems from the failure of the statuscheckpppoeuser parameter in the dir_setWanWifi function to properly validate the length of input data
| VAR-202510-0368 | CVE-2025-11528 | Tenda AC7 /goform/saveAutoQos file buffer overflow vulnerability |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was identified in Tenda AC7 15.03.06.44. This affects an unknown function of the file /goform/saveAutoQos. The manipulation of the argument enable leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. The Tenda AC7 is a wireless router from the Chinese company Tenda.
Tenda AC7 version 15.03.06.44 suffers from a buffer overflow vulnerability. This vulnerability stems from the failure of the enable parameter in the file /goform/saveAutoQos to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202510-0141 | CVE-2025-11527 | Tenda AC7 /goform/fast_setting_pppoe_set file buffer overflow vulnerability |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was determined in Tenda AC7 15.03.06.44. The impacted element is an unknown function of the file /goform/fast_setting_pppoe_set. Executing a manipulation of the argument Password can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The Tenda AC7 is a wireless router from the Chinese company Tenda. This vulnerability stems from a failure to properly validate the length of the input data in the "Password" parameter in the file /goform/fast_setting_pppoe_set. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service (DoS) attack
| VAR-202510-0224 | CVE-2025-11526 | Shenzhen Tenda Technology Co.,Ltd. of AC7 Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was found in Tenda AC7 15.03.06.44. The affected element is an unknown function of the file /goform/WifiMacFilterSet. Performing a manipulation of the argument wifi_chkHz results in stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made public and could be used. of AC7 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability stems from the failure of the wifi_chkHz parameter in the file /goform/WifiMacFilterSet to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service
| VAR-202510-0237 | CVE-2025-11525 | Shenzhen Tenda Technology Co.,Ltd. of AC7 Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability has been found in Tenda AC7 15.03.06.44. Impacted is an unknown function of the file /goform/SetUpnpCfg. Such manipulation of the argument upnpEn leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. of AC7 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability stems from the failure of the upnpEn parameter in the file /goform/SetUpnpCfg to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202510-0163 | CVE-2025-11524 | Tenda AC7 /goform/SetDDNSCfg file buffer overflow vulnerability |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A flaw has been found in Tenda AC7 15.03.06.44. This issue affects some unknown processing of the file /goform/SetDDNSCfg. This manipulation of the argument ddnsEn causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used. The Tenda AC7 is a wireless router from the Chinese company Tenda. This vulnerability stems from the failure of the ddnsEn parameter in the /goform/SetDDNSCfg file to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202510-0256 | CVE-2025-11523 | Shenzhen Tenda Technology Co.,Ltd. of AC7 Injection Vulnerability in Firmware |
CVSS V2: 6.5 CVSS V3: 6.3 Severity: Low |
A vulnerability was detected in Tenda AC7 15.03.06.44. This vulnerability affects unknown code of the file /goform/AdvSetLanip. The manipulation of the argument lanIp results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC7 The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability stems from the failure to properly sanitize special characters and commands in the lanIp parameter in the file /goform/AdvSetLanip. An attacker could exploit this vulnerability to execute arbitrary commands
| VAR-202510-3917 | No CVE | COMELIT IPCAM723A has a weak password vulnerability. |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The COMELIT IPCAM723A is a webcam.
The COMELIT IPCAM723A has a weak password vulnerability that attackers could exploit to obtain sensitive information.
| VAR-202510-4303 | No CVE | Zhongqi Technology Co., Ltd.'s NUX-6374R has a weak password vulnerability. |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Chung-Chi Technology Co., Ltd., founded in 1986, offers a series of industry-leading DOCSIS (Domain-Oriented Broadband Access Network) equipment and related network products.
A weak password vulnerability exists in Chung-Chi Technology Co., Ltd.'s NUX-6374R device, which attackers could exploit to obtain sensitive information.
| VAR-202510-3654 | No CVE | Beijing Star-Net Ruijie Networks Technology Co., Ltd.'s RG-MA2862 has a command execution vulnerability. |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
The RG-MA2862 is a gigabit dual-band router.
The RG-MA2862 router, manufactured by Beijing Star-Net Ruijie Networks Technology Co., Ltd., contains a command execution vulnerability that attackers could exploit to execute arbitrary commands.
| VAR-202510-3241 | No CVE | Cisco SPA514G has an unauthorized access vulnerability. |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The Cisco SPA514G is an IP telephony-enabled device featuring four voice lines, a Gigabit Ethernet switch (2 ports), PoE power, and an LCD display.
The Cisco SPA514G contains an unauthorized access vulnerability that could be exploited by attackers to obtain sensitive information.
| VAR-202510-0124 | CVE-2025-61861 | Made by Fuji Electric V-SFT Multiple vulnerabilities in |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: High |
An out-of-bounds read vulnerability exists in VS6ComFile!load_link_inf of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution. None. Fuji Electric V-SFT is a human-machine interface (HMI) configuration software developed by Fuji Electric, primarily used for touchscreen interface design, PDF document viewing, video playback, and alarm message management in industrial automation. This vulnerability stems from the VS6ComFile component's load_link_inf function failing to properly validate the length of input data
| VAR-202510-3242 | No CVE | COMELIT IPCAM768ZA has a weak password vulnerability. |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The COMELIT IPCAM768ZA is a webcam.
The COMELIT IPCAM768ZA has a weak password vulnerability that attackers could exploit to obtain sensitive information.
| VAR-202510-0241 | CVE-2025-11444 | TOTOLINK of n600r Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A security vulnerability has been detected in TOTOLINK N600R up to 4.3.0cu.7866_B20220506. This impacts the function setWiFiBasicConfig of the file /cgi-bin/cstecgi.cgi of the component HTTP Request Handler. Such manipulation of the argument wepkey leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. TOTOLINK of n600r The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK N600R is a dual-band wireless router released by the Korean brand TOTOLINK in 2013. It supports concurrent operation in the 2.4GHz and 5GHz bands and offers a maximum wireless transmission rate of 300Mbps.
The TOTOLINK N600R suffers from a buffer overflow vulnerability caused by the wepkey parameter in the /cgi-bin/cstecgi.cgi file failing to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202510-0243 | CVE-2025-11423 | Shenzhen Tenda Technology Co.,Ltd. of ch22 Buffer error vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: High |
A vulnerability was found in Tenda CH22 1.0.0.1. This affects the function formSafeEmailFilter of the file /goform/SafeEmailFilter. Performing a manipulation of the argument page results in memory corruption. The attack is possible to be carried out remotely. The exploit has been made public and could be used. of ch22 A buffer error vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability stems from the failure of the formSafeEmailFilter function in the file /goform/SafeEmailFilter to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service
| VAR-202510-0168 | CVE-2025-11418 | Shenzhen Tenda Technology Co.,Ltd. of ch22 Buffer error vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: High |
A security vulnerability has been detected in Tenda CH22 up to 1.0.0.1. This issue affects the function formWrlsafeset of the file /goform/AdvSetWrlsafeset of the component HTTP Request Handler. The manipulation of the argument mit_ssid_index leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. Shenzhen Tenda Technology Co.,Ltd. of ch22 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability stems from the failure of the mit_ssid_index parameter of the formWrlsafeset function in the file /goform/AdvSetWrlsafeset to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202510-0217 | CVE-2025-11408 | D-Link Corporation of DI-7001MINI-8G Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A security vulnerability has been detected in D-Link DI-7001 MINI 24.04.18B1. The affected element is an unknown function of the file /dbsrv.asp. Such manipulation of the argument str leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. D-Link Corporation of DI-7001MINI-8G The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DI-7001 MINI is a multi-function smart gateway from D-Link, a Chinese company.
The D-Link DI-7001 MINI suffers from a buffer overflow vulnerability caused by improper bounds checking in the /dbsrv.asp file. An attacker could exploit this vulnerability to execute arbitrary code or cause the application to crash
| VAR-202510-0169 | CVE-2025-11407 | D-Link Corporation of DI-7001MINI-8G Command injection vulnerability in firmware |
CVSS V2: 6.5 CVSS V3: 6.3 Severity: Low |
A weakness has been identified in D-Link DI-7001 MINI 24.04.18B1. Impacted is an unknown function of the file /upgrade_filter.asp. This manipulation of the argument path causes os command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. D-Link Corporation of DI-7001MINI-8G The firmware contains a command injection vulnerability. OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DI-7001 MINI is a multi-function smart gateway from D-Link, a Chinese company.
The D-Link DI-7001 MINI suffers from an operating system command injection vulnerability that could allow an attacker to execute arbitrary code on the system
| VAR-202510-0072 | CVE-2025-11389 | Shenzhen Tenda Technology Co.,Ltd. of AC15 Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A security flaw has been discovered in Tenda AC15 15.03.05.18. Affected is an unknown function of the file /goform/saveAutoQos. Performing a manipulation of the argument enable results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. Shenzhen Tenda Technology Co.,Ltd. of AC15 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability stems from the failure of the enable parameter in the file /goform/saveAutoQos to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service