VARIoT IoT vulnerabilities database

A15 is a dual-band 3G wireless router suitable for fiber-optic homes within 1000M. Shenzhen Jixiang Tengda Technology Co., Ltd. A15 has a binary vulnerability that can be exploited by attackers to cause a denial of service.

H3C GR-1200W is a high-performance enterprise-class Gigabit wireless router launched by H3C Technologies Co., Ltd. (H3C for short). H3C GR-1200W of H3C Technologies Co., Ltd. has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

AC10 is a high-performance router with Gigabit ports for both WAN and LAN ports. Shenzhen Jixiang Tengda Technology Co., Ltd. AC10 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

TEW-751DR is a wireless Gigabit router. TRENDnet TEW-751DR has an information leakage vulnerability that can be exploited by attackers to obtain sensitive information.

TP-Link Technologies Co., Ltd. is a leading ICT equipment and solution provider. TP-Link VN020-F3v has a binary vulnerability that can be exploited by attackers to cause a denial of service.

In the function process_crypto_cmd, the values of ptrs[i] can be potentially equal to NULL which is valid value after calling slice_map_array(). Later this values will be derefenced without prior NULL check, which can lead to local Temporary DoS or OOB Read, leading to information disclosure. Google Pixel is a smartphone produced by Google Inc. in the United States. Google Pixel has an information leakage vulnerability that can be exploited by attackers to cause out-of-bounds reading

There is a possible bypass of carrier restrictions due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Google Pixel is a smartphone produced by Google in the United States

There is a possible disclosure of Bluetooth adapter details due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Google Pixel is a smartphone produced by Google in the United States. Google Pixel has an information disclosure vulnerability that can be exploited by attackers to leak detailed information about the Bluetooth adapter

A vulnerability was found in D-Link DI-8100 up to 20250523. It has been classified as critical. Affected is the function httpd_get_parm of the file /login.cgi of the component jhttpd. The manipulation of the argument notify leads to stack-based buffer overflow. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. D-Link DI-8100 is a wireless broadband router designed for small and medium-sized network environments by D-Link, a Chinese company. The vulnerability is caused by the parameter notify in the file /login.cgi failing to properly verify the length of the input data. Attackers can use this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability classified as critical has been found in D-Link DCS-5020L 1.01_B2. This affects the function websReadEvent of the file /rame/ptdc.cgi. The manipulation of the argument Authorization leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DCS-5020L An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DCS-5020L is a DCS series IP camera from D-Link of China. D-Link DCS-5020L has a buffer overflow vulnerability. The vulnerability is caused by the failure of the parameter Authorization in the file /rame/ptdc.cgi to correctly verify the length of the input data. Attackers can use this vulnerability to execute arbitrary code on the system or cause a denial of service

QUANTUM D2G is a dual-gigabit home router. Ruiyin Technology (Shenzhen) Co., Ltd. QUANTUM D2G has a logic defect vulnerability, which can be exploited by attackers to obtain sensitive information.

N300 Wi-Fi Router is a high-performance wireless router. EDIMAX N300 Wi-Fi Router has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.

N300 Wi-Fi Router is a high-performance wireless router. EDIMAX N300 Wi-Fi Router has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.

HP Color LaserJet Pro M452dn is a color laser printer designed for commercial use. HP Color LaserJet Pro M452dn has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information.

N300 Wi-Fi Router is a high-performance wireless router. EDIMAX N300 Wi-Fi Router has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.

N300 Wi-Fi Router is a high-performance wireless router. EDIMAX N300 Wi-Fi Router has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.

D-Link DI-7003GV2 is a router from D-Link, a Chinese company. D-Link DI-7003GV2 has a logic flaw that can be exploited by attackers to cause a denial of service.

Shenzhen Congwen Security Electronics Co., Ltd. was founded in Shenzhen in 1993. It is committed to building the police cloud IoT security operation software platform and solutions, which are widely used in smart finance, safe campus, smart community, fire emergency and other fields. Shenzhen Congwen Security Electronics Co., Ltd. Police Cloud Integrated Integrated Management Server has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Comfast CF-616AC V2 is a wireless router. Shenzhen Sihai Zhonglian Network Technology Co., Ltd. Comfast CF-616AC V2 has a logic defect vulnerability, which can be exploited by attackers to cause denial of service.

H3C NX54 is a Gigabit dual-band router that supports Wi-Fi 6 (802.11ax) protocol. H3C NX54 of H3C Technologies Co., Ltd. has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.