VARIoT IoT vulnerabilities database
| VAR-202605-1680 | CVE-2025-40949 | Siemens' RUGGEDCOM ROX MX5000 Firmware and other multiple products OS Command injection vulnerability |
CVSS V2: - CVSS V3: 9.1 Severity: High |
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX1500 (All versions < V2.17.1), RUGGEDCOM ROX RX1501 (All versions < V2.17.1), RUGGEDCOM ROX RX1510 (All versions < V2.17.1), RUGGEDCOM ROX RX1511 (All versions < V2.17.1), RUGGEDCOM ROX RX1512 (All versions < V2.17.1), RUGGEDCOM ROX RX1524 (All versions < V2.17.1), RUGGEDCOM ROX RX1536 (All versions < V2.17.1), RUGGEDCOM ROX RX5000 (All versions < V2.17.1). Affected devices do not properly sanitize user-supplied input in the Scheduler functionality of the Web UI, allowing commands to be injected into the task scheduling backend.
This could allow an authenticated remote attacker to execute arbitrary commands with root privileges on the underlying operating system. root It may be possible to execute it with the appropriate permissions.- All information handled by the software may be leaked to external parties. - All information handled by the software may be overwritten. - The software may completely shut down
| VAR-202605-0892 | CVE-2025-40948 | Siemens' RUGGEDCOM ROX MX5000 Vulnerabilities related to argument insertion or modification in multiple products, such as firmware |
CVSS V2: - CVSS V3: 6.8 Severity: Medium |
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX1500 (All versions < V2.17.1), RUGGEDCOM ROX RX1501 (All versions < V2.17.1), RUGGEDCOM ROX RX1510 (All versions < V2.17.1), RUGGEDCOM ROX RX1511 (All versions < V2.17.1), RUGGEDCOM ROX RX1512 (All versions < V2.17.1), RUGGEDCOM ROX RX1524 (All versions < V2.17.1), RUGGEDCOM ROX RX1536 (All versions < V2.17.1), RUGGEDCOM ROX RX5000 (All versions < V2.17.1). Affected devices do not properly validate input in the web server's JSON-RPC interface.
This could allow an authenticated remote attacker to read arbitrary files from the underlying operating system's filesystem with root privileges. root It will become possible to read it based on the permissions.- All information handled by the software may be leaked to external parties. - No rewriting will occur to the information handled by the software. - The software will not stop
| VAR-202605-2441 | CVE-2025-40947 | Siemens' RUGGEDCOM ROX MX5000 Firmware and other multiple products OS Command injection vulnerability |
CVSS V2: - CVSS V3: 7.5 Severity: High |
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX1500 (All versions < V2.17.1), RUGGEDCOM ROX RX1501 (All versions < V2.17.1), RUGGEDCOM ROX RX1510 (All versions < V2.17.1), RUGGEDCOM ROX RX1511 (All versions < V2.17.1), RUGGEDCOM ROX RX1512 (All versions < V2.17.1), RUGGEDCOM ROX RX1524 (All versions < V2.17.1), RUGGEDCOM ROX RX1536 (All versions < V2.17.1), RUGGEDCOM ROX RX5000 (All versions < V2.17.1). Affected devices do not properly sanitize user-supplied input during the feature key installation process.
This could allow an authenticated remote attacker to inject arbitrary commands, resulting in remote code execution with root privileges on the underlying operating system. - All information handled by the software may be overwritten. - The software may completely shut down
| VAR-202605-3769 | CVE-2026-36983 | D-Link Corporation of DCS-932L Firmware Command injection vulnerability in |
CVSS V2: - CVSS V3: 7.3 Severity: HIGH |
D-Link DCS-932L v2.18.01 is vulnerable to Command Injection in the function sub_42EF14 of the file /bin/alphapd. The manipulation of the argument LightSensorControl leads to command injection. LightSensorControl Command injection occurs through this operation.Some of the information handled by the software may be leaked to the outside. Also, some of the information handled by the software may be rewritten. Furthermore, some of the software may stop functioning. Furthermore, attacks that exploit this vulnerability will not affect other software
| VAR-202605-3781 | CVE-2026-8273 | D-Link Corporation of D-Link DNS-320 Multiple vulnerabilities in firmware |
CVSS V2: 5.8 CVSS V3: 4.7 Severity: Medium |
A weakness has been identified in D-Link DNS-320 2.06B01. This impacts the function cgi_set_host/cgi_set_ntp/cgi_fan_control/cgi_merge_user of the file /cgi-bin/system_mgr.cgi. This manipulation causes os command injection. It is possible to initiate the attack remotely. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software
| VAR-202605-3065 | CVE-2026-8272 | D-Link Corporation of D-Link DNS-320 Multiple vulnerabilities in firmware |
CVSS V2: 5.8 CVSS V3: 4.7 Severity: Low |
A security flaw has been discovered in D-Link DNS-320 2.06B01. This affects the function delete/rename/copy/move/chmod/chown of the file /cgi-bin/webfile_mgr.cgi. The manipulation results in os command injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. This vulnerability is: /cgi-bin/webfile_mgr.cgi File delete , rename , copy , move , chmod , chown This will affect the functionality. An exploit has been exposed and may be used to carry out attacks.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely
| VAR-202605-2715 | CVE-2026-8271 | D-Link Corporation of D-Link DNS-320 Multiple vulnerabilities in firmware |
CVSS V2: 5.8 CVSS V3: 4.7 Severity: Low |
A vulnerability was identified in D-Link DNS-320 2.06B01. The impacted element is the function cgi_speed/cgi_dhcpd_lease/cgi_ddns/cgi_set_ip/cgi_upnp_del/cgi_dhcpd/cgi_upnp_add/cgi_upnp_edit of the file /cgi-bin/network_mgr.cgi. The manipulation leads to os command injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software
| VAR-202605-0817 | CVE-2026-8265 | Shenzhen Tenda Technology Co.,Ltd. of AC6 Multiple vulnerabilities in firmware |
CVSS V2: 5.8 CVSS V3: 4.7 Severity: Low |
A security vulnerability has been detected in Tenda AC6 15.03.06.23. Affected by this issue is the function get_log_file of the file /goform/getLogFile of the component httpd. The manipulation of the argument wans.flag leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software
| VAR-202605-1581 | CVE-2026-8264 | Shenzhen Tenda Technology Co.,Ltd. of AC6 Multiple vulnerabilities in firmware |
CVSS V2: 6.5 CVSS V3: 6.3 Severity: Low |
A weakness has been identified in Tenda AC6 15.03.06.23. Affected by this vulnerability is the function formWifiApScan of the file /goform/WifiApScan of the component httpd. Executing a manipulation of the argument wl2g.public.country/wl5g.public.country can lead to os command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. The exploit is publicly available and could be used to carry out attacks.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely
| VAR-202605-1567 | CVE-2026-8260 | D-Link Corporation of DCS-935L Multiple vulnerabilities in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was found in D-Link DCS-935L up to 1.10.01. The impacted element is the function SetDeviceSettings of the file /web/cgi-bin/hnap/hnap_service of the component HNAP Service. The manipulation of the argument AdminPassword results in buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used. D-Link DCS-935L version 1.10.01 The vulnerability was discovered in 2017. The exploit has been exposed and could be exploited.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software
| VAR-202605-0316 | CVE-2026-8259 | Shenzhen Tenda Technology Co.,Ltd. of AC6 Multiple vulnerabilities in firmware |
CVSS V2: 5.8 CVSS V3: 4.7 Severity: Low |
A vulnerability has been found in Tenda AC6 2.0/15.03.06.23. The affected element is an unknown function of the file /goform/telnet of the component httpd. The manipulation of the argument lan.ip leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. This exploit is publicly available and may be exploited.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software
| VAR-202605-6902 | CVE-2026-20169 | Cisco Systems Cisco IoT Field Network Director Command injection vulnerability in |
CVSS V2: - CVSS V3: 6.4 Severity: MEDIUM |
A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to access files and execute commands on a remote router.
This vulnerability is due to insufficient input validation of user-supplied data. An attacker could exploit this vulnerability by submitting crafted input in the web-based management interface. A successful exploit could allow the attacker to create, read, or delete files and execute limited commands in user EXEC mode on a remote router. EXEC This can be done in mode.- Some of the information handled by the software may be leaked to external parties. - Some of the information handled by the software may be overwritten. - The software will not stop
| VAR-202605-5693 | CVE-2026-20168 | Cisco Systems Cisco IoT Field Network Director Vulnerabilities related to error handling in |
CVSS V2: - CVSS V3: 6.5 Severity: MEDIUM |
A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to retrieve files that they do not have permission to access.
This vulnerability is due to insufficient file access checks. An attacker could exploit this vulnerability by submitting crafted input in the web-based management interface. A successful exploit could allow the attacker to read files that they are not authorized to access. - No rewriting will occur to the information handled by the software. - The software will not stop
| VAR-202605-4743 | CVE-2026-20167 | Cisco Systems Cisco IoT Field Network Director access control vulnerabilities in |
CVSS V2: - CVSS V3: 7.7 Severity: HIGH |
A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to cause a DoS condition on a remotely managed router.
This vulnerability is due to improper error handling. An attacker could exploit this vulnerability by submitting crafted input to the web-based management interface. A successful exploit could allow the attacker to request unauthorized files from a remote router, causing the router to reload and resulting in a DoS condition. DoS This can lead to a certain condition. DoS The condition occurs.- No information handled by the software will be leaked to external parties. - No information handled by the software will be rewritten. - The software may completely shut down
| VAR-202604-2450 | CVE-2026-7470 | Shenzhen Tenda Technology Co.,Ltd. of 4g300 Multiple vulnerabilities in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A flaw has been found in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. Affected is the function sub_427C3C of the file /goform/SafeMacFilter. This manipulation of the argument page causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used. Because it allows for remote attacks and exploits have been publicly exposed, it is at risk of being exploited.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software
| VAR-202604-3188 | CVE-2026-7469 | Shenzhen Tenda Technology Co.,Ltd. of 4g300 Multiple vulnerabilities in firmware |
CVSS V2: 6.5 CVSS V3: 6.3 Severity: Low |
A vulnerability was detected in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. This impacts the function sub_425A28 of the file /goform/DelFil. The manipulation of the argument delflag results in command injection. The attack may be launched remotely. The exploit is now public and may be used. The exploit has already been publicly disclosed and is at risk of being exploited.Some of the information handled by the software may be leaked to the outside. Also, some of the information handled by the software may be rewritten. Furthermore, some of the software may stop functioning. Furthermore, attacks that exploit this vulnerability will not affect other software
| VAR-202604-3710 | CVE-2026-32655 | Dell's Alienware Command Center Least privilege violation vulnerability in |
CVSS V2: - CVSS V3: 5.3 Severity: MEDIUM |
Dell Alienware Command Center (AWCC), versions prior to 6.13.8.0, contain a Least Privilege Violation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software
| VAR-202604-3463 | CVE-2026-31255 | Shenzhen Tenda Technology Co.,Ltd. of AC18 Command injection vulnerability in firmware |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
A command injection vulnerability exists in Tenda AC18 V15.03.05.05_multi. The vulnerability is located in the /goform/SetSambaCfg interface, where improper handling of the guestuser parameter allows attackers to execute arbitrary system commands. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software
| VAR-202604-3901 | CVE-2026-25908 | Dell's Alienware Command Center Unnecessary Privileged Execution Vulnerability in |
CVSS V2: - CVSS V3: 6.7 Severity: MEDIUM |
Dell Alienware Command Center (AWCC), versions prior to 6.13.8.0, contain an Execution with Unnecessary Privileges vulnerability in the AWCC. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software
| VAR-202604-3873 | CVE-2026-7069 | D-Link Corporation of DIR-825 Multiple vulnerabilities in firmware |
CVSS V2: 7.7 CVSS V3: 8.0 Severity: High |
A security flaw has been discovered in D-Link DIR-825 up to 3.00b32. This impacts the function AddPortMapping of the file upnpsoap.c of the component miniupnpd. Performing a manipulation of the argument NewPortMappingDescription results in buffer overflow. The attack needs to be approached within the local network. The exploit has been released to the public and may be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer. All information handled by the software may be rewritten. Furthermore, the software may stop working completely