VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202509-4545 No CVE Lexmark International Inc.'s Lexmark CX921de contains an unauthorized access vulnerability. CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The Lexmark CX921de is a color laser printer designed for the commercial market. A vulnerability exists in the Lexmark International Inc. Lexmark CX921de printer that could be exploited by an attacker to obtain sensitive information.
VAR-202509-4466 No CVE WAGO 750-881, manufactured by WAGO Electronics (Tianjin) Co., Ltd., contains an unauthorized access vulnerability. CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The WAGO 750-881 is an Ethernet switch module primarily used in industrial automation control scenarios. It supports the TCP/IP protocol and is compatible with the 750 series devices. WAGO Electronics (Tianjin) Co., Ltd.'s WAGO 750-881 contains an unauthorized access vulnerability, which attackers could exploit to obtain sensitive information.
VAR-202509-4500 No CVE Zion Electronics (Shenzhen) Co., Ltd.'s A720R has an unauthorized access vulnerability. CVSS V2: 2.1
CVSS V3: -
Severity: LOW
The A720R is a dual-band gigabit wireless router. The ZEON Electronics (Shenzhen) Co., Ltd. A720R model contains an unauthorized access vulnerability that attackers could exploit to obtain sensitive information.
VAR-202509-4501 No CVE Shenzhen Jixiang Tengda Technology Co., Ltd.'s AC20 has a denial-of-service vulnerability. CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The AC20 is a wireless router. The AC20 router developed by Shenzhen Jixiang Tengda Technology Co., Ltd. contains a denial-of-service vulnerability, which attackers can exploit to cause a denial-of-service attack.
VAR-202509-4521 No CVE Shenzhen Jixiang Tengda Technology Co., Ltd.'s AC21 has a binary vulnerability. CVSS V2: 4.9
CVSS V3: -
Severity: MEDIUM
The AC21 is a router product. The AC21 router produced by Shenzhen Jixiang Tengda Technology Co., Ltd. contains a binary vulnerability that attackers could exploit to cause a denial-of-service attack.
VAR-202509-4526 No CVE WAGO Electronics (Tianjin) Co., Ltd. has an unauthorized access vulnerability in port 750-880. CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The 750-880 is a third-generation programmable fieldbus controller with Ethernet communication, SD card expansion, and industrial protocol support capabilities, primarily used in industrial automation control. WAGO Electronics (Tianjin) Co., Ltd.'s 750-880 model contains an unauthorized access vulnerability, which attackers could exploit to obtain sensitive information.
VAR-202509-4509 No CVE Shenzhen Jixiang Tengda Technology Co., Ltd.'s AC7 has a binary vulnerability. CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The AC7 is a wireless router. The AC7 router developed by Shenzhen Jixiang Tengda Technology Co., Ltd. contains a binary vulnerability that attackers could exploit to cause a denial-of-service attack.
VAR-202509-4507 No CVE TOTOLINK X18 has a binary vulnerability. CVSS V2: 6.0
CVSS V3: -
Severity: MEDIUM
The X18 is a wireless router manufactured by TOTOLINK, a Chinese company. The TOTOLINK X18 contains a binary vulnerability that attackers could exploit to gain server privileges.
VAR-202509-4540 No CVE WAGO Electronics (Tianjin) Co., Ltd.'s WAGO 750-890 has a weak password vulnerability. CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The WAGO 750-890 is a Modbus TCP controller suitable for industrial automation systems and supports the Modbus communication protocol. WAGO Electronics (Tianjin) Co., Ltd.'s WAGO 750-890 has a weak password vulnerability that attackers could exploit to obtain sensitive information.
VAR-202509-4502 No CVE WAGO Electronics (Tianjin) Co., Ltd.'s WAGO 750-881 has a weak password vulnerability. CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The WAGO 750-881 is an Ethernet switch module primarily used in industrial automation control scenarios. It supports the TCP/IP protocol and is compatible with the 750 series devices. WAGO Electronics (Tianjin) Co., Ltd.'s WAGO 750-881 contains a weak password vulnerability, which attackers could exploit to obtain sensitive information.
VAR-202509-4508 No CVE The Canon MF220 Series from Canon (China) Co., Ltd. has a weak password vulnerability. CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The Canon MF220 Series is a 4-in-1 multifunction laser printer. Canon (China) Co., Ltd.'s Canon MF220 Series printer has a weak password vulnerability that attackers could exploit to obtain sensitive information.
VAR-202509-4525 No CVE Shenzhen Jixiang Tengda Technology Co., Ltd.'s AC20 has a denial-of-service vulnerability. CVSS V2: 4.9
CVSS V3: -
Severity: MEDIUM
The AC20 is a wireless router. The Tenda AC20 router, manufactured by Shenzhen Tenda Technology Co., Ltd., contains a denial-of-service vulnerability that attackers could exploit to cause a denial-of-service attack.
VAR-202509-4527 No CVE WAGO Electronics (Tianjin) Co., Ltd.'s WAGO 750-891 has a weak password vulnerability. CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The WAGO 750-891 is a fourth-generation Modbus TCP controller that supports Ethernet communication. WAGO 750-891 from WAGO Electronics (Tianjin) Co., Ltd. has a weak password vulnerability that attackers could exploit to obtain sensitive information.
VAR-202509-4467 No CVE WAGO 750-841, manufactured by WAGO Electronics (Tianjin) Co., Ltd., contains an unauthorized access vulnerability. CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The WAGO 750-841 is a fieldbus adapter in the WAGO-I/O-SYSTEM series, primarily used for data transmission and equipment control in industrial automation. WAGO Electronics (Tianjin) Co., Ltd.'s WAGO 750-841 contains an unauthorized access vulnerability, which attackers could exploit to obtain sensitive information.
VAR-202509-4395 No CVE Siemens Mobility Trainguard End-of-Train and Head-of-Train Weak Authentication Vulnerabilities CVSS V2: 8.3
CVSS V3: -
Severity: HIGH
The Trainguard End-of-Train (EOT) is a next-generation train-end device used to connect onboard telemetry. The Trainguard Head-of-Train (HOT) is a head-of-train device. These devices communicate using the S-9152 standard. Siemens Mobility Trainguard End-of-Train and Head-of-Train devices have weak authentication vulnerabilities. This vulnerability stems from a lack of authentication in the device's communication protocol. An attacker could exploit this vulnerability to inject malicious commands, causing operational disruptions or brake failures.
VAR-202509-4499 No CVE TOTOLINK LR350 has a stack overflow vulnerability. CVSS V2: 2.1
CVSS V3: -
Severity: LOW
The LR350 is a wireless router. The TOTOLINK LR350 contains a stack overflow vulnerability that attackers could exploit to cause a denial-of-service attack.
VAR-202509-4515 No CVE Shenzhen Jixiang Tengda Technology Co., Ltd.'s AC10 has a binary vulnerability. CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The AC10 is a high-performance router with gigabit ports on both the WAN and LAN sides. Shenzhen Jixiang Tengda Technology Co., Ltd.'s AC10 router contains a binary vulnerability that attackers could exploit to cause a denial-of-service attack.
VAR-202509-2702 CVE-2025-52053 TOTOLINK  of  x6000r  Command injection vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
TOTOLINK X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in the sub_417D74 function via the file_name parameter. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request. TOTOLINK of x6000r Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK X6000R is a wireless router launched by TOTOLINK (a Chinese electronics company) that supports Wi-Fi 6 technology, emphasizing high-concurrency connections and dual-band transmission. This vulnerability stems from a failure in the sub_417D74 function to properly filter special characters and commands in the filename field
VAR-202509-1516 CVE-2025-10443 CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability was identified in Tenda AC9 and AC15 15.03.05.14/15.03.05.18. This vulnerability affects the function formexeCommand of the file /goform/exeCommand. Such manipulation of the argument cmdinput leads to buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used.
VAR-202509-1490 CVE-2025-10442 Shenzhen Tenda Technology Co.,Ltd.  of  AC9  firmware and  AC15  Command injection vulnerability in firmware CVSS V2: 6.5
CVSS V3: 6.3
Severity: Low
A vulnerability was determined in Tenda AC9 and AC15 15.03.05.14. This affects the function formexeCommand of the file /goform/exeCommand. This manipulation of the argument cmdinput causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. Shenzhen Tenda Technology Co.,Ltd. of AC9 firmware and AC15 The firmware contains a command injection vulnerability. OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state