VARIoT IoT vulnerabilities database
| VAR-202509-4545 | No CVE | Lexmark International Inc.'s Lexmark CX921de contains an unauthorized access vulnerability. |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The Lexmark CX921de is a color laser printer designed for the commercial market.
A vulnerability exists in the Lexmark International Inc. Lexmark CX921de printer that could be exploited by an attacker to obtain sensitive information.
| VAR-202509-4466 | No CVE | WAGO 750-881, manufactured by WAGO Electronics (Tianjin) Co., Ltd., contains an unauthorized access vulnerability. |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The WAGO 750-881 is an Ethernet switch module primarily used in industrial automation control scenarios. It supports the TCP/IP protocol and is compatible with the 750 series devices.
WAGO Electronics (Tianjin) Co., Ltd.'s WAGO 750-881 contains an unauthorized access vulnerability, which attackers could exploit to obtain sensitive information.
| VAR-202509-4500 | No CVE | Zion Electronics (Shenzhen) Co., Ltd.'s A720R has an unauthorized access vulnerability. |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
The A720R is a dual-band gigabit wireless router.
The ZEON Electronics (Shenzhen) Co., Ltd. A720R model contains an unauthorized access vulnerability that attackers could exploit to obtain sensitive information.
| VAR-202509-4501 | No CVE | Shenzhen Jixiang Tengda Technology Co., Ltd.'s AC20 has a denial-of-service vulnerability. |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The AC20 is a wireless router.
The AC20 router developed by Shenzhen Jixiang Tengda Technology Co., Ltd. contains a denial-of-service vulnerability, which attackers can exploit to cause a denial-of-service attack.
| VAR-202509-4521 | No CVE | Shenzhen Jixiang Tengda Technology Co., Ltd.'s AC21 has a binary vulnerability. |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
The AC21 is a router product.
The AC21 router produced by Shenzhen Jixiang Tengda Technology Co., Ltd. contains a binary vulnerability that attackers could exploit to cause a denial-of-service attack.
| VAR-202509-4526 | No CVE | WAGO Electronics (Tianjin) Co., Ltd. has an unauthorized access vulnerability in port 750-880. |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The 750-880 is a third-generation programmable fieldbus controller with Ethernet communication, SD card expansion, and industrial protocol support capabilities, primarily used in industrial automation control.
WAGO Electronics (Tianjin) Co., Ltd.'s 750-880 model contains an unauthorized access vulnerability, which attackers could exploit to obtain sensitive information.
| VAR-202509-4509 | No CVE | Shenzhen Jixiang Tengda Technology Co., Ltd.'s AC7 has a binary vulnerability. |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The AC7 is a wireless router.
The AC7 router developed by Shenzhen Jixiang Tengda Technology Co., Ltd. contains a binary vulnerability that attackers could exploit to cause a denial-of-service attack.
| VAR-202509-4507 | No CVE | TOTOLINK X18 has a binary vulnerability. |
CVSS V2: 6.0 CVSS V3: - Severity: MEDIUM |
The X18 is a wireless router manufactured by TOTOLINK, a Chinese company.
The TOTOLINK X18 contains a binary vulnerability that attackers could exploit to gain server privileges.
| VAR-202509-4540 | No CVE | WAGO Electronics (Tianjin) Co., Ltd.'s WAGO 750-890 has a weak password vulnerability. |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The WAGO 750-890 is a Modbus TCP controller suitable for industrial automation systems and supports the Modbus communication protocol.
WAGO Electronics (Tianjin) Co., Ltd.'s WAGO 750-890 has a weak password vulnerability that attackers could exploit to obtain sensitive information.
| VAR-202509-4502 | No CVE | WAGO Electronics (Tianjin) Co., Ltd.'s WAGO 750-881 has a weak password vulnerability. |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The WAGO 750-881 is an Ethernet switch module primarily used in industrial automation control scenarios. It supports the TCP/IP protocol and is compatible with the 750 series devices.
WAGO Electronics (Tianjin) Co., Ltd.'s WAGO 750-881 contains a weak password vulnerability, which attackers could exploit to obtain sensitive information.
| VAR-202509-4508 | No CVE | The Canon MF220 Series from Canon (China) Co., Ltd. has a weak password vulnerability. |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The Canon MF220 Series is a 4-in-1 multifunction laser printer.
Canon (China) Co., Ltd.'s Canon MF220 Series printer has a weak password vulnerability that attackers could exploit to obtain sensitive information.
| VAR-202509-4525 | No CVE | Shenzhen Jixiang Tengda Technology Co., Ltd.'s AC20 has a denial-of-service vulnerability. |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
The AC20 is a wireless router.
The Tenda AC20 router, manufactured by Shenzhen Tenda Technology Co., Ltd., contains a denial-of-service vulnerability that attackers could exploit to cause a denial-of-service attack.
| VAR-202509-4527 | No CVE | WAGO Electronics (Tianjin) Co., Ltd.'s WAGO 750-891 has a weak password vulnerability. |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The WAGO 750-891 is a fourth-generation Modbus TCP controller that supports Ethernet communication.
WAGO 750-891 from WAGO Electronics (Tianjin) Co., Ltd. has a weak password vulnerability that attackers could exploit to obtain sensitive information.
| VAR-202509-4467 | No CVE | WAGO 750-841, manufactured by WAGO Electronics (Tianjin) Co., Ltd., contains an unauthorized access vulnerability. |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The WAGO 750-841 is a fieldbus adapter in the WAGO-I/O-SYSTEM series, primarily used for data transmission and equipment control in industrial automation.
WAGO Electronics (Tianjin) Co., Ltd.'s WAGO 750-841 contains an unauthorized access vulnerability, which attackers could exploit to obtain sensitive information.
| VAR-202509-4395 | No CVE | Siemens Mobility Trainguard End-of-Train and Head-of-Train Weak Authentication Vulnerabilities |
CVSS V2: 8.3 CVSS V3: - Severity: HIGH |
The Trainguard End-of-Train (EOT) is a next-generation train-end device used to connect onboard telemetry. The Trainguard Head-of-Train (HOT) is a head-of-train device. These devices communicate using the S-9152 standard.
Siemens Mobility Trainguard End-of-Train and Head-of-Train devices have weak authentication vulnerabilities. This vulnerability stems from a lack of authentication in the device's communication protocol. An attacker could exploit this vulnerability to inject malicious commands, causing operational disruptions or brake failures.
| VAR-202509-4499 | No CVE | TOTOLINK LR350 has a stack overflow vulnerability. |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
The LR350 is a wireless router.
The TOTOLINK LR350 contains a stack overflow vulnerability that attackers could exploit to cause a denial-of-service attack.
| VAR-202509-4515 | No CVE | Shenzhen Jixiang Tengda Technology Co., Ltd.'s AC10 has a binary vulnerability. |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The AC10 is a high-performance router with gigabit ports on both the WAN and LAN sides.
Shenzhen Jixiang Tengda Technology Co., Ltd.'s AC10 router contains a binary vulnerability that attackers could exploit to cause a denial-of-service attack.
| VAR-202509-2702 | CVE-2025-52053 | TOTOLINK of x6000r Command injection vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in the sub_417D74 function via the file_name parameter. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request. TOTOLINK of x6000r Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK X6000R is a wireless router launched by TOTOLINK (a Chinese electronics company) that supports Wi-Fi 6 technology, emphasizing high-concurrency connections and dual-band transmission. This vulnerability stems from a failure in the sub_417D74 function to properly filter special characters and commands in the filename field
| VAR-202509-1516 | CVE-2025-10443 |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was identified in Tenda AC9 and AC15 15.03.05.14/15.03.05.18. This vulnerability affects the function formexeCommand of the file /goform/exeCommand. Such manipulation of the argument cmdinput leads to buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used.
| VAR-202509-1490 | CVE-2025-10442 | Shenzhen Tenda Technology Co.,Ltd. of AC9 firmware and AC15 Command injection vulnerability in firmware |
CVSS V2: 6.5 CVSS V3: 6.3 Severity: Low |
A vulnerability was determined in Tenda AC9 and AC15 15.03.05.14. This affects the function formexeCommand of the file /goform/exeCommand. This manipulation of the argument cmdinput causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. Shenzhen Tenda Technology Co.,Ltd. of AC9 firmware and AC15 The firmware contains a command injection vulnerability. OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state