VARIoT IoT vulnerabilities database
| VAR-202509-4205 | No CVE | NETGEAR Extender EAX14 has an unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The NETGEAR Extender EAX14 is a mesh network extender that supports WiFi 6 technology.
The NETGEAR Extender EAX14 has an unauthorized access vulnerability that could allow an attacker to obtain sensitive information.
| VAR-202509-4394 | No CVE | D-Link Electronic Equipment (Shanghai) Co., Ltd. DAP-1665 has a denial of service vulnerability |
CVSS V2: 3.8 CVSS V3: - Severity: LOW |
The DAP-1665 is an enterprise-class wireless access device.
D-Link Electronics (Shanghai) Co., Ltd.'s DAP-1665 has a denial of service vulnerability that could be exploited by an attacker to cause a denial of service.
| VAR-202509-3258 | CVE-2025-55976 | Intelbras of IWR 3000N Information disclosure vulnerability in firmware |
CVSS V2: - CVSS V3: 8.4 Severity: HIGH |
Intelbras IWR 3000N 1.9.8 exposes the Wi-Fi password in plaintext via the /api/wireless endpoint. Any unauthenticated user on the local network can directly obtain the Wi-Fi network password by querying this endpoint. Intelbras of IWR 3000N The firmware contains vulnerabilities that may allow information to be leaked and important information to be transmitted in plain text.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202509-1555 | CVE-2025-57573 | Shenzhen Tenda Technology Co.,Ltd. of F3 Classic buffer overflow vulnerability in firmware |
CVSS V2: 5.1 CVSS V3: 5.6 Severity: MEDIUM |
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the wifiTimeClose parameter in goform/setWifi. Shenzhen Tenda Technology Co.,Ltd. of F3 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda F3 is a 300M wireless router launched by Shenzhen Jixiang Tengda Technology Co., Ltd. on May 15, 2015. This vulnerability stems from a failure in the goform/setWifi file to properly validate the length of input data. An attacker could exploit this vulnerability to cause a denial of service
| VAR-202509-1660 | CVE-2025-57572 | Shenzhen Tenda Technology Co.,Ltd. of F3 Classic buffer overflow vulnerability in firmware |
CVSS V2: 5.1 CVSS V3: 5.6 Severity: MEDIUM |
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the onlineList parameter in goform/setParentControl. Shenzhen Tenda Technology Co.,Ltd. of F3 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda F3 is a 300M wireless router released by Shenzhen Jixiang Tengda Technology Co., Ltd. on May 15, 2015.
The Tenda F3 suffers from a buffer overflow vulnerability caused by a failure in the goform/setParentControl function to properly validate the length of input data. An attacker could exploit this vulnerability to cause a denial of service
| VAR-202509-1544 | CVE-2025-57571 | Shenzhen Tenda Technology Co.,Ltd. of F3 Classic buffer overflow vulnerability in firmware |
CVSS V2: 5.1 CVSS V3: 5.6 Severity: MEDIUM |
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow. via the macFilterList parameter in goform/setNAT. Shenzhen Tenda Technology Co.,Ltd. of F3 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda F3 is a 300M wireless router released by Shenzhen Jixiang Tengda Technology Co., Ltd. on May 15, 2015. This vulnerability stems from the failure of the macFilterList parameter in the goform/setNAT file to properly validate the length of input data. An attacker could exploit this vulnerability to cause a denial of service
| VAR-202509-1609 | CVE-2025-57570 | Shenzhen Tenda Technology Co.,Ltd. of F3 Classic buffer overflow vulnerability in firmware |
CVSS V2: 5.1 CVSS V3: 5.6 Severity: MEDIUM |
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the QosList parameter in goform/setQoS. Shenzhen Tenda Technology Co.,Ltd. of F3 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda F3 is a 300M wireless router released by Shenzhen Jixiang Tengda Technology Co., Ltd. on May 15, 2015. This vulnerability stems from the failure of the QosList parameter in the goform/setQoS file to properly validate the length of input data. An attacker could exploit this vulnerability to cause a denial of service
| VAR-202509-1556 | CVE-2025-57569 | Shenzhen Tenda Technology Co.,Ltd. of F3 Classic buffer overflow vulnerability in firmware |
CVSS V2: 5.1 CVSS V3: 5.6 Severity: MEDIUM |
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the portList parameter in /goform/setNAT. Shenzhen Tenda Technology Co.,Ltd. of F3 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda F3 is a 300M wireless router launched by Shenzhen Jixiang Tengda Technology Co., Ltd. on May 15, 2015. This vulnerability stems from a failure to properly validate the length of input data in the portList parameter in the /goform/setNAT file. An attacker could exploit this vulnerability to cause a denial of service
| VAR-202509-4150 | No CVE | Moxa EDR-G902 has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The EDR-G902 is a high-performance, industrial-grade VPN security router.
The Moxa EDR-G902 has a weak password vulnerability that could allow attackers to log into the system and obtain sensitive information.
| VAR-202509-4458 | No CVE | Mosa Technology (Shanghai) Co., Ltd. EDR-810-VPN-2GSFP has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The EDR-810-VPN-2GSFP is an industrial multi-port security router.
The EDR-810-VPN-2GSFP from Moxa Technology (Shanghai) Co., Ltd. has a weak password vulnerability that could allow attackers to log into the system and obtain sensitive information.
| VAR-202509-4523 | No CVE | D-Link DWR-M961 has a command execution vulnerability |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
The DWR-M961 is a 4G LTE router.
The D-Link DWR-M961 has a command execution vulnerability that could allow an attacker to execute arbitrary commands.
| VAR-202509-0593 | CVE-2025-57060 | Shenzhen Tenda Technology Co.,Ltd. of G3 Stack-based buffer overflow vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the rules parameter in the dns_forward_rule_store function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of G3 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda G3 is a QoS VPN router from the Chinese company Tenda. This vulnerability stems from the failure of the "rules" parameter in the dns_forward_rule_store function to properly validate the length of input data
| VAR-202509-1065 | CVE-2025-29089 | TP-LINK AX10 information disclosure vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
An issue in TP-Link AX10 Ax1500 v.1.3.10 Build (20230130) allows a remote attacker to obtain sensitive information. The TP-LINK AX10 is a router
| VAR-202509-0714 | CVE-2025-57086 | Shenzhen Tenda Technology Co.,Ltd. of w30e Stack-based buffer overflow vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the String parameter in the formDeleteMeshNode function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of w30e A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda W30E is an enterprise-grade wireless router designed for SOHOs, small businesses, and small shops
| VAR-202509-1340 | CVE-2025-57085 | Shenzhen Tenda Technology Co.,Ltd. of w30e Stack-based buffer overflow vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the v17 parameter in the UploadCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of w30e A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda W30E is an enterprise-grade wireless router designed for SOHOs, small businesses, and small shops
| VAR-202509-0592 | CVE-2025-57078 | Shenzhen Tenda Technology Co.,Ltd. of G3 Stack-based buffer overflow vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the pppoeServerWhiteMacIndex parameter in the formModifyPppAuthWhiteMac function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of G3 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda G3 is a QoS VPN router from the Chinese company Tenda
| VAR-202509-1017 | CVE-2025-57087 | Shenzhen Tenda Technology Co.,Ltd. of w30e Stack-based buffer overflow vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the countryCode parameter in the werlessAdvancedSet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of w30e A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda W30E is an enterprise-grade wireless router designed for SOHOs, small businesses, and small shops. This vulnerability stems from the inability of the countryCode parameter in the werlessAdvancedSet function to properly validate the length of input data
| VAR-202509-1440 | CVE-2025-57072 | Shenzhen Tenda Technology Co.,Ltd. of G3 Stack-based buffer overflow vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the staticRouteGateway parameter in the formSetStaticRoute function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of G3 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda G3 is a QoS VPN router from the Chinese company Tenda
| VAR-202509-1119 | CVE-2025-57071 | Shenzhen Tenda Technology Co.,Ltd. of G3 Stack-based buffer overflow vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the vpnUsers parameter in the formAddVpnUsers function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of G3 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda G3 is a QoS VPN router from the Chinese company Tenda. This vulnerability stems from the failure to properly validate the length of the input data in the vpnUsers parameter in the formAddVpnUsers function
| VAR-202509-1234 | CVE-2025-57070 | Shenzhen Tenda Technology Co.,Ltd. of G3 Stack-based buffer overflow vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the gstUp parameter in the guestWifiRuleRefresh function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of G3 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda G3 is an all-in-one micro-enterprise gateway launched by Tenda, designed specifically for small and medium-sized enterprises (SMEs) and providing integrated network solutions