VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202509-4205 No CVE NETGEAR Extender EAX14 has an unauthorized access vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The NETGEAR Extender EAX14 is a mesh network extender that supports WiFi 6 technology. The NETGEAR Extender EAX14 has an unauthorized access vulnerability that could allow an attacker to obtain sensitive information.
VAR-202509-4394 No CVE D-Link Electronic Equipment (Shanghai) Co., Ltd. DAP-1665 has a denial of service vulnerability CVSS V2: 3.8
CVSS V3: -
Severity: LOW
The DAP-1665 is an enterprise-class wireless access device. D-Link Electronics (Shanghai) Co., Ltd.'s DAP-1665 has a denial of service vulnerability that could be exploited by an attacker to cause a denial of service.
VAR-202509-3258 CVE-2025-55976 Intelbras  of  IWR 3000N  Information disclosure vulnerability in firmware CVSS V2: -
CVSS V3: 8.4
Severity: HIGH
Intelbras IWR 3000N 1.9.8 exposes the Wi-Fi password in plaintext via the /api/wireless endpoint. Any unauthenticated user on the local network can directly obtain the Wi-Fi network password by querying this endpoint. Intelbras of IWR 3000N The firmware contains vulnerabilities that may allow information to be leaked and important information to be transmitted in plain text.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202509-1555 CVE-2025-57573 Shenzhen Tenda Technology Co.,Ltd.  of  F3  Classic buffer overflow vulnerability in firmware CVSS V2: 5.1
CVSS V3: 5.6
Severity: MEDIUM
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the wifiTimeClose parameter in goform/setWifi. Shenzhen Tenda Technology Co.,Ltd. of F3 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda F3 is a 300M wireless router launched by Shenzhen Jixiang Tengda Technology Co., Ltd. on May 15, 2015. This vulnerability stems from a failure in the goform/setWifi file to properly validate the length of input data. An attacker could exploit this vulnerability to cause a denial of service
VAR-202509-1660 CVE-2025-57572 Shenzhen Tenda Technology Co.,Ltd.  of  F3  Classic buffer overflow vulnerability in firmware CVSS V2: 5.1
CVSS V3: 5.6
Severity: MEDIUM
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the onlineList parameter in goform/setParentControl. Shenzhen Tenda Technology Co.,Ltd. of F3 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda F3 is a 300M wireless router released by Shenzhen Jixiang Tengda Technology Co., Ltd. on May 15, 2015. The Tenda F3 suffers from a buffer overflow vulnerability caused by a failure in the goform/setParentControl function to properly validate the length of input data. An attacker could exploit this vulnerability to cause a denial of service
VAR-202509-1544 CVE-2025-57571 Shenzhen Tenda Technology Co.,Ltd.  of  F3  Classic buffer overflow vulnerability in firmware CVSS V2: 5.1
CVSS V3: 5.6
Severity: MEDIUM
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow. via the macFilterList parameter in goform/setNAT. Shenzhen Tenda Technology Co.,Ltd. of F3 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda F3 is a 300M wireless router released by Shenzhen Jixiang Tengda Technology Co., Ltd. on May 15, 2015. This vulnerability stems from the failure of the macFilterList parameter in the goform/setNAT file to properly validate the length of input data. An attacker could exploit this vulnerability to cause a denial of service
VAR-202509-1609 CVE-2025-57570 Shenzhen Tenda Technology Co.,Ltd.  of  F3  Classic buffer overflow vulnerability in firmware CVSS V2: 5.1
CVSS V3: 5.6
Severity: MEDIUM
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the QosList parameter in goform/setQoS. Shenzhen Tenda Technology Co.,Ltd. of F3 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda F3 is a 300M wireless router released by Shenzhen Jixiang Tengda Technology Co., Ltd. on May 15, 2015. This vulnerability stems from the failure of the QosList parameter in the goform/setQoS file to properly validate the length of input data. An attacker could exploit this vulnerability to cause a denial of service
VAR-202509-1556 CVE-2025-57569 Shenzhen Tenda Technology Co.,Ltd.  of  F3  Classic buffer overflow vulnerability in firmware CVSS V2: 5.1
CVSS V3: 5.6
Severity: MEDIUM
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the portList parameter in /goform/setNAT. Shenzhen Tenda Technology Co.,Ltd. of F3 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda F3 is a 300M wireless router launched by Shenzhen Jixiang Tengda Technology Co., Ltd. on May 15, 2015. This vulnerability stems from a failure to properly validate the length of input data in the portList parameter in the /goform/setNAT file. An attacker could exploit this vulnerability to cause a denial of service
VAR-202509-4150 No CVE Moxa EDR-G902 has a weak password vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The EDR-G902 is a high-performance, industrial-grade VPN security router. The Moxa EDR-G902 has a weak password vulnerability that could allow attackers to log into the system and obtain sensitive information.
VAR-202509-4458 No CVE Mosa Technology (Shanghai) Co., Ltd. EDR-810-VPN-2GSFP has a weak password vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The EDR-810-VPN-2GSFP is an industrial multi-port security router. The EDR-810-VPN-2GSFP from Moxa Technology (Shanghai) Co., Ltd. has a weak password vulnerability that could allow attackers to log into the system and obtain sensitive information.
VAR-202509-4523 No CVE D-Link DWR-M961 has a command execution vulnerability CVSS V2: 7.1
CVSS V3: -
Severity: HIGH
The DWR-M961 is a 4G LTE router. The D-Link DWR-M961 has a command execution vulnerability that could allow an attacker to execute arbitrary commands.
VAR-202509-0593 CVE-2025-57060 Shenzhen Tenda Technology Co.,Ltd.  of  G3  Stack-based buffer overflow vulnerability in firmware CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the rules parameter in the dns_forward_rule_store function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of G3 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda G3 is a QoS VPN router from the Chinese company Tenda. This vulnerability stems from the failure of the "rules" parameter in the dns_forward_rule_store function to properly validate the length of input data
VAR-202509-1065 CVE-2025-29089 TP-LINK AX10 information disclosure vulnerability CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
An issue in TP-Link AX10 Ax1500 v.1.3.10 Build (20230130) allows a remote attacker to obtain sensitive information. The TP-LINK AX10 is a router
VAR-202509-0714 CVE-2025-57086 Shenzhen Tenda Technology Co.,Ltd.  of  w30e  Stack-based buffer overflow vulnerability in firmware CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the String parameter in the formDeleteMeshNode function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of w30e A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda W30E is an enterprise-grade wireless router designed for SOHOs, small businesses, and small shops
VAR-202509-1340 CVE-2025-57085 Shenzhen Tenda Technology Co.,Ltd.  of  w30e  Stack-based buffer overflow vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the v17 parameter in the UploadCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of w30e A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda W30E is an enterprise-grade wireless router designed for SOHOs, small businesses, and small shops
VAR-202509-0592 CVE-2025-57078 Shenzhen Tenda Technology Co.,Ltd.  of  G3  Stack-based buffer overflow vulnerability in firmware CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the pppoeServerWhiteMacIndex parameter in the formModifyPppAuthWhiteMac function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of G3 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda G3 is a QoS VPN router from the Chinese company Tenda
VAR-202509-1017 CVE-2025-57087 Shenzhen Tenda Technology Co.,Ltd.  of  w30e  Stack-based buffer overflow vulnerability in firmware CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the countryCode parameter in the werlessAdvancedSet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of w30e A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda W30E is an enterprise-grade wireless router designed for SOHOs, small businesses, and small shops. This vulnerability stems from the inability of the countryCode parameter in the werlessAdvancedSet function to properly validate the length of input data
VAR-202509-1440 CVE-2025-57072 Shenzhen Tenda Technology Co.,Ltd.  of  G3  Stack-based buffer overflow vulnerability in firmware CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the staticRouteGateway parameter in the formSetStaticRoute function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of G3 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda G3 is a QoS VPN router from the Chinese company Tenda
VAR-202509-1119 CVE-2025-57071 Shenzhen Tenda Technology Co.,Ltd.  of  G3  Stack-based buffer overflow vulnerability in firmware CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the vpnUsers parameter in the formAddVpnUsers function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of G3 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda G3 is a QoS VPN router from the Chinese company Tenda. This vulnerability stems from the failure to properly validate the length of the input data in the vpnUsers parameter in the formAddVpnUsers function
VAR-202509-1234 CVE-2025-57070 Shenzhen Tenda Technology Co.,Ltd.  of  G3  Stack-based buffer overflow vulnerability in firmware CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the gstUp parameter in the guestWifiRuleRefresh function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of G3 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda G3 is an all-in-one micro-enterprise gateway launched by Tenda, designed specifically for small and medium-sized enterprises (SMEs) and providing integrated network solutions