VARIoT IoT vulnerabilities database
| VAR-202509-0500 | CVE-2025-57069 | Shenzhen Tenda Technology Co.,Ltd. of G3 Stack-based buffer overflow vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the pPppUser parameter in the getsinglepppuser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of G3 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. Tenda G3 is an all-in-one micro-enterprise gateway launched by Tenda. Designed specifically for small and medium-sized enterprises, it provides integrated network solutions.
The Tenda G3 suffers from a buffer overflow vulnerability caused by a failure to properly validate the length of the input data in the getsinglepppuser function's pPppUser parameter
| VAR-202509-0715 | CVE-2025-57063 | Shenzhen Tenda Technology Co.,Ltd. of G3 Stack-based buffer overflow vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the portMappingIndex parameter in the formDelPortMapping function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of G3 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda G3 is a QoS VPN router from the Chinese company Tenda
| VAR-202509-1341 | CVE-2025-57062 | Shenzhen Tenda Technology Co.,Ltd. of G3 Stack-based buffer overflow vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the delDhcpIndex parameter in the formDelDhcpRule function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of G3 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda G3 is a QoS VPN router from the Chinese company Tenda. This vulnerability stems from the fact that the delDhcpIndex parameter in the formDelDhcpRule function fails to properly validate the length of input data
| VAR-202509-0913 | CVE-2025-57061 | Shenzhen Tenda Technology Co.,Ltd. of G3 Stack-based buffer overflow vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda G3 v3.0br_V15.11.0.17 was discovered to contain multiple stack overflows in the formIPMacBindModify function via the ruleId, ip, mac, v6 and remark parameters. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of G3 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda G3 is a QoS VPN router from the Chinese company Tenda
| VAR-202509-1120 | CVE-2025-57059 | Shenzhen Tenda Technology Co.,Ltd. of G3 Stack-based buffer overflow vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the dhcpIndex parameter in the addDhcpRule function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of G3 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda G3 is a QoS VPN router from the Chinese company Tenda. This vulnerability stems from the failure of the addDhcpRule function to properly validate the length of the input data in the dhcpIndex parameter
| VAR-202509-1235 | CVE-2025-57058 | Shenzhen Tenda Technology Co.,Ltd. of G3 Stack-based buffer overflow vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda G3 v3.0br_V15.11.0.17 was discovered to contain multiple stack overflows in the formSetDebugCfg function via the pEnable, pLevel, and pModule parameters. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of G3 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda G3 is a QoS VPN router from the Chinese company Tenda
| VAR-202509-0811 | CVE-2025-57057 | Shenzhen Tenda Technology Co.,Ltd. of G3 Stack-based buffer overflow vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the listStr parameter in the ipMacBindListStore function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of G3 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. Tenda G3 is an all-in-one micro-enterprise gateway launched by Tenda, designed specifically for small and medium-sized enterprises, providing integrated network solutions. This vulnerability stems from the failure of the listStr parameter in the ipMacBindListStore function to properly validate the length of input data
| VAR-202509-0772 | CVE-2025-9065 | Rockwell Automation ThinManager Server Request Forgery Vulnerability |
CVSS V2: 8.3 CVSS V3: 8.8 Severity: HIGH |
A server-side request forgery security issue exists within Rockwell Automation ThinManager® software due to the lack of input sanitization. Authenticated attackers can exploit this vulnerability by specifying external SMB paths, exposing the ThinServer® service account NTLM hash. Rockwell Automation ThinManager is thin client management software from Rockwell Automation. It allows thin clients to be assigned to multiple remote desktop servers simultaneously. An attacker can exploit this vulnerability to forge server-side requests
| VAR-202509-0459 | CVE-2025-8008 | plural Rockwell Automation Product Exceptional State Handling Vulnerability |
CVSS V2: - CVSS V3: 6.5 Severity: MEDIUM |
A security issue exists in the protected mode of EN4TR devices, where sending specifically crafted messages during a Forward Close operation can cause the device to crash. 1756-en2tr series a firmware, 1756-en2tr series b firmware, 1756-en2tr series c firmware etc. Rockwell Automation The product contains an exceptional state handling vulnerability.Service operation interruption (DoS) It may be in a state
| VAR-202509-1087 | CVE-2025-8007 | plural Rockwell Automation Product vulnerabilities |
CVSS V2: - CVSS V3: 6.5 Severity: MEDIUM |
A security issue exists in the protected mode of 1756-EN4TR and 1756-EN2TR communication modules, where a Concurrent Forward Close operation can trigger a Major Non-Recoverable (MNFR) fault. This condition may lead to unexpected system crashes and loss of device availability. 1756-en2tr series a firmware, 1756-en2tr series b firmware, 1756-en2tr series c firmware etc. Rockwell Automation There are unspecified vulnerabilities in the product.Service operation interruption (DoS) It may be in a state
| VAR-202509-0677 | CVE-2025-7970 | Rockwell Automation of FactoryTalk Activation Manager Vulnerability regarding lack of authentication for critical features in |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
A security issue exists within FactoryTalk Activation Manager. An error in the implementation of cryptography within the software could allow attackers to decrypt traffic. This could result in data exposure, session hijacking, or full communication compromise. Rockwell Automation of FactoryTalk Activation Manager There is a vulnerability in the lack of authentication for critical features.Information may be obtained. Rockwell Automation is a leading global provider of industrial automation and control solutions, focused on helping companies achieve smart manufacturing and digital transformation
| VAR-202509-0308 | CVE-2025-40798 | Siemens' SIMATIC PCS neo and User Management Component (UMC) Out-of-bounds read vulnerability in |
CVSS V2: - CVSS V3: 7.5 Severity: High |
A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions < V6.0 SP1 Update 1), User Management Component (UMC) (All versions < V2.15.1.3). Affected products contain a out-of-bounds read vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition. Siemens' SIMATIC PCS neo and User Management Component (UMC) Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state
| VAR-202509-0310 | CVE-2025-40797 | Siemens' SIMATIC PCS neo and User Management Component (UMC) Out-of-bounds read vulnerability in |
CVSS V2: - CVSS V3: 7.5 Severity: High |
A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions < V6.0 SP1 Update 1), User Management Component (UMC) (All versions < V2.15.1.3). Affected products contain a out-of-bounds read vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition. Siemens' SIMATIC PCS neo and User Management Component (UMC) Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state
| VAR-202509-0309 | CVE-2025-40796 | Siemens' SIMATIC PCS neo and User Management Component (UMC) Out-of-bounds read vulnerability in |
CVSS V2: - CVSS V3: 7.5 Severity: High |
A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions < V6.0 SP1 Update 1), User Management Component (UMC) (All versions < V2.15.1.3). Affected products contain a out-of-bounds read vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition. Siemens' SIMATIC PCS neo and User Management Component (UMC) Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state
| VAR-202509-0307 | CVE-2025-40795 | Siemens' SIMATIC PCS neo and User Management Component (UMC) Stack-based buffer overflow vulnerability in |
CVSS V2: - CVSS V3: 9.8 Severity: Critical |
A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions < V6.0 SP1 Update 1), User Management Component (UMC) (All versions < V2.15.1.3). Affected products contain a stack-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code or to cause a denial of service condition. Siemens' SIMATIC PCS neo and User Management Component (UMC) Exists in a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202509-0363 | CVE-2025-40594 |
CVSS V2: - CVSS V3: 6.3 Severity: Medium |
A vulnerability has been identified in SINAMICS G220 V6.4 (All versions < V6.4 HF2), SINAMICS S200 V6.4 (All versions < V6.4 HF7), SINAMICS S210 V6.4 (All versions < V6.4 HF2). The affected devices allow a factory reset to be executed without the required privileges due to improper privilege management as well as manipulation of configuration data because of leaked privileges of previous sessions. This could allow an unauthorized attacker to escalate their privileges.
| VAR-202509-0246 | CVE-2025-10123 | D-Link Corporation of DIR-823X Injection Vulnerability in Firmware |
CVSS V2: 7.5 CVSS V3: 7.3 Severity: Medium |
A vulnerability was determined in D-Link DIR-823X up to 250416. Affected by this vulnerability is the function sub_415028 of the file /goform/set_static_leases. Executing manipulation of the argument Hostname can lead to command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. D-Link Corporation of DIR-823X The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DIR-823X is a wireless router manufactured by D-Link, a Chinese company. This vulnerability could allow an attacker to execute arbitrary commands on the system
| VAR-202509-0625 | CVE-2025-42920 |
CVSS V2: - CVSS V3: 6.1 Severity: MEDIUM |
Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management, an unauthenticated attacker could generate a malicious link and make it publicly accessible. If an authenticated victim clicks on the link, the injected input is processed during the page generation, resulting in the execution of malicious content. This execution allows the attacker to access and modify information within the victim's browser scope, impacting confidentiality and integrity, while availability remains unaffected.
| VAR-202509-0311 | CVE-2025-10120 | Shenzhen Tenda Technology Co.,Ltd. of AC20 Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was detected in Tenda AC20 up to 16.03.08.12. The impacted element is the function strcpy of the file /goform/GetParentControlInfo. The manipulation of the argument mac results in buffer overflow. The attack may be performed from remote. The exploit is now public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC20 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. An attacker could exploit this vulnerability by remotely sending specially crafted data to trigger the buffer overflow, thereby executing arbitrary code or causing the system to crash
| VAR-202509-0249 | CVE-2025-10093 | D-Link Corporation of DIR-852 Firmware vulnerabilities |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: Medium |
A vulnerability was identified in D-Link DIR-852 up to 1.00CN B09. Affected by this vulnerability is the function phpcgi_main of the file /getcfg.php of the component Device Configuration Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Corporation of DIR-852 There are unspecified vulnerabilities in the firmware.Information may be obtained