VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202509-0500 CVE-2025-57069 Shenzhen Tenda Technology Co.,Ltd.  of  G3  Stack-based buffer overflow vulnerability in firmware CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the pPppUser parameter in the getsinglepppuser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of G3 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. Tenda G3 is an all-in-one micro-enterprise gateway launched by Tenda. Designed specifically for small and medium-sized enterprises, it provides integrated network solutions. The Tenda G3 suffers from a buffer overflow vulnerability caused by a failure to properly validate the length of the input data in the getsinglepppuser function's pPppUser parameter
VAR-202509-0715 CVE-2025-57063 Shenzhen Tenda Technology Co.,Ltd.  of  G3  Stack-based buffer overflow vulnerability in firmware CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the portMappingIndex parameter in the formDelPortMapping function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of G3 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda G3 is a QoS VPN router from the Chinese company Tenda
VAR-202509-1341 CVE-2025-57062 Shenzhen Tenda Technology Co.,Ltd.  of  G3  Stack-based buffer overflow vulnerability in firmware CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the delDhcpIndex parameter in the formDelDhcpRule function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of G3 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda G3 is a QoS VPN router from the Chinese company Tenda. This vulnerability stems from the fact that the delDhcpIndex parameter in the formDelDhcpRule function fails to properly validate the length of input data
VAR-202509-0913 CVE-2025-57061 Shenzhen Tenda Technology Co.,Ltd.  of  G3  Stack-based buffer overflow vulnerability in firmware CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
Tenda G3 v3.0br_V15.11.0.17 was discovered to contain multiple stack overflows in the formIPMacBindModify function via the ruleId, ip, mac, v6 and remark parameters. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of G3 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda G3 is a QoS VPN router from the Chinese company Tenda
VAR-202509-1120 CVE-2025-57059 Shenzhen Tenda Technology Co.,Ltd.  of  G3  Stack-based buffer overflow vulnerability in firmware CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the dhcpIndex parameter in the addDhcpRule function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of G3 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda G3 is a QoS VPN router from the Chinese company Tenda. This vulnerability stems from the failure of the addDhcpRule function to properly validate the length of the input data in the dhcpIndex parameter
VAR-202509-1235 CVE-2025-57058 Shenzhen Tenda Technology Co.,Ltd.  of  G3  Stack-based buffer overflow vulnerability in firmware CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
Tenda G3 v3.0br_V15.11.0.17 was discovered to contain multiple stack overflows in the formSetDebugCfg function via the pEnable, pLevel, and pModule parameters. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of G3 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda G3 is a QoS VPN router from the Chinese company Tenda
VAR-202509-0811 CVE-2025-57057 Shenzhen Tenda Technology Co.,Ltd.  of  G3  Stack-based buffer overflow vulnerability in firmware CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the listStr parameter in the ipMacBindListStore function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of G3 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. Tenda G3 is an all-in-one micro-enterprise gateway launched by Tenda, designed specifically for small and medium-sized enterprises, providing integrated network solutions. This vulnerability stems from the failure of the listStr parameter in the ipMacBindListStore function to properly validate the length of input data
VAR-202509-0772 CVE-2025-9065 Rockwell Automation ThinManager Server Request Forgery Vulnerability CVSS V2: 8.3
CVSS V3: 8.8
Severity: HIGH
A server-side request forgery security issue exists within Rockwell Automation ThinManager® software due to the lack of input sanitization. Authenticated attackers can exploit this vulnerability by specifying external SMB paths, exposing the ThinServer® service account NTLM hash. Rockwell Automation ThinManager is thin client management software from Rockwell Automation. It allows thin clients to be assigned to multiple remote desktop servers simultaneously. An attacker can exploit this vulnerability to forge server-side requests
VAR-202509-0459 CVE-2025-8008 plural  Rockwell Automation  Product Exceptional State Handling Vulnerability CVSS V2: -
CVSS V3: 6.5
Severity: MEDIUM
A security issue exists in the protected mode of EN4TR devices, where sending specifically crafted messages during a Forward Close operation can cause the device to crash. 1756-en2tr series a firmware, 1756-en2tr series b firmware, 1756-en2tr series c firmware etc. Rockwell Automation The product contains an exceptional state handling vulnerability.Service operation interruption (DoS) It may be in a state
VAR-202509-1087 CVE-2025-8007 plural  Rockwell Automation  Product vulnerabilities CVSS V2: -
CVSS V3: 6.5
Severity: MEDIUM
A security issue exists in the protected mode of 1756-EN4TR and 1756-EN2TR communication modules, where a Concurrent Forward Close operation can trigger a Major Non-Recoverable (MNFR) fault. This condition may lead to unexpected system crashes and loss of device availability. 1756-en2tr series a firmware, 1756-en2tr series b firmware, 1756-en2tr series c firmware etc. Rockwell Automation There are unspecified vulnerabilities in the product.Service operation interruption (DoS) It may be in a state
VAR-202509-0677 CVE-2025-7970 Rockwell Automation  of  FactoryTalk Activation Manager  Vulnerability regarding lack of authentication for critical features in CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
A security issue exists within FactoryTalk Activation Manager. An error in the implementation of cryptography within the software could allow attackers to decrypt traffic. This could result in data exposure, session hijacking, or full communication compromise. Rockwell Automation of FactoryTalk Activation Manager There is a vulnerability in the lack of authentication for critical features.Information may be obtained. Rockwell Automation is a leading global provider of industrial automation and control solutions, focused on helping companies achieve smart manufacturing and digital transformation
VAR-202509-0308 CVE-2025-40798 Siemens'  SIMATIC PCS neo  and  User Management Component (UMC)  Out-of-bounds read vulnerability in CVSS V2: -
CVSS V3: 7.5
Severity: High
A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions < V6.0 SP1 Update 1), User Management Component (UMC) (All versions < V2.15.1.3). Affected products contain a out-of-bounds read vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition. Siemens' SIMATIC PCS neo and User Management Component (UMC) Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state
VAR-202509-0310 CVE-2025-40797 Siemens'  SIMATIC PCS neo  and  User Management Component (UMC)  Out-of-bounds read vulnerability in CVSS V2: -
CVSS V3: 7.5
Severity: High
A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions < V6.0 SP1 Update 1), User Management Component (UMC) (All versions < V2.15.1.3). Affected products contain a out-of-bounds read vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition. Siemens' SIMATIC PCS neo and User Management Component (UMC) Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state
VAR-202509-0309 CVE-2025-40796 Siemens'  SIMATIC PCS neo  and  User Management Component (UMC)  Out-of-bounds read vulnerability in CVSS V2: -
CVSS V3: 7.5
Severity: High
A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions < V6.0 SP1 Update 1), User Management Component (UMC) (All versions < V2.15.1.3). Affected products contain a out-of-bounds read vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition. Siemens' SIMATIC PCS neo and User Management Component (UMC) Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state
VAR-202509-0307 CVE-2025-40795 Siemens'  SIMATIC PCS neo  and  User Management Component (UMC)  Stack-based buffer overflow vulnerability in CVSS V2: -
CVSS V3: 9.8
Severity: Critical
A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions < V6.0 SP1 Update 1), User Management Component (UMC) (All versions < V2.15.1.3). Affected products contain a stack-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code or to cause a denial of service condition. Siemens' SIMATIC PCS neo and User Management Component (UMC) Exists in a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202509-0363 CVE-2025-40594 CVSS V2: -
CVSS V3: 6.3
Severity: Medium
A vulnerability has been identified in SINAMICS G220 V6.4 (All versions < V6.4 HF2), SINAMICS S200 V6.4 (All versions < V6.4 HF7), SINAMICS S210 V6.4 (All versions < V6.4 HF2). The affected devices allow a factory reset to be executed without the required privileges due to improper privilege management as well as manipulation of configuration data because of leaked privileges of previous sessions. This could allow an unauthorized attacker to escalate their privileges.
VAR-202509-0246 CVE-2025-10123 D-Link Corporation  of  DIR-823X  Injection Vulnerability in Firmware CVSS V2: 7.5
CVSS V3: 7.3
Severity: Medium
A vulnerability was determined in D-Link DIR-823X up to 250416. Affected by this vulnerability is the function sub_415028 of the file /goform/set_static_leases. Executing manipulation of the argument Hostname can lead to command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. D-Link Corporation of DIR-823X The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DIR-823X is a wireless router manufactured by D-Link, a Chinese company. This vulnerability could allow an attacker to execute arbitrary commands on the system
VAR-202509-0625 CVE-2025-42920 CVSS V2: -
CVSS V3: 6.1
Severity: MEDIUM
Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management, an unauthenticated attacker could generate a malicious link and make it publicly accessible. If an authenticated victim clicks on the link, the injected input is processed during the page generation, resulting in the execution of malicious content. This execution allows the attacker to access and modify information within the victim's browser scope, impacting confidentiality and integrity, while availability remains unaffected.
VAR-202509-0311 CVE-2025-10120 Shenzhen Tenda Technology Co.,Ltd.  of  AC20  Buffer error vulnerability in firmware CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability was detected in Tenda AC20 up to 16.03.08.12. The impacted element is the function strcpy of the file /goform/GetParentControlInfo. The manipulation of the argument mac results in buffer overflow. The attack may be performed from remote. The exploit is now public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC20 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. An attacker could exploit this vulnerability by remotely sending specially crafted data to trigger the buffer overflow, thereby executing arbitrary code or causing the system to crash
VAR-202509-0249 CVE-2025-10093 D-Link Corporation  of  DIR-852  Firmware vulnerabilities CVSS V2: 5.0
CVSS V3: 5.3
Severity: Medium
A vulnerability was identified in D-Link DIR-852 up to 1.00CN B09. Affected by this vulnerability is the function phpcgi_main of the file /getcfg.php of the component Device Configuration Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Corporation of DIR-852 There are unspecified vulnerabilities in the firmware.Information may be obtained