VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202502-2792 CVE-2024-41334 plural  DrayTek Corporation  Vulnerability related to certificate validation in products CVSS V2: -
CVSS V3: 8.8
Severity: HIGH
Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to v4.3.2.7, Vigor 3912 prior to v4.3.5.2, and Vigor 2925 up to v3.9.6 were discovered to not utilize certificate verification, allowing attackers to upload crafted APPE modules from non-official servers, leading to arbitrary code execution. vigor166 firmware, vigor2620 firmware, vigorlte200 firmware etc. DrayTek Corporation The product contains a certificate validation vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202502-3808 No CVE Sony Group Corporation SNC-RZ50N has weak password vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
SNC-RZ50N is a network camera with day and night switching function. Sony Group Corporation SNC-RZ50N has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
VAR-202502-3792 No CVE Beijing Xingwang Ruijie Network Technology Co., Ltd. RG-UAC-6000-E20 has a command execution vulnerability CVSS V2: 7.1
CVSS V3: -
Severity: HIGH
Beijing Xingwang Ruijie Network Technology Co., Ltd. is a provider of ICT infrastructure and industry solutions. Its main business is the research, design and sales of network equipment, network security products and cloud desktop solutions. Beijing Xingwang Ruijie Network Technology Co., Ltd. RG-UAC-6000-E20 has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.
VAR-202502-3781 No CVE SAMSUNG X6250 has unauthorized access vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
SAMSUNG X6250 is an all-in-one computer. SAMSUNG X6250 has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information.
VAR-202502-3809 No CVE SAMSUNG X6300 has unauthorized access vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
SAMSUNG X6300 is a camera product. SAMSUNG X6300 has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
VAR-202502-3800 No CVE Toshiba Corporation. STUDIO3008A has an unauthorized access vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Toshiba Corporation. STUDIO3008A is a network printer. Toshiba Corporation. STUDIO3008A has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information.
VAR-202502-3799 No CVE KONICA MINOLTA, INC. bizhub C258 has weak password vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
bizhub C258 is a color multifunction printer. KONICA MINOLTA, INC. bizhub C258 has a weak password vulnerability that can be exploited by attackers to obtain sensitive information.
VAR-202502-2329 CVE-2025-22881 Delta Electronics CNCSoft-G2 Buffer Overflow Vulnerability (CNVD-2025-12364) CVSS V2: 7.2
CVSS V3: -
Severity: High
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics CNCSoft-G2 is a human-machine interface (HMI) software from Delta Electronics, a Chinese company
VAR-202502-3815 No CVE TOTOlink A3002R of Jiong Electronics (Shenzhen) Co., Ltd. has a denial of service vulnerability CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
Jiong Electronics (Shenzhen) Co., Ltd. is a high-tech foreign-invested enterprise specializing in the research and development, design, manufacturing and sales of various network products. Jiong Electronics (Shenzhen) Co., Ltd. TOTOlink A3002R has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.
VAR-202502-3797 No CVE Samsung C3010ND has weak password vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
C3010ND is a laser printer. Samsung C3010ND has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
VAR-202502-3813 No CVE Sony SNC-RH164 has unauthorized access vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
SNC-RH164 is a network high-definition speed dome camera. Sony SNC-RH164 has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
VAR-202502-3853 No CVE Samsung (China) Investment Co., Ltd. C563FW has a weak password vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Samsung (China) Investment Co., Ltd. is a company mainly engaged in investment activities, covering multiple fields, including sales and services of home appliances, electronic products, communication equipment, computer hardware and software, and auxiliary equipment. Samsung (China) Investment Co., Ltd. C563FW has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
VAR-202502-3807 No CVE NETGEAR-WN3000RP has a weak password vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
NETGEAR WN3000RP is a wireless access point with a frequency range of 2.4GHz. NETGEAR WN3000RP has a weak password vulnerability that can be exploited by attackers to obtain sensitive information.
VAR-202502-3790 No CVE Samsung C430W has weak password vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
C430W is a laser printer. Samsung C430W has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
VAR-202502-3802 No CVE Toshiba Corporation. e-STUDIO2515AC has a weak password vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
e-STUDIO2515AC is a multifunctional color digital MFP. Toshiba Corporation. e-STUDIO2515AC has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
VAR-202502-3855 No CVE Mitsubishi Electric (China) Co., Ltd. Mitsubishi M70 BND-1000W022-K1 has industrial control equipment vulnerabilities CVSS V2: 6.1
CVSS V3: -
Severity: MEDIUM
M70 BND-1000W022-K1 is a digital controller. Mitsubishi Electric (China) Co., Ltd. Mitsubishi M70 BND-1000W022-K1 has an industrial control device vulnerability, which can be exploited by attackers to cause denial of service.
VAR-202502-3782 No CVE Konica Minolta (China) Investment Co., Ltd. MOBOTIX v26 has an unauthorized access vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Konica Minolta (China) Investment Co., Ltd. is a limited company whose main business is optical imaging, office equipment, medical and industrial equipment. There is an unauthorized access vulnerability in MOBOTIX v26 of Konica Minolta (China) Investment Co., Ltd., which can be exploited by attackers to obtain sensitive information.
VAR-202502-3819 No CVE Lexmark MC2535adwe has unauthorized access vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Lexmark MC2535adwe is a color multifunction laser printer. Lexmark MC2535adwe has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information.
VAR-202502-3820 No CVE Lexmark Information Technology (China) Co., Ltd. Lexmark MX331adn printer has unauthorized access vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The Lexmark MX331adn printer has functions such as single-sided automatic scanning, copying, faxing and touch screen. The Lexmark MX331adn printer of Lexmark Information Technology (China) Co., Ltd. has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
VAR-202502-3801 No CVE Konica Minolta (China) Investment Co., Ltd. MOBOTIX D25 has an unauthorized access vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Konica Minolta (China) Investment Co., Ltd. is a limited company whose main business is optical imaging, office equipment, medical and industrial equipment. Konica Minolta (China) Investment Co., Ltd. MOBOTIX D25 has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.