VARIoT IoT vulnerabilities database

VAR-202502-2792 | CVE-2024-41334 | plural DrayTek Corporation Vulnerability related to certificate validation in products |
CVSS V2: - CVSS V3: 8.8 Severity: HIGH |
Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to v4.3.2.7, Vigor 3912 prior to v4.3.5.2, and Vigor 2925 up to v3.9.6 were discovered to not utilize certificate verification, allowing attackers to upload crafted APPE modules from non-official servers, leading to arbitrary code execution. vigor166 firmware, vigor2620 firmware, vigorlte200 firmware etc. DrayTek Corporation The product contains a certificate validation vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202502-3808 | No CVE | Sony Group Corporation SNC-RZ50N has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
SNC-RZ50N is a network camera with day and night switching function.
Sony Group Corporation SNC-RZ50N has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
VAR-202502-3792 | No CVE | Beijing Xingwang Ruijie Network Technology Co., Ltd. RG-UAC-6000-E20 has a command execution vulnerability |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
Beijing Xingwang Ruijie Network Technology Co., Ltd. is a provider of ICT infrastructure and industry solutions. Its main business is the research, design and sales of network equipment, network security products and cloud desktop solutions.
Beijing Xingwang Ruijie Network Technology Co., Ltd. RG-UAC-6000-E20 has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.
VAR-202502-3781 | No CVE | SAMSUNG X6250 has unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
SAMSUNG X6250 is an all-in-one computer.
SAMSUNG X6250 has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information.
VAR-202502-3809 | No CVE | SAMSUNG X6300 has unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
SAMSUNG X6300 is a camera product.
SAMSUNG X6300 has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
VAR-202502-3800 | No CVE | Toshiba Corporation. STUDIO3008A has an unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Toshiba Corporation. STUDIO3008A is a network printer.
Toshiba Corporation. STUDIO3008A has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information.
VAR-202502-3799 | No CVE | KONICA MINOLTA, INC. bizhub C258 has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
bizhub C258 is a color multifunction printer.
KONICA MINOLTA, INC. bizhub C258 has a weak password vulnerability that can be exploited by attackers to obtain sensitive information.
VAR-202502-2329 | CVE-2025-22881 | Delta Electronics CNCSoft-G2 Buffer Overflow Vulnerability (CNVD-2025-12364) |
CVSS V2: 7.2 CVSS V3: - Severity: High |
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics CNCSoft-G2 is a human-machine interface (HMI) software from Delta Electronics, a Chinese company
VAR-202502-3815 | No CVE | TOTOlink A3002R of Jiong Electronics (Shenzhen) Co., Ltd. has a denial of service vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Jiong Electronics (Shenzhen) Co., Ltd. is a high-tech foreign-invested enterprise specializing in the research and development, design, manufacturing and sales of various network products.
Jiong Electronics (Shenzhen) Co., Ltd. TOTOlink A3002R has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.
VAR-202502-3797 | No CVE | Samsung C3010ND has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
C3010ND is a laser printer.
Samsung C3010ND has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
VAR-202502-3813 | No CVE | Sony SNC-RH164 has unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
SNC-RH164 is a network high-definition speed dome camera.
Sony SNC-RH164 has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
VAR-202502-3853 | No CVE | Samsung (China) Investment Co., Ltd. C563FW has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Samsung (China) Investment Co., Ltd. is a company mainly engaged in investment activities, covering multiple fields, including sales and services of home appliances, electronic products, communication equipment, computer hardware and software, and auxiliary equipment.
Samsung (China) Investment Co., Ltd. C563FW has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
VAR-202502-3807 | No CVE | NETGEAR-WN3000RP has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
NETGEAR WN3000RP is a wireless access point with a frequency range of 2.4GHz.
NETGEAR WN3000RP has a weak password vulnerability that can be exploited by attackers to obtain sensitive information.
VAR-202502-3790 | No CVE | Samsung C430W has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
C430W is a laser printer.
Samsung C430W has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
VAR-202502-3802 | No CVE | Toshiba Corporation. e-STUDIO2515AC has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
e-STUDIO2515AC is a multifunctional color digital MFP.
Toshiba Corporation. e-STUDIO2515AC has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
VAR-202502-3855 | No CVE | Mitsubishi Electric (China) Co., Ltd. Mitsubishi M70 BND-1000W022-K1 has industrial control equipment vulnerabilities |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
M70 BND-1000W022-K1 is a digital controller.
Mitsubishi Electric (China) Co., Ltd. Mitsubishi M70 BND-1000W022-K1 has an industrial control device vulnerability, which can be exploited by attackers to cause denial of service.
VAR-202502-3782 | No CVE | Konica Minolta (China) Investment Co., Ltd. MOBOTIX v26 has an unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Konica Minolta (China) Investment Co., Ltd. is a limited company whose main business is optical imaging, office equipment, medical and industrial equipment.
There is an unauthorized access vulnerability in MOBOTIX v26 of Konica Minolta (China) Investment Co., Ltd., which can be exploited by attackers to obtain sensitive information.
VAR-202502-3819 | No CVE | Lexmark MC2535adwe has unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Lexmark MC2535adwe is a color multifunction laser printer.
Lexmark MC2535adwe has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information.
VAR-202502-3820 | No CVE | Lexmark Information Technology (China) Co., Ltd. Lexmark MX331adn printer has unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The Lexmark MX331adn printer has functions such as single-sided automatic scanning, copying, faxing and touch screen.
The Lexmark MX331adn printer of Lexmark Information Technology (China) Co., Ltd. has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
VAR-202502-3801 | No CVE | Konica Minolta (China) Investment Co., Ltd. MOBOTIX D25 has an unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Konica Minolta (China) Investment Co., Ltd. is a limited company whose main business is optical imaging, office equipment, medical and industrial equipment.
Konica Minolta (China) Investment Co., Ltd. MOBOTIX D25 has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.