VARIoT IoT vulnerabilities database
| VAR-202509-0136 | CVE-2025-9812 | Shenzhen Tenda Technology Co.,Ltd. of ch22 Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was determined in Tenda CH22 1.0.0.1. This vulnerability affects the function formexeCommand of the file /goform/exeCommand. Executing manipulation of the argument cmdinput can lead to buffer overflow. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. Shenzhen Tenda Technology Co.,Ltd. of ch22 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability stems from the failure of the cmdinput parameter in the /goform/exeCommand file to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service
| VAR-202509-0137 | CVE-2025-9806 |
CVSS V2: 0.8 CVSS V3: 1.9 Severity: Low |
A vulnerability was determined in Tenda F1202 1.2.0.9/1.2.0.14/1.2.0.20. Impacted is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation with the input Fireitup causes hard-coded credentials. The attack can only be executed locally. A high degree of complexity is needed for the attack. The exploitability is considered difficult. The exploit has been publicly disclosed and may be utilized.
| VAR-202509-0139 | CVE-2025-9791 | Shenzhen Tenda Technology Co.,Ltd. of AC20 Out-of-bounds write vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A weakness has been identified in Tenda AC20 16.03.08.05. This vulnerability affects unknown code of the file /goform/fromAdvSetMacMtuWan. This manipulation of the argument wanMTU causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. Shenzhen Tenda Technology Co.,Ltd. of AC20 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability stems from the failure of the wanMTU parameter in the file /goform/fromAdvSetMacMtuWan to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202509-0021 | CVE-2025-9783 | TOTOLINK of A702R Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was determined in TOTOLINK A702R 4.0.0-B20211108.1423. This issue affects the function sub_418030 of the file /boafrm/formParentControl. Executing manipulation of the argument submit-url can lead to buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. TOTOLINK of A702R The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK A702R is a wireless router manufactured by China's TOTOLINK Electronics, primarily used for home network connectivity and signal coverage.
The TOTOLINK A702R suffers from a buffer overflow vulnerability caused by a failure to properly validate the length of input data in the submit-url parameter in the /boafrm/formParentControl file. This vulnerability could allow an attacker to execute arbitrary code on the system or cause a denial of service
| VAR-202509-0188 | CVE-2025-9782 | TOTOLINK of A702R Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was found in TOTOLINK A702R 4.0.0-B20211108.1423. This vulnerability affects the function sub_4466F8 of the file /boafrm/formOneKeyAccessButton. Performing manipulation of the argument submit-url results in buffer overflow. The attack may be initiated remotely. The exploit has been made public and could be used. TOTOLINK of A702R The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK A702R is a wireless router manufactured by China's TOTOLINK Electronics, primarily used for home network connectivity and signal coverage.
The TOTOLINK A702R suffers from a buffer overflow vulnerability caused by a failure to properly validate the length of input data in the submit-url parameter in the file /boafrm/formOneKeyAccessButton. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service
| VAR-202509-0071 | CVE-2025-9781 | TOTOLINK of A702R Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability has been found in TOTOLINK A702R 4.0.0-B20211108.1423. This affects the function sub_4162DC of the file /boafrm/formFilter. Such manipulation of the argument ip6addr leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of A702R The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK A702R is a wireless router manufactured by China's TOTOLINK Electronics, primarily used for home network connectivity and signal coverage. This vulnerability could allow an attacker to execute arbitrary code or cause a denial of service (DoS) on the system
| VAR-202509-0010 | CVE-2025-9780 | TOTOLINK of A702R Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A flaw has been found in TOTOLINK A702R 4.0.0-B20211108.1423. Affected by this issue is the function sub_419BE0 of the file /boafrm/formIpQoS. This manipulation of the argument mac causes buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used. TOTOLINK of A702R The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK A702R is a wireless router manufactured by China's TOTOLINK Electronics, primarily used for home network connectivity and signal coverage.
The TOTOLINK A702R suffers from a buffer overflow vulnerability caused by a failure to properly validate the length of input data in the parameter mac in the file /boafrm/formIpQoS. This vulnerability could allow an attacker to execute arbitrary code on the system or cause a denial of service
| VAR-202509-0003 | CVE-2025-9779 | TOTOLINK of A702R Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was detected in TOTOLINK A702R 4.0.0-B20211108.1423. Affected by this vulnerability is the function sub_4162DC of the file /boafrm/formFilter. The manipulation of the argument ip6addr results in buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used. TOTOLINK of A702R The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK A702R is a wireless router manufactured by China's TOTOLINK Electronics, primarily used for home network connectivity and signal coverage. This vulnerability could allow an attacker to execute arbitrary code or cause a denial of service
| VAR-202509-0004 | CVE-2025-9778 | Shenzhen Tenda Technology Co.,Ltd. of W12 Vulnerability related to use of hardcoded credentials in firmware |
CVSS V2: 0.8 CVSS V3: 1.9 Severity: Low |
A security vulnerability has been detected in Tenda W12 up to 3.0.0.6(3948). Affected is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed publicly and may be used. Shenzhen Tenda Technology Co.,Ltd. of W12 A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda W12 is a dual-band gigabit wireless panel access point (AP) from Tenda Technology, designed for scenarios such as hotels, villas, and large apartments. It supports the IEEE 802.11ac protocol and the Wave2 standard, and boasts a dual-band concurrent speed of 1167Mbps. Attackers can exploit this vulnerability to obtain sensitive information
| VAR-202509-0708 | CVE-2025-58318 | Delta Electronics DIAView Security Bypass Vulnerability |
CVSS V2: 6.4 CVSS V3: - Severity: Medium |
Delta Electronics DIAView has an authentication bypass vulnerability
| VAR-202509-0115 | CVE-2025-20708 | Out-of-bounds write vulnerability in multiple MediaTek products |
CVSS V2: - CVSS V3: 8.8 Severity: HIGH |
In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01123853; Issue ID: MSV-4131. NR15 , nr16 , NR17 A number of MediaTek products, including the following, contain out-of-bounds write vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202509-0101 | CVE-2025-20703 | Out-of-bounds read vulnerability in multiple MediaTek products |
CVSS V2: - CVSS V3: 6.5 Severity: MEDIUM |
In Modem, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01599794; Issue ID: MSV-3708. NR15 , nr16 , NR17 Multiple MediaTek products, including the following, contain vulnerabilities related to out-of-bounds reading.Service operation interruption (DoS) It may be in a state
| VAR-202509-0001 | CVE-2025-9752 | D-Link Corporation of DIR-852 in the firmware OS Command injection vulnerability |
CVSS V2: 7.5 CVSS V3: 7.3 Severity: Medium |
A security vulnerability has been detected in D-Link DIR-852 1.00CN B09. Impacted is the function soapcgi_main of the file soap.cgi of the component SOAP Service. Such manipulation of the argument service leads to os command injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer. (DoS) It may be in a state
| VAR-202508-2441 | CVE-2025-9748 | Shenzhen Tenda Technology Co.,Ltd. of ch22 Out-of-bounds write vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was determined in Tenda CH22 1.0.0.1. Affected by this issue is the function fromIpsecitem of the file /goform/IPSECsave of the component httpd. Executing manipulation of the argument ipsecno can lead to stack-based buffer overflow. The attack may be performed from remote. Shenzhen Tenda Technology Co.,Ltd. of ch22 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state.
The Tenda CH22 suffers from a buffer overflow vulnerability caused by a failure to properly validate the length of the input data in the parameter "ipsecno" in the file "/goform/IPSECsave". This vulnerability could allow an attacker to execute arbitrary code on the system or cause a denial of service
| VAR-202508-2473 | CVE-2025-9745 | D-Link Corporation of DI-500WF in the firmware OS Command injection vulnerability |
CVSS V2: 5.8 CVSS V3: 4.7 Severity: Low |
A security vulnerability has been detected in D-Link DI-500WF 14.04.10A1T. The impacted element is an unknown function of the file /version_upgrade.asp of the component jhttpd. The manipulation of the argument path leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. D-Link Corporation of DI-500WF The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DI-500WF is a panel-mounted wireless access point (AP) primarily used for building wireless network coverage environments. It supports the 802.11n protocol and has a theoretical maximum transmission rate of 150Mbps. This vulnerability stems from the fact that the parameter `path` in the file `/version_upgrade.asp` fails to properly filter special characters and commands used in command construction. Detailed vulnerability information is not currently available
| VAR-202508-2475 | CVE-2025-9731 | Shenzhen Tenda Technology Co.,Ltd. of AC9 Hardcoded password usage vulnerability in firmware |
CVSS V2: 1.0 CVSS V3: 2.5 Severity: Low |
A vulnerability was determined in Tenda AC9 15.03.05.19. The impacted element is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation causes hard-coded credentials. It is possible to launch the attack on the local host. The attack's complexity is rated as high. The exploitability is regarded as difficult. The exploit has been publicly disclosed and may be utilized. Shenzhen Tenda Technology Co.,Ltd. of AC9 The firmware contains vulnerabilities related to the use of hard-coded passwords and vulnerabilities related to the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. An attacker could exploit this vulnerability to compromise confidentiality
| VAR-202508-2617 | CVE-2025-9727 | D-Link Corporation of DIR-816L Command injection vulnerability in firmware |
CVSS V2: 6.5 CVSS V3: 6.3 Severity: Low |
A weakness has been identified in D-Link DIR-816L 206b01. Affected by this issue is the function soapcgi_main of the file /soap.cgi. This manipulation of the argument service causes os command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Corporation of DIR-816L The firmware contains a command injection vulnerability. (DoS) It may be in a state. The D-Link DIR-816L is a dual-band wireless router that supports 2.4GHz and 5GHz bands, with a maximum transmission rate of 450Mbps. This vulnerability stems from the fact that the `service` parameter in the file `/soap.cgi` fails to properly filter special characters and commands used in command construction. Detailed vulnerability information is not currently available
| VAR-202508-3455 | No CVE | Mosa Technology (Shanghai) Co., Ltd.'s NPort 5410 has an unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The NPort 5410 is an industrial-grade serial communication processor primarily used to connect traditional serial devices to a network for remote management and monitoring.
The NPort 5410 from Mosa Technology (Shanghai) Co., Ltd. has an unauthorized access vulnerability that could allow attackers to obtain sensitive information.
| VAR-202508-2645 | CVE-2025-9377 | plural TP-LINK Technologies In the product OS Command injection vulnerability |
CVSS V2: - CVSS V3: 7.2 Severity: HIGH |
The authenticated remote command execution (RCE) vulnerability exists in the Parental Control page on TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9.
This issue affects Archer C7(EU) V2: before 241108 and TL-WR841N/ND(MS) V9: before 241108.
Both products have reached the status of EOL (end-of-life).
It's recommending to
purchase the new
product to ensure better performance and security. If replacement is not
an option in the short term, please use the second reference link to
download and install the patch(es). TP-LINK Technologies of TL-WR841N firmware, TL-WR841ND firmware, Archer C7 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202508-2727 | CVE-2025-55763 | CivetWeb project of CivetWeb Stack-based buffer overflow vulnerability in |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Buffer Overflow in the URI parser of CivetWeb 1.14 through 1.16 (latest) allows a remote attacker to achieve remote code execution via a crafted HTTP request. This vulnerability is triggered during request processing and may allow an attacker to corrupt heap memory, potentially leading to denial of service or arbitrary code execution. CivetWeb project of CivetWeb Exists in a stack-based buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state