VARIoT IoT vulnerabilities database
| VAR-202502-3855 | No CVE | Mitsubishi Electric (China) Co., Ltd. Mitsubishi M70 BND-1000W022-K1 has industrial control equipment vulnerabilities |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
M70 BND-1000W022-K1 is a digital controller.
Mitsubishi Electric (China) Co., Ltd. Mitsubishi M70 BND-1000W022-K1 has an industrial control device vulnerability, which can be exploited by attackers to cause denial of service.
| VAR-202502-3817 | No CVE | Shenzhen Jixiang Tengda Technology Co., Ltd. A18 has a binary vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Shenzhen Jixiang Tengda Technology Co., Ltd. A18 is a 1200M WiFi 5 signal amplifier.
Shenzhen Jixiang Tengda Technology Co., Ltd. A18 has a binary vulnerability that can be exploited by attackers to cause a denial of service.
| VAR-202502-3801 | No CVE | Konica Minolta (China) Investment Co., Ltd. MOBOTIX D25 has an unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Konica Minolta (China) Investment Co., Ltd. is a limited company whose main business is optical imaging, office equipment, medical and industrial equipment.
Konica Minolta (China) Investment Co., Ltd. MOBOTIX D25 has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202502-3802 | No CVE | Toshiba Corporation. e-STUDIO2515AC has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
e-STUDIO2515AC is a multifunctional color digital MFP.
Toshiba Corporation. e-STUDIO2515AC has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202502-3810 | No CVE | Ricoh Company, Ltd. SP 230SFNw has unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Ricoh Company, Ltd. SP 230SFNw is an all-in-one driver.
Ricoh Company, Ltd. SP 230SFNw has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information.
| VAR-202502-2075 | No CVE | ZTE Corporation ZSRV2 router web management system has arbitrary file read vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
ZTE Corporation is a leading global provider of integrated information and communications technology solutions.
An arbitrary file read vulnerability exists in the web management system of ZTE Corporation's ZSRV2 router, which can be exploited by attackers to obtain sensitive information.
| VAR-202502-3854 | No CVE | TOTOLINK A3002R has a denial of service vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
A3002R is a dual-band Gigabit port 5G wireless router.
TOTOLINK A3002R has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.
| VAR-202502-3814 | No CVE | TP-LINK TL-R473 has SSH weak password vulnerability |
CVSS V2: 7.6 CVSS V3: - Severity: HIGH |
TP-LINK TL-R473 is an enterprise VPN router.
TP-LINK TL-R473 has a weak SSH password vulnerability, which can be exploited by attackers to gain control of the server.
| VAR-202502-3798 | No CVE | TOTOLINK A3002R has a denial of service vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
A3002R is a dual-band Gigabit port 5G wireless router.
TOTOLINK A3002R has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.
| VAR-202502-3780 | No CVE | Fujifilm (China) Investment Co., Ltd. DocuCentre-V C2265 has a command execution vulnerability |
CVSS V2: 8.5 CVSS V3: - Severity: HIGH |
DocuCentre-V C2265 is a digital multifunction printer.
There is a command execution vulnerability in DocuCentre-V C2265 of Fujifilm (China) Investment Co., Ltd. Attackers can use this vulnerability to execute printer commands, which may cause the printer to lose response, thus affecting the printing service.
| VAR-202502-2685 | No CVE | Shenzhen Anjiaweishi Information Technology Co., Ltd. MC series cameras have unauthorized access vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Shenzhen Anjia Vision Information Technology Co., Ltd. MC-A37 300 is a 3-megapixel camera. MC-A37P 300 is a 3-megapixel camera. MC-A85 800 is an 8-megapixel camera. MC-A52 500 is a 5-megapixel camera. MC-J30 is a 4-megapixel camera. MC-J40 500 is a 5-megapixel full-color camera. MC-A42P 400 is a 4-megapixel camera.
Shenzhen Anjia Vision Information Technology Co., Ltd. MC-A37 300, MC-A37P 300, MC-A85 800, MC-A52 500, MC-J30, MC-J40 500, MC-A42P 400 have unauthorized access vulnerabilities, which can be exploited by attackers to obtain sensitive information.
| VAR-202502-3791 | No CVE | Epson WF-M5799 Series has a command execution vulnerability |
CVSS V2: 8.5 CVSS V3: - Severity: HIGH |
The WF-M5799 Series is a high-end black and white commercial ink tank all-in-one printer.
The Epson WF-M5799 Series has a command execution vulnerability. Attackers can exploit this vulnerability to execute printer commands, which may cause the printer to lose response, thus affecting the printing service.
| VAR-202502-2287 | No CVE | FUJIFILM Corporation ApeosPort-IV C3370 has an unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
ApeosPort-IV C3370 is a color digital multifunction printer with multiple functions including copy, print, scan and fax (optional).
FUJIFILM Corporation ApeosPort-IV C3370 has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information.
| VAR-202502-3256 | No CVE | Shenzhen Anjiaweishi Information Technology Co., Ltd. MC series cameras have arbitrary file download vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Shenzhen Anjia Vision Information Technology Co., Ltd. MC-A37 300 is a 3-megapixel camera. MC-A37P 300 is a 3-megapixel camera. MC-A85 800 is an 8-megapixel camera. MC-A52 500 is a 5-megapixel camera. MC-J30 is a 4-megapixel camera. MC-J40 500 is a 5-megapixel full-color camera. MC-A42P 400 is a 4-megapixel camera.
Shenzhen Anjia Vision Information Technology Co., Ltd. MC-A37 300, MC-A37P 300, MC-A85 800, MC-A52 500, MC-J30, MC-J40 500, MC-A42P 400 have arbitrary file download vulnerabilities, which can be exploited by attackers to obtain sensitive information.
| VAR-202502-2076 | No CVE | There is an arbitrary file read vulnerability in the intelligent bus electronic stop sign integrated management service platform of Shanghai Zhengxian Electronic Technology Co., Ltd. |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Shanghai Zhengxian Electronic Technology Co., Ltd. is one of the few specialized and innovative enterprises in China that specializes in the research and development, production and sales of smart city furniture.
There is an arbitrary file reading vulnerability in the intelligent bus electronic stop sign integrated management service platform of Shanghai Zhengxian Electronic Technology Co., Ltd., which can be exploited by attackers to obtain sensitive information.
| VAR-202502-1921 | CVE-2025-25605 | TOTOLINK of X5000R Command injection vulnerability in firmware |
CVSS V2: 6.4 CVSS V3: 6.5 Severity: MEDIUM |
Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the apcli_wps_gen_pincode function in mtkwifi.lua. TOTOLINK of X5000R Firmware contains a command injection vulnerability.Information may be obtained and information may be tampered with. TOTOLINK X5000R is a router product of China's TOTOLINK Electronics. No detailed vulnerability details are currently provided
| VAR-202502-2114 | CVE-2025-25604 | TOTOLINK of X5000R Command injection vulnerability in firmware |
CVSS V2: 6.4 CVSS V3: 6.5 Severity: MEDIUM |
Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the vif_disable function in mtkwifi.lua. TOTOLINK of X5000R Firmware contains a command injection vulnerability.Information may be obtained and information may be tampered with. TOTOLINK X5000R is a router product of China's TOTOLINK Electronics. No detailed vulnerability details are currently provided
| VAR-202502-3291 | CVE-2025-25510 | Shenzhen Tenda Technology Co.,Ltd. of AC8 Classic buffer overflow vulnerability in firmware |
CVSS V2: 6.4 CVSS V3: 6.5 Severity: MEDIUM |
Tenda AC8 V16.03.34.06 is vulnerable to Buffer Overflow in the get_parentControl_list_Info function. Shenzhen Tenda Technology Co.,Ltd. of AC8 Firmware has a classic buffer overflow vulnerability.Information may be obtained and information may be tampered with. No detailed vulnerability details are currently provided
| VAR-202502-2320 | CVE-2025-25507 | Shenzhen Tenda Technology Co.,Ltd. of AC6 Code injection vulnerability in firmware |
CVSS V2: 6.4 CVSS V3: 6.5 Severity: MEDIUM |
There is a RCE vulnerability in Tenda AC6 15.03.05.16_multi. In the formexeCommand function, the parameter cmdinput will cause remote command execution. of AC6 A code injection vulnerability exists in the firmware.Information may be obtained and information may be tampered with.
Tenda AC6 has a code execution vulnerability, which is caused by the cmdinput parameter of the formexeCommand function failing to properly filter special elements in the constructed code segment. No detailed vulnerability details are currently available
| VAR-202502-2914 | CVE-2025-25505 | Shenzhen Tenda Technology Co.,Ltd. of AC6 Classic buffer overflow vulnerability in firmware |
CVSS V2: 6.4 CVSS V3: 6.5 Severity: MEDIUM |
Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the sub_452A4 function. Shenzhen Tenda Technology Co.,Ltd. of AC6 Firmware has a classic buffer overflow vulnerability.Information may be obtained and information may be tampered with. No detailed vulnerability details are currently provided