VARIoT IoT vulnerabilities database
| VAR-202508-2393 | CVE-2025-9605 | Shenzhen Tenda Technology Co.,Ltd. of ac21 firmware and ac23 Buffer error vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: High |
A security vulnerability has been detected in Tenda AC21 and AC23 16.03.08.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. Such manipulation of the argument mac leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. Shenzhen Tenda Technology Co.,Ltd. of ac21 firmware and ac23 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202508-2619 | CVE-2025-9603 | Telesquare of TLR-2005KSH Command injection vulnerability in firmware |
CVSS V2: 6.5 CVSS V3: 6.3 Severity: Low |
A vulnerability was determined in Telesquare TLR-2005KSH 1.2.4. The affected element is an unknown function of the file /cgi-bin/internet.cgi?Command=lanCfg. Executing manipulation of the argument Hostname can lead to command injection. The attack may be performed from a remote location. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. Telesquare of TLR-2005KSH Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202508-3775 | No CVE | IIST IICAM500GK has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The IICAM500GK is a webcam product.
The IIST IICAM500GK has a weak password vulnerability that could allow attackers to log into the system and obtain sensitive information.
| VAR-202508-3771 | No CVE | LanZhuo Digital Technology Co., Ltd.'s SupOS industrial operating system has an information leakage vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The SupOS industrial operating system, developed by LanZhuo Digital Technology Co., Ltd., directly addresses core manufacturing scenarios, addressing issues such as production equipment management, production control, production management, production safety, and business operations. It helps companies achieve the five key goals of safety, quality improvement, cost reduction, efficiency improvement, and environmental protection.
LanZhuo Digital Technology Co., Ltd.'s SupOS industrial operating system contains an information leakage vulnerability that could be exploited by attackers to obtain sensitive information.
| VAR-202508-3772 | No CVE | Toshiba Corporation. e-STUDIO478S has an unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The e-STUDIO478S is a printer.
Toshiba Corporation. The e-STUDIO478S has an unauthorized access vulnerability that could allow an attacker to obtain sensitive information.
| VAR-202508-3777 | No CVE | RICOH M C251FW of Ricoh (China) Investment Co., Ltd. has an unauthorized access vulnerability |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
The RICOH M C251FW is an A4 color laser multifunction printer that supports Wi-Fi Direct and NFC.
The RICOH M C251FW, manufactured by Ricoh (China) Investment Co., Ltd., has an unauthorized access vulnerability that could allow an attacker to obtain sensitive information and modify user passwords.
| VAR-202508-2427 | CVE-2025-9577 | TOTOLINK of x2000r Firmware vulnerabilities |
CVSS V2: 1.0 CVSS V3: 2.5 Severity: Low |
A security flaw has been discovered in TOTOLINK X2000R up to 2.0.0. The affected element is an unknown function of the file /etc/shadow.sample of the component Administrative Interface. The manipulation results in use of default credentials. Attacking locally is a requirement. Attacks of this nature are highly complex. The exploitability is described as difficult. The exploit has been released to the public and may be exploited. TOTOLINK of x2000r There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK X2000R is a WiFi 6 router released by China's TOTOLINK Electronics. It supports Gigabit networking and Easy Mesh functionality, enabling multi-device connectivity and wireless expansion. Detailed vulnerability details are currently unavailable
| VAR-202508-2557 | CVE-2025-57220 | Shenzhen Tenda Technology Co.,Ltd. of AC10 Firmware Input Validation Vulnerability |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
An input validation flaw in the 'ate' service of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 to escalate privileges to root via a crafted UDP packet. Shenzhen Tenda Technology Co.,Ltd. of AC10 There is an input validation vulnerability in firmware.Information may be obtained. The Tenda AC10 is a dual-band gigabit wireless router launched by Shenzhen Jixiang Tengda Technology Co., Ltd., primarily for users with fiber optic connections of 200Mbps and above. Detailed vulnerability details are currently unavailable
| VAR-202508-2517 | CVE-2025-57219 | Shenzhen Tenda Technology Co.,Ltd. of AC10 Access control vulnerabilities in firmware |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
Incorrect access control in the endpoint /goform/ate of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 allows attackers to escalate privileges or access sensitive components via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of AC10 Firmware contains an access control vulnerability.Information may be obtained. The Tenda AC10 is a dual-band gigabit wireless router launched by Shenzhen Jixiang Tengda Technology Co., Ltd., primarily for users with fiber optic connections of 200Mbps and above
| VAR-202508-2507 | CVE-2025-57215 | Shenzhen Tenda Technology Co.,Ltd. of AC10 Stack-based buffer overflow vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda AC10 v4.0 firmware v16.03.10.20 was discovered to contain a stack overflow via the function get_parentControl_list_Info. Shenzhen Tenda Technology Co.,Ltd. of AC10 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda AC10 is a dual-band gigabit wireless router launched by Shenzhen Jixiang Tengda Technology Co., Ltd., primarily targeting fiber optic users with speeds of 200 Mbps and above.
The Tenda AC10 suffers from a stack buffer overflow vulnerability caused by the get_parentControl_list_Info function's failure to properly validate the length of input data. An attacker could exploit this vulnerability to cause a denial of service
| VAR-202508-2380 | CVE-2025-9575 | Linksys of RE6250 Command injection vulnerabilities in firmware and other products from multiple vendors |
CVSS V2: 6.5 CVSS V3: 6.3 Severity: Low |
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function cgiMain of the file /cgi-bin/upload.cgi. Executing manipulation of the argument filename can lead to os command injection. The attack may be performed from a remote location. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. Linksys of RE6250 Firmware and other products from multiple vendors have command injection vulnerabilities, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202508-2571 | CVE-2025-57218 | Shenzhen Tenda Technology Co.,Ltd. of AC10 Stack-based buffer overflow vulnerability in firmware |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the security_5g parameter in the function sub_46284C. Shenzhen Tenda Technology Co.,Ltd. of AC10 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda AC10 is a dual-band gigabit wireless router launched by Shenzhen Jixiang Tengda Technology Co., Ltd., primarily targeting users with fiber optic connections of 200Mbps and above. This vulnerability stems from the failure of the security_5g parameter in the sub_46284C function to properly validate the length of input data. An attacker could exploit this vulnerability to cause a denial of service
| VAR-202508-2552 | CVE-2025-57217 | Shenzhen Tenda Technology Co.,Ltd. of AC10 Stack-based buffer overflow vulnerability in firmware |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the Password parameter in the function R7WebsSecurityHandler. Shenzhen Tenda Technology Co.,Ltd. of AC10 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda AC10 is a dual-band gigabit wireless router launched by Shenzhen Jixiang Tengda Technology Co., Ltd., primarily for fiber optic users with speeds of 200 Mbps and above. This vulnerability stems from the failure of the Password parameter in the R7WebsSecurityHandler function to properly validate the length of input data. An attacker could exploit this vulnerability to cause a denial of service
| VAR-202508-3383 | CVE-2025-57767 |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.15.2, 21.10.2, and 22.5.2, if a SIP request is received with an Authorization header that contains a realm that wasn't in a previous 401 response's WWW-Authenticate header, or an Authorization header with an incorrect realm was received without a previous 401 response being sent, the get_authorization_header() function in res_pjsip_authenticator_digest will return a NULL. This wasn't being checked before attempting to get the digest algorithm from the header which causes a SEGV. This issue has been patched in versions 20.15.2, 21.10.2, and 22.5.2. There are no workarounds.
| VAR-202508-3607 | CVE-2025-54995 |
CVSS V2: - CVSS V3: 6.5 Severity: MEDIUM |
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustion. This issue has been patched in versions 18.26.4 and 18.9-cert17.
| VAR-202508-2714 | CVE-2025-52054 | Shenzhen Tenda Technology Co.,Ltd. of AC8 Authentication vulnerability in firmware |
CVSS V2: - CVSS V3: 5.3 Severity: MEDIUM |
An issue was discovered in Tenda AC8 v4.0 AC1200 Dual-band Gigabit Wireless Router AC8v4.0 Firmware 16.03.33.05. The root password of the device is calculated with a static string and the last two octets of the MAC address of the device. This allows an unauthenticated attacker to authenticate with network services on the device. Shenzhen Tenda Technology Co.,Ltd. of AC8 An authentication vulnerability exists in firmware.Information may be obtained
| VAR-202508-3773 | No CVE | MOXA NPort 5130 has an unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The NPort 5130 is a device server from Moxa.
The MOXA NPort 5130 has an unauthorized access vulnerability that could allow an attacker to obtain sensitive information.
| VAR-202508-3776 | No CVE | MOXA NPort 5150 has an unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The NPort 5150 is a device server from Moxa.
The MOXA NPort 5150 has an unauthorized access vulnerability that could allow an attacker to obtain sensitive information.
| VAR-202508-2643 | CVE-2018-25115 | plural D-Link Corporation In the product OS Command injection vulnerability |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication. The flaw stems from improper input handling in the EVENT=CHECKFW parameter, which is passed directly to the system shell without sanitization. A crafted HTTP POST request can inject commands that are executed with root privileges, resulting in full device compromise. These router models are no longer supported at the time of assignment and affected version ranges may vary. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-08-21 UTC. DIR-110 firmware, DIR-412 firmware, DIR-600 firmware etc. D-Link Corporation The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202508-2566 | CVE-2025-55582 | D-Link Corporation of DCS-825L Privilege management vulnerability in firmware |
CVSS V2: - CVSS V3: 6.6 Severity: MEDIUM |
D-Link DCS-825L firmware v1.08.01 contains a vulnerability in the watchdog script `mydlink-watch-dog.sh`, which blindly respawns binaries such as `dcp` and `signalc` without verifying integrity, authenticity, or permissions. An attacker with local filesystem access (via physical access, firmware modification, or debug interfaces) can replace these binaries with malicious payloads. The script executes these binaries as root in an infinite loop, leading to persistent privilege escalation and arbitrary code execution. This issue is mitigated in v1.09.02, but the product is officially End-of-Life and unsupported. D-Link Corporation of DCS-825L The firmware contains vulnerabilities related to permission management and insufficient integrity verification of downloaded code.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state