VARIoT IoT vulnerabilities database
| VAR-202508-2127 | CVE-2025-9362 | Linksys of RE6250 Buffer error vulnerabilities in firmware and other products from multiple vendors |
CVSS V2: 6.5 CVSS V3: 6.3 Severity: Medium |
A flaw has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The impacted element is the function urlFilterManageRule of the file /goform/urlFilterManageRule. Executing manipulation of the argument urlFilterRuleName/scheduleUrl/addURLFilter can lead to stack-based buffer overflow. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. Linksys of RE6250 Firmware and other products from multiple vendors contain buffer error vulnerabilities and stack-based buffer overflow vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202508-2236 | CVE-2025-9361 | Linksys of RE6250 Buffer error vulnerabilities in firmware and other products from multiple vendors |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The affected element is the function ipRangeBlockManageRule of the file /goform/ipRangeBlockManageRule. Performing manipulation of the argument ipRangeBlockRuleName/scheduleIp/ipRangeBlockRuleIpAddr results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Linksys of RE6250 Firmware and other products from multiple vendors contain buffer error vulnerabilities and stack-based buffer overflow vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202508-2146 | CVE-2025-9360 | Linksys of RE6250 Buffer error vulnerabilities in firmware and other products from multiple vendors |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Impacted is the function accessControlAdd of the file /goform/accessControlAdd. Such manipulation of the argument ruleName/schedule leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Linksys of RE6250 Firmware and other products from multiple vendors contain buffer error vulnerabilities and stack-based buffer overflow vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202508-2258 | CVE-2025-9359 | Belkin International, Inc. of re6500 Buffer error vulnerabilities in firmware and other products from multiple vendors |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A weakness has been identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function RP_checkCredentialsByBBS of the file /goform/RP_checkCredentialsByBBS. This manipulation of the argument ssidhex/pwd causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way. Belkin International, Inc. of re6500 Firmware and other products from multiple vendors contain buffer error vulnerabilities and stack-based buffer overflow vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202508-2201 | CVE-2025-9358 | Linksys of RE6250 Buffer error vulnerabilities in firmware and other products from multiple vendors |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A security flaw has been discovered in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function setSysAdm of the file /goform/setSysAdm. The manipulation of the argument admpasshint results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way. Linksys of RE6250 Firmware and other products from multiple vendors contain buffer error vulnerabilities and stack-based buffer overflow vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202508-2237 | CVE-2025-9357 | Linksys of RE6250 Buffer error vulnerabilities in firmware and other products from multiple vendors |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function langSwitchByBBS of the file /goform/langSwitchByBBS. The manipulation of the argument langSelectionOnly leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. Linksys of RE6250 Firmware and other products from multiple vendors contain buffer error vulnerabilities and stack-based buffer overflow vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202508-2115 | CVE-2025-9356 | Linksys of RE6250 Buffer error vulnerabilities in firmware and other products from multiple vendors |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this issue is the function inboundFilterAdd of the file /goform/inboundFilterAdd. Executing manipulation of the argument ruleName can lead to stack-based buffer overflow. The attack may be performed from a remote location. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. Linksys of RE6250 Firmware and other products from multiple vendors contain buffer error vulnerabilities and stack-based buffer overflow vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202508-2259 | CVE-2025-9355 | Linksys of RE6250 Buffer error vulnerabilities in firmware and other products from multiple vendors |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this vulnerability is the function scheduleAdd of the file /goform/scheduleAdd. Performing manipulation of the argument ruleName results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. Linksys of RE6250 Firmware and other products from multiple vendors contain buffer error vulnerabilities and stack-based buffer overflow vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202508-2757 | CVE-2025-55581 | D-Link Corporation of DCS-825L Privilege management vulnerability in firmware |
CVSS V2: - CVSS V3: 7.3 Severity: HIGH |
D-Link DCS-825L firmware version 1.08.01 and possibly prior versions contain an insecure implementation in the mydlink-watch-dog.sh script. The script monitors and respawns the `dcp` and `signalc` binaries without validating their integrity, origin, or permissions. An attacker with filesystem access (e.g., via UART or firmware modification) may replace these binaries to achieve persistent arbitrary code execution with root privileges. The issue stems from improper handling of executable trust and absence of integrity checks in the watchdog logic. D-Link Corporation of DCS-825L The firmware contains vulnerabilities related to privilege management, lack of authentication for critical functions, and insufficient integrity verification of downloaded code.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202508-2311 | CVE-2025-55611 | D-Link Systems, Inc. of DIR-619L Out-of-bounds write vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formLanguageChange function via the nextPage parameter. D-Link Systems, Inc. of DIR-619L An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. The D-Link DIR-619L is a home wireless router from D-Link, designed for home and small office environments. It utilizes the IEEE 802.11n wireless standard and offers a maximum transmission rate of 300Mbps. This vulnerability stems from the failure of the nextPage parameter in the formLanguageChange function to properly validate the length of input data. An attacker could exploit this vulnerability to cause a denial of service
| VAR-202508-2439 | CVE-2025-55606 | Shenzhen Tenda Technology Co.,Ltd. of AX3 Classic buffer overflow vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromAdvSetMacMtuWan function via the serverName parameter. Shenzhen Tenda Technology Co.,Ltd. of AX3 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. The Tenda AX3 is a dual-band gigabit wireless router for home use, launched by Tenda Technology. It supports the Wi-Fi 6 (802.11ax) standard and emphasizes high-performance network coverage and stable connections. This vulnerability stems from the fact that the `serverName` parameter in the `fromAdvSetMacMtuWan` function fails to properly validate the length of the input data. Attackers can exploit this vulnerability to cause a denial-of-service attack
| VAR-202508-2324 | CVE-2025-55605 | Shenzhen Tenda Technology Co.,Ltd. of AX3 Classic buffer overflow vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the saveParentControlInfo function via the deviceName parameter. Shenzhen Tenda Technology Co.,Ltd. of AX3 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. The Tenda AX3 is a dual-band gigabit wireless router for home use, launched by Tenda Technology. It supports the Wi-Fi 6 (802.11ax) standard and emphasizes high-performance network coverage and stable connections. This vulnerability stems from the fact that the `deviceName` parameter in the `saveParentControlInfo` function fails to properly validate the length of the input data. Attackers can exploit this vulnerability to cause a denial-of-service attack
| VAR-202508-2414 | CVE-2025-55603 | Shenzhen Tenda Technology Co.,Ltd. of AX3 Classic buffer overflow vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromSetSysTime function via the ntpServer parameter. Shenzhen Tenda Technology Co.,Ltd. of AX3 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. The Tenda AX3 is a dual-band gigabit wireless router for home use, launched by Tenda Technology. It supports the Wi-Fi 6 (802.11ax) standard and emphasizes high-performance network coverage and stable connections. This vulnerability stems from the fact that the ntpServer parameter in the fromSetSysTime function fails to properly validate the length of the input data. Attackers can exploit this vulnerability to cause a denial-of-service attack
| VAR-202508-2299 | CVE-2025-55602 | D-Link Systems, Inc. of DIR-619L Out-of-bounds write vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formSysCmd function via the submit-url parameter. D-Link Systems, Inc. of DIR-619L An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. The D-Link DIR-619L is a home wireless router from D-Link, designed for home and small office environments. It utilizes the IEEE 802.11n wireless standard and offers a maximum transmission rate of 300Mbps. This vulnerability stems from the failure of the submit-url parameter in the formSysCmd function to properly validate the length of input data. An attacker could exploit this vulnerability to cause a denial of service
| VAR-202508-2302 | CVE-2025-55599 | D-Link Systems, Inc. of DIR-619L Out-of-bounds write vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formWlanSetup function via the parameter f_wds_wepKey. D-Link Systems, Inc. of DIR-619L An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. The D-Link DIR-619L is a home wireless router from D-Link, designed for home and small office environments. It utilizes the IEEE 802.11n wireless standard and offers a maximum transmission rate of 300Mbps. This vulnerability stems from the failure of the f_wds_wepKey parameter in the formWlanSetup function to properly validate the length of input data. An attacker could exploit this vulnerability to cause a denial of service
| VAR-202508-3453 | No CVE | HP Photosmart d110a has an unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The HP Photosmart d110a is an all-in-one printer.
The HP Photosmart d110a has an unauthorized access vulnerability that could allow an attacker to obtain sensitive information.
| VAR-202508-2964 | No CVE | HP LaserJet Pro MFP M225dn has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The HP LaserJet Pro MFP M225dn is a multifunction laser printer.
The HP LaserJet Pro MFP M225dn has a weak password vulnerability that could allow attackers to log into the system and obtain sensitive information.
| VAR-202508-3573 | No CVE | HP Photosmart 6520 has unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The HP Photosmart 6520 is an all-in-one printer.
The HP Photosmart 6520 has an unauthorized access vulnerability that could allow an attacker to obtain sensitive information.
| VAR-202508-2730 | No CVE | RICOH MP 6054 has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The RICOH MP 6054 is a black-and-white digital multifunction printer.
The RICOH MP 6054 has a weak password vulnerability that could allow attackers to log into the system and obtain sensitive information.
| VAR-202508-2151 | CVE-2025-9309 | Shenzhen Tenda Technology Co.,Ltd. of AC10 Hardcoded password usage vulnerability in firmware |
CVSS V2: 1.0 CVSS V3: 2.5 Severity: Low |
A vulnerability was found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /etc_ro/shadow of the component MD5 Hash Handler. Performing manipulation results in hard-coded credentials. The attack needs to be approached locally. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The exploit has been made public and could be used. of AC10 The firmware contains vulnerabilities related to the use of hard-coded passwords and vulnerabilities related to the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state