VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202508-2053 CVE-2025-9250 Linksys  of  RE6250  Buffer error vulnerabilities in firmware and other products from multiple vendors CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This impacts the function setPWDbyBBS of the file /goform/setPWDbyBBS. Such manipulation of the argument hint leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. Linksys of RE6250 Firmware and other products from multiple vendors contain buffer error vulnerabilities and stack-based buffer overflow vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202508-2103 CVE-2025-9249 Linksys  of  RE6250  Buffer error vulnerabilities in firmware and other products from multiple vendors CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function DHCPReserveAddGroup of the file /goform/DHCPReserveAddGroup. This manipulation of the argument enable_group/name_group/ip_group/mac_group causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. Linksys of RE6250 Firmware and other products from multiple vendors contain buffer error vulnerabilities and stack-based buffer overflow vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202508-2117 CVE-2025-9248 Belkin International, Inc.  of  re6500  Buffer error vulnerabilities in firmware and other products from multiple vendors CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The impacted element is the function RP_pingGatewayByBBS of the file /goform/RP_pingGatewayByBBS. The manipulation of the argument ssidhex results in stack-based buffer overflow. The attack may be performed from a remote location. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. Belkin International, Inc. of re6500 Firmware and other products from multiple vendors contain buffer error vulnerabilities and stack-based buffer overflow vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202508-2203 CVE-2025-9247 Linksys  of  RE6250  Buffer error vulnerabilities in firmware and other products from multiple vendors CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The affected element is the function setVlan of the file /goform/setVlan. The manipulation of the argument vlan_set leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Linksys of RE6250 Firmware and other products from multiple vendors contain buffer error vulnerabilities and stack-based buffer overflow vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202508-2054 CVE-2025-9246 Linksys  of  RE6250  Buffer error vulnerabilities in firmware and other products from multiple vendors CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A flaw has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Impacted is the function check_port_conflict of the file /goform/check_port_conflict. Executing manipulation of the argument single_port_rule/port_range_rule can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Linksys of RE6250 Firmware and other products from multiple vendors contain buffer error vulnerabilities and stack-based buffer overflow vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202508-2224 CVE-2025-9245 Linksys  of  RE6250  Buffer error vulnerabilities in firmware and other products from multiple vendors CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function WPSSTAPINEnr of the file /goform/WPSSTAPINEnr. Performing manipulation of the argument ssid results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Linksys of RE6250 Firmware and other products from multiple vendors contain buffer error vulnerabilities and stack-based buffer overflow vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202508-2078 CVE-2025-9244 Linksys  of  RE6250  Command injection vulnerabilities in firmware and other products from multiple vendors CVSS V2: 6.5
CVSS V3: 6.3
Severity: Low
A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function addStaticRoute of the file /goform/addStaticRoute. Such manipulation of the argument staticRoute_IP_setting/staticRoute_Netmask_setting/staticRoute_Gateway_setting/staticRoute_Metric_setting/staticRoute_destType_setting leads to os command injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Linksys of RE6250 Firmware and other products from multiple vendors have command injection vulnerabilities, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202508-2348 CVE-2025-55498 Shenzhen Tenda Technology Co.,Ltd.  of  AC6  Stack-based buffer overflow vulnerability in firmware CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the time parameter in the fromSetSysTime function. Shenzhen Tenda Technology Co.,Ltd. of AC6 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. It supports both IPv4 and IPv6 protocols, utilizes the 802.11ac/n wireless standard, and offers a wireless transmission rate of 1167 Mbps. This vulnerability stems from the failure of the fromSetSysTime function to properly validate the length of the input data in the time parameter. An attacker could exploit this vulnerability to cause a denial of service
VAR-202508-2347 CVE-2025-55482 Shenzhen Tenda Technology Co.,Ltd.  of  AC6  Stack-based buffer overflow vulnerability in firmware CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow in the formSetCfm function. Shenzhen Tenda Technology Co.,Ltd. of AC6 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. It supports both IPv4 and IPv6 protocols, utilizes the 802.11ac/n wireless standard, and offers a wireless transmission rate of 1167 Mbps. The Tenda AC6 suffers from a buffer overflow vulnerability caused by the formSetCfm function's failure to properly validate the length of input data. An attacker could exploit this vulnerability to cause a denial of service
VAR-202508-2262 CVE-2025-55503 Shenzhen Tenda Technology Co.,Ltd.  of  AC6  Stack-based buffer overflow vulnerability in firmware CVSS V2: 7.5
CVSS V3: 7.3
Severity: HIGH
Tenda AC6 V15.03.06.23_multi has a stack overflow vulnerability via the deviceName parameter in the saveParentControlInfo function. Shenzhen Tenda Technology Co.,Ltd. of AC6 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. It supports both IPv4 and IPv6 protocols, utilizes the 802.11ac/n wireless standard, and provides a wireless transmission rate of 1167 Mbps. This vulnerability stems from the failure to properly validate the length of the input data in the saveParentControlInfo function's deviceName parameter. An attacker could exploit this vulnerability to cause a denial of service
VAR-202508-2133 CVE-2025-55499 Shenzhen Tenda Technology Co.,Ltd.  of  AC6  Classic buffer overflow vulnerability in firmware CVSS V2: 6.1
CVSS V3: 6.5
Severity: MEDIUM
Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the ntpServer parameter in the fromSetSysTime function. Shenzhen Tenda Technology Co.,Ltd. It supports both IPv4 and IPv6 protocols, utilizes the 802.11ac/n wireless standard, and offers a wireless transmission rate of 1167 Mbps. Detailed vulnerability details are currently unavailable
VAR-202508-2137 CVE-2025-55483 Shenzhen Tenda Technology Co.,Ltd.  of  AC6  Stack-based buffer overflow vulnerability in firmware CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow in the function formSetMacFilterCfg via the parameters macFilterType and deviceList. Shenzhen Tenda Technology Co.,Ltd. of AC6 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. It supports both IPv4 and IPv6 protocols, utilizes the 802.11ac/n wireless standard, and provides a wireless transmission rate of 1167 Mbps. An attacker could exploit this vulnerability to cause a denial of service
VAR-202508-1979 CVE-2025-32010 Shenzhen Tenda Technology Co.,Ltd.  of  AC6  Stack-based buffer overflow vulnerability in firmware CVSS V2: 10.0
CVSS V3: 8.1
Severity: HIGH
A stack-based buffer overflow vulnerability exists in the Cloud API functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP response can lead to arbitrary code execution. An attacker can send an HTTP response to trigger this vulnerability. Shenzhen Tenda Technology Co.,Ltd. (DoS) It may be in a state. It supports both IPv4 and IPv6 protocols, utilizes the 802.11ac/n wireless standard, and provides a wireless transmission rate of 1167Mbps
VAR-202508-2011 CVE-2025-31355 Shenzhen Tenda Technology Co.,Ltd.  of  AC6  Vulnerability related to insufficient integrity verification of downloaded code in firmware CVSS V2: 10.0
CVSS V3: 7.2
Severity: HIGH
A firmware update vulnerability exists in the Firmware Signature Validation functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted malicious file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. Shenzhen Tenda Technology Co.,Ltd. of AC6 Firmware contains a flaw in the integrity verification of downloaded code.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. It supports both IPv4 and IPv6 protocols, utilizes the 802.11ac/n wireless standard, and offers a wireless transmission rate of 1167Mbps
VAR-202508-2029 CVE-2025-30256 Shenzhen Tenda Technology Co.,Ltd.  of  AC6  Firmware vulnerability related to lack of resource release after a valid lifetime CVSS V2: 7.8
CVSS V3: 8.6
Severity: HIGH
A denial of service vulnerability exists in the HTTP Header Parsing functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted series of HTTP requests can lead to a reboot. An attacker can send multiple network packets to trigger this vulnerability. Shenzhen Tenda Technology Co.,Ltd. of AC6 A vulnerability exists in firmware for lack of freeing resources after valid lifetime.Service operation interruption (DoS) It may be in a state. It supports both IPv4 and IPv6 protocols, utilizes the 802.11ac/n wireless standard, and offers a wireless transmission rate of 1167 Mbps
VAR-202508-1991 CVE-2025-27129 Shenzhen Tenda Technology Co.,Ltd.  of  AC6  Firmware vulnerability regarding authentication bypass using alternative paths or channels CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
An authentication bypass vulnerability exists in the HTTP authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send packets to trigger this vulnerability. Shenzhen Tenda Technology Co.,Ltd. of AC6 The firmware contains an authentication bypass vulnerability using alternate paths or channels.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. It supports both IPv4 and IPv6 protocols, utilizes the 802.11ac/n wireless standard, and offers a wireless transmission rate of 1167Mbps
VAR-202508-1971 CVE-2025-24496 Shenzhen Tenda Technology Co.,Ltd.  of  AC6  Firmware vulnerability regarding authentication bypass using alternative paths or channels CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
An information disclosure vulnerability exists in the /goform/getproductInfo functionality of Tenda AC6 V5.0 V02.03.01.110. Specially crafted network packets can lead to a disclosure of sensitive information. An attacker can send packets to trigger this vulnerability. Shenzhen Tenda Technology Co.,Ltd. of AC6 The firmware contains an authentication bypass vulnerability using alternate paths or channels.Information may be obtained. It supports both IPv4 and IPv6 protocols, utilizes the 802.11ac/n wireless standard, and offers a wireless transmission rate of 1167 Mbps
VAR-202508-2012 CVE-2025-24322 Shenzhen Tenda Technology Co.,Ltd.  of  AC6  Vulnerability related to missing critical authentication step in firmware CVSS V2: 10.0
CVSS V3: 8.1
Severity: HIGH
An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted network request can lead to arbitrary code execution. An attacker can browse to the device to trigger this vulnerability. Shenzhen Tenda Technology Co.,Ltd. of AC6 The firmware is vulnerable due to a missing key step of authentication.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. It supports both IPv4 and IPv6 protocols, utilizes the 802.11ac/n wireless standard, and offers a wireless transmission rate of 1167Mbps. The Tenda AC6 has a code execution vulnerability
VAR-202508-2214 CVE-2025-55591 TOTOLINK  of  A3002R  Command injection vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
TOTOLINK-A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability in the devicemac parameter in the formMapDel endpoint. TOTOLINK of A3002R Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK A3002R is a wireless router manufactured by China's TOTOLINK Electronics. Its primary function is to provide wireless network connectivity for homes and small offices. An attacker can exploit this vulnerability by submitting a specially crafted request to execute arbitrary commands in the context of the application
VAR-202508-2081 CVE-2025-55590 TOTOLINK  of  A3002R  Command injection vulnerability in firmware CVSS V2: 6.4
CVSS V3: 6.5
Severity: MEDIUM
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an command injection vulnerability via the component bupload.html. The TOTOLINK A3002R is a wireless router manufactured by China's TOTOLINK Electronics. Its primary function is to provide wireless network connectivity for homes and small offices. The TOTOLINK A3002R suffers from a command injection vulnerability caused by the bupload.html component's failure to properly sanitize special characters and commands when constructing commands. Detailed vulnerability details are currently unavailable