VARIoT IoT vulnerabilities database
| VAR-202508-2053 | CVE-2025-9250 | Linksys of RE6250 Buffer error vulnerabilities in firmware and other products from multiple vendors |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This impacts the function setPWDbyBBS of the file /goform/setPWDbyBBS. Such manipulation of the argument hint leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. Linksys of RE6250 Firmware and other products from multiple vendors contain buffer error vulnerabilities and stack-based buffer overflow vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202508-2103 | CVE-2025-9249 | Linksys of RE6250 Buffer error vulnerabilities in firmware and other products from multiple vendors |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function DHCPReserveAddGroup of the file /goform/DHCPReserveAddGroup. This manipulation of the argument enable_group/name_group/ip_group/mac_group causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. Linksys of RE6250 Firmware and other products from multiple vendors contain buffer error vulnerabilities and stack-based buffer overflow vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202508-2117 | CVE-2025-9248 | Belkin International, Inc. of re6500 Buffer error vulnerabilities in firmware and other products from multiple vendors |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The impacted element is the function RP_pingGatewayByBBS of the file /goform/RP_pingGatewayByBBS. The manipulation of the argument ssidhex results in stack-based buffer overflow. The attack may be performed from a remote location. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. Belkin International, Inc. of re6500 Firmware and other products from multiple vendors contain buffer error vulnerabilities and stack-based buffer overflow vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202508-2203 | CVE-2025-9247 | Linksys of RE6250 Buffer error vulnerabilities in firmware and other products from multiple vendors |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The affected element is the function setVlan of the file /goform/setVlan. The manipulation of the argument vlan_set leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Linksys of RE6250 Firmware and other products from multiple vendors contain buffer error vulnerabilities and stack-based buffer overflow vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202508-2054 | CVE-2025-9246 | Linksys of RE6250 Buffer error vulnerabilities in firmware and other products from multiple vendors |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A flaw has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Impacted is the function check_port_conflict of the file /goform/check_port_conflict. Executing manipulation of the argument single_port_rule/port_range_rule can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Linksys of RE6250 Firmware and other products from multiple vendors contain buffer error vulnerabilities and stack-based buffer overflow vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202508-2224 | CVE-2025-9245 | Linksys of RE6250 Buffer error vulnerabilities in firmware and other products from multiple vendors |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function WPSSTAPINEnr of the file /goform/WPSSTAPINEnr. Performing manipulation of the argument ssid results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Linksys of RE6250 Firmware and other products from multiple vendors contain buffer error vulnerabilities and stack-based buffer overflow vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202508-2078 | CVE-2025-9244 | Linksys of RE6250 Command injection vulnerabilities in firmware and other products from multiple vendors |
CVSS V2: 6.5 CVSS V3: 6.3 Severity: Low |
A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function addStaticRoute of the file /goform/addStaticRoute. Such manipulation of the argument staticRoute_IP_setting/staticRoute_Netmask_setting/staticRoute_Gateway_setting/staticRoute_Metric_setting/staticRoute_destType_setting leads to os command injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Linksys of RE6250 Firmware and other products from multiple vendors have command injection vulnerabilities, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202508-2348 | CVE-2025-55498 | Shenzhen Tenda Technology Co.,Ltd. of AC6 Stack-based buffer overflow vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the time parameter in the fromSetSysTime function. Shenzhen Tenda Technology Co.,Ltd. of AC6 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. It supports both IPv4 and IPv6 protocols, utilizes the 802.11ac/n wireless standard, and offers a wireless transmission rate of 1167 Mbps. This vulnerability stems from the failure of the fromSetSysTime function to properly validate the length of the input data in the time parameter. An attacker could exploit this vulnerability to cause a denial of service
| VAR-202508-2347 | CVE-2025-55482 | Shenzhen Tenda Technology Co.,Ltd. of AC6 Stack-based buffer overflow vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow in the formSetCfm function. Shenzhen Tenda Technology Co.,Ltd. of AC6 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. It supports both IPv4 and IPv6 protocols, utilizes the 802.11ac/n wireless standard, and offers a wireless transmission rate of 1167 Mbps.
The Tenda AC6 suffers from a buffer overflow vulnerability caused by the formSetCfm function's failure to properly validate the length of input data. An attacker could exploit this vulnerability to cause a denial of service
| VAR-202508-2262 | CVE-2025-55503 | Shenzhen Tenda Technology Co.,Ltd. of AC6 Stack-based buffer overflow vulnerability in firmware |
CVSS V2: 7.5 CVSS V3: 7.3 Severity: HIGH |
Tenda AC6 V15.03.06.23_multi has a stack overflow vulnerability via the deviceName parameter in the saveParentControlInfo function. Shenzhen Tenda Technology Co.,Ltd. of AC6 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. It supports both IPv4 and IPv6 protocols, utilizes the 802.11ac/n wireless standard, and provides a wireless transmission rate of 1167 Mbps. This vulnerability stems from the failure to properly validate the length of the input data in the saveParentControlInfo function's deviceName parameter. An attacker could exploit this vulnerability to cause a denial of service
| VAR-202508-2133 | CVE-2025-55499 | Shenzhen Tenda Technology Co.,Ltd. of AC6 Classic buffer overflow vulnerability in firmware |
CVSS V2: 6.1 CVSS V3: 6.5 Severity: MEDIUM |
Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the ntpServer parameter in the fromSetSysTime function. Shenzhen Tenda Technology Co.,Ltd. It supports both IPv4 and IPv6 protocols, utilizes the 802.11ac/n wireless standard, and offers a wireless transmission rate of 1167 Mbps. Detailed vulnerability details are currently unavailable
| VAR-202508-2137 | CVE-2025-55483 | Shenzhen Tenda Technology Co.,Ltd. of AC6 Stack-based buffer overflow vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow in the function formSetMacFilterCfg via the parameters macFilterType and deviceList. Shenzhen Tenda Technology Co.,Ltd. of AC6 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. It supports both IPv4 and IPv6 protocols, utilizes the 802.11ac/n wireless standard, and provides a wireless transmission rate of 1167 Mbps. An attacker could exploit this vulnerability to cause a denial of service
| VAR-202508-1979 | CVE-2025-32010 | Shenzhen Tenda Technology Co.,Ltd. of AC6 Stack-based buffer overflow vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 8.1 Severity: HIGH |
A stack-based buffer overflow vulnerability exists in the Cloud API functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP response can lead to arbitrary code execution. An attacker can send an HTTP response to trigger this vulnerability. Shenzhen Tenda Technology Co.,Ltd. (DoS) It may be in a state. It supports both IPv4 and IPv6 protocols, utilizes the 802.11ac/n wireless standard, and provides a wireless transmission rate of 1167Mbps
| VAR-202508-2011 | CVE-2025-31355 | Shenzhen Tenda Technology Co.,Ltd. of AC6 Vulnerability related to insufficient integrity verification of downloaded code in firmware |
CVSS V2: 10.0 CVSS V3: 7.2 Severity: HIGH |
A firmware update vulnerability exists in the Firmware Signature Validation functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted malicious file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. Shenzhen Tenda Technology Co.,Ltd. of AC6 Firmware contains a flaw in the integrity verification of downloaded code.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. It supports both IPv4 and IPv6 protocols, utilizes the 802.11ac/n wireless standard, and offers a wireless transmission rate of 1167Mbps
| VAR-202508-2029 | CVE-2025-30256 | Shenzhen Tenda Technology Co.,Ltd. of AC6 Firmware vulnerability related to lack of resource release after a valid lifetime |
CVSS V2: 7.8 CVSS V3: 8.6 Severity: HIGH |
A denial of service vulnerability exists in the HTTP Header Parsing functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted series of HTTP requests can lead to a reboot. An attacker can send multiple network packets to trigger this vulnerability. Shenzhen Tenda Technology Co.,Ltd. of AC6 A vulnerability exists in firmware for lack of freeing resources after valid lifetime.Service operation interruption (DoS) It may be in a state. It supports both IPv4 and IPv6 protocols, utilizes the 802.11ac/n wireless standard, and offers a wireless transmission rate of 1167 Mbps
| VAR-202508-1991 | CVE-2025-27129 | Shenzhen Tenda Technology Co.,Ltd. of AC6 Firmware vulnerability regarding authentication bypass using alternative paths or channels |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
An authentication bypass vulnerability exists in the HTTP authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send packets to trigger this vulnerability. Shenzhen Tenda Technology Co.,Ltd. of AC6 The firmware contains an authentication bypass vulnerability using alternate paths or channels.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. It supports both IPv4 and IPv6 protocols, utilizes the 802.11ac/n wireless standard, and offers a wireless transmission rate of 1167Mbps
| VAR-202508-1971 | CVE-2025-24496 | Shenzhen Tenda Technology Co.,Ltd. of AC6 Firmware vulnerability regarding authentication bypass using alternative paths or channels |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
An information disclosure vulnerability exists in the /goform/getproductInfo functionality of Tenda AC6 V5.0 V02.03.01.110. Specially crafted network packets can lead to a disclosure of sensitive information. An attacker can send packets to trigger this vulnerability. Shenzhen Tenda Technology Co.,Ltd. of AC6 The firmware contains an authentication bypass vulnerability using alternate paths or channels.Information may be obtained. It supports both IPv4 and IPv6 protocols, utilizes the 802.11ac/n wireless standard, and offers a wireless transmission rate of 1167 Mbps
| VAR-202508-2012 | CVE-2025-24322 | Shenzhen Tenda Technology Co.,Ltd. of AC6 Vulnerability related to missing critical authentication step in firmware |
CVSS V2: 10.0 CVSS V3: 8.1 Severity: HIGH |
An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted network request can lead to arbitrary code execution. An attacker can browse to the device to trigger this vulnerability. Shenzhen Tenda Technology Co.,Ltd. of AC6 The firmware is vulnerable due to a missing key step of authentication.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. It supports both IPv4 and IPv6 protocols, utilizes the 802.11ac/n wireless standard, and offers a wireless transmission rate of 1167Mbps.
The Tenda AC6 has a code execution vulnerability
| VAR-202508-2214 | CVE-2025-55591 | TOTOLINK of A3002R Command injection vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK-A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability in the devicemac parameter in the formMapDel endpoint. TOTOLINK of A3002R Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK A3002R is a wireless router manufactured by China's TOTOLINK Electronics. Its primary function is to provide wireless network connectivity for homes and small offices. An attacker can exploit this vulnerability by submitting a specially crafted request to execute arbitrary commands in the context of the application
| VAR-202508-2081 | CVE-2025-55590 | TOTOLINK of A3002R Command injection vulnerability in firmware |
CVSS V2: 6.4 CVSS V3: 6.5 Severity: MEDIUM |
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an command injection vulnerability via the component bupload.html. The TOTOLINK A3002R is a wireless router manufactured by China's TOTOLINK Electronics. Its primary function is to provide wireless network connectivity for homes and small offices.
The TOTOLINK A3002R suffers from a command injection vulnerability caused by the bupload.html component's failure to properly sanitize special characters and commands when constructing commands. Detailed vulnerability details are currently unavailable