VARIoT IoT vulnerabilities database
| VAR-202502-0101 | CVE-2024-45626 | Apache Software Foundation of Apache James Vulnerability in |
CVSS V2: - CVSS V3: 6.5 Severity: MEDIUM |
Apache James server JMAP HTML to text plain implementation in versions below 3.8.2 and 3.7.6 is subject to unbounded memory consumption that can result in a denial of service.
Users are recommended to upgrade to version 3.7.6 and 3.8.2, which fix this issue. Apache Software Foundation of Apache James Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state
| VAR-202502-1078 | CVE-2024-23690 | NETGEAR FVS336G Command Injection Vulnerability |
CVSS V2: 8.3 CVSS V3: 7.2 Severity: HIGH |
The end-of-life Netgear FVS336Gv2 and FVS336Gv3 are affected by a command injection vulnerability in the Telnet interface. An authenticated and remote attacker can execute arbitrary OS commands as root over Telnet by sending crafted "util backup_configuration" commands. NETGEAR FVS336G is a VPN (virtual private network) firewall router from NETGEAR. The vulnerability is caused by the application's failure to properly filter special characters and commands in constructing commands
| VAR-202502-2081 | No CVE | Fujifilm Business Innovation (China) Co., Ltd. C405DN MFP has a command execution vulnerability |
CVSS V2: 9.0 CVSS V3: - Severity: HIGH |
C405DN MFP is a printer product.
Fujifilm Business Innovation (China) Co., Ltd. C405DN MFP has a command execution vulnerability, which can be exploited by attackers to execute printer commands.
| VAR-202502-3258 | No CVE | Fujifilm Business Innovation (China) Co., Ltd. AltaLink® C8245 Color Multifunction Printer has an unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
AltaLink® C8245 Color Multifunction Printer is a printer product.
Fujifilm Business Innovation (China) Co., Ltd. AltaLink® C8245 Color Multifunction Printer has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202502-0097 | CVE-2024-38416 | Out-of-bounds read vulnerability in multiple Qualcomm products |
CVSS V2: - CVSS V3: 6.1 Severity: MEDIUM |
Information disclosure during audio playback. AR8035 firmware, c-v2x 9150 firmware, fastconnect 6800 Multiple Qualcomm products, such as firmware, contain an out-of-bounds read vulnerability.Information may be obtained
| VAR-202502-0055 | CVE-2025-20634 | Out-of-bounds write vulnerability in multiple MediaTek products |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01289384; Issue ID: MSV-2436. media tech's nr16 , NR17 , NR17R Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202502-2085 | No CVE | Beijing Netcom Technology Co., Ltd. NS-ASG application security gateway has a SQL injection vulnerability |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
NS-ASG Application Security Gateway is an application security access product that integrates software and hardware, has excellent performance, and integrates IPSEC and SSL.
Beijing Netcom Technology Co., Ltd.'s NS-ASG Application Security Gateway has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the database.
| VAR-202502-2083 | No CVE | Fujifilm Business Innovation (China) Co., Ltd. ApeosPort C3060 has a command execution vulnerability |
CVSS V2: 9.0 CVSS V3: - Severity: HIGH |
ApeosPort C3060 is a color A3 format digital multifunction copier.
Fujifilm Business Innovation (China) Co., Ltd. ApeosPort C3060 has a command execution vulnerability, which can be exploited by attackers to execute printer commands.
| VAR-202502-2289 | No CVE | Brother (China) Commercial Co., Ltd. DCP-T500W has a command execution vulnerability |
CVSS V2: 9.0 CVSS V3: - Severity: HIGH |
DCP-T500W is a printer.
Brother (China) Commercial Co., Ltd. DCP-T500W has a command execution vulnerability, which can be exploited by attackers to execute printer commands.
| VAR-202502-2478 | No CVE | D-Link Electronics (Shanghai) Co., Ltd. Dlink dap_1620-reva has a binary vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
D-Link Electronics (Shanghai) Co., Ltd. is a company that provides high-quality network solutions for enterprises.
D-Link Electronics (Shanghai) Co., Ltd. Dlink dap_1620-reva has a binary vulnerability that can be exploited by attackers to cause a denial of service.
| VAR-202502-2479 | No CVE | Canon (China) Co., Ltd. LBP621C has a command execution vulnerability |
CVSS V2: 9.0 CVSS V3: - Severity: HIGH |
LBP621C is a color laser printer.
Canon (China) Co., Ltd. LBP621C has a command execution vulnerability, which can be exploited by attackers to execute printer commands.
| VAR-202502-2084 | No CVE | Jiong Electronics (Shenzhen) Co., Ltd. TOTOLINK N210RE command execution vulnerability |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
TOTOLINK N210RE is a wireless router.
Jiong Electronics (Shenzhen) Co., Ltd. TOTOLINK N210RE command execution vulnerability, attackers can exploit this vulnerability to execute arbitrary commands.
| VAR-202502-2082 | No CVE | D-Link Electronics (Shanghai) Co., Ltd. Dlink dap-1522-reva has a binary vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
D-Link Electronics (Shanghai) Co., Ltd. is a company that provides high-quality network solutions for enterprises.
D-Link Electronics (Shanghai) Co., Ltd. Dlink dap-1522-reva has a binary vulnerability that can be exploited by attackers to cause a denial of service.
| VAR-202502-2086 | No CVE | RICOH IM 430 and RICOH IM C2000 have a command execution vulnerability |
CVSS V2: 8.5 CVSS V3: - Severity: HIGH |
RICOH IM 430 is a black and white laser multifunction printer. RICOH IM C2000 is a color digital multifunction printer.
RICOH IM 430 and RICOH IM C2000 have command execution vulnerabilities. Attackers can exploit this vulnerability to execute printer commands and operate the printer, which may cause the printer to lose response, thus affecting the printing service.
| VAR-202502-2291 | No CVE | D-Link DWR-M961 has a command execution vulnerability |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
DWR-M961 is a router.
D-Link DWR-M961 has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.
| VAR-202502-2087 | No CVE | D-Link DWR-M961 has a command execution vulnerability |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
DWR-M961 is a router.
D-Link DWR-M961 has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.
| VAR-202502-2290 | No CVE | Schneider Electric Schneider PLC M340 has a denial of service vulnerability |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
Schneider Electric is an expert in energy efficiency management and automation.
Schneider Electric Schneider PLC M340 has a denial of service vulnerability that can be exploited by attackers to cause a denial of service.
| VAR-202501-3669 | CVE-2025-0848 | Shenzhen Tenda Technology Co.,Ltd. of A18 Buffer error vulnerability in firmware |
CVSS V2: 6.8 CVSS V3: 6.5 Severity: High |
A vulnerability was found in Tenda A18 up to 15.13.07.09. It has been rated as critical. This issue affects the function SetCmdlineRun of the file /goform/SetCmdlineRun of the component HTTP POST Request Handler. The manipulation of the argument wpapsk_crypto5g leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. of A18 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the parameter wpapsk_crypto5g failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system and cause a denial of service
| VAR-202501-3604 | CVE-2025-20061 | mySCADA myPRO Command Injection Remote Code Execution Vulnerability |
CVSS V2: - CVSS V3: 9.8 Severity: Critical |
mySCADA myPRO does not properly neutralize POST requests sent to a specific port with email information. This vulnerability could be exploited by an attacker to execute arbitrary commands on the affected system. Authentication is not required to exploit this vulnerability.The specific flaw exists within the web service, which listens on TCP port 34022 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call
| VAR-202501-3603 | CVE-2025-20014 | mySCADA myPRO Command Injection Remote Code Execution Vulnerability |
CVSS V2: - CVSS V3: 9.8 Severity: Critical |
mySCADA myPRO does not properly neutralize POST requests sent to a specific port with version information. This vulnerability could be exploited by an attacker to execute arbitrary commands on the affected system. Authentication is not required to exploit this vulnerability.The specific flaw exists within the web service, which listens on TCP port 34022 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call