VARIoT IoT vulnerabilities database
| VAR-202506-1180 | CVE-2025-6299 | TOTOLINK of N150RT Command injection vulnerability in firmware |
CVSS V2: 5.8 CVSS V3: 4.7 Severity: Low |
A vulnerability classified as critical has been found in TOTOLINK N150RT 3.4.0-B20190525. This affects an unknown part of the file /boa/formWSC. The manipulation of the argument targetAPSsid leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N150RT is a wireless router from China's TOTOLINK Electronics. No detailed vulnerability details are currently available
| VAR-202506-1042 | CVE-2025-6292 | D-Link Systems, Inc. of DIR-825 Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability has been found in D-Link DIR-825 2.03 and classified as critical. This vulnerability affects the function sub_4091AC of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-825 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DIR-825 is a dual-band wireless router designed for small and medium-sized enterprises (SMEs) and SOHO environments. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service
| VAR-202506-1134 | CVE-2025-6291 | D-Link Systems, Inc. of DIR-825 Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability, which was classified as critical, was found in D-Link DIR-825 2.03. This affects the function do_file of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-825 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-825 is a router from D-Link, a Chinese company. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack
| VAR-202506-2184 | No CVE | Shanghai Sharp Electric Co., Ltd. Sharp MX-3050V has an unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Sharp MX-3050V is a multifunctional digital copier.
Shanghai Sharp Electric Co., Ltd. Sharp MX-3050V has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202506-2789 | No CVE | Netcore NBR1005GPEV2 of Netshi Technology Co., Ltd. has a command execution vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
netcore NBR1005GPEV2 is a router produced by Netcore that supports multiple network functions.
Netcore NBR1005GPEV2 of Netcore Technology Co., Ltd. has a command execution vulnerability, and attackers can exploit the vulnerability to execute commands.
| VAR-202506-2578 | No CVE | Samsung (China) Investment Co., Ltd. Samsung SL-J3560FW has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Samsung SL-J3560FW is a multi-function inkjet printer.
Samsung (China) Investment Co., Ltd. Samsung SL-J3560FW has a weak password vulnerability, which can be exploited by attackers to log in to the system and obtain sensitive information.
| VAR-202506-2182 | No CVE | Ricoh (China) Investment Co., Ltd. MP C3004ex has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
MP C3004ex is a color digital multifunction printer.
Ricoh (China) Investment Co., Ltd. MP C3004ex has a weak password vulnerability, which can be exploited by attackers to log in to the system and obtain sensitive information.
| VAR-202506-2788 | No CVE | Sungrow Power Supply Co., Ltd.'s Logger1000 has an information leakage vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Logger1000 is a data collection, power control and protocol conversion device used in photovoltaic equipment such as inverters in photovoltaic power stations.
Sungrow Power Supply Co., Ltd.'s Logger1000 has an information leakage vulnerability, and attackers can exploit the vulnerability to obtain sensitive information.
| VAR-202506-2990 | No CVE | Toshiba (China) Co., Ltd. Shanghai Branch TOSHIBA e-STUDI03505AC has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
TOSHIBA e-STUDI03505AC is a color digital multifunction printer.
TOSHIBA e-STUDI03505AC of Toshiba (China) Co., Ltd. Shanghai Branch has a weak password vulnerability, which can be exploited by attackers to log in to the system and obtain sensitive information.
| VAR-202506-2576 | No CVE | Neterbit NW-431F has unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Neterbit NW-431F is a router developed by Neterbit.
Neterbit NW-431F has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202506-1012 | CVE-2025-6266 |
CVSS V2: 6.5 CVSS V3: 6.3 Severity: Low |
A vulnerability was detected in Teledyne FLIR AX8 up to 1.46. Affected by this vulnerability is an unknown functionality of the file /upload.php. Performing manipulation of the argument File results in unrestricted upload. It is possible to initiate the attack remotely. The exploit is now public and may be used. Upgrading to version 1.49.16 addresses this issue. Upgrading the affected component is recommended. The vendor points out: "FLIR AX8 internal web site has been refactored to be able to handle the reported vulnerabilities."
| VAR-202506-2382 | No CVE | Fujifilm Business Innovation (China) Co., Ltd. CentreWare Internet Services WorkCentre 3215 has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
CentreWare Internet Services WorkCentre 3215 is a black and white laser multifunction printer.
CentreWare Internet Services WorkCentre 3215 of Fujifilm Business Innovation (China) Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to log in to the system and obtain sensitive information.
| VAR-202506-2183 | No CVE | HP Color LaserJet MFP M477fdn of HP Trading (Shanghai) Co., Ltd. has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
HP Color LaserJet Pro MFP M477fdn is a color laser multifunction printer launched by HP.
HP Color LaserJet MFP M477fdn of HP Trading (Shanghai) Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to log in to the system and obtain sensitive information.
| VAR-202506-1771 | No CVE | HP Color LaserJet Pro M252n of HP Trading (Shanghai) Co., Ltd. has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
HP Color LaserJet Pro M252n is a laser printer under HP (HP).
HP Color LaserJet Pro M252n of HP Trading (Shanghai) Co., Ltd. has a weak password vulnerability. Attackers can use the vulnerability to log in to the system and obtain sensitive information.
| VAR-202506-3613 | No CVE | Ruisikangda Technology Development Co., Ltd.'s multi-business intelligent gateway has a file upload vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Ruisikangda Technology Development Co., Ltd. focuses on the field of fiber-optic broadband access and is committed to the integration of fiber-optic technology, Ethernet technology and broadband access technology.
Ruisikangda Technology Development Co., Ltd.'s multi-service intelligent gateway has a file upload vulnerability, which can be exploited by attackers to upload malicious files and obtain server permissions.
| VAR-202506-1777 | No CVE | Fujifilm (China) Investment Co., Ltd. Fujifilm Apeos C4571 has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Fujifilm Apeos C4571 is a high-speed color multifunction integrated printer.
Fujifilm (China) Investment Co., Ltd. Fujifilm Apeos C4571 has a weak password vulnerability, which can be exploited by attackers to log in to the system and obtain sensitive information.
| VAR-202506-0864 | CVE-2025-6165 | TOTOLINK X15 /boafrm/formTmultiAP file buffer overflow vulnerability |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. This vulnerability affects unknown code of the file /boafrm/formTmultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK X15 is a network wireless extender from China's TOTOLINK Electronics. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack
| VAR-202506-0946 | CVE-2025-6164 | TOTOLINK of A3002R Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was found in TOTOLINK A3002R 4.0.0-B20230531.1404. It has been classified as critical. This affects an unknown part of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of A3002R The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3002R is a wireless router produced by China's TOTOLINK Electronics. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack
| VAR-202506-0724 | CVE-2025-6163 | TOTOLINK of A3002RU Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was found in TOTOLINK A3002RU 3.0.0-B20230809.1615 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of A3002RU The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3002RU is a wireless router product of China's Jiweng Electronics (TOTOLINK) Company. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack
| VAR-202506-0937 | CVE-2025-6162 | TOTOLINK EX1200T /boafrm/formMultiAP file buffer overflow vulnerability |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK EX1200T is a Wi-Fi range extender from China's TOTOLINK Electronics. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack