VARIoT IoT vulnerabilities database
| VAR-202508-0171 | CVE-2025-8652 | JVCKENWOOD Corporation of DMX958XR in the firmware OS Command injection vulnerability |
CVSS V2: 7.2 CVSS V3: 6.8 Severity: MEDIUM |
Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the JKWifiService. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26311. JVCKENWOOD Corporation of DMX958XR The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Kenwood DMX958XR is an in-vehicle infotainment system from Kenwood
| VAR-202508-0123 | CVE-2025-8634 | JVCKENWOOD Corporation of DMX958XR in the firmware OS Command injection vulnerability |
CVSS V2: 7.2 CVSS V3: 6.8 Severity: MEDIUM |
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26257. JVCKENWOOD Corporation of DMX958XR The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Kenwood DMX958XR is an in-vehicle infotainment system from Kenwood
| VAR-202508-0188 | CVE-2025-8654 | JVCKENWOOD Corporation of DMX958XR in the firmware OS Command injection vulnerability |
CVSS V2: 8.3 CVSS V3: 8.8 Severity: HIGH |
Kenwood DMX958XR ReadMVGImage Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the ReadMVGImage function. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26313. JVCKENWOOD Corporation of DMX958XR The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Kenwood DMX958XR is an in-vehicle infotainment system from Kenwood
| VAR-202508-0124 | CVE-2025-8630 | JVCKENWOOD Corporation of DMX958XR in the firmware OS Command injection vulnerability |
CVSS V2: 7.2 CVSS V3: 6.8 Severity: MEDIUM |
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26253. JVCKENWOOD Corporation of DMX958XR The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Kenwood DMX958XR is an in-vehicle infotainment system from Kenwood
| VAR-202508-0140 | CVE-2025-8651 | JVCKENWOOD Corporation of DMX958XR in the firmware OS Command injection vulnerability |
CVSS V2: 7.2 CVSS V3: 6.8 Severity: MEDIUM |
Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the JKWifiService. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26307. JVCKENWOOD Corporation of DMX958XR The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Kenwood DMX958XR is an in-vehicle infotainment system from Kenwood
| VAR-202508-0150 | CVE-2025-8639 | JVCKENWOOD Corporation of DMX958XR in the firmware OS Command injection vulnerability |
CVSS V2: 7.2 CVSS V3: 6.8 Severity: MEDIUM |
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26262. JVCKENWOOD Corporation of DMX958XR The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Kenwood DMX958XR is an in-vehicle infotainment system from Kenwood
| VAR-202508-0143 | CVE-2025-8640 | JVCKENWOOD Corporation of DMX958XR in the firmware OS Command injection vulnerability |
CVSS V2: 7.2 CVSS V3: 6.8 Severity: MEDIUM |
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26263. JVCKENWOOD Corporation of DMX958XR The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Kenwood DMX958XR is an in-vehicle infotainment system from Kenwood
| VAR-202508-3575 | No CVE | LB-LINK AC1900 has a command execution vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
The AC1900 is a wireless router.
The LB-LINK AC1900 has a command execution vulnerability that could allow an attacker to execute commands.
| VAR-202508-0142 | CVE-2025-8643 | JVCKENWOOD Corporation of DMX958XR in the firmware OS Command injection vulnerability |
CVSS V2: 7.2 CVSS V3: 6.8 Severity: MEDIUM |
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26266. JVCKENWOOD Corporation of DMX958XR The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Kenwood DMX958XR is an in-vehicle infotainment system from Kenwood
| VAR-202508-0196 | CVE-2025-8648 | JVCKENWOOD Corporation of DMX958XR in the firmware OS Command injection vulnerability |
CVSS V2: 7.2 CVSS V3: 6.8 Severity: MEDIUM |
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26271. JVCKENWOOD Corporation of DMX958XR The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Kenwood DMX958XR is an in-vehicle infotainment system from Kenwood
| VAR-202508-0173 | CVE-2025-8631 | JVCKENWOOD Corporation of DMX958XR in the firmware OS Command injection vulnerability |
CVSS V2: 7.2 CVSS V3: 6.8 Severity: MEDIUM |
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26254. JVCKENWOOD Corporation of DMX958XR The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Kenwood DMX958XR is an in-vehicle infotainment system from Kenwood
| VAR-202508-0112 | CVE-2025-8638 | JVCKENWOOD Corporation of DMX958XR in the firmware OS Command injection vulnerability |
CVSS V2: 7.2 CVSS V3: 6.8 Severity: MEDIUM |
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26261. JVCKENWOOD Corporation of DMX958XR The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Kenwood DMX958XR is an in-vehicle infotainment system from Kenwood
| VAR-202508-0141 | CVE-2025-8647 | JVCKENWOOD Corporation of DMX958XR in the firmware OS Command injection vulnerability |
CVSS V2: 10.0 CVSS V3: 6.8 Severity: MEDIUM |
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26270. JVCKENWOOD Corporation of DMX958XR The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Kenwood DMX958XR is an in-vehicle infotainment system from Kenwood
| VAR-202508-0111 | CVE-2025-8642 | JVCKENWOOD Corporation of DMX958XR in the firmware OS Command injection vulnerability |
CVSS V2: 7.2 CVSS V3: 6.8 Severity: MEDIUM |
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26265. JVCKENWOOD Corporation of DMX958XR The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Kenwood DMX958XR is an in-vehicle infotainment system from Kenwood
| VAR-202508-0110 | CVE-2025-8649 | JVCKENWOOD Corporation of DMX958XR in the firmware OS Command injection vulnerability |
CVSS V2: 10.0 CVSS V3: 6.8 Severity: MEDIUM |
Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the JKWifiService. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26305. JVCKENWOOD Corporation of DMX958XR The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Kenwood DMX958XR is an in-vehicle infotainment system from Kenwood
| VAR-202508-0197 | CVE-2025-8629 | JVCKENWOOD Corporation of DMX958XR in the firmware OS Command injection vulnerability |
CVSS V2: 7.2 CVSS V3: 6.8 Severity: MEDIUM |
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26252. JVCKENWOOD Corporation of DMX958XR The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Kenwood DMX958XR is an in-vehicle infotainment system from Kenwood
| VAR-202508-0149 | CVE-2025-8650 | JVCKENWOOD Corporation of DMX958XR in the firmware OS Command injection vulnerability |
CVSS V2: 7.2 CVSS V3: 6.8 Severity: MEDIUM |
Kenwood DMX958XR libSystemLib Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26306. JVCKENWOOD Corporation of DMX958XR The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Kenwood DMX958XR is an in-vehicle infotainment system from Kenwood
| VAR-202508-1788 | CVE-2025-51390 | TOTOLINK of n600r in the firmware OS Command injection vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a command injection vulnerability via the pin parameter in the setWiFiWpsConfig function. TOTOLINK of n600r The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK N600R is a dual-band wireless router released by the Korean brand TOTOLINK in 2013. It supports concurrent operation in the 2.4GHz and 5GHz bands, with a maximum wireless transmission rate of 300Mbps. An attacker could exploit this vulnerability to execute arbitrary commands
| VAR-202508-3053 | CVE-2025-30099 | Dell's data domain operating system In OS Command injection vulnerability |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges. (DoS) It may be in a state. Dell PowerProtect Data Domain (Dell PowerProtect DD) is a set of hardware appliances from Dell for data protection, backup, storage, and deduplication
| VAR-202508-1700 | CVE-2025-30098 | Dell's data domain operating system In OS Command injection vulnerability |
CVSS V2: 6.5 CVSS V3: 6.7 Severity: MEDIUM |
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges. (DoS) It may be in a state. Dell PowerProtect Data Domain (Dell PowerProtect DD) is a set of hardware appliances from Dell for data protection, backup, storage, and deduplication