VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202508-0171 CVE-2025-8652 JVCKENWOOD Corporation  of  DMX958XR  in the firmware  OS  Command injection vulnerability CVSS V2: 7.2
CVSS V3: 6.8
Severity: MEDIUM
Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the JKWifiService. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26311. JVCKENWOOD Corporation of DMX958XR The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Kenwood DMX958XR is an in-vehicle infotainment system from Kenwood
VAR-202508-0123 CVE-2025-8634 JVCKENWOOD Corporation  of  DMX958XR  in the firmware  OS  Command injection vulnerability CVSS V2: 7.2
CVSS V3: 6.8
Severity: MEDIUM
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26257. JVCKENWOOD Corporation of DMX958XR The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Kenwood DMX958XR is an in-vehicle infotainment system from Kenwood
VAR-202508-0188 CVE-2025-8654 JVCKENWOOD Corporation  of  DMX958XR  in the firmware  OS  Command injection vulnerability CVSS V2: 8.3
CVSS V3: 8.8
Severity: HIGH
Kenwood DMX958XR ReadMVGImage Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ReadMVGImage function. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26313. JVCKENWOOD Corporation of DMX958XR The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Kenwood DMX958XR is an in-vehicle infotainment system from Kenwood
VAR-202508-0124 CVE-2025-8630 JVCKENWOOD Corporation  of  DMX958XR  in the firmware  OS  Command injection vulnerability CVSS V2: 7.2
CVSS V3: 6.8
Severity: MEDIUM
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26253. JVCKENWOOD Corporation of DMX958XR The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Kenwood DMX958XR is an in-vehicle infotainment system from Kenwood
VAR-202508-0140 CVE-2025-8651 JVCKENWOOD Corporation  of  DMX958XR  in the firmware  OS  Command injection vulnerability CVSS V2: 7.2
CVSS V3: 6.8
Severity: MEDIUM
Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the JKWifiService. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26307. JVCKENWOOD Corporation of DMX958XR The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Kenwood DMX958XR is an in-vehicle infotainment system from Kenwood
VAR-202508-0150 CVE-2025-8639 JVCKENWOOD Corporation  of  DMX958XR  in the firmware  OS  Command injection vulnerability CVSS V2: 7.2
CVSS V3: 6.8
Severity: MEDIUM
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26262. JVCKENWOOD Corporation of DMX958XR The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Kenwood DMX958XR is an in-vehicle infotainment system from Kenwood
VAR-202508-0143 CVE-2025-8640 JVCKENWOOD Corporation  of  DMX958XR  in the firmware  OS  Command injection vulnerability CVSS V2: 7.2
CVSS V3: 6.8
Severity: MEDIUM
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26263. JVCKENWOOD Corporation of DMX958XR The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Kenwood DMX958XR is an in-vehicle infotainment system from Kenwood
VAR-202508-3575 No CVE LB-LINK AC1900 has a command execution vulnerability CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
The AC1900 is a wireless router. The LB-LINK AC1900 has a command execution vulnerability that could allow an attacker to execute commands.
VAR-202508-0142 CVE-2025-8643 JVCKENWOOD Corporation  of  DMX958XR  in the firmware  OS  Command injection vulnerability CVSS V2: 7.2
CVSS V3: 6.8
Severity: MEDIUM
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26266. JVCKENWOOD Corporation of DMX958XR The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Kenwood DMX958XR is an in-vehicle infotainment system from Kenwood
VAR-202508-0196 CVE-2025-8648 JVCKENWOOD Corporation  of  DMX958XR  in the firmware  OS  Command injection vulnerability CVSS V2: 7.2
CVSS V3: 6.8
Severity: MEDIUM
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26271. JVCKENWOOD Corporation of DMX958XR The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Kenwood DMX958XR is an in-vehicle infotainment system from Kenwood
VAR-202508-0173 CVE-2025-8631 JVCKENWOOD Corporation  of  DMX958XR  in the firmware  OS  Command injection vulnerability CVSS V2: 7.2
CVSS V3: 6.8
Severity: MEDIUM
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26254. JVCKENWOOD Corporation of DMX958XR The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Kenwood DMX958XR is an in-vehicle infotainment system from Kenwood
VAR-202508-0112 CVE-2025-8638 JVCKENWOOD Corporation  of  DMX958XR  in the firmware  OS  Command injection vulnerability CVSS V2: 7.2
CVSS V3: 6.8
Severity: MEDIUM
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26261. JVCKENWOOD Corporation of DMX958XR The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Kenwood DMX958XR is an in-vehicle infotainment system from Kenwood
VAR-202508-0141 CVE-2025-8647 JVCKENWOOD Corporation  of  DMX958XR  in the firmware  OS  Command injection vulnerability CVSS V2: 10.0
CVSS V3: 6.8
Severity: MEDIUM
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26270. JVCKENWOOD Corporation of DMX958XR The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Kenwood DMX958XR is an in-vehicle infotainment system from Kenwood
VAR-202508-0111 CVE-2025-8642 JVCKENWOOD Corporation  of  DMX958XR  in the firmware  OS  Command injection vulnerability CVSS V2: 7.2
CVSS V3: 6.8
Severity: MEDIUM
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26265. JVCKENWOOD Corporation of DMX958XR The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Kenwood DMX958XR is an in-vehicle infotainment system from Kenwood
VAR-202508-0110 CVE-2025-8649 JVCKENWOOD Corporation  of  DMX958XR  in the firmware  OS  Command injection vulnerability CVSS V2: 10.0
CVSS V3: 6.8
Severity: MEDIUM
Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the JKWifiService. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26305. JVCKENWOOD Corporation of DMX958XR The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Kenwood DMX958XR is an in-vehicle infotainment system from Kenwood
VAR-202508-0197 CVE-2025-8629 JVCKENWOOD Corporation  of  DMX958XR  in the firmware  OS  Command injection vulnerability CVSS V2: 7.2
CVSS V3: 6.8
Severity: MEDIUM
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26252. JVCKENWOOD Corporation of DMX958XR The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Kenwood DMX958XR is an in-vehicle infotainment system from Kenwood
VAR-202508-0149 CVE-2025-8650 JVCKENWOOD Corporation  of  DMX958XR  in the firmware  OS  Command injection vulnerability CVSS V2: 7.2
CVSS V3: 6.8
Severity: MEDIUM
Kenwood DMX958XR libSystemLib Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26306. JVCKENWOOD Corporation of DMX958XR The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Kenwood DMX958XR is an in-vehicle infotainment system from Kenwood
VAR-202508-1788 CVE-2025-51390 TOTOLINK  of  n600r  in the firmware  OS  Command injection vulnerability CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a command injection vulnerability via the pin parameter in the setWiFiWpsConfig function. TOTOLINK of n600r The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK N600R is a dual-band wireless router released by the Korean brand TOTOLINK in 2013. It supports concurrent operation in the 2.4GHz and 5GHz bands, with a maximum wireless transmission rate of 300Mbps. An attacker could exploit this vulnerability to execute arbitrary commands
VAR-202508-3053 CVE-2025-30099 Dell's  data domain operating system  In  OS  Command injection vulnerability CVSS V2: 6.8
CVSS V3: 7.8
Severity: HIGH
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges. (DoS) It may be in a state. Dell PowerProtect Data Domain (Dell PowerProtect DD) is a set of hardware appliances from Dell for data protection, backup, storage, and deduplication
VAR-202508-1700 CVE-2025-30098 Dell's  data domain operating system  In  OS  Command injection vulnerability CVSS V2: 6.5
CVSS V3: 6.7
Severity: MEDIUM
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges. (DoS) It may be in a state. Dell PowerProtect Data Domain (Dell PowerProtect DD) is a set of hardware appliances from Dell for data protection, backup, storage, and deduplication