VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202507-2973 CVE-2025-53712 TP-LINK Technologies  of  TL-WR841N  Buffer error vulnerability in firmware CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WlanNetworkRpm_AP.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service (DoS) condition.  The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer. TP-LINK Technologies of TL-WR841N The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state
VAR-202507-2939 CVE-2025-53711 TP-LINK Technologies  of  TL-WR841N  Buffer error vulnerability in firmware CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
A vulnerability has been found in TP-Link TL-WR841N v11, TL-WR842ND v2 and TL-WR494N v3. The vulnerability exists in the /userRpm/WlanNetworkRpm.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service (DoS) condition. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer. TP-LINK Technologies of TL-WR841N The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state
VAR-202507-3065 CVE-2025-52284 TOTOLINK  of  x6000r  Command injection vulnerability in firmware CVSS V2: 6.4
CVSS V3: 6.5
Severity: MEDIUM
Totolink X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in the sub_4184C0 function via the tz parameter. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request. TOTOLINK of x6000r Firmware contains a command injection vulnerability.Information may be obtained and information may be tampered with. The TOTOLINK X6000R, a wireless router released by China's TOTOLINK Electronics, supports WiFi 6 technology, offering high concurrent connections and dual-band transmission capabilities. Detailed vulnerability details are currently unavailable
VAR-202507-3601 No CVE Shenzhen Jixiang Tengda Technology Co., Ltd.'s Tenda HG10 has a command execution vulnerability CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
Shenzhen Jixiang Tengda Technology Co., Ltd. (Tenda) is a high-tech enterprise specializing in the research and development, production, sales, and service of network communication equipment. Shenzhen Jixiang Tengda Technology Co., Ltd.'s Tenda HG10 has a command execution vulnerability that could allow an attacker to execute arbitrary commands.
VAR-202507-3915 No CVE Shenzhen Jixiang Tengda Technology Co., Ltd.'s Tenda HG10 has a denial of service vulnerability CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
Shenzhen Jixiang Tengda Technology Co., Ltd. (Tenda) is a high-tech enterprise specializing in the research and development, production, sales, and service of network communication equipment. A denial of service vulnerability exists in the Tenda HG10, a device manufactured by Shenzhen Jixiang Tengda Technology Co., Ltd., that could be exploited by an attacker to cause a denial of service.
VAR-202507-3838 No CVE D-Link DI-500WF from D-Link Electronics (Shanghai) Co., Ltd. has a command execution vulnerability CVSS V2: 7.1
CVSS V3: -
Severity: HIGH
The D-Link DI-500WF is a panel-mounted wireless access point. The D-Link DI-500WF, manufactured by D-Link Electronics (Shanghai) Co., Ltd., has a command execution vulnerability that could allow an attacker to execute arbitrary commands.
VAR-202507-3600 No CVE Sharp Technology (Shanghai) Co., Ltd.'s SHARP-MX series has an information disclosure vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Sharp Technology (Shanghai) Co., Ltd. is a world-renowned developer and manufacturer of comprehensive electronic products. Sharp Technology (Shanghai) Co., Ltd.'s SHARP-MX series products contain an information leakage vulnerability that could allow attackers to obtain sensitive information.
VAR-202507-3839 No CVE Shenzhen Jixiang Tengda Technology Co., Ltd. HG7, HG9, HG10 and HG10C have a command execution vulnerability CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
Shenzhen Jixiang Tengda Technology Co., Ltd. (Tenda) is a high-tech enterprise specializing in the research and development, production, sales, and service of network communication equipment. Shenzhen Jixiang Tenda Technology Co., Ltd.'s HG7, HG9, HG10, and HG10C devices contain a command execution vulnerability that could allow an attacker to execute arbitrary commands.
VAR-202507-3676 No CVE Vicon Industries IQinVision has a weak password vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Vicon Industries specializes in the development and production of security and surveillance solutions. A weak password vulnerability exists in Vicon Industries' IQinVision software, allowing attackers to obtain sensitive information.
VAR-202507-3602 No CVE Shenzhen Jixiang Tengda Technology Co., Ltd.'s Tenda HG10 has a command execution vulnerability CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
Shenzhen Jixiang Tengda Technology Co., Ltd. (Tenda) is a high-tech enterprise specializing in the research and development, production, sales, and service of network communication equipment. Shenzhen Jixiang Tengda Technology Co., Ltd.'s Tenda HG10 has a command execution vulnerability that could allow an attacker to execute arbitrary commands.
VAR-202507-2623 CVE-2025-8246 TOTOLINK  of  X15  Buffer error vulnerability in firmware CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boafrm/formRoute of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of X15 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. The TOTOLINK X15 is a router manufactured by TOTOLINK. An attacker could exploit this vulnerability by crafting a malicious request to trigger the buffer overflow and remotely execute arbitrary code
VAR-202507-2656 CVE-2025-8245 TOTOLINK  of  X15  Buffer error vulnerability in firmware CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMultiAPVLAN of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of X15 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. The TOTOLINK X15 is a wireless network extender manufactured by China's TOTOLINK Electronics, primarily used to extend Wi-Fi coverage. It supports Wi-Fi 6 technology and offers AX1500 wireless transmission speeds, making it suitable for home and small office environments. An attacker could exploit this vulnerability to cause a denial of service or execute arbitrary code
VAR-202507-2587 CVE-2025-8244 TOTOLINK  of  X15  Buffer error vulnerability in firmware CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. Affected is an unknown function of the file /boafrm/formMapDelDevice of the component HTTP POST Request Handler. The manipulation of the argument macstr leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of X15 The firmware contains buffer error vulnerabilities, classic buffer overflow vulnerabilities, and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK X15 is a wireless network extender manufactured by TOTOLINK Electronics of China, primarily used to extend Wi-Fi coverage. This device supports Wi-Fi 6 technology and offers AX1500 wireless transmission speeds, making it suitable for home and small office environments. An attacker could exploit this vulnerability by remotely constructing an overly long macstr parameter, triggering a buffer overflow and potentially causing a denial of service or arbitrary code execution
VAR-202507-2568 CVE-2025-8243 TOTOLINK  of  X15  Buffer error vulnerability in firmware CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This issue affects some unknown processing of the file /boafrm/formMapDel of the component HTTP POST Request Handler. The manipulation of the argument devicemac1 leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of X15 The firmware contains buffer error vulnerabilities, classic buffer overflow vulnerabilities, and out-of-bounds write vulnerabilities.Service operation interruption (DoS) It may be in a state. The TOTOLINK X15 is a wireless network extender manufactured by TOTOLINK, a Chinese company. It's primarily used to extend Wi-Fi coverage. It supports Wi-Fi 6 technology and offers AX1500 wireless transmission speeds, making it suitable for home and small office environments. An attacker could exploit this vulnerability to cause a denial of service or execute arbitrary code
VAR-202507-2687 CVE-2025-8242 TOTOLINK  of  X15  Buffer error vulnerability in firmware CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability has been found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation of the argument ip6addr/url/vpnPassword/vpnUser leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of X15 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. The TOTOLINK X15 is a wireless network extender manufactured by China's TOTOLINK Electronics, primarily used to extend Wi-Fi coverage. It supports Wi-Fi 6 technology and offers AX1500 wireless transmission speeds, making it suitable for home and small office environments. An attacker could exploit this vulnerability to cause a denial of service or execute arbitrary code
VAR-202507-2636 CVE-2025-8231 D-Link Systems, Inc.  of  DIR-890L  Hardcoded password usage vulnerability in firmware CVSS V2: 7.2
CVSS V3: 6.8
Severity: Medium
A vulnerability, which was classified as critical, has been found in D-Link DIR-890L up to 111b04. This issue affects some unknown processing of the file rgbin of the component UART Port. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-890L The firmware contains vulnerabilities related to the use of hard-coded passwords and vulnerabilities related to the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202507-3603 No CVE Honeywell PM43 has a command execution vulnerability CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
The Honeywell PM43 is an industrial-grade label printer. The Honeywell PM43 has a command execution vulnerability that could allow an attacker to execute arbitrary commands.
VAR-202507-3916 No CVE Shenzhen Jixiang Tengda Technology Co., Ltd. CH22 has a command execution vulnerability CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
The CH22 is a network device. The CH22 of Shenzhen Jixiang Tengda Technology Co., Ltd. has a command execution vulnerability that could allow an attacker to execute arbitrary commands.
VAR-202507-2661 CVE-2025-8184 D-Link Systems, Inc.  of  DIR-513  Buffer error vulnerability in firmware CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability was found in D-Link DIR-513 up to 1.10 and classified as critical. This issue affects the function formSetWanL2TPcallback of the file /goform/formSetWanL2TPtriggers of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-513 The firmware contains a buffer error vulnerability, a stack-based buffer overflow vulnerability, and an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DIR-513 is a portable wireless router featuring a slim design and ease of use. It supports IEEE 802.11n and 802.11g/b standards and offers a maximum transmission rate of 300Mbps. An attacker could exploit this vulnerability by remotely sending specially crafted data to trigger the buffer overflow, resulting in a denial of service or arbitrary code execution
VAR-202507-2610 CVE-2025-8182 Shenzhen Tenda Technology Co.,Ltd.  of  AC18  Weak password requirement vulnerability in firmware CVSS V2: 5.1
CVSS V3: 5.6
Severity: Low
A vulnerability has been found in Tenda AC18 15.03.05.19 and classified as problematic. This vulnerability affects unknown code of the file /etc_ro/smb.conf of the component Samba. The manipulation leads to weak password requirements. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. in July 2016, primarily for villas and large homes. Detailed vulnerability details are currently unavailable