VARIoT IoT vulnerabilities database
| VAR-202507-2973 | CVE-2025-53712 | TP-LINK Technologies of TL-WR841N Buffer error vulnerability in firmware |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WlanNetworkRpm_AP.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service (DoS) condition. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer. TP-LINK Technologies of TL-WR841N The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state
| VAR-202507-2939 | CVE-2025-53711 | TP-LINK Technologies of TL-WR841N Buffer error vulnerability in firmware |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
A vulnerability has been found in TP-Link TL-WR841N v11, TL-WR842ND v2 and TL-WR494N v3. The vulnerability exists in the /userRpm/WlanNetworkRpm.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service (DoS) condition. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer. TP-LINK Technologies of TL-WR841N The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state
| VAR-202507-3065 | CVE-2025-52284 | TOTOLINK of x6000r Command injection vulnerability in firmware |
CVSS V2: 6.4 CVSS V3: 6.5 Severity: MEDIUM |
Totolink X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in the sub_4184C0 function via the tz parameter. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request. TOTOLINK of x6000r Firmware contains a command injection vulnerability.Information may be obtained and information may be tampered with. The TOTOLINK X6000R, a wireless router released by China's TOTOLINK Electronics, supports WiFi 6 technology, offering high concurrent connections and dual-band transmission capabilities. Detailed vulnerability details are currently unavailable
| VAR-202507-3601 | No CVE | Shenzhen Jixiang Tengda Technology Co., Ltd.'s Tenda HG10 has a command execution vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Shenzhen Jixiang Tengda Technology Co., Ltd. (Tenda) is a high-tech enterprise specializing in the research and development, production, sales, and service of network communication equipment.
Shenzhen Jixiang Tengda Technology Co., Ltd.'s Tenda HG10 has a command execution vulnerability that could allow an attacker to execute arbitrary commands.
| VAR-202507-3915 | No CVE | Shenzhen Jixiang Tengda Technology Co., Ltd.'s Tenda HG10 has a denial of service vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Shenzhen Jixiang Tengda Technology Co., Ltd. (Tenda) is a high-tech enterprise specializing in the research and development, production, sales, and service of network communication equipment.
A denial of service vulnerability exists in the Tenda HG10, a device manufactured by Shenzhen Jixiang Tengda Technology Co., Ltd., that could be exploited by an attacker to cause a denial of service.
| VAR-202507-3838 | No CVE | D-Link DI-500WF from D-Link Electronics (Shanghai) Co., Ltd. has a command execution vulnerability |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
The D-Link DI-500WF is a panel-mounted wireless access point.
The D-Link DI-500WF, manufactured by D-Link Electronics (Shanghai) Co., Ltd., has a command execution vulnerability that could allow an attacker to execute arbitrary commands.
| VAR-202507-3600 | No CVE | Sharp Technology (Shanghai) Co., Ltd.'s SHARP-MX series has an information disclosure vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Sharp Technology (Shanghai) Co., Ltd. is a world-renowned developer and manufacturer of comprehensive electronic products.
Sharp Technology (Shanghai) Co., Ltd.'s SHARP-MX series products contain an information leakage vulnerability that could allow attackers to obtain sensitive information.
| VAR-202507-3839 | No CVE | Shenzhen Jixiang Tengda Technology Co., Ltd. HG7, HG9, HG10 and HG10C have a command execution vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Shenzhen Jixiang Tengda Technology Co., Ltd. (Tenda) is a high-tech enterprise specializing in the research and development, production, sales, and service of network communication equipment.
Shenzhen Jixiang Tenda Technology Co., Ltd.'s HG7, HG9, HG10, and HG10C devices contain a command execution vulnerability that could allow an attacker to execute arbitrary commands.
| VAR-202507-3676 | No CVE | Vicon Industries IQinVision has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Vicon Industries specializes in the development and production of security and surveillance solutions.
A weak password vulnerability exists in Vicon Industries' IQinVision software, allowing attackers to obtain sensitive information.
| VAR-202507-3602 | No CVE | Shenzhen Jixiang Tengda Technology Co., Ltd.'s Tenda HG10 has a command execution vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Shenzhen Jixiang Tengda Technology Co., Ltd. (Tenda) is a high-tech enterprise specializing in the research and development, production, sales, and service of network communication equipment.
Shenzhen Jixiang Tengda Technology Co., Ltd.'s Tenda HG10 has a command execution vulnerability that could allow an attacker to execute arbitrary commands.
| VAR-202507-2623 | CVE-2025-8246 | TOTOLINK of X15 Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boafrm/formRoute of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of X15 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. The TOTOLINK X15 is a router manufactured by TOTOLINK. An attacker could exploit this vulnerability by crafting a malicious request to trigger the buffer overflow and remotely execute arbitrary code
| VAR-202507-2656 | CVE-2025-8245 | TOTOLINK of X15 Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMultiAPVLAN of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of X15 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. The TOTOLINK X15 is a wireless network extender manufactured by China's TOTOLINK Electronics, primarily used to extend Wi-Fi coverage. It supports Wi-Fi 6 technology and offers AX1500 wireless transmission speeds, making it suitable for home and small office environments. An attacker could exploit this vulnerability to cause a denial of service or execute arbitrary code
| VAR-202507-2587 | CVE-2025-8244 | TOTOLINK of X15 Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. Affected is an unknown function of the file /boafrm/formMapDelDevice of the component HTTP POST Request Handler. The manipulation of the argument macstr leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of X15 The firmware contains buffer error vulnerabilities, classic buffer overflow vulnerabilities, and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK X15 is a wireless network extender manufactured by TOTOLINK Electronics of China, primarily used to extend Wi-Fi coverage. This device supports Wi-Fi 6 technology and offers AX1500 wireless transmission speeds, making it suitable for home and small office environments. An attacker could exploit this vulnerability by remotely constructing an overly long macstr parameter, triggering a buffer overflow and potentially causing a denial of service or arbitrary code execution
| VAR-202507-2568 | CVE-2025-8243 | TOTOLINK of X15 Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This issue affects some unknown processing of the file /boafrm/formMapDel of the component HTTP POST Request Handler. The manipulation of the argument devicemac1 leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of X15 The firmware contains buffer error vulnerabilities, classic buffer overflow vulnerabilities, and out-of-bounds write vulnerabilities.Service operation interruption (DoS) It may be in a state. The TOTOLINK X15 is a wireless network extender manufactured by TOTOLINK, a Chinese company. It's primarily used to extend Wi-Fi coverage. It supports Wi-Fi 6 technology and offers AX1500 wireless transmission speeds, making it suitable for home and small office environments. An attacker could exploit this vulnerability to cause a denial of service or execute arbitrary code
| VAR-202507-2687 | CVE-2025-8242 | TOTOLINK of X15 Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability has been found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation of the argument ip6addr/url/vpnPassword/vpnUser leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of X15 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. The TOTOLINK X15 is a wireless network extender manufactured by China's TOTOLINK Electronics, primarily used to extend Wi-Fi coverage. It supports Wi-Fi 6 technology and offers AX1500 wireless transmission speeds, making it suitable for home and small office environments. An attacker could exploit this vulnerability to cause a denial of service or execute arbitrary code
| VAR-202507-2636 | CVE-2025-8231 | D-Link Systems, Inc. of DIR-890L Hardcoded password usage vulnerability in firmware |
CVSS V2: 7.2 CVSS V3: 6.8 Severity: Medium |
A vulnerability, which was classified as critical, has been found in D-Link DIR-890L up to 111b04. This issue affects some unknown processing of the file rgbin of the component UART Port. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-890L The firmware contains vulnerabilities related to the use of hard-coded passwords and vulnerabilities related to the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202507-3603 | No CVE | Honeywell PM43 has a command execution vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
The Honeywell PM43 is an industrial-grade label printer.
The Honeywell PM43 has a command execution vulnerability that could allow an attacker to execute arbitrary commands.
| VAR-202507-3916 | No CVE | Shenzhen Jixiang Tengda Technology Co., Ltd. CH22 has a command execution vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
The CH22 is a network device.
The CH22 of Shenzhen Jixiang Tengda Technology Co., Ltd. has a command execution vulnerability that could allow an attacker to execute arbitrary commands.
| VAR-202507-2661 | CVE-2025-8184 | D-Link Systems, Inc. of DIR-513 Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was found in D-Link DIR-513 up to 1.10 and classified as critical. This issue affects the function formSetWanL2TPcallback of the file /goform/formSetWanL2TPtriggers of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-513 The firmware contains a buffer error vulnerability, a stack-based buffer overflow vulnerability, and an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DIR-513 is a portable wireless router featuring a slim design and ease of use. It supports IEEE 802.11n and 802.11g/b standards and offers a maximum transmission rate of 300Mbps. An attacker could exploit this vulnerability by remotely sending specially crafted data to trigger the buffer overflow, resulting in a denial of service or arbitrary code execution
| VAR-202507-2610 | CVE-2025-8182 | Shenzhen Tenda Technology Co.,Ltd. of AC18 Weak password requirement vulnerability in firmware |
CVSS V2: 5.1 CVSS V3: 5.6 Severity: Low |
A vulnerability has been found in Tenda AC18 15.03.05.19 and classified as problematic. This vulnerability affects unknown code of the file /etc_ro/smb.conf of the component Samba. The manipulation leads to weak password requirements. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. in July 2016, primarily for villas and large homes. Detailed vulnerability details are currently unavailable