VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202507-0412 CVE-2025-7415 Shenzhen Tenda Technology Co.,Ltd.  of  o3  Injection Vulnerability in Firmware CVSS V2: 6.5
CVSS V3: 6.3
Severity: Low
A vulnerability, which was classified as critical, has been found in Tenda O3V2 1.0.0.12(3880). This issue affects the function fromTraceroutGet of the file /goform/getTraceroute of the component httpd. The manipulation of the argument dest leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of o3 The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda O3V2 is an outdoor wireless network bridge from the Chinese company Tenda. The Tenda O3V2 suffers from a command injection vulnerability caused by the failure of the dest parameter in the /goform/getTraceroute file to properly sanitize special characters and commands in constructed commands. Detailed vulnerability details are currently unavailable
VAR-202507-0531 CVE-2025-7414 Shenzhen Tenda Technology Co.,Ltd.  of  o3  Command injection vulnerability in firmware CVSS V2: 6.5
CVSS V3: 6.3
Severity: Low
A vulnerability classified as critical was found in Tenda O3V2 1.0.0.12(3880). This vulnerability affects the function fromNetToolGet of the file /goform/setPingInfo of the component httpd. The manipulation of the argument domain leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of o3 The firmware contains a command injection vulnerability. OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda O3V2 has a command injection vulnerability caused by the failure of the domain parameter in the /goform/setPingInfo file to properly filter special characters and commands when constructing commands. Detailed vulnerability details are not available at this time
VAR-202507-0505 CVE-2025-7407 of netgear  D6400  Command injection vulnerability in firmware CVSS V2: 6.5
CVSS V3: 6.3
Severity: Low
A vulnerability, which was classified as critical, was found in Netgear D6400 1.0.0.114. This affects an unknown part of the file diag.cgi. The manipulation of the argument host_name leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early and confirmed the existence of the vulnerability. They reacted very quickly, professional and kind. This vulnerability only affects products that are no longer supported by the maintainer. OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Netgear D6400 is a wireless modem manufactured by NETGEAR
VAR-202507-0593 CVE-2025-6377 Rockwell Automation  of  Arena  Out-of-bounds write vulnerability in CVSS V2: 7.2
CVSS V3: 7.8
Severity: HIGH
A remote code execution security issue exists in the Rockwell Automation Arena®.   A crafted DOE file can force Arena Simulation to write beyond the boundaries of an allocated object. Exploitation requires user interaction, such as opening a malicious file within the software. If exploited, a threat actor could execute arbitrary code on the target system. The software must run under the context of the administrator in order to cause worse case impact. This is reflected in the Rockwell CVSS score, as AT:P. Rockwell Automation of Arena Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process
VAR-202507-0649 CVE-2025-6376 Rockwell Automation  of  Arena  Out-of-bounds write vulnerability in CVSS V2: 7.2
CVSS V3: 7.8
Severity: HIGH
A remote code execution security issue exists in the Rockwell Automation Arena®.   A crafted DOE file can force Arena Simulation to write beyond the boundaries of an allocated object. Exploitation requires user interaction, such as opening a malicious file within the software. If exploited, a threat actor could execute arbitrary code on the target system. The software must run under the context of the administrator in order to cause worse case impact. This is reflected in the Rockwell CVSS score, as AT:P. Rockwell Automation of Arena Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process
VAR-202507-0217 CVE-2025-7206 D-Link Systems, Inc.  of  DIR-825  Buffer error vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: High
A vulnerability, which was classified as critical, has been found in D-Link DIR-825 2.10. This issue affects the function sub_410DDC of the file switch_language.cgi of the component httpd. The manipulation of the argument Language leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-825 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DIR-605L is D-Link's first cloud router, designed for home and small office networks. The D-Link DIR-605L suffers from a buffer overflow vulnerability. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
VAR-202507-0252 CVE-2025-7194 D-Link Systems, Inc.  of  DI-500WF  Buffer error vulnerability in firmware CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability was found in D-Link DI-500WF 17.04.10A1T. It has been declared as critical. Affected by this vulnerability is the function sprintf of the file ip_position.asp of the component jhttpd. The manipulation of the argument ip leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of DI-500WF The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DI-500WF is a panel-mounted wireless access point (AP) designed according to international wireless standards. It supports the 2.4GHz frequency band and offers wireless transmission speeds of up to 300Mbps, making it environmentally friendly. The D-Link DI-500WF suffers from a buffer overflow vulnerability. An attacker could exploit this vulnerability to execute remote code
VAR-202507-0208 CVE-2025-7192 D-Link Systems, Inc.  of  DIR-645  Injection Vulnerability in Firmware CVSS V2: 6.5
CVSS V3: 6.3
Severity: Low
A vulnerability was found in D-Link DIR-645 up to 1.05B01 and classified as critical. This issue affects the function ssdpcgi_main of the file /htdocs/cgibin of the component ssdpcgi. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-645 The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DIR-645 is a Gigabit wireless router launched by D-Link in 2012 for home and small business users. The D-Link DIR-645 suffers from a command injection vulnerability caused by the ssdpcgi_main function in the file /htdocs/cgibin in the ssdpcgi component, which fails to properly sanitize special characters and commands in constructed commands. No detailed vulnerability details are currently available
VAR-202507-2600 CVE-2025-2827 IBM  of  IBM Sterling File Gateway  Directory listing information disclosure vulnerability in CVSS V2: 4.0
CVSS V3: 4.3
Severity: MEDIUM
IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4 could disclose sensitive installation directory information to an authenticated user that could be used in further attacks against the system. Attackers can exploit this vulnerability to obtain sensitive path information of the system and then plan further attacks against the system
VAR-202507-1286 CVE-2025-21427 Buffer over-read vulnerability in multiple Qualcomm products CVSS V2: -
CVSS V3: 8.2
Severity: HIGH
Information disclosure while decoding this RTP packet Payload when UE receives the RTP packet from the network. SM6250 firmware, SM6370 firmware, sm7315 Multiple Qualcomm products, including firmware, contain buffer over-read vulnerabilities and out-of-bounds read vulnerabilities.Information is obtained and service operation is interrupted (DoS) It may be in a state
VAR-202507-0096 CVE-2025-40741 Siemens'  Solid Edge  Stack-based buffer overflow vulnerability in CVSS V2: 7.2
CVSS V3: 7.8
Severity: High
A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 5). The affected applications contain a stack based overflow vulnerability while parsing specially crafted CFG files. This could allow an attacker to execute code in the context of the current process. Siemens' Solid Edge Exists in a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens Solid Edge SE2025 is a development software of Siemens, a German company
VAR-202507-0094 CVE-2025-40740 Siemens'  Solid Edge  Out-of-bounds read vulnerability in CVSS V2: 7.2
CVSS V3: 7.8
Severity: High
A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. Siemens' Solid Edge Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens Solid Edge SE2025 is a development software of Siemens, a German company
VAR-202507-0068 CVE-2025-40735 Siemens'  SINEC NMS  In  SQL  Injection vulnerability CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected devices are vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database. Siemens' SINEC NMS for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens SINEC NMS is a network management system (NMS) of Siemens, Germany. The system can be used to centrally monitor, manage and configure industrial networks with tens of thousands of devices around the clock, including security-related areas
VAR-202507-0163 CVE-2025-40593 Siemens'  simatic cn 4100  Input verification vulnerability in CVSS V2: 6.8
CVSS V3: 6.5
Severity: High
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0). The affected application allows to control the device by storing arbitrary files in the SFTP folder of the device. This could allow an attacker to cause a denial of service condition. Siemens' simatic cn 4100 There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Siemens SIMATIC CN 4100 is a communication node of Siemens, a German company
VAR-202507-0084 CVE-2025-23365 Siemens'  TIA Administrator  access control vulnerabilities in CVSS V2: 6.8
CVSS V3: 7.8
Severity: High
A vulnerability has been identified in TIA Administrator (All versions < V3.0.6). The affected application allows low-privileged users to trigger installations by overwriting cache files and modifying the downloads path. This would allow an attacker to escalate privilege and exceute arbitrary code. Siemens' TIA Administrator contains an access control vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens TIA Administrator is a management program used by Siemens of Germany to authorize and license SIMATIC products
VAR-202507-0083 CVE-2025-23364 Siemens'  TIA Administrator  Digital Signature Verification Vulnerability in CVSS V2: 4.9
CVSS V3: 6.2
Severity: Medium
A vulnerability has been identified in TIA Administrator (All versions < V3.0.6). The affected application improperly validates code signing certificates. This could allow an attacker to bypass the check and exceute arbitrary code during installations. Siemens' TIA Administrator Exists in a digital signature verification vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens TIA Administrator is a management program used by Siemens in Germany to authorize and license SIMATIC products
VAR-202507-0189 CVE-2024-31854 Siemens'  SICAM TOOLBOX II  Certificate validation vulnerabilities in CVSS V2: 7.6
CVSS V3: 8.1
Severity: High
A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.11). During establishment of a https connection to the TLS server of a managed device, the affected application doesn't check device's certificate common name against an expected value. This could allow an attacker to execute an on-path network (MitM) attack. Siemens' SICAM TOOLBOX II Exists in a certificate validation vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens SICAM TOOLBOX II is an engineering software of Siemens, Germany. The vulnerability is caused by not checking the common name of the device certificate. Attackers can exploit this vulnerability to cause man-in-the-middle attacks
VAR-202507-0190 CVE-2024-31853 Siemens'  SICAM TOOLBOX II  Certificate validation vulnerabilities in CVSS V2: 7.6
CVSS V3: 8.1
Severity: High
A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.11). During establishment of a https connection to the TLS server of a managed device, the affected application doesn't check the extended key usage attribute of that device's certificate. This could allow an attacker to execute an on-path network (MitM) attack. Siemens' SICAM TOOLBOX II Exists in a certificate validation vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens SICAM TOOLBOX II is an engineering software of Siemens, Germany. Attackers can exploit this vulnerability to cause man-in-the-middle attacks
VAR-202507-0155 CVE-2025-7154 TOTOLINK  of  N200RE  Command injection vulnerability in firmware CVSS V2: 6.5
CVSS V3: 6.3
Severity: Low
A vulnerability, which was classified as critical, has been found in TOTOLINK N200RE 9.3.5u.6095_B20200916/9.3.5u.6139_B20201216. Affected by this issue is the function sub_41A0F8 of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Hostname leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of N200RE The firmware contains a command injection vulnerability. OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK N200RE is a SOHO wireless router that utilizes 11N wireless technology, achieving a maximum wireless transmission rate of 300Mbps. It supports MIMO architecture and ATCT (Automatic Channel Detection) technology, effectively improving wireless performance and stability. The TOTOLINK N200RE suffers from a command injection vulnerability caused by the failure of the Hostname parameter in the /cgi-bin/cstecgi.cgi file to properly sanitize special characters and commands in constructed commands. No detailed vulnerability details are currently available
VAR-202507-1068 CVE-2025-42968 CVSS V2: -
CVSS V3: 5.0
Severity: MEDIUM
SAP NetWeaver allows an authenticated non-administrative user to call the remote-enabled function module which could grants access to non-sensitive information about the SAP system and OS without requiring any specific knowledge or controlled conditions. This leads to a low impact on confidentiality with no effect on integrity or availability of the application.