VARIoT IoT vulnerabilities database
| VAR-202507-0412 | CVE-2025-7415 | Shenzhen Tenda Technology Co.,Ltd. of o3 Injection Vulnerability in Firmware |
CVSS V2: 6.5 CVSS V3: 6.3 Severity: Low |
A vulnerability, which was classified as critical, has been found in Tenda O3V2 1.0.0.12(3880). This issue affects the function fromTraceroutGet of the file /goform/getTraceroute of the component httpd. The manipulation of the argument dest leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of o3 The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda O3V2 is an outdoor wireless network bridge from the Chinese company Tenda.
The Tenda O3V2 suffers from a command injection vulnerability caused by the failure of the dest parameter in the /goform/getTraceroute file to properly sanitize special characters and commands in constructed commands. Detailed vulnerability details are currently unavailable
| VAR-202507-0531 | CVE-2025-7414 | Shenzhen Tenda Technology Co.,Ltd. of o3 Command injection vulnerability in firmware |
CVSS V2: 6.5 CVSS V3: 6.3 Severity: Low |
A vulnerability classified as critical was found in Tenda O3V2 1.0.0.12(3880). This vulnerability affects the function fromNetToolGet of the file /goform/setPingInfo of the component httpd. The manipulation of the argument domain leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of o3 The firmware contains a command injection vulnerability. OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state.
The Tenda O3V2 has a command injection vulnerability caused by the failure of the domain parameter in the /goform/setPingInfo file to properly filter special characters and commands when constructing commands. Detailed vulnerability details are not available at this time
| VAR-202507-0505 | CVE-2025-7407 | of netgear D6400 Command injection vulnerability in firmware |
CVSS V2: 6.5 CVSS V3: 6.3 Severity: Low |
A vulnerability, which was classified as critical, was found in Netgear D6400 1.0.0.114. This affects an unknown part of the file diag.cgi. The manipulation of the argument host_name leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early and confirmed the existence of the vulnerability. They reacted very quickly, professional and kind. This vulnerability only affects products that are no longer supported by the maintainer. OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Netgear D6400 is a wireless modem manufactured by NETGEAR
| VAR-202507-0593 | CVE-2025-6377 | Rockwell Automation of Arena Out-of-bounds write vulnerability in |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
A remote
code execution security issue exists in the Rockwell Automation Arena®. A crafted DOE
file can force Arena Simulation to write beyond the boundaries of an allocated
object. Exploitation
requires user interaction, such as opening a malicious file within the software.
If exploited, a threat actor could execute arbitrary code on the target system.
The software must run under the context of the administrator in order to cause
worse case impact. This is reflected in the Rockwell CVSS score, as AT:P. Rockwell Automation of Arena Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process
| VAR-202507-0649 | CVE-2025-6376 | Rockwell Automation of Arena Out-of-bounds write vulnerability in |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
A remote
code execution security issue exists in the Rockwell Automation Arena®. A crafted DOE
file can force Arena Simulation to write beyond the boundaries of an allocated
object. Exploitation
requires user interaction, such as opening a malicious file within the software.
If exploited, a threat actor could execute arbitrary code on the target system.
The software must run under the context of the administrator in order to cause
worse case impact. This is reflected in the Rockwell CVSS score, as AT:P. Rockwell Automation of Arena Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process
| VAR-202507-0217 | CVE-2025-7206 | D-Link Systems, Inc. of DIR-825 Buffer error vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: High |
A vulnerability, which was classified as critical, has been found in D-Link DIR-825 2.10. This issue affects the function sub_410DDC of the file switch_language.cgi of the component httpd. The manipulation of the argument Language leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-825 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DIR-605L is D-Link's first cloud router, designed for home and small office networks.
The D-Link DIR-605L suffers from a buffer overflow vulnerability. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202507-0252 | CVE-2025-7194 | D-Link Systems, Inc. of DI-500WF Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was found in D-Link DI-500WF 17.04.10A1T. It has been declared as critical. Affected by this vulnerability is the function sprintf of the file ip_position.asp of the component jhttpd. The manipulation of the argument ip leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of DI-500WF The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DI-500WF is a panel-mounted wireless access point (AP) designed according to international wireless standards. It supports the 2.4GHz frequency band and offers wireless transmission speeds of up to 300Mbps, making it environmentally friendly.
The D-Link DI-500WF suffers from a buffer overflow vulnerability. An attacker could exploit this vulnerability to execute remote code
| VAR-202507-0208 | CVE-2025-7192 | D-Link Systems, Inc. of DIR-645 Injection Vulnerability in Firmware |
CVSS V2: 6.5 CVSS V3: 6.3 Severity: Low |
A vulnerability was found in D-Link DIR-645 up to 1.05B01 and classified as critical. This issue affects the function ssdpcgi_main of the file /htdocs/cgibin of the component ssdpcgi. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-645 The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DIR-645 is a Gigabit wireless router launched by D-Link in 2012 for home and small business users.
The D-Link DIR-645 suffers from a command injection vulnerability caused by the ssdpcgi_main function in the file /htdocs/cgibin in the ssdpcgi component, which fails to properly sanitize special characters and commands in constructed commands. No detailed vulnerability details are currently available
| VAR-202507-2600 | CVE-2025-2827 | IBM of IBM Sterling File Gateway Directory listing information disclosure vulnerability in |
CVSS V2: 4.0 CVSS V3: 4.3 Severity: MEDIUM |
IBM Sterling File Gateway
6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4
could disclose sensitive installation directory information to an authenticated user that could be used in further attacks against the system. Attackers can exploit this vulnerability to obtain sensitive path information of the system and then plan further attacks against the system
| VAR-202507-1286 | CVE-2025-21427 | Buffer over-read vulnerability in multiple Qualcomm products |
CVSS V2: - CVSS V3: 8.2 Severity: HIGH |
Information disclosure while decoding this RTP packet Payload when UE receives the RTP packet from the network. SM6250 firmware, SM6370 firmware, sm7315 Multiple Qualcomm products, including firmware, contain buffer over-read vulnerabilities and out-of-bounds read vulnerabilities.Information is obtained and service operation is interrupted (DoS) It may be in a state
| VAR-202507-0096 | CVE-2025-40741 | Siemens' Solid Edge Stack-based buffer overflow vulnerability in |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: High |
A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 5). The affected applications contain a stack based overflow vulnerability while parsing specially crafted CFG files.
This could allow an attacker to execute code in the context of the current process. Siemens' Solid Edge Exists in a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens Solid Edge SE2025 is a development software of Siemens, a German company
| VAR-202507-0094 | CVE-2025-40740 | Siemens' Solid Edge Out-of-bounds read vulnerability in |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: High |
A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files.
This could allow an attacker to execute code in the context of the current process. Siemens' Solid Edge Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens Solid Edge SE2025 is a development software of Siemens, a German company
| VAR-202507-0068 | CVE-2025-40735 | Siemens' SINEC NMS In SQL Injection vulnerability |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected devices are vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database. Siemens' SINEC NMS for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens SINEC NMS is a network management system (NMS) of Siemens, Germany. The system can be used to centrally monitor, manage and configure industrial networks with tens of thousands of devices around the clock, including security-related areas
| VAR-202507-0163 | CVE-2025-40593 | Siemens' simatic cn 4100 Input verification vulnerability in |
CVSS V2: 6.8 CVSS V3: 6.5 Severity: High |
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0). The affected application allows to control the device by storing arbitrary files in the SFTP folder of the device. This could allow an attacker to cause a denial of service condition. Siemens' simatic cn 4100 There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Siemens SIMATIC CN 4100 is a communication node of Siemens, a German company
| VAR-202507-0084 | CVE-2025-23365 | Siemens' TIA Administrator access control vulnerabilities in |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: High |
A vulnerability has been identified in TIA Administrator (All versions < V3.0.6). The affected application allows low-privileged users to trigger installations by overwriting cache files and modifying the downloads path. This would allow an attacker to escalate privilege and exceute arbitrary code. Siemens' TIA Administrator contains an access control vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens TIA Administrator is a management program used by Siemens of Germany to authorize and license SIMATIC products
| VAR-202507-0083 | CVE-2025-23364 | Siemens' TIA Administrator Digital Signature Verification Vulnerability in |
CVSS V2: 4.9 CVSS V3: 6.2 Severity: Medium |
A vulnerability has been identified in TIA Administrator (All versions < V3.0.6). The affected application improperly validates code signing certificates.
This could allow an attacker to bypass the check and exceute arbitrary code during installations. Siemens' TIA Administrator Exists in a digital signature verification vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens TIA Administrator is a management program used by Siemens in Germany to authorize and license SIMATIC products
| VAR-202507-0189 | CVE-2024-31854 | Siemens' SICAM TOOLBOX II Certificate validation vulnerabilities in |
CVSS V2: 7.6 CVSS V3: 8.1 Severity: High |
A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.11). During establishment of a https connection to the TLS server of a managed device, the affected application doesn't check device's certificate common name against an expected value.
This could allow an attacker to execute an on-path network (MitM) attack. Siemens' SICAM TOOLBOX II Exists in a certificate validation vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens SICAM TOOLBOX II is an engineering software of Siemens, Germany. The vulnerability is caused by not checking the common name of the device certificate. Attackers can exploit this vulnerability to cause man-in-the-middle attacks
| VAR-202507-0190 | CVE-2024-31853 | Siemens' SICAM TOOLBOX II Certificate validation vulnerabilities in |
CVSS V2: 7.6 CVSS V3: 8.1 Severity: High |
A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.11). During establishment of a https connection to the TLS server of a managed device, the affected application doesn't check the extended key usage attribute of that device's certificate.
This could allow an attacker to execute an on-path network (MitM) attack. Siemens' SICAM TOOLBOX II Exists in a certificate validation vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens SICAM TOOLBOX II is an engineering software of Siemens, Germany. Attackers can exploit this vulnerability to cause man-in-the-middle attacks
| VAR-202507-0155 | CVE-2025-7154 | TOTOLINK of N200RE Command injection vulnerability in firmware |
CVSS V2: 6.5 CVSS V3: 6.3 Severity: Low |
A vulnerability, which was classified as critical, has been found in TOTOLINK N200RE 9.3.5u.6095_B20200916/9.3.5u.6139_B20201216. Affected by this issue is the function sub_41A0F8 of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Hostname leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of N200RE The firmware contains a command injection vulnerability. OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK N200RE is a SOHO wireless router that utilizes 11N wireless technology, achieving a maximum wireless transmission rate of 300Mbps. It supports MIMO architecture and ATCT (Automatic Channel Detection) technology, effectively improving wireless performance and stability.
The TOTOLINK N200RE suffers from a command injection vulnerability caused by the failure of the Hostname parameter in the /cgi-bin/cstecgi.cgi file to properly sanitize special characters and commands in constructed commands. No detailed vulnerability details are currently available
| VAR-202507-1068 | CVE-2025-42968 |
CVSS V2: - CVSS V3: 5.0 Severity: MEDIUM |
SAP NetWeaver allows an authenticated non-administrative user to call the remote-enabled function module which could grants access to non-sensitive information about the SAP system and OS without requiring any specific knowledge or controlled conditions. This leads to a low impact on confidentiality with no effect on integrity or availability of the application.