VARIoT IoT vulnerabilities database
| VAR-202506-1368 | CVE-2025-6616 | D-Link Systems, Inc. of DIR-619L Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability has been found in D-Link DIR-619L 2.06B01 and classified as critical. This vulnerability affects the function formSetWAN_Wizard51 of the file /goform/formSetWAN_Wizard51. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-619L The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-619L is a wireless router from D-Link, a Chinese company. An attacker can exploit this vulnerability to overflow the buffer, execute arbitrary code on the system, or cause the application to crash
| VAR-202506-1328 | CVE-2025-6615 | D-Link Systems, Inc. of DIR-619L Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability, which was classified as critical, was found in D-Link DIR-619L 2.06B01. This affects the function formAutoDetecWAN_wizard4 of the file /goform/formAutoDetecWAN_wizard4. The manipulation of the argument curTime leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-619L The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-619L is a wireless router from D-Link of China.
The D-Link DIR-619L /formAutoDetecWAN_wizard4 file has a stack buffer overflow vulnerability, which is caused by incorrect bounds checking in the function formAutoDetecWAN_wizard4 of the file /goform/formAutoDetecWAN_wizard4. An attacker can exploit this vulnerability to overflow the buffer, execute arbitrary code on the system, or cause the application to crash
| VAR-202506-1323 | CVE-2025-6614 | D-Link Systems, Inc. of DIR-619L Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability, which was classified as critical, has been found in D-Link DIR-619L 2.06B01. Affected by this issue is the function formSetWANType_Wizard5 of the file /goform/formSetWANType_Wizard5. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-619L The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-619L is a wireless router from D-Link, a Chinese company.
D-Link DIR-619L has a stack buffer overflow vulnerability, which is caused by incorrect bounds checking in the function formSetWANType_Wizard5 of the file /goform/formSetWANType_Wizard5. An attacker can exploit this vulnerability to cause a buffer overflow, execute arbitrary code on the system, or cause the application to crash
| VAR-202506-2577 | No CVE | D-Link DI-500WF-WT has a command execution vulnerability |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
DI-500WF-WT is a wireless network coverage device produced by D-Link of China.
D-Link DI-500WF-WT has a command execution vulnerability, which can be exploited by attackers to execute commands.
| VAR-202506-1246 | CVE-2025-6568 | TOTOLINK of ex1200t Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability classified as critical has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formIpv6Setup of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of ex1200t The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a dual-band wireless signal amplifier, mainly used to extend the coverage of existing wireless networks. No detailed vulnerability details are currently provided
| VAR-202506-1227 | CVE-2025-6565 | NETGEAR WNCE3001 Buffer Overflow Vulnerability |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was found in Netgear WNCE3001 1.0.0.50. It has been classified as critical. This affects the function http_d of the component HTTP POST Request Handler. The manipulation of the argument Host leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NETGEAR WNCE3001 is a dual-band wireless network adapter designed for smart TVs, Blu-ray players and other devices, and achieves wireless connection through the Ethernet interface. Attackers can use this vulnerability to submit special requests to crash the application or execute arbitrary code in the context of the application
| VAR-202506-1768 | No CVE | HP LaserJet Pro MFP M126nw of HP Trading (Shanghai) Co., Ltd. has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
HP LaserJet Pro MFP M126nw is a black and white laser all-in-one printer.
HP LaserJet Pro MFP M126nw of HP Trading (Shanghai) Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to log in to the system and obtain sensitive information.
| VAR-202506-1204 | CVE-2025-6516 | The HDF Group of HDF5 Buffer error vulnerability in |
CVSS V2: 4.3 CVSS V3: 5.3 Severity: Low |
A vulnerability has been found in HDF5 up to 1.14.6 and classified as critical. This vulnerability affects the function H5F_addr_decode_len of the file /hdf5/src/H5Fint.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The HDF Group of HDF5 contains a buffer error vulnerability, a heap-based buffer overflow vulnerability, and an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. HDF5 is an open-source library for HDF. An attacker could exploit this vulnerability to cause a denial of service
| VAR-202506-1212 | CVE-2025-6511 | of netgear EX6150 Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability classified as critical has been found in Netgear EX6150 1.0.0.46_1.0.76. This affects the function sub_410090. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. of netgear EX6150 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR EX6100 is a dual-band wireless extender, mainly used to enhance the coverage of existing WiFi networks, especially suitable for large rooms or signal blind spots. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202506-1265 | CVE-2025-6510 | of netgear EX6100 Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was found in Netgear EX6100 1.0.2.28_1.1.138. It has been rated as critical. Affected by this issue is the function sub_415EF8. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. of netgear EX6100 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the sub_415EF8 function failing to properly verify the length of the input data. A remote attacker can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack
| VAR-202506-2380 | No CVE | Epson (China) Co., Ltd. L6490 has a logic defect vulnerability |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
L6490 is a series of printer products.
Epson (China) Co., Ltd. L6490 has a logic defect vulnerability, which can be exploited by attackers to reset the password.
| VAR-202506-2180 | No CVE | PX4 has a logic flaw vulnerability |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
PX4 is an open source autopilot.
PX4 has a logic flaw vulnerability that can be exploited by attackers to cause an oscillation loop, causing the device to repeatedly collide with obstacles, resulting in a denial of service.
| VAR-202506-1769 | No CVE | Shenzhen Jixiang Tengda Technology Co., Ltd. FH451 has a binary vulnerability |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
FH451 is a 450Mbps home wireless router launched by Tenda.
Shenzhen Jixiang Tenda Technology Co., Ltd. FH451 has a binary vulnerability that can be exploited by attackers to cause a denial of service.
| VAR-202506-2791 | No CVE | H3C N12 of H3C Technologies Co., Ltd. has a denial of service vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
H3C N12 is a wireless router of H3C, a Chinese company.
H3C N12 of H3C Technologies Co., Ltd. has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.
| VAR-202506-1774 | No CVE | H3C NX54 of H3C Technologies Co., Ltd. has a command execution vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
H3C NX54 is a Gigabit dual-band router that supports Wi-Fi 6 (802.11ax) protocol.
H3C NX54 of H3C Technologies Co., Ltd. has a command execution vulnerability, which can be exploited by attackers to execute commands.
| VAR-202506-2579 | No CVE | H3C NX54 of H3C Technologies Co., Ltd. has a denial of service vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
H3C NX54 is a Gigabit dual-band router that supports Wi-Fi 6 (802.11ax) protocol.
H3C NX54 of H3C Technologies Co., Ltd. has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.
| VAR-202506-2988 | No CVE | HP Color LaserJet MFP M476dw of HP Trading (Shanghai) Co., Ltd. has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
HP Color LaserJet MFP M476dw is a color laser multifunction printer.
HP Color LaserJet MFP M476dw of HP Trading (Shanghai) Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to log in to the system and obtain sensitive information.
| VAR-202506-2786 | No CVE | HP Color LaserJet M254nw of HP Trading (Shanghai) Co., Ltd. has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
HP Color LaserJet M254nw is a color laser printer.
HP Color LaserJet M254nw of HP Trading (Shanghai) Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to log in to the system and obtain sensitive information.
| VAR-202506-1174 | CVE-2025-6487 | TOTOLINK of A3002R Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been rated as critical. This issue affects the function formRoute of the file /boafrm/formRoute. The manipulation of the argument subnet leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of A3002R The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3002R is a wireless router produced by China's TOTOLINK Electronics Company.
TOTOLINK A3002R has a stack buffer overflow vulnerability. The vulnerability is caused by the failure of the parameter subnet in the file /boafrm/formRoute to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202506-1267 | CVE-2025-6486 | TOTOLINK of A3002R Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been declared as critical. This vulnerability affects the function formWlanMultipleAP of the file /boafrm/formWlanMultipleAP. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of A3002R The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3002R is a wireless router produced by China's TOTOLINK Electronics. The vulnerability is caused by the parameter submit-url in the file /boafrm/formWlanMultipleAP failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service