VARIoT IoT vulnerabilities database
| VAR-202501-2166 | CVE-2024-57025 | TOTOLINK of X5000R in the firmware OS Command injection vulnerability |
CVSS V2: 7.2 CVSS V3: 6.8 Severity: MEDIUM |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "desc" parameter in setWiFiScheduleCfg. (DoS) It may be in a state. TOTOLINK X5000R is a router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause arbitrary command execution
| VAR-202501-3190 | CVE-2024-57024 | TOTOLINK of X5000R in the firmware OS Command injection vulnerability |
CVSS V2: 7.2 CVSS V3: 6.8 Severity: MEDIUM |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "eMinute" parameter in setWiFiScheduleCfg. (DoS) It may be in a state. TOTOLINK X5000R is a router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause arbitrary command execution
| VAR-202501-1634 | CVE-2024-57023 | TOTOLINK of X5000R in the firmware OS Command injection vulnerability |
CVSS V2: 7.2 CVSS V3: 6.8 Severity: MEDIUM |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "week" parameter in setWiFiScheduleCfg. (DoS) It may be in a state. TOTOLINK X5000R is a router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause arbitrary command execution
| VAR-202501-1547 | CVE-2024-57022 | TOTOLINK of X5000R in the firmware OS Command injection vulnerability |
CVSS V2: 10.0 CVSS V3: 8.8 Severity: HIGH |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "sHour" parameter in setWiFiScheduleCfg. (DoS) It may be in a state. TOTOLINK X5000R is a router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause arbitrary command execution
| VAR-202501-1794 | CVE-2024-57021 | TOTOLINK of X5000R in the firmware OS Command injection vulnerability |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "eHour" parameter in setWiFiScheduleCfg. (DoS) It may be in a state. TOTOLINK X5000R is a router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause arbitrary command execution
| VAR-202501-1565 | CVE-2024-57020 | TOTOLINK of X5000R in the firmware OS Command injection vulnerability |
CVSS V2: 10.0 CVSS V3: 8.8 Severity: HIGH |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "sMinute" parameter in setWiFiScheduleCfg. (DoS) It may be in a state. TOTOLINK X5000R is a router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause arbitrary command execution
| VAR-202501-1654 | CVE-2024-57019 | TOTOLINK of X5000R in the firmware OS Command injection vulnerability |
CVSS V2: 10.0 CVSS V3: 8.8 Severity: HIGH |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "limit" parameter in setVpnAccountCfg. (DoS) It may be in a state. TOTOLINK X5000R is a router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause arbitrary command execution
| VAR-202501-2779 | CVE-2024-57018 | TOTOLINK of X5000R in the firmware OS Command injection vulnerability |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "desc" parameter in setVpnAccountCfg. (DoS) It may be in a state. TOTOLINK X5000R is a router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause arbitrary command execution
| VAR-202501-1508 | CVE-2024-57017 | TOTOLINK of X5000R in the firmware OS Command injection vulnerability |
CVSS V2: 10.0 CVSS V3: 8.8 Severity: HIGH |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "pass" parameter in setVpnAccountCfg. (DoS) It may be in a state. TOTOLINK X5000R is a router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause arbitrary command execution
| VAR-202501-2167 | CVE-2024-57016 | TOTOLINK of X5000R in the firmware OS Command injection vulnerability |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "user" parameter in setVpnAccountCfg. (DoS) It may be in a state. TOTOLINK X5000R is a router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause arbitrary command execution
| VAR-202501-1509 | CVE-2024-57015 | TOTOLINK of X5000R in the firmware OS Command injection vulnerability |
CVSS V2: 10.0 CVSS V3: 8.8 Severity: HIGH |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "hour" parameter in setScheduleCfg. (DoS) It may be in a state. TOTOLINK X5000R is a router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause arbitrary command execution
| VAR-202501-1520 | CVE-2024-57014 | TOTOLINK of X5000R in the firmware OS Command injection vulnerability |
CVSS V2: 10.0 CVSS V3: 8.8 Severity: HIGH |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "recHour" parameter in setScheduleCfg. (DoS) It may be in a state. TOTOLINK X5000R is a router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause arbitrary command execution
| VAR-202501-1639 | CVE-2024-57013 | TOTOLINK of X5000R in the firmware OS Command injection vulnerability |
CVSS V2: 10.0 CVSS V3: 8.8 Severity: HIGH |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "switch" parameter in setScheduleCfg. (DoS) It may be in a state. TOTOLINK X5000R is a router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause arbitrary command execution
| VAR-202501-1579 | CVE-2024-57012 | TOTOLINK of X5000R in the firmware OS Command injection vulnerability |
CVSS V2: 10.0 CVSS V3: 8.8 Severity: HIGH |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "week" parameter in setScheduleCfg. (DoS) It may be in a state. TOTOLINK X5000R is a router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause arbitrary command execution
| VAR-202501-4232 | CVE-2024-57011 | TOTOLINK of X5000R in the firmware OS Command injection vulnerability |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "minute" parameters in setScheduleCfg. (DoS) It may be in a state. TOTOLINK X5000R is a router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to cause arbitrary command execution
| VAR-202501-1635 | CVE-2025-22968 | D-Link Systems, Inc. of DWR-M972V Code injection vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
An issue in D-Link DWR-M972V 1.05SSG allows a remote attacker to execute arbitrary code via SSH using root account without restrictions. D-Link Systems, Inc. of DWR-M972V A code injection vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DWR-M972V is a router from D-Link, a Chinese company
| VAR-202501-3355 | CVE-2025-0356 | NEC Aterm Multiple vulnerabilities in the series ( NV25-003 ) |
CVSS V2: - CVSS V3: 7.2 Severity: HIGH |
NEC Corporation Aterm WX1500HP Ver.1.4.2 and earlier and WX3600HP Ver.1.5.3 and earlier allows a attacker to execute arbitrary OS commands via the network. None
| VAR-202501-2751 | CVE-2025-0355 | NEC Aterm Multiple vulnerabilities in the series ( NV25-003 ) |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Missing Authentication for Critical Function vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WF1200CRS Ver.1.6.0 and earlier, WG1200CRS Ver.1.5.0 and earlier, GB1200PE Ver.1.3.0 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3.2 and earlier, WX3000HP Ver.2.4.2 and earlier and WX4200D5 Ver.1.2.4 and earlier allows a attacker to get a Wi-Fi password via the network. None
| VAR-202501-3163 | CVE-2025-0354 | NEC Aterm Multiple vulnerabilities in the series ( NV25-003 ) |
CVSS V2: - CVSS V3: 4.8 Severity: MEDIUM |
Cross-site scripting vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3.2 and earlier, WX3000HP Ver.2.4.2 and earlier and WX4200D5 Ver.1.2.4 and earlier allows a attacker to inject an arbitrary script via the network. None
| VAR-202501-3115 | CVE-2025-22997 | Linksys of E5600 Cross-site scripting vulnerability in firmware |
CVSS V2: 4.1 CVSS V3: 4.8 Severity: MEDIUM |
A stored cross-site scripting (XSS) vulnerability in the prf_table_content component of Linksys E5600 Router Ver. 1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the desc parameter. Linksys E5600 is a powerful, compact and reliable WiFi 5 router from Linksys of the United States. The vulnerability is caused by the lack of effective filtering and escaping of user-provided data by the application