VARIoT IoT vulnerabilities database
| VAR-202506-3903 | No CVE | H3C N12 from H3C Technologies Co., Ltd. has a command execution vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
The H3C N12 is a newly designed all-gigabit wireless router from H3C Technologies Co., Ltd.
The H3C N12 from H3C Technologies Co., Ltd. contains a command execution vulnerability that could allow an attacker to execute arbitrary commands.
| VAR-202506-1575 | No CVE | H3C Technologies Co., Ltd. NX15000 has a command execution vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
NX15000 is a high-end router.
H3C Technologies Co., Ltd. NX15000 has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.
| VAR-202506-0317 | CVE-2025-5619 | Shenzhen Tenda Technology Co.,Ltd. of ch22 Out-of-bounds write vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability, which was classified as critical, has been found in Tenda CH22 1.0.0.1. This issue affects the function formaddUserName of the file /goform/addUserName. The manipulation of the argument Password leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of ch22 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda CH22 is an enterprise-class wireless router suitable for small and medium-sized enterprises or home office environments. It supports single-band 2.4GHz wireless networks with a maximum transmission rate of 450Mbps. The vulnerability stems from the incorrect operation of the parameter Password in the file /goform/addUserName. An attacker can exploit this vulnerability to execute arbitrary code
| VAR-202506-0320 | CVE-2025-5609 | Shenzhen Tenda Technology Co.,Ltd. of AC18 Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability classified as critical was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC18 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Remote attackers can use this vulnerability to submit special requests and execute arbitrary code in the context of the application
| VAR-202506-0293 | CVE-2025-5608 | Shenzhen Tenda Technology Co.,Ltd. of AC18 Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formsetreboottimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC18 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Attackers can use this vulnerability to submit special requests and execute arbitrary code
| VAR-202506-0242 | CVE-2025-5607 | Shenzhen Tenda Technology Co.,Ltd. of AC18 Buffer error vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated as critical. This issue affects the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. of AC18 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Attackers can use this vulnerability to submit special requests and execute arbitrary commands
| VAR-202506-0273 | CVE-2025-5606 | Shenzhen Tenda Technology Co.,Ltd. of AC18 Command injection vulnerability in firmware |
CVSS V2: 6.5 CVSS V3: 6.3 Severity: Medium |
A vulnerability was found in Tenda AC18 15.03.05.05. It has been declared as critical. This vulnerability affects the function formSetIptv of the file /goform/SetIPTVCfg. The manipulation of the argument list leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. of AC18 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. No detailed vulnerability details are provided at present
| VAR-202506-0294 | CVE-2025-5600 | TOTOLINK of ex1200t Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: Critical |
A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument LangType leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of ex1200t An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China's TOTOLINK Electronics. The vulnerability is caused by the parameter LangType in the file /cgi-bin/cstecgi.cgi failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202506-0683 | CVE-2025-47728 | Delta Electronics, INC. of cncsoft-g2 Out-of-bounds write vulnerability in |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics, INC. of cncsoft-g2 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2.
Delta Electronics CNCSoft-G2 V2.1.0.20 and earlier versions have a buffer overflow vulnerability
| VAR-202506-2671 | CVE-2025-47727 | Delta Electronics, INC. of CNCSoft Out-of-bounds write vulnerability in |
CVSS V2: 6.8 CVSS V3: 7.3 Severity: HIGH |
Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics, INC. of CNCSoft Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DPB files by the Screen Editor module. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. Delta Electronics CNCSoft is a CNC machine tool simulation system software developed by Delta Electronics, a Chinese company
| VAR-202506-2273 | CVE-2025-47726 | Delta Electronics, INC. of CNCSoft Out-of-bounds write vulnerability in |
CVSS V2: 6.8 CVSS V3: 7.3 Severity: HIGH |
Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics, INC. of CNCSoft Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DPB files by the Screen Editor module. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. Delta Electronics CNCSoft is a CNC machine tool simulation system software developed by Delta Electronics, a Chinese company
| VAR-202506-1657 | CVE-2025-47725 | Delta Electronics, INC. of CNCSoft Out-of-bounds write vulnerability in |
CVSS V2: 6.8 CVSS V3: 7.3 Severity: HIGH |
Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics, INC. of CNCSoft Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DPB files by the Screen Editor module. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. Delta Electronics CNCSoft is a CNC machine tool simulation system software developed by Delta Electronics, a Chinese company
| VAR-202506-0699 | CVE-2025-47724 | Delta Electronics, INC. of CNCSoft Out-of-bounds write vulnerability in |
CVSS V2: 6.8 CVSS V3: 7.3 Severity: HIGH |
Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics, INC. of CNCSoft Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DPB files by the Screen Editor module. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure
| VAR-202506-0230 | CVE-2025-5573 | D-Link Systems, Inc. of DCS-932L in the firmware OS Command injection vulnerability |
CVSS V2: 6.5 CVSS V3: 6.3 Severity: Medium |
A vulnerability was found in D-Link DCS-932L 2.18.01. It has been rated as critical. Affected by this issue is the function setSystemWizard/setSystemControl of the file /setSystemWizard. The manipulation of the argument AdminID leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DCS-932L The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DCS-932L is a network surveillance camera from D-Link, a Chinese company. It is used for security and monitoring.
D-Link DCS-932L has a command injection vulnerability, which is caused by the parameter AdminID in the file /setSystemWizard failing to properly filter special characters and commands in the constructed command. No detailed vulnerability details are currently provided
| VAR-202506-0348 | CVE-2025-5572 | D-Link Systems, Inc. of DCS-932L Out-of-bounds write vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was found in D-Link DCS-932L 2.18.01. It has been declared as critical. Affected by this vulnerability is the function setSystemEmail of the file /setSystemEmail. The manipulation of the argument EmailSMTPPortNumber leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DCS-932L An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. D-Link DCS-932L is a network surveillance camera from D-Link, a Chinese company. It is used for security and monitoring. The vulnerability is caused by the parameter EmailSMTPPortNumber in the file /setSystemEmail failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202506-0305 | CVE-2025-5571 | D-Link Systems, Inc. of DCS-932L Command injection vulnerability in firmware |
CVSS V2: 6.5 CVSS V3: 6.3 Severity: Medium |
A vulnerability was found in D-Link DCS-932L 2.18.01. It has been classified as critical. Affected is the function setSystemAdmin of the file /setSystemAdmin. The manipulation of the argument AdminID leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DCS-932L is a network surveillance camera from D-Link, a Chinese company. It is used for security and monitoring. The vulnerability is caused by the parameter AdminID in the file /setSystemAdmin failing to properly filter special characters and commands in the constructed command. No detailed vulnerability details are currently provided
| VAR-202506-2394 | No CVE | NETGEAR XR500 has unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
XR500 is a router designed for e-sports.
NETGEAR XR500 has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information.
| VAR-202506-1786 | No CVE | NETGEAR R9000 has unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
R9000 is a high-end smart wireless router.
NETGEAR R9000 has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information.
| VAR-202506-0407 | CVE-2025-5543 | TOTOLINK of x2000r Cross-site scripting vulnerability in firmware |
CVSS V2: 3.3 CVSS V3: 2.4 Severity: Medium |
A vulnerability was found in TOTOLINK X2000R 1.0.0-B20230726.1108. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Parent Controls Page. The manipulation of the argument Device Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of x2000r Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. TOTOLINK X2000R is a wireless router produced by China's TOTOLINK Electronics. No detailed vulnerability details are currently provided
| VAR-202506-0297 | CVE-2025-5542 | TOTOLINK of x2000r Cross-site scripting vulnerability in firmware |
CVSS V2: 3.3 CVSS V3: 2.4 Severity: Medium |
A vulnerability was found in TOTOLINK X2000R 1.0.0-B20230726.1108. It has been classified as problematic. Affected is an unknown function of the file /boafrm/formPortFw of the component Virtual Server Page. The manipulation of the argument service_type leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of x2000r Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. TOTOLINK X2000R is a wireless router from China's TOTOLINK Electronics.
TOTOLINK X2000R has a cross-site scripting vulnerability, which is caused by the lack of effective filtering and escaping of user-supplied data in the parameter service_type in the file /boafrm/formPortFw. No detailed vulnerability details are currently provided