VARIoT IoT vulnerabilities database
| VAR-202506-0009 | CVE-2025-5445 | Linksys of RE9000 Firmware and other products from multiple vendors OS Command injection vulnerability |
CVSS V2: 6.5 CVSS V3: 6.3 Severity: Medium |
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected by this issue is the function RP_checkFWByBBS of the file /goform/RP_checkFWByBBS. The manipulation of the argument type/ch/ssidhex/security/extch/pwd/mode/ip/nm/gw leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Linksys of RE9000 For products such as firmware from multiple vendors, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202506-0026 | CVE-2025-5444 | Linksys of RE9000 Firmware and other products from multiple vendors OS Command injection vulnerability |
CVSS V2: 6.5 CVSS V3: 6.3 Severity: Medium |
A vulnerability has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected by this vulnerability is the function RP_UpgradeFWByBBS of the file /goform/RP_UpgradeFWByBBS. The manipulation of the argument type/ch/ssidhex/security/extch/pwd/mode/ip/nm/gw leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Linksys of RE9000 For products such as firmware from multiple vendors, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202506-0002 | CVE-2025-5443 | Linksys of RE9000 Firmware and other products from multiple vendors OS Command injection vulnerability |
CVSS V2: 6.5 CVSS V3: 6.3 Severity: Medium |
A vulnerability, which was classified as critical, was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected is the function wirelessAdvancedHidden of the file /goform/wirelessAdvancedHidden. The manipulation of the argument ExtChSelector/24GSelector/5GSelector leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Linksys of RE9000 For products such as firmware from multiple vendors, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202506-0015 | CVE-2025-5442 | Linksys of RE9000 Firmware and other products from multiple vendors OS Command injection vulnerability |
CVSS V2: 6.5 CVSS V3: 6.3 Severity: Medium |
A vulnerability, which was classified as critical, has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function RP_pingGatewayByBBS of the file /goform/RP_pingGatewayByBBS. The manipulation of the argument ip/nm/gw leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Linksys of RE9000 For products such as firmware from multiple vendors, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202506-0010 | CVE-2025-5441 | Linksys of RE9000 Command injection vulnerabilities in firmware and other products from multiple vendors |
CVSS V2: 6.5 CVSS V3: 6.3 Severity: Medium |
A vulnerability classified as critical was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function setDeviceURL of the file /goform/setDeviceURL. The manipulation of the argument DeviceURL leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Linksys of RE9000 Firmware and other products from multiple vendors have command injection vulnerabilities, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202506-0039 | CVE-2025-5440 | Linksys of RE9000 Command injection vulnerabilities in firmware and other products from multiple vendors |
CVSS V2: 6.5 CVSS V3: 6.3 Severity: Medium |
A vulnerability classified as critical has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function NTP of the file /goform/NTP. The manipulation of the argument manual_year_select/manual_month_select/manual_day_select/manual_hour_select/manual_min_select/manual_sec_select leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Linksys of RE9000 Firmware and other products from multiple vendors have command injection vulnerabilities, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202506-0003 | CVE-2025-5439 | Linksys of RE9000 Command injection vulnerabilities in firmware and other products from multiple vendors |
CVSS V2: 6.5 CVSS V3: 6.3 Severity: Medium |
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been rated as critical. Affected by this issue is the function verifyFacebookLike of the file /goform/verifyFacebookLike. The manipulation of the argument uid/accessToken leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Linksys of RE9000 Firmware and other products from multiple vendors have command injection vulnerabilities, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202506-0051 | CVE-2025-5438 | Linksys of RE9000 Injection vulnerabilities in firmware and other products from multiple vendors |
CVSS V2: 6.5 CVSS V3: 6.3 Severity: Medium |
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical. Affected by this vulnerability is the function WPS of the file /goform/WPS. The manipulation of the argument PIN leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Linksys of RE9000 Firmware and other products from multiple vendors contain injection vulnerabilities and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202506-0169 | CVE-2025-20678 | Recursive control vulnerability in multiple MediaTek products |
CVSS V2: - CVSS V3: 6.5 Severity: MEDIUM |
In ims service, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01394606; Issue ID: MSV-2739. LR12A , LR13 , NR15 There is a recursion control vulnerability in multiple MediaTek products, including:Service operation interruption (DoS) It may be in a state
| VAR-202505-4269 | No CVE | TRENDnet, Inc. TEW-751DR has a command execution vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
TRENDnet is a leading global network equipment supplier, focusing on providing innovative network solutions for enterprises and individual users.
TRENDnet TEW-751DR has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.
| VAR-202505-4268 | No CVE | TRENDnet, Inc.TEW-751DR has an unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
TEW-751DR is a dual-band wireless router.
TRENDnet TEW-751DR has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information.
| VAR-202505-3617 | CVE-2025-45343 | Shenzhen Tenda Technology Co.,Ltd. of w18e Access control vulnerabilities in firmware |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
An issue in Tenda W18E v.2.0 v.16.01.0.11 allows an attacker to execute arbitrary code via the editing functionality of the account module in the goform/setmodules route. Shenzhen Tenda Technology Co.,Ltd. of w18e Firmware contains an access control vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202505-2626 | No CVE | H3C GR-1200W has a denial of service vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
H3C GR-1200W is a high-performance enterprise-class Gigabit wireless router launched by H3C Technologies Co., Ltd. (H3C for short).
H3C GR-1200W of H3C Technologies Co., Ltd. has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.
| VAR-202505-2801 | No CVE | TRENDnet TEW-751DR has an information leakage vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
TEW-751DR is a wireless Gigabit router.
TRENDnet TEW-751DR has an information leakage vulnerability that can be exploited by attackers to obtain sensitive information.
| VAR-202505-3180 | No CVE | TP-Link VN020-F3v has a binary vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
TP-Link Technologies Co., Ltd. is a leading ICT equipment and solution provider.
TP-Link VN020-F3v has a binary vulnerability that can be exploited by attackers to cause a denial of service.
| VAR-202505-2802 | No CVE | Shenzhen Jixiang Tengda Technology Co., Ltd. AC10 has a denial of service vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
AC10 is a high-performance router with Gigabit ports for both WAN and LAN ports.
Shenzhen Jixiang Tengda Technology Co., Ltd. AC10 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.
| VAR-202505-4104 | No CVE | Shenzhen Jixiang Tengda Technology Co., Ltd. A15 has a binary vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
A15 is a dual-band 3G wireless router suitable for fiber-optic homes within 1000M.
Shenzhen Jixiang Tengda Technology Co., Ltd. A15 has a binary vulnerability that can be exploited by attackers to cause a denial of service.
| VAR-202505-2448 | CVE-2025-27701 | Google of Android In NULL Pointer dereference vulnerability |
CVSS V2: 4.6 CVSS V3: 5.5 Severity: MEDIUM |
In the function process_crypto_cmd, the values of ptrs[i] can be potentially equal to NULL which is valid value after calling slice_map_array(). Later this values will be derefenced without prior NULL check, which can lead to local Temporary DoS or OOB Read, leading to information disclosure. Google of Android for, NULL There is a vulnerability in pointer dereference.Information may be obtained. Google Pixel is a smartphone produced by Google Inc. in the United States.
Google Pixel has an information leakage vulnerability that can be exploited by attackers to cause out-of-bounds reading
| VAR-202505-2437 | CVE-2025-27700 | Google Pixel Privilege Escalation Vulnerability |
CVSS V2: 7.2 CVSS V3: 8.4 Severity: HIGH |
There is a possible bypass of carrier restrictions due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Google Pixel is a smartphone produced by Google in the United States
| VAR-202505-2436 | CVE-2024-56193 | Google of Android Vulnerability regarding information leakage in |
CVSS V2: 3.6 CVSS V3: 5.1 Severity: MEDIUM |
There is a possible disclosure of Bluetooth adapter details due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Google of Android There is a vulnerability related to information leakage.Information may be obtained and information may be tampered with. Google Pixel is a smartphone produced by Google in the United States