VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202505-3056 CVE-2025-44083 D-Link Systems, Inc.  of  di-8100  Authentication vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
An issue in D-Link DI-8100 16.07.26A1 allows a remote attacker to bypass administrator login authentication. D-Link Systems, Inc. of di-8100 An authentication vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DI-8100 is a wireless broadband router designed for small and medium-sized network environments by China's D-Link. No detailed vulnerability details are currently available
VAR-202505-2355 CVE-2025-44882 WAVLINK  of  WL-WN579A3  in the firmware  OS  Command injection vulnerability CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
A command injection vulnerability in the component /cgi-bin/firewall.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input. WAVLINK of WL-WN579A3 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. WAVLINK WL-WN579A3 is a high-performance dual-band wireless network card from WAVLINK, a Chinese company
VAR-202505-2375 CVE-2025-44880 WAVLINK  of  WL-WN579A3  in the firmware  OS  Command injection vulnerability CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
A command injection vulnerability in the component /cgi-bin/adm.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input. WAVLINK of WL-WN579A3 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. WAVLINK WL-WN579A3 is a high-performance dual-band wireless network card from WAVLINK, a Chinese company
VAR-202505-2378 CVE-2025-44893 PLANET  of  WGS-804HPT  Stack-based buffer overflow vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the ruleNamekey parameter in the web_acl_mgmt_Rules_Apply_post function. PLANET of WGS-804HPT A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Planet FW-WGS-804HPT is a wall-mounted managed switch from China's PLANET company. Planet FW-WGS-804HPT has a buffer overflow vulnerability. The vulnerability is caused by the ruleNamekey parameter in the web_acl_mgmt_Rules_Apply_post function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
VAR-202505-2333 CVE-2025-44890 PLANET  of  WGS-804HPT  Stack-based buffer overflow vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the host_ip parameter in the web_snmp_notifyv3_add_post function. PLANET of WGS-804HPT A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Planet FW-WGS-804HPT is a wall-mounted managed switch from China's PLANET company. Planet FW-WGS-804HPT has a buffer overflow vulnerability. The vulnerability is caused by the host_ip parameter in the web_snmp_notifyv3_add_post function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code or cause a denial of service
VAR-202505-2242 CVE-2025-44888 PLANET  of  WGS-804HPT  Stack-based buffer overflow vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the stp_conf_name parameter in the web_stp_globalSetting_post function. PLANET of WGS-804HPT A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Planet FW-WGS-804HPT is a wall-mounted managed switch from China's PLANET company. Planet FW-WGS-804HPT has a buffer overflow vulnerability. The vulnerability is caused by the failure of the stp_conf_name parameter in the web_stp_globalSetting_post function to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code or cause a denial of service
VAR-202505-2459 CVE-2025-44887 PLANET  of  WGS-804HPT  Stack-based buffer overflow vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the radIpkey parameter in the web_radiusSrv_post function. PLANET of WGS-804HPT A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Planet FW-WGS-804HPT is a wall-mounted managed switch from China's PLANET company. Planet FW-WGS-804HPT has a buffer overflow vulnerability. The vulnerability is caused by the radIpkey parameter in the web_radiusSrv_post function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
VAR-202505-2314 CVE-2025-44886 PLANET  of  WGS-804HPT  Stack-based buffer overflow vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the byruleEditName parameter in the web_acl_mgmt_Rules_Edit_postcontains function. PLANET of WGS-804HPT A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Planet FW-WGS-804HPT is a wall-mounted managed switch from China's PLANET company. Planet FW-WGS-804HPT has a buffer overflow vulnerability. The vulnerability is caused by the byruleEditName parameter in the web_acl_mgmt_Rules_Edit_postcontains function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
VAR-202505-2357 CVE-2025-44885 PLANET  of  WGS-804HPT  Stack-based buffer overflow vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the remote_ip parameter in the web_snmpv3_remote_engineId_add_post function. PLANET of WGS-804HPT A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Planet FW-WGS-804HPT is a wall-mounted managed switch from Planet, a Chinese company. Planet FW-WGS-804HPT has a buffer overflow vulnerability. The vulnerability is caused by the remote_ip parameter in the web_snmpv3_remote_engineId_add_post function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code or cause a denial of service
VAR-202505-2360 CVE-2025-44884 PLANET  of  WGS-804HPT  Stack-based buffer overflow vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the web_sys_infoContact_post function. PLANET of WGS-804HPT A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Planet FW-WGS-804HPT is a wall-mounted managed switch from China's PLANET company. Planet FW-WGS-804HPT has a buffer overflow vulnerability. The vulnerability is caused by the web_sys_infoContact_post function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
VAR-202505-2315 CVE-2025-44881 WAVLINK  of  WL-WN579A3  Code injection vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
A command injection vulnerability in the component /cgi-bin/qos.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input. WAVLINK of WL-WN579A3 A code injection vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. WAVLINK WL-WN579A3 is a high-performance dual-band wireless network card from WAVLINK, a Chinese company. No detailed vulnerability details are currently available
VAR-202505-2312 CVE-2025-44084 D-Link Systems, Inc.  of  di-8100g  Command injection vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
D-link DI-8100 16.07.26A1 is vulnerable to Command Injection. An attacker can exploit this vulnerability by crafting specific HTTP requests, triggering the command execution flaw and gaining the highest privilege shell access to the firmware system. D-Link Systems, Inc. of di-8100g Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DI-8100 is a broadband router designed by D-Link for small and medium-sized network environments. The vulnerability is caused by the lack of strict input filtering in the logic code
VAR-202505-1885 CVE-2025-4980 of netgear  DGND3700  Information disclosure vulnerability in firmware CVSS V2: 5.0
CVSS V3: 5.3
Severity: Medium
A vulnerability has been found in Netgear DGND3700 1.1.00.15_1.00.15NA and classified as problematic. This vulnerability affects unknown code of the file /currentsetting.htm of the component mini_http. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure. of netgear DGND3700 The firmware contains vulnerabilities related to information leakage and access control.Information may be obtained. Netgear DGND3700 is a wireless router that integrates multiple functions and is suitable for home and small office environments. Attackers can exploit this vulnerability to remotely manipulate the file over the network, resulting in sensitive information leakage
VAR-202505-2141 CVE-2025-45862 TOTOLINK  of  A3002R  Stack-based buffer overflow vulnerability in firmware CVSS V2: 6.4
CVSS V3: 6.5
Severity: MEDIUM
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the interfacenameds parameter in the formDhcpv6s interface. TOTOLINK of A3002R A stack-based buffer overflow vulnerability exists in the firmware.Information may be obtained and information may be tampered with. TOTOLINK A3002R is a wireless router produced by China's TOTOLINK Electronics. The vulnerability is caused by the interfacenameds parameter in the formDhcpv6s interface failing to correctly verify the length of the input data. No detailed vulnerability details are currently provided
VAR-202505-1902 CVE-2025-4978 of netgear  DGND3700  Authentication vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: Critical
A vulnerability, which was classified as very critical, was found in Netgear DGND3700 1.1.00.15_1.00.15NA. This affects an unknown part of the file /BRS_top.html of the component Basic Authentication. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure. of netgear DGND3700 An authentication vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Netgear DGND3700 is a dual-band Gigabit wireless DSL router produced by NETGEAR, mainly used for home and small and medium-sized enterprise network connections. Attackers can exploit this vulnerability to bypass authentication
VAR-202505-1905 CVE-2025-4977 of netgear  DGND3700  Information disclosure vulnerability in firmware CVSS V2: 5.0
CVSS V3: 5.3
Severity: Medium
A vulnerability, which was classified as problematic, has been found in Netgear DGND3700 1.1.00.15_1.00.15NA. Affected by this issue is some unknown functionality of the file /BRS_top.html. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure. of netgear DGND3700 The firmware contains vulnerabilities related to information leakage and access control.Information may be obtained. Netgear DGND3700 is a modem router from NETGEAR. Netgear DGND3700 has an information disclosure vulnerability, which is caused by improper processing of the file /BRS_top.html. Attackers can exploit this vulnerability to cause information leakage
VAR-202505-1878 CVE-2025-4904 D-Link Systems, Inc.  of  di-7003g  Firmware vulnerabilities CVSS V2: 5.0
CVSS V3: 5.3
Severity: Medium
A vulnerability has been found in D-Link DI-7003GV2 24.04.18D1 R(68125) and classified as problematic. This vulnerability affects the function sub_41F0FC of the file /H5/webgl.data. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of di-7003g There are unspecified vulnerabilities in the firmware.Information may be obtained. D-Link DI-7003GV2 is a router from D-Link, a Chinese company. Attackers can exploit this vulnerability to cause information leakage
VAR-202505-1801 CVE-2025-4903 D-Link Systems, Inc.  of  di-7003g  Unverified password change vulnerability in firmware CVSS V2: 5.0
CVSS V3: 5.3
Severity: Medium
A vulnerability, which was classified as critical, was found in D-Link DI-7003GV2 24.04.18D1 R(68125). This affects the function sub_41F4F0 of the file /H5/webgl.asp?tggl_port=0&remote_management=0&http_passwd=game&exec_service=admin-restart. The manipulation leads to unverified password change. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. D-Link DI-7003GV2 is a router from D-Link, a Chinese company. Attackers can exploit this vulnerability to cause unauthenticated password changes
VAR-202505-1816 CVE-2025-4902 D-Link Systems, Inc.  of  di-7003g  Firmware vulnerabilities CVSS V2: 5.0
CVSS V3: 5.3
Severity: Medium
A vulnerability, which was classified as problematic, has been found in D-Link DI-7003GV2 24.04.18D1 R(68125). Affected by this issue is the function sub_48F4F0 of the file /H5/versionupdate.data. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of di-7003g There are unspecified vulnerabilities in the firmware.Information may be obtained. D-Link DI-7003GV2 is a router from D-Link, a Chinese company. Attackers can exploit this vulnerability to cause information leakage
VAR-202505-1833 CVE-2025-4901 D-Link Systems, Inc.  of  di-7003g  Firmware vulnerabilities CVSS V2: 3.3
CVSS V3: 4.3
Severity: Medium
A vulnerability classified as problematic was found in D-Link DI-7003GV2 24.04.18D1 R(68125). Affected by this vulnerability is the function sub_41E304 of the file /H5/state_view.data of the component HTTP Endpoint. The manipulation leads to information disclosure. The attack can only be done within the local network. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of di-7003g There are unspecified vulnerabilities in the firmware.Information may be obtained. D-Link DI-7003GV2 is a router from D-Link, a Chinese company. Attackers can exploit this vulnerability to cause information leakage