Sign-up

VARIoT news about IoT security

Mitigating CVE-2024-56010: Addressing the WordPress Device Detector Plugin Vulnerability

Trust: 5.0

Fetched: Dec. 24, 2024, 9:10 a.m., Published: April 2, 2000, midnight
 Vulnerabilities: script execution, cross-site scripting
Affected productsExternal IDs
db: NVD ids: CVE-2024-56010

TrueNAS device vulnerabilities exposed during hacking…

Trust: 4.0

Fetched: Dec. 24, 2024, 9:10 a.m., Published: Dec. 24, 2024, midnight
 Vulnerabilities: command injection, authentication bypass, sql injection
Affected productsExternal IDs

IT Vulnerability Report: Cleo, Windows Flaws Under Attack

Related entries in the VARIoT vulnerabilities database: VAR-202411-0293

Trust: 5.5

Fetched: Dec. 24, 2024, 9:08 a.m., Published: Dec. 16, 2024, 10:13 a.m.
 Vulnerabilities: code execution, command injection, authentication vulnerability...
Affected productsExternal IDs
vendor: palo model: networks
vendor: zabbix model: zabbix
vendor: palo alto networks model: networks
db: NVD ids: CVE-2023-6553, CVE-2024-35286, CVE-2024-51378, CVE-2024-50483, CVE-2024-49138, CVE-2024-11205, CVE-2024-50623, CVE-2024-41713, CVE-2024-11680, CVE-2024-10914, CVE-2024-42327, CVE-2024-38193, CVE-2024-49041, CVE-2024-11639, CVE-2024-38144

TrueNAS device vulnerabilities exposed during hacking competition | TechRadar

Trust: 3.0

Fetched: Dec. 24, 2024, 9:08 a.m., Published: Dec. 22, 2024, 7:38 p.m.
 Vulnerabilities: command injection, authentication bypass, sql injection
Affected productsExternal IDs

WD My Cloud Users Should Update to Avoid a Dangerous Vulnerability - UMA Technology

Related entries in the VARIoT vulnerabilities database: VAR-201809-0306

Trust: 4.25

Fetched: Dec. 22, 2024, 9:48 a.m., Published: Dec. 21, 2024, 1:32 p.m.
 Vulnerabilities: command injection, injection attack
Affected productsExternal IDs
db: NVD ids: CVE-2018-17153

How SonicWall Put MSPs ‘In A Good Position’ Amid Critical Vulnerability Threat

Trust: 5.75

Fetched: Dec. 22, 2024, 9:47 a.m., Published: Dec. 18, 2024, 11:13 a.m.
 Vulnerabilities: access control flaw
Affected productsExternal IDs
vendor: sonicwall model: sonicos
db: NVD ids: CVE-2024-40766

CVE-2024-48843 | Vulnerability Database | Aqua Security

Trust: 3.75

Fetched: Dec. 22, 2024, 9:41 a.m., Published: Dec. 5, 2024, midnight
 Vulnerabilities: denial of service, resource exhaustion
Affected productsExternal IDs
db: NVD ids: CVE-2024-48843

IT-ISAC: Vulnerability and Exploitation Action Report - Week of December 9, 2024

Trust: 4.75

Fetched: Dec. 22, 2024, 9:40 a.m., Published: Dec. 9, 2024, midnight
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: ipswitch model: whatsup gold
vendor: ipswitch model: whatsup
db: NVD ids: CVE-2024-49138, CVE-2024-10905, CVE-2024-52335, CVE-2024-8785

Update Canonical Ubuntu Desktop: USN-7178-1: DPDK vulnerability

Trust: 4.0

Fetched: Dec. 22, 2024, 9:40 a.m., Published: Jan. 22, 7178, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu

Internet of Things (IoT) Vulnerability - A Surge to 50 billion Connected Devices

Trust: 3.75

Fetched: Dec. 22, 2024, 9:39 a.m., Published: Dec. 3, 2024, midnight
 Vulnerabilities: default credentials
Affected productsExternal IDs

Breaking Down Salt Typhoon | Armis

Related entries in the VARIoT vulnerabilities database: VAR-202403-2416, VAR-202209-1931

Trust: 5.25

Fetched: Dec. 22, 2024, 9:37 a.m., Published: Dec. 18, 2024, 1:04 p.m.
 Vulnerabilities: request forgery, authentication bypass, code execution...
Affected productsExternal IDs
vendor: sophos model: firewall
vendor: sophos model: mobile
db: NVD ids: CVE-2023-46805, CVE-2024-21887, CVE-2023-48788, CVE-2021-26855, CVE-2022-3236, CVE-2021-27065

A device takeover vulnerability exists in the Rockwell... · CVE-2024-12371 · GitHub Advisory Database · GitHub

Related entries in the VARIoT vulnerabilities database: VAR-202412-2454

Trust: 3.0

Fetched: Dec. 22, 2024, 9:36 a.m., Published: Dec. 18, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-12371

CISA Warns of 4 New Vulnerabilities Exploited in the Wild

Related entries in the VARIoT vulnerabilities database: VAR-202201-2026, VAR-201904-1024, VAR-202201-0642, VAR-201808-0424

Trust: 5.5

Fetched: Dec. 22, 2024, 9:35 a.m., Published: Dec. 19, 2024, 9:50 a.m.
 Vulnerabilities: command injection, os command injection, authentication flaw
Affected productsExternal IDs
vendor: reolink model: rlc-511w
vendor: reolink model: c2 pro
vendor: reolink model: rlc-410w
vendor: reolink model: c1 pro
vendor: reolink model: rlc-422w
vendor: nuuo model: nvrmini 2
vendor: nuuo model: nvrmini
db: NVD ids: CVE-2022-23227, CVE-2019-11001, CVE-2021-40407, CVE-2018-14933

Apache Struts Vulnerability CVE-2024-53677 - in the Identity Management Suite (IGA)

Trust: 3.25

Fetched: Dec. 22, 2024, 9:30 a.m., Published: Dec. 14, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-53677

Sophos Firewall Update Resolves RCE and Privilege Escalation Vulnerabilities (CVE-2024-12727, CVE-2024-12728, CVE-2024-12729) - SOCRadar® Cyber Intelligence Inc.

Trust: 5.5

Fetched: Dec. 22, 2024, 9:28 a.m., Published: Dec. 20, 2024, 10:09 a.m.
 Vulnerabilities: sql injection, code injection, code execution...
Affected productsExternal IDs
vendor: sophos model: firewall
db: NVD ids: CVE-2024-12728, CVE-2024-12729, CVE-2024-12727

IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including US Water and Wastewater Systems Facilities | CISA

Trust: 4.5

Fetched: Dec. 22, 2024, 9:22 a.m., Published: Dec. 22, 2024, midnight
 Vulnerabilities: default credentials, denial of service, brute force attack...
Affected productsExternal IDs
vendor: unitronics model: visilogic

Secure Access 13.52

Trust: 3.25

Fetched: Dec. 22, 2024, 9:19 a.m., Published: Dec. 13, 2024, midnight
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs

JVN#46615026: Multiple vulnerabilities in I-O DATA routers UD-LT1 and UD-LT1/EX

Trust: 3.75

Fetched: Dec. 22, 2024, 9:18 a.m., Published: Dec. 18, 2024, midnight
 Vulnerabilities: command injection, os command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-52564, CVE-2024-47133, CVE-2024-45841

Vulnerability Analysis of IoT Devices (IP Cameras) in Ocaña Norte de Santander | SpringerLink

Trust: 4.0

Fetched: Dec. 22, 2024, 9:17 a.m., Published: Dec. 22, 2024, midnight
 Vulnerabilities: -

Citrix NetScaler Devices Under Attack, Brute-force Attacks Exploiting Zero-days

Trust: 4.5

Fetched: Dec. 22, 2024, 9:15 a.m., Published: Dec. 13, 2024, 4:57 a.m.
 Vulnerabilities: denial of service, memory corruption
Affected productsExternal IDs
vendor: citrix model: netscaler adc
vendor: citrix model: netscaler
vendor: citrix model: gateway
vendor: citrix model: netscaler gateway
db: NVD ids: CVE-2024-8535, CVE-2024-8534