VARIoT latest news about IoT security

Weekly Threat Landscape Digest - Week 11 - HawkEye Trust: 5.25 Fetched: March 21, 2025, 10:03 a.m., Published: March 14, 2025, 4:48 p.m.	Vulnerabilities: improper access control, information leakage, request forgery...

Affected products

External IDs

vendor:	cisco	model:	routers
vendor:	cisco	model:	ios xr
vendor:	cisco	model:	series
vendor:	cisco	model:	soho
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	ios xr software
vendor:	cisco	model:	router
vendor:	cisco	model:	series routers
vendor:	cisco	model:	cisco ios xr
vendor:	cisco	model:	ios xe
vendor:	qnap	model:	helpdesk
vendor:	edimax	model:	plug
vendor:	palo	model:	networks
vendor:	apple	model:	macos
vendor:	apple	model:	installer
vendor:	apple	model:	iphone
vendor:	apple	model:	ipad air
vendor:	apple	model:	ipad
vendor:	apple	model:	webkit
vendor:	trendmicro	model:	security
vendor:	google	model:	chrome
vendor:	google	model:	home
vendor:	google	model:	google chrome
vendor:	draytek	model:	routers
vendor:	draytek	model:	vigor
vendor:	palo alto networks	model:	networks

db:

NVD

ids:

CVE-2025-20177, CVE-2024-56195, CVE-2024-52961, CVE-2025-20142, CVE-2024-55590, CVE-2025-24444, CVE-2024-41335, CVE-2025-20169, CVE-2025-20115, CVE-2025-24453, CVE-2025-24985, CVE-2025-24445, CVE-2025-2137, CVE-2025-27607, CVE-2025-27434, CVE-2021-26855, CVE-2025-24993, CVE-2025-25292, CVE-2025-27164, CVE-2025-27169, CVE-2025-27178, CVE-2025-24443, CVE-2025-24442, CVE-2025-20145, CVE-2025-25291, CVE-2025-27176, CVE-2025-27161, CVE-2025-26630, CVE-2025-1920, CVE-2023-40723, CVE-2025-27167, CVE-2024-38311, CVE-2023-3519, CVE-2025-24440, CVE-2025-20144, CVE-2025-24452, CVE-2024-41339, CVE-2024-41338, CVE-2025-24984, CVE-2025-20141, CVE-2024-54027, CVE-2025-2135, CVE-2024-51139, CVE-2025-27162, CVE-2025-24991, CVE-2025-26633, CVE-2025-27170, CVE-2025-24441, CVE-2025-26661, CVE-2025-20170, CVE-2025-27407, CVE-2024-3400, CVE-2025-24983, CVE-2024-38286, CVE-2023-37933, CVE-2025-22454, CVE-2025-20143, CVE-2025-20146, CVE-2024-45328, CVE-2024-51138, CVE-2025-27177, CVE-2025-27174, CVE-2024-50394, CVE-2021-26858, CVE-2025-24876, CVE-2025-27160, CVE-2025-2136, CVE-2025-27179, CVE-2021-27065, CVE-2024-41340, CVE-2025-27166, CVE-2025-23243, CVE-2024-39592, CVE-2025-27175, CVE-2025-27152, CVE-2025-20209, CVE-2024-45324, CVE-2025-27163, CVE-2025-20138, CVE-2024-41336, CVE-2021-26857, CVE-2024-56196, CVE-2025-27159, CVE-2025-23242, CVE-2025-24439, CVE-2025-24201, CVE-2025-24431, CVE-2025-27816, CVE-2025-0282, CVE-2023-48790, CVE-2025-27168, CVE-2025-27158, CVE-2024-56202, CVE-2024-41334, CVE-2025-27171, CVE-2025-1316

What is Mobile Security in Cyber Security? - GeeksforGeeks Trust: 3.5 Fetched: March 21, 2025, 10:02 a.m., Published: April 2, 2024, 4:23 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	essential	model:	phone
vendor:	google	model:	android
vendor:	google	model:	wifi
vendor:	apple	model:	software update

System BIOS dla komputerów Dell Precision 3540 i Latitude 5400/5500 \| Szczegóły sterownika \| Dell Polska Trust: 3.0 Fetched: March 21, 2025, 9:59 a.m., Published: March 21, 3540, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	dell	model:	bios
vendor:	dell	model:	latitude

Android zero-day vulnerabilities actively abused - update as soon as you can - Cyber Security Review Trust: 5.5 Fetched: March 21, 2025, 9:59 a.m., Published: March 5, 2025, 8:47 a.m.	Vulnerabilities: sql injection, injection attack

Affected products

External IDs

vendor:	tp-link	model:	routers
vendor:	google	model:	android
vendor:	google	model:	home

db:

NVD

ids:

CVE-2024-12356, CVE-2018-0802, CVE-2024-53677

System BIOS dla komputera Dell Embedded Box PC 3000 \| Szczegóły sterownika \| Dell Polska Trust: 3.0 Fetched: March 21, 2025, 9:56 a.m., Published: March 21, 3000, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	dell	model:	bios
vendor:	dell	model:	embedded box pc

Microsoft shutting down Skype, over 1.6m Android TV's infected worldwide, vulnerabilities for Microsoft, Adobe and Oracle... Trust: 5.25 Fetched: March 21, 2025, 9:55 a.m., Published: March 1, 2025, midnight	Vulnerabilities: privilege escalation

Affected products

External IDs

db:

NVD

ids:

CVE-2023-34192, CVE-2024-49035, CVE-2017-3066, CVE-2024-20953

Dell Precision 7530 and 7730 System BIOS \| Szczegóły sterownika \| Dell Polska Trust: 3.0 Fetched: March 21, 2025, 9:54 a.m., Published: March 21, 7530, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	dell	model:	bios
vendor:	dell	model:	precision 7530

PoC Launched for HPE Distant Assist Device Vulnerability Permitting Distant Code Execution - codesanitize Trust: 3.5 Fetched: March 21, 2025, 9:54 a.m., Published: March 5, 2025, 9:46 a.m.	Vulnerabilities: path traversal, code execution, command execution

Affected products

External IDs

db:

NVD

ids:

CVE-2024-53675, CVE-2024-53676

Security researcher finds vulnerability in… Trust: 4.0 Fetched: March 21, 2025, 9:53 a.m., Published: March 4, 2025, midnight	Vulnerabilities: code execution

Affected products	External IDs

CVEDB API - Fast Vulnerability Dashboard Trust: 3.75 Fetched: March 21, 2025, 9:52 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	symantec	model:	messaging gateway
vendor:	symantec	model:	symantec messaging gateway
vendor:	filezilla	model:	filezilla server
vendor:	filezilla	model:	server

db:

NVD

ids:

CVE-2022-229650, CVE-2021-229860, CVE-2017-10003530, CVE-2023-350780, CVE-2022-461690, CVE-2018-76000, CVE-2017-89170, CVE-2024-271990, CVE-2019-27250, CVE-2020-14720, CVE-2021-445290, CVE-2019-175580, CVE-2024-271980, CVE-2019-33960, CVE-2023-427930, CVE-2022-229470, CVE-2022-305250, CVE-2020-148820, CVE-2022-13880, CVE-2019-07080, CVE-2021-222050, CVE-2018-10008610, CVE-2020-34520, CVE-2020-19380, CVE-2014-01600, CVE-2019-151070, CVE-2018-133790, CVE-2021-220050, CVE-2023-237520, CVE-2022-229630

Bluetooth Bleeding: A 'Zero Click' Kernel Vulnerability in Linux IoT Devices - Boardor Trust: 4.5 Fetched: March 21, 2025, 9:47 a.m., Published: March 10, 2025, midnight	Vulnerabilities: improper access control, privilege escalation, code execution...

Affected products

External IDs

db:

NVD

ids:

CVE-2020-24490, CVE-2020-12351, CVE-2020-12352

Siemens Alerts on Critical Vulnerabilities in Industrial Control Systems \| Windows Forum Trust: 4.5 Fetched: March 21, 2025, 9:42 a.m., Published: May 21, 2025, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	siemens	model:	simatic itp1000
vendor:	siemens	model:	simatic
vendor:	siemens	model:	simatic ipc627e

db:

NVD

ids:

CVE-2024-56182, CVE-2024-56181

Protecting Windows Users: Unsecured Webcam Cyberattacks Exploited \| Windows Forum Trust: 4.5 Fetched: March 21, 2025, 9:40 a.m., Published: May 21, 2025, midnight	Vulnerabilities: default credentials

Affected products

External IDs

vendor:	trend	model:	security
vendor:	trend	model:	antivirus

CISA Identifies New Cyber Vulnerabilities: Action Required for Windows Users \| Windows Forum Trust: 5.25 Fetched: March 21, 2025, 9:39 a.m., Published: May 21, 2025, midnight	Vulnerabilities: sql injection, file execution, file upload issue...

Affected products

External IDs

vendor:	trend	model:	security
vendor:	parallels	model:	tools

db:

NVD

ids:

CVE-2024-13160, CVE-2024-13159, CVE-2024-13161, CVE-2024-57968, CVE-2025-25181

Malicious GitHub repositories linked to nearly 1M infections • The Register Related entries in the VARIoT vulnerabilities database: VAR-202304-1067 Trust: 3.5 Fetched: March 21, 2025, 9:38 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	hitachi	model:	vantara pentaho
vendor:	hitachi vantara	model:	pentaho
vendor:	hitachi vantara	model:	pentaho business analytics
vendor:	cisco	model:	routers
vendor:	cisco	model:	small business
vendor:	google	model:	android
vendor:	google	model:	home

db:

NVD

ids:

CVE-2024-4885, CVE-2022-43939, CVE-2023-20118, CVE-2022-43769

Update Canonical Ubuntu Desktop: USN-7356-1: uriparser vulnerabilities Trust: 5.0 Fetched: March 21, 2025, 9:36 a.m., Published: Jan. 21, 7356, midnight	Vulnerabilities: integer overflow, denial of service

Affected products

External IDs

vendor:

canonical

model:

ubuntu

db:

NVD

ids:

CVE-2024-34402, CVE-2024-34403

Ballista Botnet Exploits Unpatched TP-Link Vulnerability, Targets Over 6,000 Devices - Infotech Matters Related entries in the VARIoT vulnerabilities database: VAR-202303-1268 Trust: 5.75 Fetched: March 21, 2025, 9:33 a.m., Published: March 12, 2025, 6:01 p.m.	Vulnerabilities: command injection, code execution

Affected products

External IDs

vendor:

tp-link

model:

routers

db:

NVD

ids:

CVE-2023-1389

Update Canonical Ubuntu Server: USN-7354-1: djoser vulnerability Trust: 3.0 Fetched: March 21, 2025, 9:33 a.m., Published: Jan. 21, 7354, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

canonical

model:

ubuntu

A vulnerability was found in ESAFENET CDG 5.6.3.154.205.... · CVE-2025-1840 · GitHub Advisory Database · GitHub Trust: 4.0 Fetched: March 21, 2025, 9:32 a.m., Published: March 3, 2025, midnight	Vulnerabilities: sql injection

Affected products

External IDs

db:

NVD

ids:

CVE-2025-1840

System BIOS komputerów Dell Precision 3590/3591 i Latitude 5550 \| Szczegóły sterownika \| Dell Polska Trust: 3.0 Fetched: March 21, 2025, 9:32 a.m., Published: March 21, 5550, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	dell	model:	bios
vendor:	dell	model:	latitude
vendor:	dell	model:	latitude 5550

VARIoT news about IoT security