Sign-up

VARIoT news about IoT security

2024-12 Reference Advisory: Session Smart Router: Mirai malware found on systems when the default password remains unchanged

Trust: 4.5

Fetched: Dec. 18, 2024, 9:40 a.m., Published: -
 Vulnerabilities: default password
Affected productsExternal IDs

Ways Asset Management Can Help Reduce Cyber Risk | Industrial Defender OT/ICS Cybersecurity Blog

Trust: 3.0

Fetched: Dec. 18, 2024, 9:39 a.m., Published: Dec. 16, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security

Default Credentials - BD Diagnostic Solutions Products | BD

Trust: 3.0

Fetched: Dec. 18, 2024, 9:37 a.m., Published: Dec. 19, 2024, midnight
 Vulnerabilities: default credentials
Affected productsExternal IDs
db: NVD ids: CVE-2024-10476

Access Denied

Trust: 3.25

Fetched: Dec. 18, 2024, 9:36 a.m., Published: May 19, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung

Cleo File Transfer Vulnerability: Patch Pitfalls and Darktrace’s Detection of Post-Exploitation Activities | Darktrace Blog

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 3.75

Fetched: Dec. 18, 2024, 9:35 a.m., Published: Dec. 16, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-44228

Nest Security Bulletin-December 2024 - Help

Related entries in the VARIoT vulnerabilities database: VAR-202203-1690

Trust: 5.5

Fetched: Dec. 18, 2024, 9:34 a.m., Published: Dec. 18, 2024, midnight
 Vulnerabilities: denial of service, information disclosure, code execution
Affected productsExternal IDs
vendor: google model: wifi router
vendor: google model: home
vendor: google model: wifi
db: NVD ids: CVE-2024-26923, CVE-2018-25032, CVE-2023-45853

Security Threats Highlighted in Latest IoT Device Vulnerabilities - Be3

Trust: 3.75

Fetched: Dec. 18, 2024, 9:34 a.m., Published: June 22, 2024, 1:37 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs

Towards a Safer Internet of Things-A Survey of IoT Vulnerability Data Sources - PMC

Related entries in the VARIoT vulnerabilities database: VAR-201202-0163, VAR-201202-0162, VAR-201202-0164

Trust: 4.5

Fetched: Dec. 18, 2024, 9:31 a.m., Published: Oct. 22, 2020, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: essential model: phone
vendor: google model: home
vendor: google model: android
vendor: paloaltonetworks model: pan-os
vendor: trend model: security
vendor: codesys model: control
vendor: codesys model: codesys
vendor: cisco model: router
vendor: cisco model: routers
vendor: trend micro model: security
db: NVD ids: CVE-2010-1677, CVE-2011-4876, CVE-2011-4875, CVE-2011-4877

Schneider Electric Modicon | CISA

Trust: 5.75

Fetched: Dec. 18, 2024, 9:26 a.m., Published: Dec. 18, 2024, midnight
 Vulnerabilities: input validation vulnerability
Affected productsExternal IDs
vendor: schneider electric model: modbus
vendor: schneider electric model: modicon m241
vendor: schneider model: modbus
vendor: schneider model: modicon m241
db: NVD ids: CVE-2024-11737

10 Best Vulnerability Management Tools to Consider

Trust: 3.75

Fetched: Dec. 18, 2024, 9:23 a.m., Published: Nov. 1, 2024, 7:54 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: tripwire model: ip360

No Fix for Critical Command Injection Vulnerability in Legacy D-Link NAS Devices - BackBox.org News

Related entries in the VARIoT vulnerabilities database: VAR-202411-0293

Trust: 5.5

Fetched: Dec. 18, 2024, 9:22 a.m., Published: Nov. 11, 2024, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: d-link model: dns-325
vendor: d-link model: dns-320lw
vendor: d-link model: dns-340l
vendor: d-link model: dns-320
vendor: dlink model: dns-325
vendor: dlink model: dns-320lw
vendor: dlink model: dns-340l
vendor: dlink model: dns-320
db: NVD ids: CVE-2024-10914

About the security content of macOS Sequoia 15.1.1 - Apple Support

Trust: 5.75

Fetched: Dec. 17, 2024, 10:16 a.m., Published: Jan. 15, 2001, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: macos
db: NVD ids: CVE-2024-44309, CVE-2024-44308

Update now! Apple releases new security patches for vulnerabilities in iPhones, Macs, and more - Cyber Security Review

Trust: 4.75

Fetched: Dec. 17, 2024, 10:16 a.m., Published: Dec. 12, 2024, 7:03 a.m.
 Vulnerabilities: certificate validation vulnerability
Affected productsExternal IDs
vendor: apple model: software update
vendor: apple model: safari
vendor: sonicwall model: netextender
vendor: sonicwall model: sma100
vendor: sonicwall model: ssl vpn
db: NVD ids: CVE-2024-45490, CVE-2024-48865, CVE-2024-29014

Update Canonical Ubuntu Server: USN-7162-1: curl vulnerability

Trust: 3.25

Fetched: Dec. 17, 2024, 10:14 a.m., Published: Jan. 17, 7162, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu

Ivanti Releases Security Updates for Multiple Products - Cyber Security Review

Trust: 4.75

Fetched: Dec. 17, 2024, 10:13 a.m., Published: Dec. 11, 2024, 7 a.m.
 Vulnerabilities: certificate validation vulnerability
Affected productsExternal IDs
vendor: apple model: software update
vendor: apple model: safari
vendor: sonicwall model: netextender
vendor: sonicwall model: sma100
vendor: sonicwall model: ssl vpn
db: NVD ids: CVE-2024-48865, CVE-2024-29014

The most common vulnerabilities in your external attack surface - Outpost24

Trust: 3.75

Fetched: Dec. 17, 2024, 10:11 a.m., Published: Sept. 12, 2023, 7:26 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security
db: NVD ids: CVE-2022-47986

Apple Vulnerabilities Could Endanger Your Crypto

Trust: 3.5

Fetched: Dec. 17, 2024, 10:06 a.m., Published: Nov. 22, 2024, 12:30 p.m.
 Vulnerabilities: cross-site scripting, code execution
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: macbook

Exploring CISA’s 2023 Top Routinely Exploited Vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 4.5

Fetched: Dec. 17, 2024, 10:02 a.m., Published: Dec. 17, 2023, midnight
 Vulnerabilities: memory leak, information disclosure, authentication bypass...
Affected productsExternal IDs
vendor: barracuda model: barracuda
vendor: citrix model: netscaler
vendor: citrix model: gateway
vendor: cisco model: cisco ios xe
vendor: cisco model: cisco ios
vendor: cisco model: ios xe
vendor: ubiquiti model: unifi
vendor: ubiquiti model: unifi controller
db: NVD ids: CVE-2021-44228, CVE-2023-34362, CVE-2023-3519, CVE-2023-49103, CVE-2023-20273, CVE-2023-27997, CVE-2022-47966, CVE-2023-22515, CVE-2023-27350, CVE-2023-20198, CVE-2023-4966, CVE-2023-42793

CERT-In Alert: Multiple Vulnerabilities in Android Impacting Millions of Devices - Source:cyble.com - CISO2CISO.COM & CYBER SECURITY GROUP

Trust: 5.5

Fetched: Dec. 17, 2024, 10:01 a.m., Published: Nov. 26, 2024, 11:03 p.m.
 Vulnerabilities: privilege escalation, code execution, denial of service
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2023-35659, CVE-2024-43093, CVE-2024-21455, CVE-2024-38402, CVE-2024-20104

Update Canonical Ubuntu Desktop: USN-7157-1: PHP vulnerabilities

Trust: 4.0

Fetched: Dec. 17, 2024, 10 a.m., Published: Jan. 17, 7157, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2024-8932, CVE-2024-11234, CVE-2024-11233, CVE-2024-8929, CVE-2024-11236