VARIoT latest news about IoT security

CVE-2026-24934 - An improper certificate validation vulnerability was found in ADM while querying an external server for the device's WAN IP address. - مدیریت منیج سرور ثبت دامنه Trust: 4.0 Fetched: Feb. 3, 2026, 10:04 a.m., Published: Feb. 3, 2026, 2:26 a.m.	Vulnerabilities: certificate validation vulnerability

Affected products

External IDs

db:

NVD

ids:

CVE-2026-24934

Update Canonical Ubuntu Server: USN-7994-1: MySQL vulnerabilities Trust: 3.25 Fetched: Feb. 3, 2026, 10:04 a.m., Published: Jan. 3, 7994, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

canonical

model:

ubuntu

Keenetic Router Vulnerability Exposed \| Luis Oria Seidel posted on the topic \| LinkedIn Trust: 4.0 Fetched: Feb. 3, 2026, 10:03 a.m., Published: -	Vulnerabilities: privilege escalation

Affected products

External IDs

vendor:

tp-link

model:

routers

CVE-2026-24935 - An improper certificate validation vulnerability was found in a third-party NAT traversal module. Trust: 5.0 Fetched: Feb. 3, 2026, 10:03 a.m., Published: Feb. 3, 2026, 3:15 a.m.	Vulnerabilities: certificate validation vulnerability

Affected products

External IDs

db:

NVD

ids:

CVE-2026-24935

Security Bulletin: NVIDIA GPU Display Drivers - January 2026 \| NVIDIA Trust: 4.75 Fetched: Feb. 3, 2026, 10:02 a.m., Published: Jan. 3, 2026, midnight	Vulnerabilities: use after free, denial of service, information disclosure...

Affected products

External IDs

db:

NVD

ids:

CVE-2025-33237, CVE-2025-33220, CVE-2025-33219, CVE-2025-33218, CVE-2025-33217

CVE-2025-64155 PoC released Command Injection Vulnerability \| Tenable® Trust: 3.25 Fetched: Feb. 3, 2026, 10 a.m., Published: Jan. 14, 2026, 8:15 p.m.	Vulnerabilities: command injection

Affected products

External IDs

db:

NVD

ids:

CVE-2025-64155

Threat Signature Categories Trust: 4.5 Fetched: Feb. 3, 2026, 9:59 a.m., Published: Jan. 29, 2026, 10:13 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	palo alto networks	model:	networks
vendor:	apple	model:	installer
vendor:	palo	model:	networks

WhisperPair Vulnerability: Millions of Bluetooth Devices at Risk \| Quantum Safe News Center Trust: 3.75 Fetched: Feb. 3, 2026, 9:59 a.m., Published: May 3, 2026, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	android
vendor:	google	model:	pixel
vendor:	oneplus	model:	oneplus

db:

NVD

ids:

CVE-2025-36911

Fortinet starts patching exploited FortiCloud SSO zero-day (CVE-2026-24858) - Help Net Security Trust: 5.25 Fetched: Feb. 3, 2026, 9:58 a.m., Published: Jan. 28, 2026, 12:10 a.m.	Vulnerabilities: authentication bypass

Affected products

External IDs

vendor:

fortigate

model:

fortios

db:

NVD

ids:

CVE-2026-24858, CVE-2025-59718

CISA: Fortinet Releases Guidance to Address Ongoing Exploitation of Authentication Bypass Vulnerability CVE-2026-24858 - Cyber Security Review Related entries in the VARIoT vulnerabilities database: VAR-202505-1884, VAR-202505-1034, VAR-202505-1415, VAR-202505-1414 Trust: 5.5 Fetched: Feb. 3, 2026, 9:58 a.m., Published: Jan. 28, 2026, 8:42 a.m.	Vulnerabilities: command injection, authentication bypass, buffer overflow

Affected products

External IDs

vendor:	sonicwall	model:	secure mobile access
vendor:	sonicwall	model:	sma 100
vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	series
vendor:	cisco	model:	ios software
vendor:	cisco	model:	ios xe

db:

NVD

ids:

CVE-2026-24858, CVE-2025-47188, CVE-2025-4427, CVE-2025-4428, CVE-2025-59719, CVE-2025-32756, CVE-2025-32821, CVE-2025-59718, CVE-2025-32819, CVE-2025-32820, CVE-2025-27920

CISA: Fortinet Releases Guidance to Address Ongoing Exploitation of Authentication Bypass Vulnerability CVE-2026-24858 - Cyber Security Review Trust: 5.5 Fetched: Feb. 3, 2026, 9:58 a.m., Published: Jan. 28, 2026, 8:42 a.m.	Vulnerabilities: authentication bypass, code execution

Affected products

External IDs

vendor:	google	model:	google chrome
vendor:	google	model:	chrome
vendor:	apple	model:	iphone
vendor:	apple	model:	macos

db:

NVD

ids:

CVE-2020-25179, CVE-2026-24858, CVE-2020-4006, CVE-2025-59719, CVE-2025-59718

678 Vulnerabilities Tracked As Critical CVEs And PoCs Rise Related entries in the VARIoT vulnerabilities database: VAR-201905-0853 Trust: 5.5 Fetched: Feb. 3, 2026, 9:57 a.m., Published: Jan. 9, 2026, 10:56 a.m.	Vulnerabilities: file upload vulnerability, file inclusion, code injection...

Affected products

External IDs

vendor:	sony	model:	bravia
vendor:	sierra wireless	model:	wireless airlink es450 fw
vendor:	sierra wireless	model:	es450
vendor:	sierra wireless	model:	airlink es450
vendor:	sierra wireless	model:	wireless airlink es450
vendor:	node.js	model:	node.js
vendor:	schneider	model:	concept
vendor:	schneider electric	model:	concept
vendor:	sierra	model:	wireless airlink es450 fw
vendor:	sierra	model:	es450
vendor:	sierra	model:	airlink es450
vendor:	sierra	model:	wireless airlink es450

db:

NVD

ids:

CVE-2025-52691, CVE-2020-36923, CVE-2025-68428, CVE-2025-13915, CVE-2025-68668, CVE-2025-59287, CVE-2009-0556, CVE-2025-3699, CVE-2025-37164, CVE-2018-4063, CVE-2025-60534

CISA: Fortinet Releases Guidance to Address Ongoing Exploitation of Authentication Bypass Vulnerability CVE-2026-24858 - Cyber Security Review Related entries in the VARIoT vulnerabilities database: VAR-202304-2073 Trust: 5.5 Fetched: Feb. 3, 2026, 9:56 a.m., Published: Jan. 28, 2026, 8:42 a.m.	Vulnerabilities: command injection, authentication bypass, code execution

Affected products

External IDs

vendor:	citrix	model:	netscaler gateway
vendor:	citrix	model:	gateway
vendor:	citrix	model:	netscaler
vendor:	citrix	model:	application delivery controller
vendor:	google	model:	chrome

db:

NVD

ids:

CVE-2023-3519, CVE-2026-24858, CVE-2025-59719, CVE-2023-28771, CVE-2025-59718, CVE-2023-23397

Fortinet Confirms Critical FortiCloud SSO Vulnerability(CVE-2026-24858) Actively Exploited in the Wild Trust: 4.75 Fetched: Feb. 3, 2026, 9:56 a.m., Published: Jan. 28, 2026, 10:18 a.m.	Vulnerabilities: improper access control, authentication bypass, privilege escalation

Affected products

External IDs

db:

NVD

ids:

CVE-2026-24858

TP-Link Archer MR600 Router Vulnerability Enables Full Device Control - Advisories Trust: 5.0 Fetched: Feb. 3, 2026, 9:56 a.m., Published: Feb. 2, 2026, 9:27 a.m.	Vulnerabilities: command injection, service disruption

Affected products

External IDs

db:

NVD

ids:

CVE-2025-14756

CISA: Fortinet Releases Guidance to Address Ongoing Exploitation of Authentication Bypass Vulnerability CVE-2026-24858 - Cyber Security Review Related entries in the VARIoT vulnerabilities database: VAR-201902-0454, VAR-201902-0427 Trust: 5.5 Fetched: Feb. 3, 2026, 9:55 a.m., Published: Jan. 28, 2026, 8:42 a.m.	Vulnerabilities: path traversal, authentication bypass, code execution...

Affected products

External IDs

vendor:	check point	model:	check point
vendor:	check point software technologies	model:	check point
vendor:	cisco	model:	rv215w wireless-n vpn router
vendor:	cisco	model:	rv130w wireless-n multifunction vpn router
vendor:	cisco	model:	rv110w wireless-n vpn firewall
vendor:	cisco	model:	rv110w wireless-n vpn
vendor:	cisco	model:	router
vendor:	cisco	model:	routers
vendor:	cisco	model:	rv110w
vendor:	cisco	model:	cisco rv215w wireless-n vpn router
vendor:	cisco	model:	cisco rv110w wireless-n vpn firewall
vendor:	cisco	model:	cisco rv110w
vendor:	cisco	model:	rv215w
vendor:	cisco	model:	rv215w wireless-n vpn
vendor:	cisco	model:	rv130w

db:

NVD

ids:

CVE-2026-24858, CVE-2019-1688, CVE-2025-59719, CVE-2025-59718, CVE-2019-1663

Update Canonical Ubuntu Server: USN-7992-1: Inetutils vulnerability Trust: 3.25 Fetched: Feb. 3, 2026, 9:54 a.m., Published: Jan. 3, 7992, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

canonical

model:

ubuntu

Apple's Unprecedented Security Update for Decade-Old iPhones Signals Shift in Legacy Device Support Strategy Trust: 3.5 Fetched: Feb. 3, 2026, 9:53 a.m., Published: Feb. 1, 2026, 1:10 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	trend	model:	security
vendor:	apple	model:	iphone
vendor:	apple	model:	webkit

db:

NVD

ids:

CVE-2025-24200, CVE-2025-24201

Critical Flaws in KiloView Devices Enable Complete Admin Takeover Trust: 4.0 Fetched: Feb. 3, 2026, 9:53 a.m., Published: Feb. 3, 2026, 5:09 a.m.	Vulnerabilities: authentication bypass

Affected products

External IDs

db:

NVD

ids:

CVE-2026-1453, CVE-2026-14539

Hikvision Wireless Access Points Vulnerability Enables Malicious Command Trust: 5.5 Fetched: Feb. 3, 2026, 9:52 a.m., Published: Feb. 3, 2026, 1:43 p.m.	Vulnerabilities: default credentials, command execution, denial of service...

Affected products

External IDs

vendor:

hikvision

model:

hikvision

db:

NVD

ids:

CVE-2026-0709

VARIoT news about IoT security