Sign-up

VARIoT news about IoT security

Multiple Vulnerabilities in D-Link EoL/EoS Routers Allows Remote Code

Trust: 3.75

Fetched: Nov. 21, 2025, 9:26 a.m., Published: Nov. 20, 2025, 10:35 a.m.
 Vulnerabilities: default credentials, code execution
Affected productsExternal IDs
vendor: d-link model: router
vendor: d-link model: dir-878

Serious Vulnerabilities Expose 92,000 D-Link NAS Devices to Malware Threats - Breach Spot

Related entries in the VARIoT vulnerabilities database: VAR-202404-0070, VAR-202404-0069

Trust: 4.75

Fetched: Nov. 21, 2025, 9:26 a.m., Published: Nov. 20, 2025, 5:45 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: palo model: networks
vendor: d-link model: dns-325
vendor: d-link model: dns-320l
vendor: d-link model: dns-327l
vendor: d-link model: dns-340l
vendor: palo alto networks model: networks
vendor: trend model: security
db: NVD ids: CVE-2024-3273, CVE-2024-3272

Windows 11 has a massive kernel vulnerability

Trust: 3.0

Fetched: Nov. 21, 2025, 9:25 a.m., Published: Nov. 20, 2025, 4:59 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs

Critical FortiWeb CVE-2025-64446 Allows Unauthenticated Device Takeover - Kudelski Security Research Center

Trust: 4.75

Fetched: Nov. 21, 2025, 9:25 a.m., Published: Nov. 27, 2025, midnight
 Vulnerabilities: authentication bypass, path traversal, improper access control
Affected productsExternal IDs
db: NVD ids: CVE-2025-64446

CISA: Implementation Guidance for Emergency Directive on Cisco ASA and Firepower Device Vulnerabilities - Cyber Security Review

Trust: 3.5

Fetched: Nov. 21, 2025, 9:24 a.m., Published: Nov. 12, 2025, 8:46 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: tp-link model: routers
vendor: cisco model: routers
vendor: cisco model: firepower
db: NVD ids: CVE-2025-20362, CVE-2025-33073, CVE-2025-20333, CVE-2025-7851, CVE-2025-7850

Fortinet Fixed 2 Critical Zero-Day Vulnerabilities in FortiWeb - Lansweeper

Trust: 3.75

Fetched: Nov. 21, 2025, 9:24 a.m., Published: Nov. 19, 2025, 1:39 p.m.
 Vulnerabilities: path traversal, os command injection, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2025-58034, CVE-2025-64446

Massive Hacking Operation WrtHug Compromises Thousands of ASUS Routers Worldwide

Related entries in the VARIoT vulnerabilities database: VAR-202504-1580, VAR-202309-0729

Trust: 5.5

Fetched: Nov. 21, 2025, 9:21 a.m., Published: Nov. 20, 2025, 12:21 p.m.
 Vulnerabilities: command execution, os command injection, arbitrary command execution...
Affected productsExternal IDs
vendor: asus model: router
vendor: asus model: routers
vendor: asus model: asus
vendor: google model: nexus
vendor: google model: home
vendor: trend model: security
db: NVD ids: CVE-2024-12912, CVE-2023-41346, CVE-2025-2492, CVE-2023-41348, CVE-2023-39780, CVE-2023-41345, CVE-2023-41347

Critical CVE-2025-59367 flaw lets hackers access ASUS DSL routers remotely

Trust: 4.0

Fetched: Nov. 21, 2025, 9:20 a.m., Published: Nov. 14, 2025, 7:16 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: asus model: asus
vendor: asus model: dsl-ac51
vendor: asus model: dsl-ac750
vendor: asus model: router
vendor: asus model: dsl-n16
vendor: asus model: routers
db: NVD ids: CVE-2025-59367

Asus Router Vulnerability: WrtHug Malware Threatens Device Security

Related entries in the VARIoT vulnerabilities database: VAR-202504-1580, VAR-202309-0729

Trust: 5.5

Fetched: Nov. 21, 2025, 9:19 a.m., Published: Nov. 20, 2025, 7:28 p.m.
 Vulnerabilities: command injection, code execution
Affected productsExternal IDs
vendor: asus model: router
vendor: asus model: rt-ac1300uhp
vendor: asus model: rt-ac1300gplus
vendor: asus model: gt-ac5300
vendor: asus model: gt-ax11000
vendor: asus model: 4g-ac55u
vendor: asus model: routers
vendor: asus model: dsl-ac68u
vendor: asus model: asus
vendor: asus model: rt-ac1200hp
db: NVD ids: CVE-2025-2492, CVE-2023-39780, CVE-2024-12912

CVE-2025-61661 - Grub2: grub2: out-of-bounds write via malicious usb device - SecAlerts

Trust: 4.75

Fetched: Nov. 21, 2025, 9:18 a.m., Published: -
 Vulnerabilities: privilege escalation, denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2025-61661

Microsoft just gave you another reason to update your PC - November's Patch Tuesday fixes 63 flaws | Tom's Guide

Trust: 4.0

Fetched: Nov. 21, 2025, 9:18 a.m., Published: Nov. 12, 2025, 8:58 p.m.
 Vulnerabilities: security feature bypass, code execution, denial of service...
Affected productsExternal IDs
db: NVD ids: CVE-2025-60724, CVE-2025-62215

WhatsApp Vulnerability Exposed: Urgent Update Required to Protect Your Device - Digital Warfare

Trust: 3.5

Fetched: Nov. 21, 2025, 9:16 a.m., Published: Nov. 19, 2025, 10:11 p.m.
 Vulnerabilities: privilege escalation, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-55177, CVE-2025-43300

CVE-2025-37162 - Authenticated Command Injection Vulnerability Leading to Arbitrary Remote Command Execution

Trust: 4.0

Fetched: Nov. 19, 2025, 9:25 a.m., Published: Nov. 18, 2025, 8:15 p.m.
 Vulnerabilities: command injection, command execution, injection attack
Affected productsExternal IDs
db: NVD ids: CVE-2025-37162

PoC Exploit Tool Released for FortiWeb WAF Vulnerability Exploited in the Wild

Trust: 5.0

Fetched: Nov. 19, 2025, 9:25 a.m., Published: Nov. 15, 2025, 2:02 p.m.
 Vulnerabilities: code execution, directory traversal, path traversal
Affected productsExternal IDs
db: NVD ids: CVE-2025-64446

Microsoft Users At High Risk: Indian Govt Recommends Updating Your Devices Now

Trust: 5.5

Fetched: Nov. 19, 2025, 9:24 a.m., Published: Nov. 13, 2025, 11:30 p.m.
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
vendor: google model: android
vendor: google model: google chrome
vendor: google model: chrome
db: NVD ids: CVE-2025-60724

Vulnerability Management In Smart Cities

Trust: 3.0

Fetched: Nov. 19, 2025, 9:23 a.m., Published: Oct. 27, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs

Advisory: Akira ransomware targeting SonicWall devices | CFC

Trust: 3.75

Fetched: Nov. 19, 2025, 9:23 a.m., Published: Nov. 3, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: sonicwall model: remote access
db: NVD ids: CVE-2024-40766

CVE-2025-32455: Command Injection Vulnerability in Quantenna Wi-Fi Chipset - Ameeba Exploit Tracker

Trust: 4.0

Fetched: Nov. 19, 2025, 9:22 a.m., Published: Nov. 30, 0001, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2025-32455

Microsoft Fixes 63 Security Flaws, Including a Windows Kernel Zero-Day Under Active Attack

Trust: 5.5

Fetched: Nov. 19, 2025, 9:20 a.m., Published: Nov. 12, 2025, 10:21 a.m.
 Vulnerabilities: security feature bypass, privilege escalation, information disclosure...
Affected productsExternal IDs
vendor: broadcom model: linux
vendor: mageia model: mageia
vendor: samsung model: samsung
vendor: samsung model: note
vendor: palo alto networks model: networks
vendor: asus model: asus
vendor: lenovo model: updates
vendor: lenovo model: edge
vendor: lenovo model: system
vendor: palo model: networks
vendor: google model: android
vendor: google model: google chrome
vendor: google model: chrome
db: NVD ids: CVE-2025-62215, CVE-2025-60704, CVE-2025-62220, CVE-2025-60724

Advisory: Akira ransomware targeting SonicWall devices | CFC

Trust: 3.75

Fetched: Nov. 19, 2025, 9:20 a.m., Published: Nov. 3, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: sonicwall model: remote access
db: NVD ids: CVE-2024-40766