Sign-up

VARIoT news about IoT security

Cisco Zero-Day Exploited, Kali Linux 2025.4 Released | DigitrendZ

Trust: 4.5

Fetched: Dec. 23, 2025, 9:27 a.m., Published: Dec. 22, 2025, 2:40 p.m.
 Vulnerabilities: privilege escalation, authentication bypass
Affected productsExternal IDs
vendor: apple model: webkit
vendor: cisco model: nexus
vendor: sonicwall model: email security
vendor: sonicwall model: secure mobile access
db: NVD ids: CVE-2025-40602, CVE-2025-59718, CVE-2025-14174, CVE-2025-43529

Massive FortiCloud SSO Exposure Leaves 25,000+ Devices Vulnerable

Trust: 3.25

Fetched: Dec. 23, 2025, 9:27 a.m., Published: Dec. 3, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-59718, CVE-2025-59719

How To Use AI To Audit Your Home Wi-Fi Network For IoT Device Vulnerabilities Without Command Line

Trust: 5.25

Fetched: Dec. 23, 2025, 9:26 a.m., Published: Dec. 18, 2025, midnight
 Vulnerabilities: remote command injection, default credentials, command injection
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: samsung model: note
vendor: samsung model: samsung smartthings hub
vendor: samsung model: mobile
vendor: samsung model: smartthings hub
vendor: trend model: security
vendor: trend model: password manager
vendor: d-link model: router
vendor: smartthings model: smartthings hub
vendor: wireshark model: wireshark
vendor: google model: chrome
vendor: google model: home
vendor: google model: google home
vendor: google model: chromecast
vendor: samsung smartthings model: samsung
vendor: samsung smartthings model: note
vendor: samsung smartthings model: samsung smartthings hub
vendor: samsung smartthings model: mobile
vendor: samsung smartthings model: smartthings hub
db: NVD ids: CVE-2021-32795, CVE-2019-12345

Understanding and Mitigating CVE-2025-12214 in Tenda O3 Devices

Related entries in the VARIoT vulnerabilities database: VAR-202510-2151

Trust: 3.75

Fetched: Dec. 23, 2025, 9:25 a.m., Published: Dec. 23, 2058, midnight
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2025-12214

125,000 IPs WatchGuard Firebox Devices Exposed to Internet Vulnerable to RCE Attacks

Trust: 3.75

Fetched: Dec. 23, 2025, 9:25 a.m., Published: Dec. 22, 2025, 9:08 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: watchguard model: fireware
vendor: watchguard model: watchguard fireware
vendor: watchguard model: firebox
db: NVD ids: CVE-2025-9242, CVE-2025-14733

Statement on Root Access via UART on Tapo D230S1 (CVE-2025-10991)

Trust: 3.25

Fetched: Dec. 23, 2025, 9:25 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-10991

Urgent Cybersecurity Warning: TP-Link Device Vulnerabilities in Saudi Arabia

Trust: 3.75

Fetched: Dec. 23, 2025, 9:24 a.m., Published: Dec. 22, 2025, 5:51 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: tp-link model: routers

WatchGuard Firebox Firewalls Hit by Exploited RCE Flaw CVE-2025-14733

Trust: 4.25

Fetched: Dec. 23, 2025, 9:23 a.m., Published: Dec. 22, 2025, 4:15 p.m.
 Vulnerabilities: memory corruption, command execution, code execution
Affected productsExternal IDs
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks
vendor: palo model: firewall
vendor: palo model: networks
vendor: watchguard model: fireware
vendor: watchguard model: firebox
vendor: parallels model: tools
db: NVD ids: CVE-2025-9242, CVE-2025-32978, CVE-2025-14733

CVE-2023-53970 DB Elettronica Telecomunicazioni SpA Screen... CVETodo

Trust: 4.75

Fetched: Dec. 23, 2025, 9:21 a.m., Published: Dec. 22, 2025, 10:16 p.m.
 Vulnerabilities: session management flaw, default credentials, session management vulnerability
Affected productsExternal IDs
db: NVD ids: CVE-2023-53970

CISA: Multiple Fortinet Products Exploited In Attacks, Rapid Patching Urged

Trust: 3.0

Fetched: Dec. 23, 2025, 9:21 a.m., Published: Dec. 16, 2025, 3 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-59718

FortiCloud SSO Exposure - 25,000 Devices Vulnerable and Cyber Attacks Active | IBTimes UK

Related entries in the VARIoT vulnerabilities database: VAR-202212-1132

Trust: 5.0

Fetched: Dec. 23, 2025, 9:20 a.m., Published: Dec. 22, 2025, 10:15 a.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: trend model: security
db: NVD ids: CVE-2025-59719, CVE-2025-64446, CVE-2025-59718, CVE-2025-58034, CVE-2023-27997, CVE-2022-42475

Hardware Vulnerabilities: The 88% Surge in Physical Device Exploits 🔌

Trust: 4.0

Fetched: Dec. 23, 2025, 9:17 a.m., Published: Dec. 1, 2025, midnight
 Vulnerabilities: privilege escalation, information leakage, memory leak...
Affected productsExternal IDs
vendor: dram model: dram
vendor: dell emc model: bios
vendor: trend model: security
vendor: lenovo model: edge
vendor: lenovo model: system
vendor: lenovo model: desktop
vendor: lenovo model: bios
vendor: lenovo model: updates
vendor: dell model: bios

Use Quick Share on your Android device - Google Play Help

Trust: 3.0

Fetched: Dec. 23, 2025, 9:12 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android
vendor: google model: wifi

Chrome Zero-Day Vulnerabilities Exploited in 2025 - A Comprehensive Analysis

Trust: 4.25

Fetched: Dec. 21, 2025, 9:40 a.m., Published: Dec. 17, 2025, 10:10 a.m.
 Vulnerabilities: code execution, memory corruption, memory access vulnerability...
Affected productsExternal IDs
vendor: google model: chrome
vendor: apple model: macos
db: NVD ids: CVE-2025-6554, CVE-2025-6558, CVE-2025-4664, CVE-2025-14174, CVE-2025-13223, CVE-2025-10585, CVE-2025-2783, CVE-2025-5419

Pixel Update Bulletin-December 2025 | Android Open Source Project

Trust: 4.25

Fetched: Dec. 21, 2025, 9:38 a.m., Published: Dec. 21, 2025, midnight
 Vulnerabilities: code execution, denial of service, information disclosure
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android
db: NVD ids: CVE-2025-26781, CVE-2025-36921, CVE-2025-36912, CVE-2025-36938, CVE-2025-36918, CVE-2025-36930, CVE-2025-54957, CVE-2025-36923, CVE-2025-36932, CVE-2025-36925, CVE-2025-36934, CVE-2025-36936, CVE-2024-8257, CVE-2025-36922, CVE-2025-36931, CVE-2025-32335, CVE-2025-36928, CVE-2025-36935, CVE-2025-26782, CVE-2025-36919, CVE-2025-36916, CVE-2025-36924, CVE-2025-36929, CVE-2025-36917, CVE-2025-36937, CVE-2025-36889, CVE-2025-36927

Hackers Can Seize Control of Car Dashboards Through Modem Vulnerabilities

Trust: 4.5

Fetched: Dec. 21, 2025, 9:38 a.m., Published: Dec. 17, 2025, 10:53 a.m.
 Vulnerabilities: code execution, buffer overflow
Affected productsExternal IDs
vendor: google model: android
vendor: canary model: canary
db: NVD ids: CVE-2024-39432

SonicWall Devices Under Attack via New Zero-Day Vulnerability

Trust: 6.0

Fetched: Dec. 21, 2025, 9:37 a.m., Published: Dec. 2, 2025, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: sonicwall model: sma1000
db: NVD ids: CVE-2025-40602

CVE-2025-68238 - mtd: rawnand: cadence: fix DMA device NULL pointer dereference - SecAlerts

Trust: 3.25

Fetched: Dec. 21, 2025, 9:35 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-68238

VU#382314 - Vulnerability in UEFI firmware modules prevents IOMMU initialization on some UEFI-based motherboards

Trust: 3.75

Fetched: Dec. 21, 2025, 9:35 a.m., Published: Dec. 19, 2025, midnight
 Vulnerabilities: code injection
Affected productsExternal IDs
vendor: riot model: riot

Understanding CVE-2025-66647: RIOT OS IPv6 Fragmentation Vulnerability

Trust: 5.75

Fetched: Dec. 21, 2025, 9:33 a.m., Published: Dec. 21, 2025, midnight
 Vulnerabilities: code execution, memory corruption
Affected productsExternal IDs
vendor: riot model: riot
db: NVD ids: CVE-2025-66647