Sign-up

VARIoT news about IoT security

April 2025 Android Update: Actively Exploited Kernel Bugs and Remote Privilege Escalation Threat - SOCRadar® Cyber Intelligence Inc.

Trust: 5.5

Fetched: April 15, 2025, 9:14 a.m., Published: April 8, 2025, 11:45 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android
db: NVD ids: CVE-2025-26416, CVE-2024-53104, CVE-2024-53197, CVE-2024-53150, CVE-2024-50302

Critical FortiSwitch Vulnerability Let Attackers Remotely Change Admin Passwords | Black Hat Ethical Hacking

Trust: 3.25

Fetched: April 15, 2025, 9:14 a.m., Published: April 10, 2025, 8:54 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-48887

Is Ivanti the problem or a symptom of a systemic issue with network devices? | CyberScoop

Trust: 3.5

Fetched: April 15, 2025, 9:12 a.m., Published: April 14, 2025, 10 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: nexus
vendor: palo model: networks
vendor: palo model: firewall
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: cisco model: nexus
vendor: cisco model: router
vendor: cisco model: routers
vendor: citrix model: gateway
db: NVD ids: CVE-2025-22457

TP-Link Smart Hub Flaw Exposes Users’ Wi-Fi Credentials

Trust: 4.75

Fetched: April 15, 2025, 9:11 a.m., Published: April 10, 2025, 11:13 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: home
db: NVD ids: CVE-2025-0072

Hackers Exploit Router Flaws in Ongoing Attacks on Enterprise Networks

Trust: 3.0

Fetched: April 15, 2025, 9:11 a.m., Published: April 11, 2025, 6:17 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security

What you need to do about the WPA2 Wi-Fi network vulnerability

Trust: 3.0

Fetched: April 15, 2025, 9:10 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs

CVE-2025-0120 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability

Trust: 4.75

Fetched: April 15, 2025, 9:08 a.m., Published: April 9, 2025, 4 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: palo alto networks model: networks
vendor: palo alto networks model: palo alto networks globalprotect
vendor: palo alto networks model: networks globalprotect
vendor: palo model: networks
vendor: palo model: palo alto networks globalprotect
vendor: palo model: networks globalprotect
vendor: paloaltonetworks model: networks
vendor: paloaltonetworks model: palo alto networks globalprotect
vendor: paloaltonetworks model: networks globalprotect
db: NVD ids: CVE-2025-0120

04/09/25: 0-Day and Other Vulnerabilities in Android Devices | UCSF IT

Trust: 3.25

Fetched: April 15, 2025, 9:07 a.m., Published: April 15, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android

Fortinet warns of threat activity against older vulnerabilities | Cybersecurity Dive

Related entries in the VARIoT vulnerabilities database: VAR-202212-1132

Trust: 4.0

Fetched: April 13, 2025, 9:09 a.m., Published: April 11, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2023-27997, CVE-2022-42475, CVE-2024-21762

Windows 10 KB5055518 April 2025 Patch And 1 Zero Day Vulnerability And 134 Flaws HTMD Blog

Trust: 5.0

Fetched: April 13, 2025, 9:08 a.m., Published: April 8, 2025, 6:19 p.m.
 Vulnerabilities: policy violation
Affected productsExternal IDs
db: NVD ids: CVE-2025-29824

Siemens Industrial Edge Devices | CISA

Trust: 3.5

Fetched: April 13, 2025, 9:05 a.m., Published: Jan. 10, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: simatic ipc127e
vendor: siemens model: simatic ipc427e
vendor: siemens model: simatic ipc227e
vendor: siemens model: scalance
vendor: siemens model: simatic
vendor: siemens model: siemens simatic ipc427e
vendor: siemens model: simatic ipc847e
vendor: siemens model: siemens simatic ipc127e
vendor: siemens model: siemens simatic ipc847e
vendor: siemens model: siemens simatic ipc227e
db: NVD ids: CVE-2024-54092

CISA Warns of Actively Exploited Linux Kernel Vulnerabilities (CVE-2024-53197, CVE-2024-53150)

Trust: 5.5

Fetched: April 11, 2025, 9:12 a.m., Published: April 10, 2025, 2:16 a.m.
 Vulnerabilities: bounds access bug, privilege escalation, information disclosure
Affected productsExternal IDs
vendor: google model: android
vendor: alsa model: alsa
db: NVD ids: CVE-2024-53104, CVE-2024-53197, CVE-2024-53150, CVE-2024-50302

Hardware vulnerabilities in Hitachi Energy, ABB, B&R ICS devices pose critical infrastructure threat - Industrial Cyber

Trust: 4.25

Fetched: April 11, 2025, 9:11 a.m., Published: April 7, 2025, 8:44 a.m.
 Vulnerabilities: code injection, cross-site scripting, request forgery...
Affected productsExternal IDs
vendor: hitachi model: web server
vendor: codesys model: runtime
vendor: codesys model: web server
vendor: codesys model: codesys
vendor: codesys model: control
db: NVD ids: CVE-2024-10037, CVE-2024-12169, CVE-2024-45480, CVE-2024-45484, CVE-2025-1445, CVE-2024-8315, CVE-2024-8314, CVE-2024-10207, CVE-2024-10206, CVE-2024-10210, CVE-2024-45481, CVE-2024-45483, CVE-2024-45482, CVE-2024-10209, CVE-2024-8313, CVE-2024-11499, CVE-2024-10208

CVE-2025-0122 Prisma SD-WAN: Denial of Service (DoS) Vulnerability Through Burst of Crafted Packets

Trust: 4.75

Fetched: April 11, 2025, 9:10 a.m., Published: April 9, 2025, 4 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: palo alto networks model: networks
vendor: palo model: networks
db: NVD ids: CVE-2025-0122

Crisis in Cybersecurity: Siemens Industrial Edge Devices Vulnerability Explained | Windows Forum

Trust: 4.5

Fetched: April 11, 2025, 9:09 a.m., Published: May 11, 2025, midnight
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: siemens model: simatic
vendor: siemens model: scalance
db: NVD ids: CVE-2024-54092

Forescout’s 2025 report reveals surge in device vulnerabilities across IT, IoT, OT, and IoMT - Industrial Cyber

Trust: 4.75

Fetched: April 11, 2025, 9:08 a.m., Published: April 10, 2025, 10:30 a.m.
 Vulnerabilities: default credentials
Affected productsExternal IDs
vendor: trend model: security

The Top 5 Healthcare Internet of Things (IoT) Vulnerabilities

Trust: 3.75

Fetched: April 11, 2025, 9:06 a.m., Published: Dec. 18, 2023, 8:20 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trendnet model: ip camera

Vulnerabilities identified in Amazon Fire TV Stick, Insignia FireOS TV Series

Trust: 4.5

Fetched: April 11, 2025, 9:06 a.m., Published: April 2, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: netgear model: orbi
vendor: netgear model: router
vendor: amazon model: fire tv
db: NVD ids: CVE-2023-1383, CVE-2023-1384, CVE-2023-1385

Automatically exclude devices from vulnerability management | Microsoft Community Hub

Trust: 3.25

Fetched: April 11, 2025, 9:04 a.m., Published: July 1, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: hub model: hub

Assess Network Vulnerabilities with Bitdefender BOX Vulnerability Scan

Trust: 4.0

Fetched: April 11, 2025, 9:04 a.m., Published: Sept. 2, 2024, 1:26 p.m.
 Vulnerabilities: default credentials
Affected productsExternal IDs