VARIoT latest news about IoT security

WhatsApp Identifies Vulnerability Targeting iOS and macOS Devices - iHLS Trust: 5.0 Fetched: Sept. 12, 2025, 11:22 a.m., Published: Aug. 31, 2025, 12:30 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:

apple

model:

macos

db:

NVD

ids:

CVE-2025-55177, CVE-2025-43300

Siemens SIMATIC Virtualization as a Service (SIVaaS) \| CISA Trust: 3.75 Fetched: Sept. 12, 2025, 11:21 a.m., Published: Jan. 10, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

siemens

model:

simatic

db:

NVD

ids:

CVE-2025-40804

CVE-2025-36896: Elevation of Privilege Vulnerability in WLAN on Android Devices - Cybersecurity Exploit Tracker by Ameeba Trust: 3.75 Fetched: Sept. 12, 2025, 11:21 a.m., Published: Sept. 10, 2025, 12:34 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	android
vendor:	google	model:	pixel
vendor:	essential	model:	phone

db:

NVD

ids:

CVE-2025-36896

CVE-2025-20340 - Cisco IOS XR Address Resolution Protocol Broadcast Storm Vulnerability - SecAlerts Trust: 5.75 Fetched: Sept. 12, 2025, 11:20 a.m., Published: -	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	cisco	model:	ios xr software
vendor:	cisco	model:	cisco ios xr
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	ios xr

db:

NVD

ids:

CVE-2025-20340

SACK Vulnerability \| Digi International Related entries in the VARIoT vulnerabilities database: VAR-201906-1175, VAR-201906-1176, VAR-201906-1174 Trust: 5.25 Fetched: Sept. 12, 2025, 11:20 a.m., Published: -	Vulnerabilities: privilege escalation, integer overflow, denial of service...

Affected products

External IDs

vendor:	digi international	model:	anywhereusb
vendor:	digi	model:	anywhereusb

db:

NVD

ids:

CVE-2019-11477, CVE-2018-20162, CVE-2019-11478, CVE-2019-11479, CVE-2019-5599

CVE-2025-20248 - Cisco IOS XR Software Image Verification Bypass Vulnerability - SecAlerts Trust: 3.75 Fetched: Sept. 12, 2025, 11:18 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	ios xr software
vendor:	cisco	model:	cisco ios xr
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	ios xr

db:

NVD

ids:

CVE-2025-20248

Apple Fixes CVE-2025-43300 Zero-Day: Protect Your iOS, iPadOS & macOS Now - SecPod Blog Trust: 5.75 Fetched: Sept. 12, 2025, 11:17 a.m., Published: Aug. 22, 2025, 12:34 p.m.	Vulnerabilities: privilege escalation, code execution, memory corruption

Affected products

External IDs

vendor:

apple

model:

macos

db:

NVD

ids:

CVE-2025-43300

CVE-2025-36901: Critical WLAN Vulnerability in Android Affecting Google Pixel Devices - Cybersecurity Exploit Tracker by Ameeba Trust: 3.75 Fetched: Sept. 12, 2025, 11:15 a.m., Published: Sept. 10, 2025, 9:37 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	android
vendor:	google	model:	pixel

db:

NVD

ids:

CVE-2025-36901

CVE-2025-55234 - Vulnerability Details - OpenCVE Trust: 3.0 Fetched: Sept. 12, 2025, 11:12 a.m., Published: Sept. 12, 2025, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2025-55234

Amp’ed RF BT-AP 111 Bluetooth Access Point Vulnerability Let Attackers Trust: 3.5 Fetched: Sept. 12, 2025, 11:12 a.m., Published: Sept. 11, 2025, 10:19 a.m.	Vulnerabilities: authentication flaw

Affected products

External IDs

vendor:	palo	model:	firewall
vendor:	palo	model:	networks
vendor:	wireshark	model:	wireshark
vendor:	cisco	model:	access points

Cisco and FBI Alert: Russian Hacking Campaign Targets Outdated Devices - Cyber Warriors Middle East Related entries in the VARIoT vulnerabilities database: VAR-201803-1387 Trust: 3.5 Fetched: Sept. 12, 2025, 11:11 a.m., Published: Aug. 21, 2025, 3:27 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	ios software

db:

NVD

ids:

CVE-2018-0171

WhatsApp urges iOS, Mac users to update apps immediately Trust: 3.75 Fetched: Sept. 12, 2025, 11:10 a.m., Published: Sept. 8, 2025, 6:52 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	iphone
vendor:	apple	model:	macos

db:

NVD

ids:

CVE-2025-55177, CVE-2025-23300

ERROR: The request could not be satisfied Trust: 3.25 Fetched: Sept. 12, 2025, 11:09 a.m., Published: -	Vulnerabilities: configuration error

Affected products	External IDs

Samsung monthly updates: September 2025 security patch is a big one - SamMobile Trust: 3.75 Fetched: Sept. 12, 2025, 11:09 a.m., Published: Sept. 3, 2025, 10:01 a.m.	Vulnerabilities: improper access control

Affected products

External IDs

vendor:	google	model:	android
vendor:	google	model:	home
vendor:	samsung	model:	samsung
vendor:	samsung	model:	galaxy

Protecting IoT Devices: Enhancing Smart Device Security Against Cyber Attacks Trust: 4.25 Fetched: Sept. 12, 2025, 11:08 a.m., Published: Sept. 8, 2025, 1:06 a.m.	Vulnerabilities: default credentials

Affected products

External IDs

vendor:	palo	model:	networks
vendor:	cisco	model:	access points
vendor:	palo alto networks	model:	networks
vendor:	trend	model:	security

ACSC Warns of Actively Exploited SonicWall Access Control Vulnerability Trust: 5.5 Fetched: Sept. 12, 2025, 11:08 a.m., Published: Sept. 11, 2025, 6:12 a.m.	Vulnerabilities: access control issue, access control flaw, improper access control...

Affected products

External IDs

vendor:	sonicwall	model:	sonicos
vendor:	sonicwall	model:	soho

db:

NVD

ids:

CVE-2024-40766

Siemens SINEC OS \| CISA Trust: 5.5 Fetched: Sept. 12, 2025, 11:07 a.m., Published: Jan. 10, 2023, midnight	Vulnerabilities: resource exhaustion, denial of service

Affected products

External IDs

vendor:

siemens

model:

ruggedcom

db:

NVD

ids:

CVE-2025-40803, CVE-2025-40802

Siemens APOGEE PXC and TALON TC: CVE-2025-40757 BACnet File Leak Explained \| Windows Forum Trust: 5.5 Fetched: Sept. 12, 2025, 11:06 a.m., Published: Sept. 11, 2025, 4:12 p.m.	Vulnerabilities: information disclosure

Affected products

External IDs

vendor:	siemens	model:	talon tc
vendor:	siemens	model:	apogee pxc

db:

NVD

ids:

CVE-2025-40757

CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited Vulnerabilities Related entries in the VARIoT vulnerabilities database: VAR-202508-2645, VAR-202312-0648 Trust: 6.25 Fetched: Sept. 12, 2025, 11:06 a.m., Published: Sept. 4, 2025, 1:57 p.m.	Vulnerabilities: os command injection, authentication bypass, command injection...

Affected products

External IDs

vendor:	tp-link	model:	wr841n
vendor:	tp-link	model:	archer c7
vendor:	tp-link	model:	tl-wr841n
vendor:	tp-link	model:	routers
vendor:	tp-link	model:	tp-link tl-wr841n
vendor:	tp-link	model:	tl-wr841nd

db:

NVD

ids:

CVE-2025-9377, CVE-2023-50224

2025 September KB5065429 Windows 10 Patch \| 2 Zero Day Vulnerabilities And 81 Flaws HTMD Blog Trust: 3.5 Fetched: Sept. 12, 2025, 11:05 a.m., Published: Sept. 9, 2025, 6:06 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	chrome
vendor:	google	model:	google chrome

db:

NVD

ids:

CVE-2025-55234, CVE-2024-21907

VARIoT news about IoT security