Sign-up

VARIoT news about IoT security

Multiple Vulnerabilities in QTS and QuTS hero (PWN2OWN 2024) - Security Advisory | QNAP

Trust: 5.0

Fetched: Dec. 8, 2024, 10:06 a.m., Published: Dec. 2, 2024, midnight
 Vulnerabilities: certificate validation vulnerability, authentication vulnerability, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-48868, CVE-2024-48859, CVE-2024-50403, CVE-2024-48867, CVE-2024-50402, CVE-2024-50393, CVE-2024-48866, CVE-2024-48865

Hacking Your Own IoT: A White Hat’s Guide to Securing Smart Devices

Trust: 4.25

Fetched: Dec. 8, 2024, 10:05 a.m., Published: Dec. 8, 2024, 2 p.m.
 Vulnerabilities: cross-site scripting, sql injection, default credentials
Affected productsExternal IDs
vendor: wireshark model: wireshark

Access Denied

Trust: 3.25

Fetched: Dec. 8, 2024, 10:05 a.m., Published: May 19, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung

Nozomi detects security vulnerabilities in Wago PLC; firmware updated to prevent privilege escalation - Industrial Cyber

Trust: 5.25

Fetched: Dec. 8, 2024, 10:04 a.m., Published: Dec. 6, 2024, 11:58 a.m.
 Vulnerabilities: access control vulnerability, privilege escalation, code execution...
Affected productsExternal IDs
vendor: wago model: wago
vendor: wago model: 750-8216
vendor: codesys model: codesys
vendor: codesys model: control
db: NVD ids: CVE-2024-41971, CVE-2024-41967, CVE-2024-41968, CVE-2024-41973, CVE-2024-41972, CVE-2024-41969

Nine Tips to Protect IoT Devices From Security Threats - NETGEAR Blog

Trust: 4.25

Fetched: Dec. 8, 2024, 10:03 a.m., Published: Nov. 25, 2024, 4:13 p.m.
 Vulnerabilities: default credentials
Affected productsExternal IDs
vendor: netgear model: router
vendor: essential model: phone

Vulnerabilities Identified in Wyze Cam IoT Device

Related entries in the VARIoT vulnerabilities database: VAR-202203-1880, VAR-202203-1706

Trust: 6.75

Fetched: Dec. 8, 2024, 10:02 a.m., Published: Dec. 1, 2024, midnight
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: netgear model: orbi
vendor: netgear model: router
db: NVD ids: CVE-2019-9564, CVE-2019-12266

Configure device discovery - Microsoft Defender for Endpoint | Microsoft Learn

Trust: 3.0

Fetched: Dec. 8, 2024, 10:01 a.m., Published: June 19, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs

Healthcare software and firmware risks up 59%, says H-ISAC | Healthcare IT News

Trust: 4.75

Fetched: Dec. 8, 2024, 10 a.m., Published: Aug. 8, 2023, 3 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: trend model: security

Research on smart-locks cybersecurity and vulnerabilities | Wireless Networks

Trust: 3.25

Fetched: Dec. 8, 2024, 9:53 a.m., Published: May 27, 2023, midnight
 Vulnerabilities: brute force attack, denial of service

Exploring the Vulnerability of IoT Devices and the Best Practices for Securing Them - eBuilder Security

Trust: 4.25

Fetched: Dec. 8, 2024, 9:52 a.m., Published: Feb. 15, 2023, 5:07 a.m.
 Vulnerabilities: weak password, denial of service
Affected productsExternal IDs
vendor: trend model: security
vendor: delegate model: delegate

Android Offensive Security Blog

Trust: 4.0

Fetched: Dec. 8, 2024, 9:52 a.m., Published: May 8, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-20938

Moxa NPort Device Vulnerabilities (Update B) | CISA

Trust: 4.75

Fetched: Dec. 8, 2024, 9:51 a.m., Published: Dec. 8, 2023, midnight
 Vulnerabilities: request forgery, buffer overflow, cross-site scripting...
Affected productsExternal IDs
vendor: moxa model: nport 5100 series
vendor: moxa model: nport 5200a
vendor: moxa model: nport 5600-dt/dtl
vendor: moxa model: nport 5400 series
vendor: moxa model: nport 5100a
vendor: moxa model: nport 5100a series
vendor: moxa model: nport 5200 series
vendor: moxa model: nport
vendor: moxa model: nport 5x50ai-m12
vendor: moxa model: nport p5150a
vendor: moxa model: nport p5150a series
vendor: moxa model: nport 5600 series
vendor: moxa model: nport 5200a series

Cisco Nexus Dashboard Fabric Controller SQL Injection Vulnerability

Trust: 4.0

Fetched: Dec. 8, 2024, 9:49 a.m., Published: Nov. 6, 2024, 3:52 p.m.
 Vulnerabilities: sql injection
Affected productsExternal IDs
vendor: cisco model: nexus

Weekly Cybersecurity Newsletter: Data Breaches, Vulnerabilities, Cyber Attacks, & Other Updates

Trust: 3.25

Fetched: Dec. 8, 2024, 9:49 a.m., Published: Nov. 10, 2024, 1:44 p.m.
 Vulnerabilities: cross-site scripting, code execution
Affected productsExternal IDs
vendor: google model: android
vendor: google model: chrome
vendor: pfsense model: pfsense

CVE-2024-51522 - Cisco Network Device Management Module Disk Corruption Vulnerability

Trust: 3.75

Fetched: Dec. 8, 2024, 9:48 a.m., Published: Nov. 5, 2024, 10:21 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: huawei technologies model: huawei
vendor: huawei model: huawei
db: NVD ids: CVE-2024-51522

Cisco Secure Firewall Management Center Software Cross-Site Scripting Vulnerabilities - Cisco

Trust: 5.25

Fetched: Dec. 8, 2024, 9:36 a.m., Published: Oct. 23, 2024, 11:03 p.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
vendor: cisco model: asa software

CVE-2024-20455 | Tenable®

Trust: 6.0

Fetched: Dec. 8, 2024, 9:35 a.m., Published: Sept. 25, 2024, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: sd-wan
vendor: cisco model: ios xe software
vendor: cisco model: cisco ios xe
vendor: cisco model: cisco ios
vendor: cisco model: ios xe
db: NVD ids: CVE-2024-20455

A vulnerability in the REST API and web UI of Cisco Nexus... · CVE-2024-20432 · GitHub Advisory Database · GitHub

Trust: 6.0

Fetched: Dec. 8, 2024, 9:34 a.m., Published: Oct. 2, 2024, midnight
 Vulnerabilities: command injection, injection attack
Affected productsExternal IDs
vendor: cisco model: nexus
db: NVD ids: CVE-2024-20432

CVE-2024-10914: Critical Flaw in D-Link NAS Devices Actively Exploited, No Patch!

Related entries in the VARIoT vulnerabilities database: VAR-202411-0293

Trust: 6.0

Fetched: Dec. 8, 2024, 9:34 a.m., Published: Nov. 13, 2024, 10:35 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: d-link model: dns-320lw
vendor: d-link model: dns-325
vendor: d-link model: dns-320
vendor: d-link model: dns-340l
db: NVD ids: CVE-2024-10914

CVE-2024-9579 - Poly Video Conferencing Device Firmware Input sanitation Vulnerability

Trust: 3.0

Fetched: Dec. 8, 2024, 9:21 a.m., Published: Nov. 5, 2024, 5:15 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-9579