VARIoT latest news about IoT security

CERT-EU - Critical Vulnerabilities in Sophos Firewall Trust: 5.75 Fetched: Jan. 14, 2025, 9:46 a.m., Published: -	Vulnerabilities: sql injection, code injection, code execution

Affected products

External IDs

vendor:

sophos

model:

firewall

db:

NVD

ids:

CVE-2024-12729, CVE-2024-12728, CVE-2024-12727

Robot Vacuums Hacked To Spy On Their Owners Trust: 3.75 Fetched: Jan. 14, 2025, 9:46 a.m., Published: Jan. 10, 2025, 8:48 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

ecovacs

model:

deebot 900

Analyzing CVE-2024-44243, a macOS System Integrity Protection bypass through kernel extensions \| Microsoft Security Blog Related entries in the VARIoT vulnerabilities database: VAR-202201-0378, VAR-202108-2056, VAR-202205-1325, VAR-201912-0499 Trust: 4.5 Fetched: Jan. 14, 2025, 9:45 a.m., Published: Jan. 13, 2025, 5 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	apple	model:	installer
vendor:	apple	model:	macos
vendor:	trend	model:	security
vendor:	trend micro	model:	security

db:

NVD

ids:

CVE-2024-44243, CVE-2022-22583, CVE-2021-30892, CVE-2022-26712, CVE-2019-8561, CVE-2023-32369

Console Chaos: A Campaign Targeting Publicly Exposed Management Interfaces on Fortinet FortiGate Firewalls - Arctic Wolf Related entries in the VARIoT vulnerabilities database: VAR-202207-0070 Trust: 3.75 Fetched: Jan. 14, 2025, 9:44 a.m., Published: Jan. 10, 2025, 4:26 p.m.	Vulnerabilities: privilege escalation

Affected products

External IDs

db:

NVD

ids:

CVE-2022-26118

javascript - Snyk is flagging Angular's navigateByUrl() as a potential open redirect vulnerability despite sanitizing the URL - Stack Overflow Trust: 3.0 Fetched: Jan. 14, 2025, 9:43 a.m., Published: Jan. 23, 2025, midnight	Vulnerabilities: open redirect vulnerability

Affected products	External IDs

Wiz Research Identifies Exploitation in the Wild of Aviatrix Controller RCE (CVE-2024-50603) \| Wiz Blog Trust: 5.5 Fetched: Jan. 14, 2025, 9:42 a.m., Published: Jan. 11, 2025, 5:23 p.m.	Vulnerabilities: command injection, code execution, privilege escalation

Affected products

External IDs

vendor:

aviatrix

model:

controller

db:

NVD

ids:

CVE-2021-40870, CVE-2024-50603

Zyxel Urges Patch Application for Privilege Escalation Vulnerability (CVE-2024-12398) Trust: 4.75 Fetched: Jan. 14, 2025, 9:41 a.m., Published: Jan. 14, 2025, 2:45 a.m.	Vulnerabilities: privilege management flaw, privilege escalation

Affected products

External IDs

db:

NVD

ids:

CVE-2024-12398

USB-C vulnerability could result in new iPhone jailbreaks Trust: 3.0 Fetched: Jan. 14, 2025, 9:39 a.m., Published: Jan. 13, 2025, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

iphone

iPhone 16, iPhone 15 models’ USB-C ports can be hacked, security researcher claims - Hindustan Times Trust: 3.0 Fetched: Jan. 14, 2025, 9:37 a.m., Published: Jan. 14, 2025, 8:07 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

iphone

Ivanti zero-day has researchers scrambling \| Cybersecurity Dive Trust: 4.75 Fetched: Jan. 14, 2025, 9:36 a.m., Published: Jan. 13, 2025, midnight	Vulnerabilities: buffer overflow

Affected products

External IDs

db:

NVD

ids:

CVE-2023-46805, CVE-2025-0282, CVE-2024-21887, CVE-2025-0283

Access Denied Trust: 3.25 Fetched: Jan. 14, 2025, 9:34 a.m., Published: Jan. 14, 2025, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

samsung

model:

samsung

Sign in \| Samsung account Trust: 3.25 Fetched: Jan. 14, 2025, 9:33 a.m., Published: April 1, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

samsung

model:

samsung

Nest Security Bulletin-December 2024 - Help Related entries in the VARIoT vulnerabilities database: VAR-202203-1690 Trust: 5.5 Fetched: Jan. 14, 2025, 9:29 a.m., Published: Dec. 14, 2024, midnight	Vulnerabilities: information disclosure, denial of service, code execution

Affected products

External IDs

vendor:	google	model:	wifi
vendor:	google	model:	home
vendor:	google	model:	wifi router

db:

NVD

ids:

CVE-2018-25032, CVE-2024-26923, CVE-2023-45853

7 New Flaws In Android & Google Pixel Devices Let Attackers Elevate Privileges Trust: 5.5 Fetched: Jan. 14, 2025, 9:29 a.m., Published: Nov. 26, 2024, 6:33 a.m.	Vulnerabilities: configuration flaw

Affected products

External IDs

vendor:	google	model:	android
vendor:	google	model:	chrome
vendor:	google	model:	google chrome
vendor:	google	model:	pixel

db:

NVD

ids:

CVE-2024-34719, CVE-2023-20963, CVE-2023-21292, CVE-2024-0017, CVE-2021-0600, CVE-2023-21383

0-Click Vulnerability in Samsung S24 Devices: PoC Releases for CVE-2024-49415 Trust: 3.75 Fetched: Jan. 14, 2025, 9:28 a.m., Published: Jan. 13, 2025, 2:09 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	samsung	model:	notes
vendor:	samsung	model:	samsung

db:

NVD

ids:

CVE-2024-49415

Hacking Your Own IoT: A White Hat’s Guide to Securing Smart Devices Trust: 4.25 Fetched: Jan. 14, 2025, 9:27 a.m., Published: Jan. 14, 2025, 2 p.m.	Vulnerabilities: sql injection, default credentials, cross-site scripting

Affected products

External IDs

vendor:

wireshark

model:

wireshark

Zero-Click Exploit Uncovered on Samsung Devices: What You Need to Know - theafricalogistics.com Trust: 3.75 Fetched: Jan. 14, 2025, 9:27 a.m., Published: Jan. 12, 2025, 12:43 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	samsung	model:	galaxy
vendor:	samsung	model:	mobile
vendor:	samsung	model:	samsung
vendor:	google	model:	android

db:

NVD

ids:

CVE-2024-49415

CISA reports security vulnerabilities in ICS equipment from Schneider Electric, Delta Electronics, Rockwell Automation - Industrial Cyber Related entries in the VARIoT vulnerabilities database: VAR-202412-2386 Trust: 6.5 Fetched: Jan. 14, 2025, 9:22 a.m., Published: Jan. 13, 2025, 8:39 a.m.	Vulnerabilities: authentication vulnerability, code execution, use after free

Affected products

External IDs

vendor:	schneider	model:	powerchute
vendor:	rockwell automation	model:	arena
vendor:	trend	model:	security
vendor:	schneider electric	model:	powerchute
vendor:	rockwell	model:	arena
vendor:	trend micro	model:	security

db:

NVD

ids:

CVE-2024-12834, CVE-2024-12835, CVE-2024-10511, CVE-2024-12836, CVE-2024-11999

Emerson AMS Device Manager \| CISA Related entries in the VARIoT vulnerabilities database: VAR-201810-0393, VAR-201810-0390 Trust: 5.5 Fetched: Jan. 14, 2025, 9:20 a.m., Published: Jan. 14, 2024, midnight	Vulnerabilities: improper access control, code execution

Affected products

External IDs

vendor:	emerson	model:	ams device manager
vendor:	emerson	model:	deltav

db:

NVD

ids:

CVE-2018-14808, CVE-2018-14804

CyberMDX Discusses Axeda Medical Device Vulnerabilities Trust: 4.75 Fetched: Jan. 14, 2025, 9:18 a.m., Published: March 11, 2022, 4:40 p.m.	Vulnerabilities: code execution

Affected products	External IDs

VARIoT news about IoT security