Sign-up

VARIoT news about IoT security

Vulnerability Sync - Network Configuration Manager

Trust: 3.25

Fetched: Aug. 1, 2023, 9:24 a.m., Published: Aug. 3, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: manageengine model: network configuration manager

New vulnerability gives MacOS users a 'Migraine' | SC Media

Trust: 4.0

Fetched: Aug. 1, 2023, 9:23 a.m., Published: May 31, 2023, 5:33 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos
db: NVD ids: CVE-2023-32369

Android Security Updates Patch 3 Exploited Vulnerabilities - SecurityWeek

Trust: 5.5

Fetched: Aug. 1, 2023, 9:22 a.m., Published: July 6, 2023, midnight
 Vulnerabilities: privilege escalation, integer overflow, code execution...
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: pixel
vendor: google model: android
db: NVD ids: CVE-2021-29256, CVE-2023-21250, CVE-2023-26083, CVE-2023-2136

Windows 11 Phone Link feature may make your iPhone vulnerable

Trust: 3.0

Fetched: Aug. 1, 2023, 9:22 a.m., Published: May 22, 2023, 3:54 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone

Critical Home, Business Router Vulnerability Exploited

Related entries in the VARIoT vulnerabilities database: VAR-202305-0900

Trust: 6.5

Fetched: Aug. 1, 2023, 9:21 a.m., Published: May 22, 2023, 9:22 a.m.
 Vulnerabilities: default password, command injection, code injection...
Affected productsExternal IDs
vendor: cisco model: routers
vendor: cisco model: industrial router
vendor: cisco model: router
vendor: tp-link model: routers
vendor: tp-link model: wr940n
vendor: tenda model: tenda router
vendor: tenda model: router
vendor: tenda model: ac23
db: NVD ids: CVE-2023-2645, CVE-2023-2649

How to Fix CVE-2022-20968- Stack Overflow Vulnerability in Cisco IP Phones? - The Sec Master

Related entries in the VARIoT vulnerabilities database: VAR-202212-0864

Trust: 4.5

Fetched: Aug. 1, 2023, 9:21 a.m., Published: May 3, 2023, 10:30 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: ip phone 8800
vendor: cisco model: ip phone 7800 series
vendor: cisco model: ip phone 8821
vendor: cisco model: ip phone
vendor: cisco model: wireless ip phone 8821
vendor: cisco model: series
vendor: cisco model: ip phones
vendor: cisco model: cisco ip phone firmware
vendor: cisco model: ip phone 8800 series
vendor: cisco model: ip phone 7800
db: NVD ids: CVE-2022-20968, CVE-2022-20986

Samsung Phone Flaws Added to CISA 'Must Patch' List Likely Exploited by Spyware Vendor - SecurityWeek

Related entries in the VARIoT vulnerabilities database: VAR-202110-0167, VAR-202110-0169

Trust: 5.5

Fetched: Aug. 1, 2023, 9:20 a.m., Published: July 3, 2023, midnight
 Vulnerabilities: code execution, format string bug, bounds access vulnerability
Affected productsExternal IDs
vendor: d-link model: router
vendor: samsung model: mobile
vendor: samsung model: mobile devices
vendor: samsung model: samsung mobile
vendor: google model: android
db: NVD ids: CVE-2021-25395, CVE-2023-21492, CVE-2021-25372, CVE-2021-25487, CVE-2021-25489, CVE-2021-25371, CVE-2021-25394

Cisco Unified Communications Manager Denial of Service Vulnerability

Trust: 5.0

Fetched: Aug. 1, 2023, 9:20 a.m., Published: June 7, 2023, 3:56 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: unified communications
vendor: cisco model: cisco unified communications manager
vendor: cisco model: unified communications manager

CISA adds Samsung and D-link bugs to its Known Exploited Vulnerabilities catalogSecurity Affairs

Trust: 3.0

Fetched: Aug. 1, 2023, 9:20 a.m., Published: July 3, 2023, 1:26 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: note

Western Digital Blocks Unpatched Devices From Cloud Services - SecurityWeek

Trust: 5.0

Fetched: Aug. 1, 2023, 9:19 a.m., Published: June 19, 2023, midnight
 Vulnerabilities: information disclosure, resource consumption flaw, replay attack...
Affected productsExternal IDs
db: NVD ids: CVE-2022-36327

Apple patches exploited zero-days | SC Media

Trust: 5.75

Fetched: Aug. 1, 2023, 9:19 a.m., Published: June 22, 2023, 1:22 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: ipod touch
vendor: apple model: macos
vendor: apple model: ipad air
vendor: apple model: webkit
vendor: apple model: ipad
vendor: apple model: iphone
db: NVD ids: CVE-2023-32435, CVE-2023-32439, CVE-2023-32434

Samsung Smartphone Users Warned of Actively Exploited Vulnerability - SecurityWeek

Related entries in the VARIoT vulnerabilities database: VAR-201609-0325, VAR-200412-0177

Trust: 3.75

Fetched: Aug. 1, 2023, 9:19 a.m., Published: May 22, 2023, 9:07 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: guard
vendor: cisco model: cisco ios
vendor: samsung model: mobile
vendor: samsung model: mobile devices
vendor: google model: android
db: NVD ids: CVE-2023-21492, CVE-2016-6415, CVE-2004-1464

Cisco Warns of Vulnerability in Popular Phone Adapter, Urges Migration to Newer Model

Trust: 3.75

Fetched: Aug. 1, 2023, 9:17 a.m., Published: May 5, 2023, 5:16 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: series
vendor: cisco model: spa112
db: NVD ids: CVE-2023-20126

CISA Warning! 8 Actively Exploited Flaws in Samsung and D-Link Devices

Related entries in the VARIoT vulnerabilities database: VAR-202003-0963, VAR-201912-1012, VAR-202110-0167, VAR-202110-0169

Trust: 4.5

Fetched: Aug. 1, 2023, 9:17 a.m., Published: July 5, 2023, 8:38 a.m.
 Vulnerabilities: command injection, kernel panic, input validation vulnerability...
Affected productsExternal IDs
vendor: d-link model: dwl-2600ap
vendor: d-link model: dir-859
vendor: d-link model: router
db: NVD ids: CVE-2019-20500, CVE-2021-25395, CVE-2019-17621, CVE-2021-25372, CVE-2021-25487, CVE-2021-25489, CVE-2021-25371, CVE-2021-25394

PoC Exploit Published for Recent Ubiquiti EdgeRouter Vulnerability - SecurityWeek

Trust: 3.0

Fetched: Aug. 1, 2023, 9:17 a.m., Published: July 10, 2023, 11:27 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-31998

CVE-2023-27997: Fortinet Fortigate SSL VPN Pre-Auth RCE critical vulnerability

Trust: 5.5

Fetched: Aug. 1, 2023, 9:16 a.m., Published: June 16, 2023, 9:29 a.m.
 Vulnerabilities: denial of service, buffer overflow
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2023-27997

CVE-2023-20126- A Critical RCE Vulnerability in Cisco SPA112 2-Port Phone Adapter - The Sec Master

Trust: 5.5

Fetched: Aug. 1, 2023, 9:16 a.m., Published: May 8, 2023, 10:30 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: cisco model: spa112 2-port phone adapter
vendor: cisco model: series
vendor: cisco model: spa112
vendor: cisco model: router
vendor: cisco model: spa122
db: NVD ids: CVE-2023-20126

Kaspersky research: vulnerabilities in smart pet feeders | Securelist

Trust: 3.25

Fetched: Aug. 1, 2023, 9:15 a.m., Published: Jan. 1, 2050, midnight
 Vulnerabilities: memory corruption, denial of service
Affected productsExternal IDs

Cisco Small Business 200, 300, and 500 Series Switches Web-Based Management Stored Cross-Site Scripting Vulnerability

Trust: 4.0

Fetched: Aug. 1, 2023, 9:15 a.m., Published: June 7, 2023, 3:56 p.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
vendor: cisco model: 500 series stackable managed switches
vendor: cisco model: 300 series managed switches
vendor: cisco model: series managed switches
vendor: cisco model: small business
vendor: cisco model: series switches
vendor: cisco model: 200 series smart switches
vendor: cisco model: series
vendor: cisco model: series smart switches
vendor: cisco model: small business 500 series stackable managed switches
vendor: cisco model: small business 300 series managed switches
vendor: cisco model: cisco small business
vendor: cisco model: series stackable managed switches

CISA Says Critical Zyxel NAS Vulnerability Exploited in Attacks - SecurityWeek

Trust: 5.5

Fetched: Aug. 1, 2023, 9:14 a.m., Published: June 26, 2023, midnight
 Vulnerabilities: command injection, command execution
Affected productsExternal IDs
vendor: zyxel model: nas542
vendor: zyxel model: nas540
vendor: zyxel model: nas326
db: NVD ids: CVE-2023-27992