VARIoT latest news about IoT security

Zyxel patches critical vulnerability in NAS devices (CVE-2023-27992) - Help Net Security Trust: 5.75 Fetched: June 21, 2023, 9:12 a.m., Published: June 20, 2023, 9:52 a.m.	Vulnerabilities: os command injection, command injection

Affected products

External IDs

vendor:	zyxel	model:	nas542
vendor:	zyxel	model:	nas326
vendor:	zyxel	model:	nas540

db:

NVD

ids:

CVE-2023-27992

Zyxel Releases Urgent Security Updates for Critical Vulnerability in NAS Devices Related entries in the VARIoT vulnerabilities database: VAR-202305-2285, VAR-202305-2121 Trust: 6.0 Fetched: June 21, 2023, 9:12 a.m., Published: June 20, 2023, 12:12 p.m.	Vulnerabilities: command injection

Affected products

External IDs

vendor:	zyxel	model:	nas542
vendor:	zyxel	model:	nas326
vendor:	zyxel	model:	nas540

db:

NVD

ids:

CVE-2023-27992, CVE-2023-33010, CVE-2023-33009

Trend Micro Home Network Security v7.0 Data Collection Notice \| Trend Micro Help Center Trust: 4.25 Fetched: June 20, 2023, 9:16 a.m., Published: June 7, 2023, midnight	Vulnerabilities: default password, weak password

Affected products

External IDs

vendor:	trend micro	model:	security
vendor:	trend micro	model:	home network security
vendor:	trend micro	model:	micro home network security
vendor:	trend	model:	security
vendor:	trend	model:	home network security
vendor:	trend	model:	micro home network security
vendor:	google	model:	home

Siemens SICAM A8000 Devices \| CISA Related entries in the VARIoT vulnerabilities database: VAR-202306-0922, VAR-202306-0924, VAR-202306-0923 Trust: 4.5 Fetched: June 20, 2023, 9:14 a.m., Published: Jan. 10, 2023, midnight	Vulnerabilities: command injection

Affected products

External IDs

vendor:	siemens	model:	sicam
vendor:	siemens	model:	sicam a8000

db:

NVD

ids:

CVE-2023-33919, CVE-2023-33921, CVE-2023-33920

#StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability \| CISA Trust: 5.25 Fetched: June 20, 2023, 9:13 a.m., Published: June 16, 2023, midnight	Vulnerabilities: privilege escalation, session hijacking, sql injection

Affected products

External IDs

vendor:	accellion	model:	accellion file transfer appliance
vendor:	accellion	model:	file transfer appliance

db:

NVD

ids:

CVE-2023-34362, CVE-2023-0669

Navigating the Fortigate Device Vulnerability: Understanding, Mitigating, and Ensuring Security - SteadFast Solutions Trust: 5.0 Fetched: June 20, 2023, 9:12 a.m., Published: June 13, 2023, 4:55 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:

fortigate

model:

fortios

db:

NVD

ids:

CVE-2023-27997

Sensor Intel Series: Top CVEs in May 2023 Trust: 4.25 Fetched: June 20, 2023, 9:12 a.m., Published: June 16, 2023, 8:08 a.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2022-41040, CVE-2022-24847, CVE-2020-8958, CVE-2021-34473, CVE-2021-26855, CVE-2021-27065

Urgent updates for iPhone - to iOS 16.4.1, and Mac - to macOS 13.3.1 \| Kaspersky official blog Trust: 3.75 Fetched: June 18, 2023, 9:37 a.m., Published: April 16, 2001, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	google chrome
vendor:	google	model:	chrome
vendor:	samsung	model:	mobile
vendor:	samsung	model:	exynos
vendor:	apple	model:	tvos
vendor:	apple	model:	webkit
vendor:	apple	model:	iphone
vendor:	apple	model:	macos
vendor:	apple	model:	ipad
vendor:	apple	model:	safari

db:

NVD

ids:

CVE-2023-28206, CVE-2023-28205

Memory corruption vulnerability in Mitsubishi PLC could lead to DoS, code execution Trust: 5.5 Fetched: June 18, 2023, 9:36 a.m., Published: May 26, 2023, 7 p.m.	Vulnerabilities: buffer overflow, code execution, memory corruption

Affected products

External IDs

vendor:	snort.org	model:	snort
vendor:	snort	model:	snort
vendor:	mitsubishi electric	model:	melsec iq-f
vendor:	mitsubishi electric	model:	fx5u
vendor:	mitsubishi	model:	melsec iq-f
vendor:	mitsubishi	model:	fx5u

db:

NVD

ids:

CVE-2023-1424

Critical Vulnerability Found in Diebold ATM Machine - SecurityWeek Trust: 3.0 Fetched: June 18, 2023, 9:36 a.m., Published: May 31, 2023, midnight	Vulnerabilities: authentication bypass

Affected products	External IDs

How to Fix the New Security Bypass Vulnerabilities in Fortinet Products - The Sec Master Related entries in the VARIoT vulnerabilities database: VAR-202211-0033, VAR-202211-0169, VAR-202211-0189, VAR-202211-0171 Trust: 5.75 Fetched: June 18, 2023, 9:34 a.m., Published: Nov. 8, 2022, 10:30 a.m.	Vulnerabilities: key management error, improper access control, security bypass...

Affected products

External IDs

vendor:

fortigate

model:

fortios

db:

NVD

ids:

CVE-2022-30307, CVE-2022-383804, CVE-2022-261224, CVE-2022-303073, CVE-2022-26122, CVE-2022-35842, CVE-2022-358423, CVE-2022-38380

Sternum Uncovers Security Vulnerability in Zyxel Networks’ NAS Appliances - Global Security Mag Online Trust: 3.75 Fetched: June 18, 2023, 9:34 a.m., Published: May 31, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	zyxel	model:	nas540
vendor:	zyxel	model:	nas542
vendor:	zyxel	model:	nas326

db:

NVD

ids:

CVE-2023-27988

Security Announcement: Barracuda ESG Zero-Day Vulnerability Trust: 3.0 Fetched: June 18, 2023, 9:33 a.m., Published: May 19, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

barracuda

model:

barracuda

Observations on cyber threat activity and vulnerabilities in Indonesia, Malaysia, Philippines and Thailand \| The Shadowserver Foundation Related entries in the VARIoT vulnerabilities database: VAR-202212-1132, VAR-201711-0635, VAR-201707-1052, VAR-201803-1048 Trust: 5.0 Fetched: June 18, 2023, 9:32 a.m., Published: May 30, 2023, midnight	Vulnerabilities: buffer overflow, denial of service, code execution

Affected products

External IDs

vendor:	huawei	model:	huawei home gateway
vendor:	huawei	model:	huawei
vendor:	ubiquiti	model:	unifi
vendor:	tp-link	model:	gateway
vendor:	tp-link	model:	routers
vendor:	cisco	model:	router
vendor:	cisco	model:	routers
vendor:	cisco	model:	cisco routers
vendor:	mikrotik	model:	router
vendor:	mikrotik	model:	routers
vendor:	fiberhome	model:	router
vendor:	fiberhome	model:	routers

db:

NVD

ids:

CVE-2019-5544, CVE-2022-37042, CVE-2022-42475, CVE-2022-40734, CVE-2017-16959, CVE-2022-27925, CVE-2020-3992, CVE-2021-21972, CVE-2021-21974, CVE-2017-6736, CVE-2023-22952, CVE-2017-17215

Fortinet Addresses Critical RCE Vulnerability in Fortigate SSL-VPN Devices - VULNERA Trust: 5.0 Fetched: June 18, 2023, 9:32 a.m., Published: June 11, 2023, 3:43 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:

fortigate

model:

fortios

db:

NVD

ids:

CVE-2023-27997

Triple Threat: Breaking Teltonika Routers Three Ways \| Claroty Related entries in the VARIoT vulnerabilities database: VAR-202305-2096 Trust: 5.25 Fetched: June 18, 2023, 9:30 a.m., Published: May 15, 2023, midnight	Vulnerabilities: request forgery, code execution, brute force attack...

Affected products

External IDs

vendor:	teltonika	model:	rut955
vendor:	teltonika	model:	rut240
vendor:	teltonika-networks	model:	rut955
vendor:	teltonika-networks	model:	rut240

db:

NVD

ids:

CVE-2023-32348, CVE-2023-2586, CVE-2023-2587, CVE-2023-32349, CVE-2023-2588, CVE-2023-32347, CVE-2023-32346

Zyxel vulnerability under 'widespread exploitation' \| TechTarget Related entries in the VARIoT vulnerabilities database: VAR-202304-2073 Trust: 4.5 Fetched: June 18, 2023, 9:30 a.m., Published: June 1, 2023, midnight	Vulnerabilities: command injection, code execution, os command injection

Affected products

External IDs

db:

NVD

ids:

CVE-2023-28771

Barracuda: Replace vulnerable ESG devices 'immediately' \| TechTarget Trust: 4.25 Fetched: June 18, 2023, 9:24 a.m., Published: June 8, 2023, midnight	Vulnerabilities: command injection, remote command injection

Affected products

External IDs

vendor:	barracuda networks	model:	barracuda
vendor:	barracuda networks	model:	spam firewall
vendor:	barracuda	model:	barracuda
vendor:	barracuda	model:	spam firewall

db:

NVD

ids:

CVE-2023-2868

Observations on cyber threat activity and vulnerabilities in the Gulf Region \| The Shadowserver Foundation Related entries in the VARIoT vulnerabilities database: VAR-202212-1132, VAR-201705-1398, VAR-201707-1052, VAR-201803-1048 Trust: 6.25 Fetched: June 18, 2023, 9:19 a.m., Published: May 31, 2023, midnight	Vulnerabilities: buffer overflow, denial of service, code execution

Affected products

External IDs

vendor:	huawei	model:	huawei home gateway
vendor:	huawei	model:	huawei
vendor:	tp-link	model:	gateway
vendor:	tp-link	model:	routers
vendor:	mikrotik	model:	routers
vendor:	cisco	model:	routers
vendor:	cisco	model:	cisco routers
vendor:	draytek	model:	routers
vendor:	fortigate	model:	fortios

db:

NVD

ids:

CVE-2022-42475, CVE-2016-10372, CVE-2022-41082, CVE-2022-41040, CVE-2023-27898, CVE-2017-6736, CVE-2017-17215

Vulnerabilities in Device Drivers From 20 Vendors Expose PCs to Persistent Malware - SecurityWeek Trust: 3.75 Fetched: June 18, 2023, 9:18 a.m., Published: Jan. 23, 2023, midnight	Vulnerabilities: privilege escalation

Affected products

External IDs

vendor:	huawei	model:	huawei
vendor:	asus	model:	bmc firmware
vendor:	asus	model:	asus
vendor:	lenovo	model:	system
vendor:	lenovo	model:	bios

VARIoT news about IoT security