VARIoT latest news about IoT security

Cybersecurity Terms: A to Z Glossary \| Coursera Trust: 3.25 Fetched: June 2, 2023, 9:09 a.m., Published: May 17, 2023, midnight	Vulnerabilities: sql injection, denial of service

Affected products

External IDs

vendor:	essential	model:	phone
vendor:	google	model:	wi-fi router

Critical Zyxel vulnerability is being actively exploited - Techzine Europe Related entries in the VARIoT vulnerabilities database: VAR-202304-2073 Trust: 5.75 Fetched: June 2, 2023, 9:08 a.m., Published: June 1, 2023, 11:09 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	zyxel	model:	nas540
vendor:	zyxel	model:	nas542
vendor:	zyxel	model:	nas326
vendor:	zyxel	model:	zywall

db:

NVD

ids:

CVE-2023-28771

A critical security flaw is affecting Zyxel firewall devices - here's what you need to know \| TechRadar Related entries in the VARIoT vulnerabilities database: VAR-202304-2073, VAR-202305-2285, VAR-202305-2121 Trust: 5.75 Fetched: June 2, 2023, 9:07 a.m., Published: June 1, 2023, 4:25 p.m.	Vulnerabilities: buffer overflow, command injection, denial of service...

Affected products

External IDs

vendor:

zyxel

model:

zywall

db:

NVD

ids:

CVE-2023-28771, CVE-2023-33010, CVE-2023-33009

Zyxel patches vulnerability in NAS devices (CVE-2023-27988) - Help Net Security Trust: 5.75 Fetched: June 2, 2023, 9:07 a.m., Published: May 31, 2023, 11:47 a.m.	Vulnerabilities: command injection

Affected products

External IDs

vendor:	zyxel	model:	nas540
vendor:	zyxel	model:	nas542
vendor:	zyxel	model:	nas326

db:

NVD

ids:

CVE-2023-27988

New Android & Google Device Vulnerability Reward Program Trust: 3.0 Fetched: May 31, 2023, 9:15 a.m., Published: May 18, 2023, 8:17 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

android

Old Wine in the New Bottle: Mirai Variant Targets Multiple IoT Devices Related entries in the VARIoT vulnerabilities database: VAR-202304-0813 Trust: 4.25 Fetched: May 31, 2023, 9:14 a.m., Published: May 25, 2023, 6 a.m.	Vulnerabilities: arbitrary command execution, command injection, command execution...

Affected products

External IDs

vendor:	palo	model:	networks
vendor:	palo	model:	firewall
vendor:	palo alto networks	model:	networks
vendor:	palo alto networks	model:	firewall
vendor:	tenda	model:	router

db:

NVD

ids:

CVE-2023-26802, CVE-2023-26801, CVE-2023-27076

New macOS vulnerability, Migraine, could bypass System Integrity Protection \| Microsoft Security Blog Related entries in the VARIoT vulnerabilities database: VAR-202108-2056 Trust: 5.75 Fetched: May 31, 2023, 9:13 a.m., Published: May 30, 2023, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:

apple

model:

macos

db:

NVD

ids:

CVE-2021-30892, CVE-2023-32369

Textbook ‘NTP Textbox’ Vulnerability in Zyxel’s NAS326, NAS540, and NAS542 Devices \| Sternum Trust: 5.5 Fetched: May 31, 2023, 9:13 a.m., Published: May 30, 2023, 8:47 a.m.	Vulnerabilities: command injection

Affected products

External IDs

vendor:	zyxel	model:	nas326
vendor:	zyxel	model:	nas542
vendor:	zyxel	model:	nas540

db:

NVD

ids:

CVE-2023-27988

Barracuda Email Security Gateway Appliance (ESG) Vulnerability Trust: 4.25 Fetched: May 31, 2023, 9:06 a.m., Published: May 30, 2023, 8:27 p.m.	Vulnerabilities: command injection, remote command injection

Affected products

External IDs

vendor:	barracuda	model:	barracuda
vendor:	barracuda networks	model:	barracuda

db:

NVD

ids:

CVE-2023-28681, CVE-2023-2868

Serious Unpatched Vulnerability Uncovered in Popular Belkin Wemo Smart Plugs Trust: 5.75 Fetched: May 30, 2023, 9:09 a.m., Published: May 17, 2023, 10:17 a.m.	Vulnerabilities: buffer overflow

Affected products

External IDs

vendor:

wemo

model:

mini smart plug

db:

NVD

ids:

CVE-2023-27217

CISA Adds Three Known Exploited Vulnerabilities to Catalog \| CISA Related entries in the VARIoT vulnerabilities database: VAR-201609-0325, VAR-200412-0177 Trust: 4.75 Fetched: May 30, 2023, 9:08 a.m., Published: May 26, 2023, midnight	Vulnerabilities: information disclosure

Affected products

External IDs

vendor:	samsung	model:	mobile
vendor:	samsung	model:	mobile devices
vendor:	samsung	model:	note
vendor:	samsung	model:	samsung mobile
vendor:	cisco	model:	ios xr
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	cisco ios

db:

NVD

ids:

CVE-2016-6415, CVE-2023-21492, CVE-2004-1464

Zyxel patches two critical vulnerabilities Related entries in the VARIoT vulnerabilities database: VAR-202305-2285, VAR-202305-2121, VAR-202205-0957 Trust: 5.75 Fetched: May 30, 2023, 9:07 a.m., Published: -	Vulnerabilities: code execution, buffer overflow

Affected products

External IDs

vendor:

zyxel

model:

zywall

db:

NVD

ids:

CVE-2023-33010, CVE-2023-33009, CVE-2022-30525

Data tables in the Microsoft 365 Defender advanced hunting schema \| Microsoft Learn Trust: 3.25 Fetched: May 28, 2023, 9:02 a.m., Published: Feb. 16, 2021, midnight	Vulnerabilities: configuration attack

Affected products	External IDs

Cisco Identity Services Engine Arbitrary File Download Vulnerabilities Trust: 3.0 Fetched: May 26, 2023, 9:09 a.m., Published: May 17, 2023, 3:52 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	cisco identity services engine
vendor:	cisco	model:	identity services engine

About the security content of iOS 16.1 and iPadOS 16 - Apple Support Related entries in the VARIoT vulnerabilities database: VAR-202210-1627, VAR-202210-1968, VAR-202210-1912, VAR-202210-1625, VAR-202302-1951, VAR-202210-1628, VAR-202210-1630, VAR-202210-1528, VAR-202210-1969, VAR-202210-1623, VAR-202210-1529, VAR-202210-1526, VAR-202210-1965, VAR-202210-1632, VAR-202212-1477, VAR-202210-1885, VAR-202210-1928, VAR-202210-1524, VAR-202210-1624, VAR-202210-1951, VAR-202210-1525, VAR-202210-1530, VAR-202210-1975, VAR-202208-0404, VAR-202210-1884, VAR-202210-1901, VAR-202210-1531, VAR-202210-1527, VAR-202210-1532, VAR-202210-1629, VAR-202210-1626, VAR-202210-1900, VAR-202210-1897, VAR-202302-0479, VAR-202210-1881, VAR-202210-1698, VAR-202210-1927, VAR-202210-1631, VAR-202210-1930 Trust: 5.25 Fetched: May 26, 2023, 9:08 a.m., Published: May 16, 2023, midnight	Vulnerabilities: certificate validation issue, use after free, buffer overflow...

Affected products

External IDs

vendor:	trend micro	model:	security
vendor:	trend	model:	security
vendor:	apple	model:	ipad air
vendor:	apple	model:	webkit
vendor:	apple	model:	safari
vendor:	apple	model:	ipad
vendor:	apple	model:	iphone

db:

NVD

ids:

CVE-2022-32946, CVE-2022-42800, CVE-2022-32927, CVE-2022-32922, CVE-2022-46712, CVE-2022-42832, CVE-2022-42831, CVE-2022-42823, CVE-2022-42798, CVE-2022-42820, CVE-2022-42825, CVE-2022-42799, CVE-2022-42792, CVE-2022-46715, CVE-2022-32926, CVE-2022-42806, CVE-2022-32945, CVE-2022-32944, CVE-2022-42803, CVE-2022-32940, CVE-2022-42827, CVE-2022-32941, CVE-2022-32924, CVE-2022-42824, CVE-2022-32935, CVE-2022-37434, CVE-2022-32939, CVE-2022-42801, CVE-2022-42813, CVE-2022-42811, CVE-2022-42808, CVE-2022-42830, CVE-2022-42829, CVE-2022-42817, CVE-2022-32923, CVE-2022-42826, CVE-2022-32929, CVE-2022-32947, CVE-2022-32932, CVE-2022-32938, CVE-2022-42810

Are Mobile Devices the Biggest Threat to Your Network? Trust: 5.0 Fetched: May 26, 2023, 9:08 a.m., Published: May 3, 2023, midnight	Vulnerabilities: default credentials

Affected products	External IDs

CISA warns of Samsung ASLR bypass flaw exploited in attacks Trust: 4.5 Fetched: May 26, 2023, 9:07 a.m., Published: -	Vulnerabilities: buffer overflow, code execution

Affected products

External IDs

vendor:	samsung	model:	samsung mobile
vendor:	samsung	model:	mobile
vendor:	samsung	model:	mobile devices
vendor:	google	model:	chrome
vendor:	google	model:	android

db:

NVD

ids:

CVE-2023-2149, CVE-2023-21492

Vulnerability in Zyxel firewalls may soon be widely exploited (CVE-2023-28771) - Help Net Security Related entries in the VARIoT vulnerabilities database: VAR-202304-2073, VAR-202305-2285, VAR-202305-2121 Trust: 5.75 Fetched: May 26, 2023, 9:07 a.m., Published: May 22, 2023, 10:28 a.m.	Vulnerabilities: buffer overflow, command injection, command execution

Affected products

External IDs

vendor:

zyxel

model:

zywall

db:

NVD

ids:

CVE-2023-28771, CVE-2023-33010, CVE-2023-33009

The US government is having to patch a whole lot of iPhones \| TechRadar Trust: 4.75 Fetched: May 24, 2023, 9:13 a.m., Published: May 23, 2023, 12:15 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	apple	model:	webkit
vendor:	apple	model:	macos
vendor:	apple	model:	apple tv
vendor:	apple	model:	safari
vendor:	apple	model:	ipod touch
vendor:	apple	model:	watch
vendor:	apple	model:	watchos
vendor:	apple	model:	ipad air
vendor:	apple	model:	ipad
vendor:	apple	model:	tvos
vendor:	apple	model:	iphone

db:

NVD

ids:

CVE-2023-32409, CVE-2023-28204, CVE-2023-32373

Security in your IoT workload - Microsoft Azure Well-Architected Framework \| Microsoft Learn Trust: 3.25 Fetched: May 24, 2023, 9:12 a.m., Published: April 27, 2023, midnight	Vulnerabilities: denial of service, code execution, information disclosure

Affected products	External IDs

VARIoT news about IoT security