VARIoT latest news about IoT security

Fortinet Patches Critical Vulnerability in Data Analytics Solution - SecurityWeek Related entries in the VARIoT vulnerabilities database: VAR-202203-0043 Trust: 4.75 Fetched: May 21, 2023, 9:10 a.m., Published: April 12, 2023, midnight	Vulnerabilities: cross-site scripting, code execution, command execution...

Affected products

External IDs

vendor:

fortigate

model:

fortios

db:

NVD

ids:

CVE-2022-0847, CVE-2022-41331

Cisco Warns of Critical Vulnerability in EoL Phone Adapters - SecurityWeek Trust: 5.5 Fetched: May 21, 2023, 9:10 a.m., Published: May 4, 2023, 11:47 a.m.	Vulnerabilities: code execution, command execution

Affected products

External IDs

vendor:	cisco	model:	series
vendor:	cisco	model:	spa112
vendor:	cisco	model:	industrial network director
vendor:	cisco	model:	cisco routers
vendor:	cisco	model:	routers

db:

NVD

ids:

CVE-2023-20126

Teltonika Cloud Takeover Vulnerability Exposed Trust: 5.25 Fetched: May 21, 2023, 9:09 a.m., Published: May 15, 2023, midnight	Vulnerabilities: request forgery, brute force attack, cross-site scripting...

Affected products

External IDs

vendor:	teltonika	model:	rut240
vendor:	teltonika	model:	rut955
vendor:	teltonika-networks	model:	rut240
vendor:	teltonika-networks	model:	rut955

db:

NVD

ids:

CVE-2023-32348

SSA-203374 Related entries in the VARIoT vulnerabilities database: VAR-202302-0195, VAR-202302-0482 Trust: 3.5 Fetched: May 21, 2023, 9:08 a.m., Published: May 1, 2023, midnight	Vulnerabilities: use after free, denial of service

Affected products

External IDs

db:

NVD

ids:

CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-2022-4304

Wemo won’t fix Smart Plug vulnerability allowing remote operation \| Ars Technica Trust: 5.75 Fetched: May 19, 2023, 9:18 a.m., Published: May 16, 2023, 8:35 p.m.	Vulnerabilities: buffer overflow

Affected products

External IDs

vendor:

wemo

model:

mini smart plug

Update now! Ruckus vulnerability added to CISA’s list of actively exploited bugs Trust: 4.5 Fetched: May 19, 2023, 9:18 a.m., Published: May 15, 2023, 9:48 p.m.	Vulnerabilities: code execution, detection bypass, request forgery...

Affected products

External IDs

vendor:	ruckus	model:	zonedirector
vendor:	ruckus wireless	model:	zonedirector

db:

NVD

ids:

CVE-2023-25717

Critical Vulnerability in Hikvision Storage Solutions Exposes Video Security Data - SecurityWeek Trust: 4.0 Fetched: May 19, 2023, 9:17 a.m., Published: April 13, 2023, midnight	Vulnerabilities: access control issue

Affected products

External IDs

db:

NVD

ids:

CVE-2023-28808

Cisco Patches Critical Vulnerabilities in Industrial Network Director, Modeling Labs - SecurityWeek Trust: 4.75 Fetched: May 19, 2023, 9:16 a.m., Published: April 20, 2023, 12:30 p.m.	Vulnerabilities: command execution, privilege escalation

Affected products

External IDs

vendor:	cisco	model:	cisco routers
vendor:	cisco	model:	industrial network director
vendor:	cisco	model:	staros
vendor:	cisco	model:	ios software
vendor:	cisco	model:	routers

db:

NVD

ids:

CVE-2023-20154, CVE-2023-20046, CVE-2023-20036

‘FriendlyName’ Buffer Overflow Vulnerability in Wemo Smart Plug V2 \| Sternum Trust: 6.0 Fetched: May 19, 2023, 9:14 a.m., Published: May 16, 2023, 12:30 a.m.	Vulnerabilities: command injection, heap corruption, remote command injection...

Affected products

External IDs

vendor:	google	model:	home
vendor:	google	model:	wifi
vendor:	wemo	model:	mini smart plug
vendor:	canary	model:	canary

db:

NVD

ids:

CVE-2023-27217

Teltonika Vulnerabilities Could Expose Thousands of Industrial Organizations to Remote Attacks - SecurityWeek Trust: 5.0 Fetched: May 17, 2023, 9:07 a.m., Published: May 16, 2023, 11:19 a.m.	Vulnerabilities: command execution

Affected products

External IDs

vendor:

teltonika

model:

rut955

Belkin’s Wemo Smart Plug Mini V2 has a security problem that won’t be fixed - The Verge Trust: 3.0 Fetched: May 17, 2023, 9:06 a.m., Published: May 16, 2023, 5:46 p.m.	Vulnerabilities: -

Affected products	External IDs

Critical RCE vulnerability in Cisco phone adapters, no update available (CVE-2023-20126) - Help Net Security Trust: 3.75 Fetched: May 16, 2023, 9:13 a.m., Published: May 5, 2023, 9:50 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	spa112 2-port phone adapter
vendor:	cisco	model:	spa112
vendor:	cisco	model:	series

db:

NVD

ids:

CVE-2023-20126

Netgear router exploit chain detailed \| SC Media Trust: 3.0 Fetched: May 16, 2023, 9:12 a.m., Published: May 15, 2023, 8 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	netgear	model:	netgear router
vendor:	netgear	model:	router

Amazon releases urgent Fire TV upgrade to fix three serious flaws \| Express.co.uk Trust: 4.0 Fetched: May 16, 2023, 9:11 a.m., Published: May 3, 2023, 2:43 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

amazon

model:

fire tv

db:

NVD

ids:

CVE-2023-1384, CVE-2023-1383, CVE-2023-1385

Advantech's industrial serial device servers open to attack - Help Net Security Trust: 4.5 Fetched: May 16, 2023, 9:11 a.m., Published: May 15, 2023, 11:38 a.m.	Vulnerabilities: memory leak, command injection, buffer overflow...

Affected products

External IDs

vendor:	advantech	model:	eki-1521
vendor:	advantech	model:	eki-1524
vendor:	advantech	model:	eki-1521-ce

Dump these Cisco phone adapters because it's not fixing them • The Register Trust: 3.75 Fetched: May 14, 2023, 9:17 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	umbrella
vendor:	cisco	model:	spa112
vendor:	cisco	model:	routers
vendor:	cisco	model:	cisco routers
vendor:	cisco	model:	series
vendor:	cisco	model:	unified communications

db:

NVD

ids:

CVE-2023-20126

VMware releases security updates for Workstation, Fusion exploits \| SC Media Trust: 4.0 Fetched: May 14, 2023, 9:16 a.m., Published: April 26, 2023, 9:46 p.m.	Vulnerabilities: privilege escalation, code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2023-20869, CVE-2023-20871, CVE-2023-20870

Alerts & Security Vulnerability Announcements \| Ricoh Canada Related entries in the VARIoT vulnerabilities database: VAR-202107-1010, VAR-202106-0639 Trust: 5.75 Fetched: May 14, 2023, 9:16 a.m., Published: April 4, 2023, midnight	Vulnerabilities: information leakage, code execution, information leak

Affected products

External IDs

vendor:

treck

model:

tcp/ip stack

db:

NVD

ids:

CVE-2021-34527, CVE-2021-1675

Chaining Five Vulnerabilities to Exploit Netgear Nighthawk RAX30 Routers at Pwn2Own Toronto 2022 \| Claroty Related entries in the VARIoT vulnerabilities database: VAR-202305-0201, VAR-202305-0252, VAR-202305-0268, VAR-202305-0221 Trust: 6.25 Fetched: May 14, 2023, 9:15 a.m., Published: May 11, 2023, midnight	Vulnerabilities: command injection, code execution, authentication bypass...

Affected products

External IDs

vendor:	canary	model:	canary
vendor:	netgear	model:	router
vendor:	netgear	model:	netgear router

db:

NVD

ids:

CVE-2023-27357, CVE-2023-27369, CVE-2023-27370, CVE-2023-27367, CVE-2023-27368

Attackers are trying to exploit old DVR vulnerabilities (CVE-2018-9995, CVE-2016-20016) - Help Net Security Related entries in the VARIoT vulnerabilities database: VAR-201804-1666 Trust: 4.75 Fetched: May 14, 2023, 9:15 a.m., Published: May 3, 2023, 1:30 p.m.	Vulnerabilities: authentication bypass, command injection

Affected products

External IDs

db:

NVD

ids:

CVE-2016-20016, CVE-2018-9995

VARIoT news about IoT security