Sign-up

VARIoT news about IoT security

Vulnerabilities identified in Amazon Fire TV Stick, Insignia FireOS TV Series

Trust: 3.0

Fetched: May 7, 2023, 9:16 a.m., Published: May 2, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: amazon model: fire tv

Mirai Botnet Exploits TP-Link Router Vulnerability: What to Know and How to Protect Your Device | Trend Micro News

Related entries in the VARIoT vulnerabilities database: VAR-202303-1268

Trust: 4.75

Fetched: May 7, 2023, 9:15 a.m., Published: May 2, 2023, 7:38 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: micro maximum security
vendor: trend model: home network security
vendor: trend model: antivirus
vendor: trend model: security
vendor: tp-link model: routers
vendor: trend micro model: micro maximum security
vendor: trend micro model: home network security
vendor: trend micro model: antivirus
vendor: trend micro model: security
db: NVD ids: CVE-2023-1389

Sophos Addresses Critical Code Execution Vulnerability in Web Security Appliance - VULNERA

Trust: 5.75

Fetched: May 7, 2023, 9:15 a.m., Published: April 7, 2023, 10:50 a.m.
 Vulnerabilities: code execution, command injection, cross-site scripting
Affected productsExternal IDs
vendor: sophos model: firewall
vendor: sophos model: sophos web appliance
vendor: sophos model: web appliance
db: NVD ids: CVE-2020-36692, CVE-2023-1671, CVE-2022-4934

ICS Patch Tuesday: Siemens, Schneider Electric Address Dozens of Vulnerabilities - SecurityWeek

Related entries in the VARIoT vulnerabilities database: VAR-202304-0672

Trust: 5.5

Fetched: May 7, 2023, 9:14 a.m., Published: April 11, 2023, midnight
 Vulnerabilities: information disclosure, code execution, privilege escalation
Affected productsExternal IDs
vendor: siemens model: scalance
vendor: siemens model: sicam a8000
vendor: siemens model: sicam
vendor: siemens model: solid edge
vendor: siemens model: tia portal
vendor: siemens model: siprotec 5
vendor: siemens model: teamcenter visualization
vendor: siemens model: siprotec
vendor: siemens model: simatic
vendor: siemens model: jt2go
vendor: siemens model: teamcenter
vendor: siemens model: scalance x-200irt
vendor: schneider model: ecostruxure control expert
vendor: schneider model: control expert
vendor: opc foundation model: local discovery server
vendor: codesys model: codesys
vendor: codesys model: linux
vendor: codesys model: web server
vendor: codesys model: control
vendor: schneider electric model: ecostruxure control expert
vendor: schneider electric model: control expert
db: NVD ids: CVE-2023-28489

Security Advisory: Multiple Vulnerabilities in Phoenix Contact Routers - ONEKEY

Trust: 3.25

Fetched: May 7, 2023, 9:14 a.m., Published: March 28, 2023, 9:32 a.m.
 Vulnerabilities: command execution, command injection, path traversal
Affected productsExternal IDs
vendor: asus model: routers
vendor: asus model: asus

Insecure authentication in B420 legacy communication module | Bosch PSIRT

Trust: 4.5

Fetched: May 5, 2023, 9:27 a.m., Published: May 3, 2023, midnight
 Vulnerabilities: access control vulnerability, authentication vulnerability, improper access control
Affected productsExternal IDs
db: NVD ids: CVE-2022-47648

The 2022-2023 IoT Botnet Report - Vulnerabilities Targeted - CUJO AI

Related entries in the VARIoT vulnerabilities database: VAR-202203-0700, VAR-201805-0263, VAR-201906-0716, VAR-201810-0936, VAR-202102-0290, VAR-202203-0505, VAR-201805-0262, VAR-202003-0363, VAR-201703-0755, VAR-201812-1038, VAR-201905-0651, VAR-201502-0201, VAR-201705-1398, VAR-202110-1690, VAR-202007-0064, VAR-202208-1439, VAR-202001-0633, VAR-202110-1691, VAR-201403-0306, VAR-202002-1447, VAR-201710-0139, VAR-202112-0566, VAR-201802-0135, VAR-201505-0274, VAR-201906-0703, VAR-202202-0832, VAR-201712-0829, VAR-201612-0015, VAR-202203-1506, VAR-202210-1176, VAR-201803-1048, VAR-202003-1707, VAR-202203-0233, VAR-202205-0957, VAR-202205-0394, VAR-202104-0768

Trust: 5.0

Fetched: May 5, 2023, 9:23 a.m., Published: April 27, 2023, 12:34 p.m.
 Vulnerabilities: authentication bypass, privilege escalation, command execution...
Affected productsExternal IDs
vendor: tenda model: ac15
vendor: tenda model: router
vendor: vacron model: vacron nvr
vendor: zhone model: znid gpon 2426a
vendor: zhone model: znid gpon
vendor: hikvision model: ip cameras
vendor: google model: chrome
vendor: google model: home
vendor: huawei model: huawei
vendor: huawei model: hg532
vendor: netgear model: dgn1000
vendor: netgear model: dgn2000
vendor: netgear model: router
vendor: goahead model: webserver
vendor: d-link model: dir-300
vendor: d-link model: dns-320
vendor: d-link model: dir-845
vendor: d-link model: dir-865
vendor: d-link model: dir-605l
vendor: d-link model: dir-600
vendor: d-link model: dir-645
vendor: d-link model: dir-619l
vendor: d-link model: router
vendor: d-link model: dsl-2750b
vendor: dasan model: znid gpon 2426a
vendor: dasan model: gpon routers
vendor: draytek model: vigor
vendor: draytek model: vigor2960
vendor: draytek model: routers
vendor: telesquare model: sdt-cw3b1
vendor: comtrend model: vr-3033
vendor: realtek model: realtek sdk
vendor: orange model: web server
vendor: avtech model: ip camera
db: NVD ids: CVE-2022-26210, CVE-2016-20016, CVE-2018-10562, CVE-2021-46422, CVE-2020-8958, CVE-2017-18377, CVE-2018-10823, CVE-2020-25506, CVE-2022-29013, CVE-2018-17173, CVE-2022-26186, CVE-2018-10561, CVE-2020-10173, CVE-2017-5638, CVE-2018-20057, CVE-2017-18368, CVE-2015-2051, CVE-2020-7209, CVE-2018-20062, CVE-2016-10372, CVE-2021-42013, CVE-2022-34538, CVE-2020-10987, CVE-2022-37061, CVE-2019-19824, CVE-2021-41773, CVE-2014-2321, CVE-2020-8515, CVE-2014-9118, CVE-2021-44228, CVE-2014-3206, CVE-2014-8361, CVE-2013-7471, CVE-2021-36260, CVE-2022-25075, CVE-2021-4039, CVE-2017-17106, CVE-2021-35394, CVE-2016-6277, CVE-2022-22965, CVE-2017-17125, CVE-2020-17456, CVE-2018-12613, CVE-2016-20017, CVE-2021-4034, CVE-2021-35395, CVE-2017-17215, CVE-2020-9054, CVE-2022-22947, CVE-2007-3010, CVE-2022-30525, CVE-2022-1388, CVE-2021-20090

Mirai Botnet operators are using TP-Link routers for DDoS attacks, says US government | TechSpot

Related entries in the VARIoT vulnerabilities database: VAR-202112-0562

Trust: 4.5

Fetched: May 5, 2023, 9:20 a.m., Published: May 5, 7600, midnight
 Vulnerabilities: code execution, command injection
Affected productsExternal IDs
vendor: trend model: security
vendor: trend micro model: security
vendor: tp-link model: routers
db: NVD ids: CVE-2021-45046, CVE-2023-21839

Amazon Fire Stick users issued urgent warning over security vulnerabilities - Chronicle Live

Trust: 4.25

Fetched: May 5, 2023, 9:20 a.m., Published: May 3, 2023, 9:37 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: amazon model: fire tv
db: NVD ids: CVE-2023-1385, CVE-2023-1383, CVE-2023-1384

Android Security Bulletin-May 2023 | Android Open Source Project

Related entries in the VARIoT vulnerabilities database: VAR-202305-0093

Trust: 4.25

Fetched: May 5, 2023, 9:18 a.m., Published: May 5, 2023, midnight
 Vulnerabilities: information disclosure, denial of service, code execution
Affected productsExternal IDs
vendor: huawei model: huawei
vendor: motorola model: android
vendor: motorola model: motorola
vendor: samsung model: note
vendor: samsung model: notes
vendor: samsung model: mobile
vendor: google model: android
vendor: google model: pixel
db: NVD ids: CVE-2023-20914, CVE-2023-20699, CVE-2023-21109, CVE-2023-21118, CVE-2022-20444, CVE-2022-47488, CVE-2023-21110, CVE-2022-40508, CVE-2022-47469, CVE-2023-0266, CVE-2023-21112, CVE-2023-21103, CVE-2023-20930, CVE-2023-20698, CVE-2023-21102, CVE-2023-21111, CVE-2021-0877, CVE-2022-46394, CVE-2022-47487, CVE-2022-46891, CVE-2023-20726, CVE-2023-21665, CVE-2022-25713, CVE-2023-26085, CVE-2022-46396, CVE-2023-20695, CVE-2022-47486, CVE-2022-33305, CVE-2022-40504, CVE-2022-33273, CVE-2023-20694, CVE-2022-34144, CVE-2023-21106, CVE-2023-21666, CVE-2023-21107, CVE-2022-47470, CVE-2023-21116, CVE-2023-20696, CVE-2023-21104, CVE-2023-20697, CVE-2023-20993, CVE-2021-39617, CVE-2023-21117, CVE-2022-46395, CVE-2022-20338

Cisco warns critical RCE bug in end-of-life IP phone adapters won't get patched | SC Media

Trust: 3.75

Fetched: May 5, 2023, 9:18 a.m., Published: May 4, 2023, 9:38 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: spa 112
vendor: cisco model: ip phone
vendor: cisco model: ip phones
vendor: cisco model: series
vendor: cisco model: small business
vendor: cisco systems model: spa 112
vendor: cisco systems model: ip phone
vendor: cisco systems model: ip phones
vendor: cisco systems model: series
vendor: cisco systems model: small business
db: NVD ids: CVE-2023-20126

Report Vulnerability | Solplanet

Trust: 3.75

Fetched: May 5, 2023, 9:18 a.m., Published: March 1, 2023, 2:37 p.m.
 Vulnerabilities: sql injection, information disclosure, command execution...
Affected productsExternal IDs

List devices by recommendation | Microsoft Learn

Trust: 3.25

Fetched: May 5, 2023, 9:17 a.m., Published: Dec. 18, 2020, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: chrome

CISA Issues a New Warning for Vulnerabilities in Industrial Control Systems (ICS)

Related entries in the VARIoT vulnerabilities database: VAR-202303-1622, VAR-202303-1661

Trust: 4.75

Fetched: May 5, 2023, 9:17 a.m., Published: March 23, 2023, 10 a.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: siemens model: ruggedcom
vendor: siemens model: scalance w-700
vendor: siemens model: scalance
vendor: wellintech model: kinghistorian
vendor: snort model: snort
db: NVD ids: CVE-2023-1133, CVE-2022-43663, CVE-2023-1140, CVE-2022-45124, CVE-2023-1136

Hackers Exploiting 5-year-old Unpatched Vulnerability in TBK DVR Devices

Related entries in the VARIoT vulnerabilities database: VAR-201804-1666

Trust: 4.75

Fetched: May 5, 2023, 9:16 a.m., Published: May 3, 2023, 7:30 a.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2016-20016, CVE-2018-9995

Cisco SPA112 2-Port Phone Adapters Remote Command Execution Vulnerability

Trust: 4.75

Fetched: May 5, 2023, 9:16 a.m., Published: May 3, 2023, 3:55 p.m.
 Vulnerabilities: command execution
Affected productsExternal IDs
vendor: cisco model: spa112 2-port phone adapter
vendor: cisco model: router
vendor: cisco model: spa112
vendor: cisco model: spa122

QNAP ‘urgently’ fixing vulnerabilities in multiple systems

Trust: 3.0

Fetched: May 5, 2023, 9:16 a.m., Published: April 6, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-27597, CVE-2022-27598

Biomedical device vulnerability. Ransomware and the US Marshals. US DoJ emphasizes disruption. Updates on the hybrid war. OT risk-sharing.

Trust: 3.5

Fetched: May 5, 2023, 9:15 a.m., Published: May 1, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: android
vendor: google model: home
vendor: google model: pixel
vendor: cisco model: guard
vendor: cisco model: h
vendor: cisco model: series
vendor: cisco model: spark

Mobile Vulnerability Assessment: Tools and Techniques

Trust: 3.0

Fetched: May 5, 2023, 9:14 a.m., Published: May 3, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: blackberry model: blackberry

Hackers exploit 5-year-old unpatched flaw in TBK DVR devices

Related entries in the VARIoT vulnerabilities database: VAR-201804-1666

Trust: 3.75

Fetched: May 3, 2023, 9:16 a.m., Published: -
 Vulnerabilities: code execution, authentication bypass, command execution
Affected productsExternal IDs
db: NVD ids: CVE-2016-20016, CVE-2018-9995