Sign-up

VARIoT news about IoT security

Unpacking NIST Hardware and Firmware Security Failure Scenarios - Eclypsium | Supply Chain Security for the Modern Enterprise

Trust: 4.0

Fetched: Dec. 4, 2024, 10:01 a.m., Published: Dec. 3, 2024, 5 p.m.
 Vulnerabilities: improper access control
Affected productsExternal IDs

#48 From Botnets to Espionage: The Persistent Threat of Unpatched Systems | Nov 2024 Weely Reports | Loginsoft

Related entries in the VARIoT vulnerabilities database: VAR-202303-1268, VAR-202203-0233, VAR-202008-0248, VAR-202409-0042, VAR-202205-1232

Trust: 6.5

Fetched: Dec. 4, 2024, 10 a.m., Published: Nov. 4, 2024, midnight
 Vulnerabilities: code execution, authentication vulnerability, cross-site scripting...
Affected productsExternal IDs
vendor: linksys model: wrt54g
vendor: tp-link model: gateway
vendor: tp-link model: routers
vendor: wrt54g model: linksys
vendor: rarlab model: winrar
vendor: trend model: security
vendor: trend model: antivirus
vendor: sophos model: firewall
vendor: trend micro model: security
vendor: trend micro model: antivirus
db: NVD ids: CVE-2023-1389, CVE-2023-49103, CVE-2024-7262, CVE-2022-30023, CVE-2022-22947, CVE-2024-9680, CVE-2024-4577, CVE-2020-1472, CVE-2023-45727, CVE-2023-26801, CVE-2023-28461, CVE-2024-11680, CVE-2024-8408, CVE-2023-27997, CVE-2023-38831, CVE-2022-30489, CVE-2024-49039, CVE-2022-25168, CVE-2022-24847

CVE-2021-1461 Cisco SD-WAN Software Signature Verification B... - vulnerability database | Vulners.com

Trust: 4.0

Fetched: Dec. 4, 2024, 10 a.m., Published: Nov. 18, 2024, 3:33 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: cisco sd-wan
vendor: cisco model: sd-wan
db: NVD ids: CVE-2021-1461

D-Link NAS Devices Found Vulnerable to Command Injection • Decrypt LOL

Trust: 4.75

Fetched: Dec. 4, 2024, 9:53 a.m., Published: Nov. 11, 2024, midnight
 Vulnerabilities: command injection, command execution
Affected productsExternal IDs
vendor: d-link model: dns-320lw
vendor: d-link model: dns-325

No Fix for Critical Command Injection Vulnerability in Legacy D-Link NAS Devices - Source:cyble.com - CISO2CISO.COM & CYBER SECURITY GROUP

Related entries in the VARIoT vulnerabilities database: VAR-202411-0293

Trust: 5.5

Fetched: Dec. 4, 2024, 9:53 a.m., Published: Nov. 11, 2024, 8:03 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: dlink model: dns-320
vendor: dlink model: dns-320lw
vendor: dlink model: dns-340l
vendor: dlink model: dns-325
vendor: d-link model: dns-320
vendor: d-link model: dns-320lw
vendor: d-link model: dns-340l
vendor: d-link model: dns-325
db: NVD ids: CVE-2024-10914

Update Canonical Ubuntu Desktop: USN-7083-1: OpenJPEG vulnerabilities

Trust: 5.75

Fetched: Dec. 4, 2024, 9:52 a.m., Published: Jan. 4, 7083, midnight
 Vulnerabilities: integer overflow, denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2021-29338, CVE-2021-3575, CVE-2022-1122

Lorex 2K Indoor Wi-Fi Security Camera: Multiple Vulns (FIXED) | Rapid7 Blog

Trust: 4.5

Fetched: Dec. 4, 2024, 9:51 a.m., Published: Dec. 3, 2024, 8 p.m.
 Vulnerabilities: buffer overflow, code execution, authentication bypass...
Affected productsExternal IDs
db: NVD ids: CVE-2024-52548, CVE-2024-52545, CVE-2024-52547, CVE-2024-52546, CVE-2024-52544

PoC Confirms Root Privilege Exploit in TP-Link Archer AXE75 Vulnerability (CVE-2024-53375)

Trust: 4.25

Fetched: Dec. 4, 2024, 9:43 a.m., Published: Dec. 4, 2024, 2:06 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-53375

CVE-2024-9404: Denial-of-Service Vulnerability Identified in the VPort 07-3 Series

Trust: 3.25

Fetched: Dec. 4, 2024, 9:42 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-9404

Lorex 2K Indoor Wi-Fi Security Camera: Multiple Vulnerabilities (FIXED) | Noise

Trust: 4.5

Fetched: Dec. 4, 2024, 9:36 a.m., Published: Dec. 3, 2024, midnight
 Vulnerabilities: buffer overflow, code execution, authentication bypass...
Affected productsExternal IDs
db: NVD ids: CVE-2024-52548, CVE-2024-52545, CVE-2024-52547, CVE-2024-52546, CVE-2024-52544

Hacking Your Own IoT: A White Hat’s Guide to Securing Smart Devices

Trust: 4.25

Fetched: Dec. 4, 2024, 9:34 a.m., Published: Dec. 4, 2024, 2 p.m.
 Vulnerabilities: cross-site scripting, sql injection, default credentials
Affected productsExternal IDs
vendor: wireshark model: wireshark

Researchers find 20 vulnerabilities in Advantech Wi-Fi access point - Cyber Daily

Trust: 3.0

Fetched: Dec. 4, 2024, 9:34 a.m., Published: Nov. 28, 2024, 11:23 p.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs

Are you protecting your smart devices from cyber hackers?

Trust: 3.0

Fetched: Dec. 4, 2024, 9:33 a.m., Published: Oct. 14, 2024, 10:09 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security

IoT Vulnerabilities and Security Concerns | CSA

Trust: 5.0

Fetched: Dec. 4, 2024, 9:30 a.m., Published: Dec. 1, 2024, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs

A Comprehensive Review of Cyber Security Vulnerabilities, Threats, Attacks, and Solutions

Trust: 4.25

Fetched: Dec. 4, 2024, 9:26 a.m., Published: Jan. 4, 2023, midnight
 Vulnerabilities: code execution, cross-site scripting, buffer overflow...
Affected productsExternal IDs
vendor: essential model: phone
vendor: apple model: macos
vendor: google model: home
vendor: google model: android
vendor: century model: router
vendor: trend model: antivirus
vendor: trend model: security
vendor: symantec model: antivirus
vendor: symantec model: web security
vendor: symantec model: scan engine
vendor: rising model: antivirus
vendor: wireshark model: wireshark
vendor: orange model: web server
vendor: rapid model: scada

Huawei lists EMUI and HarmonyOS November 2024 security patch details - Huawei Central

Related entries in the VARIoT vulnerabilities database: VAR-202409-0013

Trust: 3.75

Fetched: Dec. 4, 2024, 9:23 a.m., Published: Nov. 5, 2024, noon
 Vulnerabilities: -
Affected productsExternal IDs
vendor: huawei model: emui
vendor: huawei model: huawei
db: NVD ids: CVE-2024-33049, CVE-2024-51510, CVE-2024-51512, CVE-2024-51511, CVE-2024-51516, CVE-2024-43892, CVE-2024-51514, CVE-2024-42283, CVE-2024-51529, CVE-2024-33069, CVE-2024-46798, CVE-2024-42305, CVE-2024-40673, CVE-2024-51526, CVE-2024-51515, CVE-2024-51530, CVE-2024-51525, CVE-2024-44987, CVE-2024-6119, CVE-2024-51522, CVE-2024-51582, CVE-2024-51523, CVE-2024-42312, CVE-2024-51518, CVE-2024-34737, CVE-2024-43882, CVE-2024-33060, CVE-2024-38399, CVE-2024-51524, CVE-2024-42292, CVE-2024-51520, CVE-2024-45448, CVE-2024-51521, CVE-2024-51513, CVE-2024-51527, CVE-2024-51517

Fortinet の RCE 脆弱性 CVE-2024-23113:日本におけるインターネット露出は 5,100台 - IoT OT Security News

Trust: 4.25

Fetched: Dec. 4, 2024, 9:21 a.m., Published: Oct. 12, 2024, 10:14 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2024-23113

Several QNAP vulnerabilities addressed | SC Media

Trust: 4.75

Fetched: Dec. 3, 2024, 10:13 a.m., Published: June 11, 2024, 5 p.m.
 Vulnerabilities: request forgery, os command injection, command execution...
Affected productsExternal IDs
db: NVD ids: CVE-2024-38644, CVE-2024-38643, CVE-2024-38645, CVE-2024-38646, CVE-2024-48861, CVE-2024-48860

Axis Devices Detection (SNMP) - vulnerability database | Vulners.com

Trust: 3.25

Fetched: Dec. 3, 2024, 10:12 a.m., Published: Nov. 27, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: axis model: axis

CVE-2021-30731 - "Apple macOS USB Device Capture Vulnerability"

Related entries in the VARIoT vulnerabilities database: VAR-202109-1345

Trust: 3.5

Fetched: Dec. 3, 2024, 10:12 a.m., Published: Sept. 8, 2021, 2:15 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: mac_os_x
vendor: apple model: macos
vendor: apple model: mac_os
db: NVD ids: CVE-2021-30731