VARIoT latest news about IoT security

Cyware Daily Threat Intelligence, December 02, 2024 - Dec 2, 2024 \| Cyware Trust: 4.75 Fetched: Dec. 4, 2024, 10:10 a.m., Published: Dec. 2, 2024, midnight	Vulnerabilities: privilege escalation

Affected products

External IDs

vendor:

google

model:

android

db:

NVD

ids:

CVE-2024-20125

Multiple Vulnerabilities in Citrix Products Could Allow for Remote Code Execution Trust: 3.5 Fetched: Dec. 4, 2024, 10:10 a.m., Published: Nov. 12, 2024, midnight	Vulnerabilities: code execution

Affected products	External IDs

How to Respond: CVE-2023-27997 (Fortigate SSL VPN) \| UpGuard Trust: 5.75 Fetched: Dec. 4, 2024, 10:08 a.m., Published: -	Vulnerabilities: buffer overflow

Affected products

External IDs

vendor:

fortigate

model:

fortios

db:

NVD

ids:

CVE-2023-27997

Apple Releases Urgent Updates To Patch Actively Exploited Zero-Day macOS Vulnerabilities Trust: 5.5 Fetched: Dec. 4, 2024, 10:04 a.m., Published: Nov. 20, 2024, 2:05 p.m.	Vulnerabilities: cross-site scripting, code execution

Affected products

External IDs

vendor:	apple	model:	safari
vendor:	apple	model:	webkit
vendor:	apple	model:	macos
vendor:	apple	model:	software update
vendor:	apple	model:	ipad
vendor:	apple	model:	iphone

db:

NVD

ids:

CVE-2024-44309, CVE-2024-44308

Access Denied Trust: 3.25 Fetched: Dec. 4, 2024, 10:03 a.m., Published: Dec. 20, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

samsung

model:

samsung

CVE-2022-20931 - Cisco Touch 10 Device Downgrade Attack Vulnerability - SecAlerts Trust: 3.0 Fetched: Dec. 4, 2024, 10:03 a.m., Published: Dec. 10, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2022-20931

Unpacking NIST Hardware and Firmware Security Failure Scenarios - Eclypsium \| Supply Chain Security for the Modern Enterprise Trust: 4.0 Fetched: Dec. 4, 2024, 10:01 a.m., Published: Dec. 3, 2024, 5 p.m.	Vulnerabilities: improper access control

Affected products	External IDs

#48 From Botnets to Espionage: The Persistent Threat of Unpatched Systems \| Nov 2024 Weely Reports \| Loginsoft Related entries in the VARIoT vulnerabilities database: VAR-202303-1268, VAR-202203-0233, VAR-202008-0248, VAR-202409-0042, VAR-202205-1232 Trust: 6.5 Fetched: Dec. 4, 2024, 10 a.m., Published: Nov. 4, 2024, midnight	Vulnerabilities: code execution, authentication vulnerability, cross-site scripting...

Affected products

External IDs

vendor:	linksys	model:	wrt54g
vendor:	tp-link	model:	gateway
vendor:	tp-link	model:	routers
vendor:	wrt54g	model:	linksys
vendor:	rarlab	model:	winrar
vendor:	trend	model:	security
vendor:	trend	model:	antivirus
vendor:	sophos	model:	firewall
vendor:	trend micro	model:	security
vendor:	trend micro	model:	antivirus

db:

NVD

ids:

CVE-2023-1389, CVE-2023-49103, CVE-2024-7262, CVE-2022-30023, CVE-2022-22947, CVE-2024-9680, CVE-2024-4577, CVE-2020-1472, CVE-2023-45727, CVE-2023-26801, CVE-2023-28461, CVE-2024-11680, CVE-2024-8408, CVE-2023-27997, CVE-2023-38831, CVE-2022-30489, CVE-2024-49039, CVE-2022-25168, CVE-2022-24847

CVE-2021-1461 Cisco SD-WAN Software Signature Verification B... - vulnerability database \| Vulners.com Trust: 4.0 Fetched: Dec. 4, 2024, 10 a.m., Published: Nov. 18, 2024, 3:33 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	cisco sd-wan
vendor:	cisco	model:	sd-wan

db:

NVD

ids:

CVE-2021-1461

D-Link NAS Devices Found Vulnerable to Command Injection • Decrypt LOL Trust: 4.75 Fetched: Dec. 4, 2024, 9:53 a.m., Published: Nov. 11, 2024, midnight	Vulnerabilities: command injection, command execution

Affected products

External IDs

vendor:	d-link	model:	dns-320lw
vendor:	d-link	model:	dns-325

No Fix for Critical Command Injection Vulnerability in Legacy D-Link NAS Devices - Source:cyble.com - CISO2CISO.COM & CYBER SECURITY GROUP Related entries in the VARIoT vulnerabilities database: VAR-202411-0293 Trust: 5.5 Fetched: Dec. 4, 2024, 9:53 a.m., Published: Nov. 11, 2024, 8:03 p.m.	Vulnerabilities: command injection

Affected products

External IDs

vendor:	dlink	model:	dns-320
vendor:	dlink	model:	dns-320lw
vendor:	dlink	model:	dns-340l
vendor:	dlink	model:	dns-325
vendor:	d-link	model:	dns-320
vendor:	d-link	model:	dns-320lw
vendor:	d-link	model:	dns-340l
vendor:	d-link	model:	dns-325

db:

NVD

ids:

CVE-2024-10914

Update Canonical Ubuntu Desktop: USN-7083-1: OpenJPEG vulnerabilities Trust: 5.75 Fetched: Dec. 4, 2024, 9:52 a.m., Published: Jan. 4, 7083, midnight	Vulnerabilities: integer overflow, denial of service

Affected products

External IDs

vendor:

canonical

model:

ubuntu

db:

NVD

ids:

CVE-2021-29338, CVE-2021-3575, CVE-2022-1122

Lorex 2K Indoor Wi-Fi Security Camera: Multiple Vulns (FIXED) \| Rapid7 Blog Trust: 4.5 Fetched: Dec. 4, 2024, 9:51 a.m., Published: Dec. 3, 2024, 8 p.m.	Vulnerabilities: buffer overflow, code execution, authentication bypass...

Affected products

External IDs

db:

NVD

ids:

CVE-2024-52548, CVE-2024-52545, CVE-2024-52547, CVE-2024-52546, CVE-2024-52544

PoC Confirms Root Privilege Exploit in TP-Link Archer AXE75 Vulnerability (CVE-2024-53375) Trust: 4.25 Fetched: Dec. 4, 2024, 9:43 a.m., Published: Dec. 4, 2024, 2:06 a.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2024-53375

CVE-2024-9404: Denial-of-Service Vulnerability Identified in the VPort 07-3 Series Trust: 3.25 Fetched: Dec. 4, 2024, 9:42 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2024-9404

Lorex 2K Indoor Wi-Fi Security Camera: Multiple Vulnerabilities (FIXED) \| Noise Trust: 4.5 Fetched: Dec. 4, 2024, 9:36 a.m., Published: Dec. 3, 2024, midnight	Vulnerabilities: buffer overflow, code execution, authentication bypass...

Affected products

External IDs

db:

NVD

ids:

CVE-2024-52548, CVE-2024-52545, CVE-2024-52547, CVE-2024-52546, CVE-2024-52544

Hacking Your Own IoT: A White Hat’s Guide to Securing Smart Devices Trust: 4.25 Fetched: Dec. 4, 2024, 9:34 a.m., Published: Dec. 4, 2024, 2 p.m.	Vulnerabilities: cross-site scripting, sql injection, default credentials

Affected products

External IDs

vendor:

wireshark

model:

wireshark

Researchers find 20 vulnerabilities in Advantech Wi-Fi access point - Cyber Daily Trust: 3.0 Fetched: Dec. 4, 2024, 9:34 a.m., Published: Nov. 28, 2024, 11:23 p.m.	Vulnerabilities: cross-site scripting

Affected products	External IDs

Are you protecting your smart devices from cyber hackers? Trust: 3.0 Fetched: Dec. 4, 2024, 9:33 a.m., Published: Oct. 14, 2024, 10:09 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

trend

model:

security

IoT Vulnerabilities and Security Concerns \| CSA Trust: 5.0 Fetched: Dec. 4, 2024, 9:30 a.m., Published: Dec. 1, 2024, midnight	Vulnerabilities: denial of service

Affected products	External IDs

VARIoT news about IoT security