Sign-up

VARIoT news about IoT security

Fortinet Finds Zero-Day Exploit in Government Attacks After Devices Detect Integrity Breach - SecurityWeek

Trust: 5.75

Fetched: March 15, 2023, 9:16 a.m., Published: March 14, 2023, 11:24 a.m.
 Vulnerabilities: command execution, code execution, path traversal
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2022-41328

CVE-2023-25610 a critical RCE vulnerability in FortiOS: everything you need to know | Wiz Blog

Related entries in the VARIoT vulnerabilities database: VAR-202212-1132

Trust: 5.0

Fetched: March 15, 2023, 9:16 a.m., Published: March 3, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2022-42475, CVE-2023-25610

More than 150,000 Traffic Lights in the US Have a Critical Vulnerability

Trust: 3.0

Fetched: March 15, 2023, 9:16 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-0452

134M Exploit Attempts: Realtek RCE Vulnerability Targeted in Large-Scale Attacks

Trust: 5.25

Fetched: March 15, 2023, 9:15 a.m., Published: Jan. 31, 2023, 8:59 a.m.
 Vulnerabilities: code injection, code execution, sql injection
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo alto networks model: networks
db: NVD ids: CVE-2021-35394, CVE-2022-27596

Smart device vulnerabilities and securing against them | Kaspersky official blog

Trust: 4.25

Fetched: March 15, 2023, 9:14 a.m., Published: May 15, 2050, midnight
 Vulnerabilities: weak password
Affected productsExternal IDs
vendor: century model: router
vendor: apple model: watch

Sierra Wireless AirLink Router with ALEOS Software | CISA

Trust: 4.75

Fetched: March 15, 2023, 9:14 a.m., Published: Jan. 26, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: sierra wireless model: rv50x
vendor: sierra wireless model: aleos
vendor: sierra wireless model: gx450
vendor: sierra wireless model: mp70
vendor: sierra wireless model: rv50
vendor: sierra wireless model: es450
vendor: sierra model: rv50x
vendor: sierra model: aleos
vendor: sierra model: gx450
vendor: sierra model: mp70
vendor: sierra model: rv50
vendor: sierra model: es450
db: NVD ids: CVE-2022-46649, CVE-2022-46650

Smart device vulnerabilities and securing against them | Kaspersky official blog

Trust: 4.25

Fetched: March 15, 2023, 9:13 a.m., Published: Jan. 25, 2023, midnight
 Vulnerabilities: weak password
Affected productsExternal IDs
vendor: century model: router
vendor: apple model: watch

WebKit vulnerability CVE-2022-42856 explained

Related entries in the VARIoT vulnerabilities database: VAR-202212-1751

Trust: 5.75

Fetched: March 15, 2023, 9:13 a.m., Published: Feb. 17, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: webkit
db: NVD ids: CVE-2022-42856

Full Disclosure: Multiple vulnerabilities in Audiocodes Device Manager Express

Trust: 5.75

Fetched: March 15, 2023, 9:12 a.m., Published: March 10, 2023, midnight
 Vulnerabilities: cross-site scripting, path traversal, code execution...
Affected productsExternal IDs
vendor: audiocodes model: 400hd
db: NVD ids: CVE-2022-24629, CVE-2022-24627, CVE-2022-24632, CVE-2022-24630, CVE-2022-24628, CVE-2022-24631

Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-202301-0961, VAR-202301-0962, VAR-202304-1067

Trust: 4.5

Fetched: March 15, 2023, 9:12 a.m., Published: March 14, 2023, 3:39 p.m.
 Vulnerabilities: command execution, improper validation, authentication bypass
Affected productsExternal IDs
vendor: cisco model: rv042
vendor: cisco model: rv016
vendor: cisco model: rv260w wireless-ac vpn routers
vendor: cisco model: rv325
vendor: cisco model: rv320 dual gigabit wan vpn
vendor: cisco model: rv320
vendor: cisco model: rv160
vendor: cisco model: rv345
vendor: cisco model: rv160 vpn routers
vendor: cisco model: rv260w
vendor: cisco model: series
vendor: cisco model: router
vendor: cisco model: rv260
vendor: cisco model: rv042 dual wan vpn
vendor: cisco model: cisco small business
vendor: cisco model: rv340
vendor: cisco model: rv325 dual gigabit wan vpn
vendor: cisco model: rv345p
vendor: cisco model: service management
vendor: cisco model: routers
vendor: cisco model: rv082
vendor: cisco model: rv260p
vendor: cisco model: small business
vendor: cisco model: rv325 dual gigabit wan vpn router
vendor: cisco model: rv042g dual gigabit wan vpn
vendor: cisco model: rv082 dual wan vpn
vendor: cisco model: rv016 multi-wan vpn
vendor: cisco model: rv160w
vendor: cisco model: rv042g
vendor: cisco model: rv340w
vendor: cisco model: rv260 vpn routers
vendor: cisco model: rv160w wireless-ac vpn routers
db: NVD ids: CVE-2023-20026, CVE-2023-20025, CVE-2023-20118

Authenticated SSRF Vulnerability on Azure Machine Learning Service

Trust: 3.75

Fetched: March 15, 2023, 9:12 a.m., Published: Jan. 16, 2023, 6:04 p.m.
 Vulnerabilities: request forgery
Affected productsExternal IDs

Smart device vulnerabilities and securing against them | Kaspersky official blog

Trust: 4.25

Fetched: March 15, 2023, 9:11 a.m., Published: Jan. 15, 2050, midnight
 Vulnerabilities: weak password
Affected productsExternal IDs
vendor: century model: router
vendor: apple model: watch

Akuvox E11 | CISA

Trust: 5.25

Fetched: March 15, 2023, 9:11 a.m., Published: March 9, 2023, midnight
 Vulnerabilities: command injection, weak password, improper access control...
Affected productsExternal IDs
vendor: dropbear model: ssh server
vendor: dropbear model: dropbear ssh
db: NVD ids: CVE-2023-0344, CVE-2023-0346, CVE-2023-0355, CVE-2023-0349, CVE-2023-0347, CVE-2023-0351, CVE-2023-0350, CVE-2023-0343, CVE-2023-0354, CVE-2023-0353, CVE-2023-0348, CVE-2023-0352, CVE-2023-0345

Galaxy S23 & S22 phones get March update with over 60 patches

Trust: 3.75

Fetched: March 14, 2023, 9:24 a.m., Published: March 7, 2023, 6:27 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: samsung model: exynos
vendor: samsung model: galaxy

Dell Client BIOS Multiple Vulnerabilities (DSA-2022-326) | TenableĀ®

Trust: 3.25

Fetched: March 14, 2023, 9:24 a.m., Published: May 14, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell model: bios

Smart device vulnerabilities and securing against them | Kaspersky official blog

Trust: 4.25

Fetched: March 14, 2023, 9:22 a.m., Published: Jan. 14, 2050, midnight
 Vulnerabilities: weak password
Affected productsExternal IDs
vendor: century model: router
vendor: apple model: watch

Flaws in Windows 11 Security Hardware TPM 2.0 | SecureTeam

Trust: 6.0

Fetched: March 14, 2023, 9:21 a.m., Published: March 13, 2023, 5:50 p.m.
 Vulnerabilities: code execution, denial of service, buffer overflow...
Affected productsExternal IDs
vendor: lenovo model: system
db: NVD ids: CVE-2023-1017, CVE-2023-1018

Exploring the dark side of Shodan | by DroobingNoob | Feb, 2023 | Medium

Trust: 3.75

Fetched: March 14, 2023, 9:20 a.m., Published: Feb. 14, 2023, midnight
 Vulnerabilities: default credentials, default password
Affected productsExternal IDs

Cisco IOS XR Software for ASR 9000 Series Routers Bidirectional Forwarding Detection Denial of Service Vulnerability

Trust: 4.0

Fetched: March 14, 2023, 9:20 a.m., Published: March 8, 2023, 3:32 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: series routers
vendor: cisco model: ios xr software
vendor: cisco model: routers
vendor: cisco model: series
vendor: cisco model: ios xr
vendor: cisco model: cisco ios xr
vendor: cisco model: cisco ios

WBM Vulnerabilities Poses Risk to Life & Critical Infrastructure

Related entries in the VARIoT vulnerabilities database: VAR-202302-1899, VAR-202302-1897, VAR-202302-1896, VAR-202302-1898

Trust: 5.0

Fetched: March 14, 2023, 9:19 a.m., Published: March 9, 2023, 10:51 a.m.
 Vulnerabilities: code execution, default credentials, integer overflow...
Affected productsExternal IDs
db: NVD ids: CVE-2022-45138, CVE-2022-45139, CVE-2022-45137, CVE-2022-45140