Sign-up

VARIoT news about IoT security

Authenticated SSRF Vulnerability on Azure Machine Learning Service

Trust: 3.75

Fetched: March 15, 2023, 9:12 a.m., Published: Jan. 16, 2023, 6:04 p.m.
 Vulnerabilities: request forgery
Affected productsExternal IDs

Smart device vulnerabilities and securing against them | Kaspersky official blog

Trust: 4.25

Fetched: March 15, 2023, 9:11 a.m., Published: Jan. 15, 2050, midnight
 Vulnerabilities: weak password
Affected productsExternal IDs
vendor: century model: router
vendor: apple model: watch

Akuvox E11 | CISA

Trust: 5.25

Fetched: March 15, 2023, 9:11 a.m., Published: March 9, 2023, midnight
 Vulnerabilities: command injection, weak password, improper access control...
Affected productsExternal IDs
vendor: dropbear model: ssh server
vendor: dropbear model: dropbear ssh
db: NVD ids: CVE-2023-0344, CVE-2023-0346, CVE-2023-0355, CVE-2023-0349, CVE-2023-0347, CVE-2023-0351, CVE-2023-0350, CVE-2023-0343, CVE-2023-0354, CVE-2023-0353, CVE-2023-0348, CVE-2023-0352, CVE-2023-0345

Galaxy S23 & S22 phones get March update with over 60 patches

Trust: 3.75

Fetched: March 14, 2023, 9:24 a.m., Published: March 7, 2023, 6:27 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: samsung model: exynos
vendor: samsung model: galaxy

Dell Client BIOS Multiple Vulnerabilities (DSA-2022-326) | Tenable®

Trust: 3.25

Fetched: March 14, 2023, 9:24 a.m., Published: May 14, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell model: bios

Smart device vulnerabilities and securing against them | Kaspersky official blog

Trust: 4.25

Fetched: March 14, 2023, 9:22 a.m., Published: Jan. 14, 2050, midnight
 Vulnerabilities: weak password
Affected productsExternal IDs
vendor: century model: router
vendor: apple model: watch

Flaws in Windows 11 Security Hardware TPM 2.0 | SecureTeam

Trust: 6.0

Fetched: March 14, 2023, 9:21 a.m., Published: March 13, 2023, 5:50 p.m.
 Vulnerabilities: code execution, denial of service, buffer overflow...
Affected productsExternal IDs
vendor: lenovo model: system
db: NVD ids: CVE-2023-1017, CVE-2023-1018

Exploring the dark side of Shodan | by DroobingNoob | Feb, 2023 | Medium

Trust: 3.75

Fetched: March 14, 2023, 9:20 a.m., Published: Feb. 14, 2023, midnight
 Vulnerabilities: default credentials, default password
Affected productsExternal IDs

Cisco IOS XR Software for ASR 9000 Series Routers Bidirectional Forwarding Detection Denial of Service Vulnerability

Trust: 4.0

Fetched: March 14, 2023, 9:20 a.m., Published: March 8, 2023, 3:32 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: series routers
vendor: cisco model: ios xr software
vendor: cisco model: routers
vendor: cisco model: series
vendor: cisco model: ios xr
vendor: cisco model: cisco ios xr
vendor: cisco model: cisco ios

WBM Vulnerabilities Poses Risk to Life & Critical Infrastructure

Related entries in the VARIoT vulnerabilities database: VAR-202302-1899, VAR-202302-1897, VAR-202302-1896, VAR-202302-1898

Trust: 5.0

Fetched: March 14, 2023, 9:19 a.m., Published: March 9, 2023, 10:51 a.m.
 Vulnerabilities: code execution, default credentials, integer overflow...
Affected productsExternal IDs
db: NVD ids: CVE-2022-45138, CVE-2022-45139, CVE-2022-45137, CVE-2022-45140

Cisco Nexus Dashboard Cross-Site Scripting Vulnerability

Trust: 5.25

Fetched: March 14, 2023, 9:19 a.m., Published: Feb. 15, 2023, 3:53 p.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
vendor: cisco model: nexus

Unpatched Zero-Day Bugs in Smart Intercom Allow Eavesdropping

Trust: 5.0

Fetched: March 14, 2023, 9:18 a.m., Published: March 10, 2023, 6:36 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-0354, CVE-2023-0348

Remote Code Execution and Camera Access Flaws Found in Smart Intercoms - Infosecurity Magazine

Trust: 3.75

Fetched: March 14, 2023, 9:18 a.m., Published: March 13, 2023, 5:30 p.m.
 Vulnerabilities: code execution, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2023-0354, CVE-2023-0348, CVE-2023-0351

Electronics | Free Full-Text | Analysis of Consumer IoT Device Vulnerability Quantification Frameworks

Trust: 4.0

Fetched: March 14, 2023, 9:14 a.m., Published: Jan. 14, 2023, midnight
 Vulnerabilities: code execution, code injection, data injection...
Affected productsExternal IDs
vendor: google model: home
vendor: google model: android
vendor: google model: google home
vendor: trend model: security
vendor: belkin model: router
vendor: tp-link model: routers
vendor: tp-link model: gateway
vendor: symantec model: system works

Smart device vulnerabilities and securing against them | Kaspersky official blog

Trust: 4.25

Fetched: March 14, 2023, 9:14 a.m., Published: Jan. 14, 2050, midnight
 Vulnerabilities: weak password
Affected productsExternal IDs
vendor: century model: router
vendor: apple model: watch

Cisco IOS XR Software for ASR 9000 Series Routers Bidirectional Forwarding Detection Denial of Service Vulnerability - Cisco

Trust: 4.0

Fetched: March 12, 2023, 9:22 a.m., Published: March 8, 2023, 2:29 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: series
vendor: cisco model: ios xr software
vendor: cisco model: cisco ios xr
vendor: cisco model: ios xr
vendor: cisco model: cisco ios
vendor: cisco model: series routers
vendor: cisco model: routers

The Cyber Security Hub™ på LinkedIn: Unpatched Akuvox Smart Intercom Vulnerabilities Can Be Exploited for Spying

Trust: 3.0

Fetched: March 12, 2023, 9:22 a.m., Published: March 2, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: hub model: hub

The Cyber Security Hub™ on LinkedIn: Unpatched Akuvox Smart Intercom Vulnerabilities Can Be Exploited for Spying

Trust: 3.0

Fetched: March 12, 2023, 9:21 a.m., Published: March 3, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: hub model: hub

The Cyber Security Hub™ en LinkedIn: Unpatched Akuvox Smart Intercom Vulnerabilities Can Be Exploited for Spying

Trust: 3.0

Fetched: March 12, 2023, 9:21 a.m., Published: March 1, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: hub model: hub

Proof-of-concept for critical Microsoft Word vulnerability published | Black Hat Ethical Hacking

Trust: 3.75

Fetched: March 12, 2023, 9:20 a.m., Published: March 7, 2023, 8:54 a.m.
 Vulnerabilities: heap corruption, code execution, memory corruption
Affected productsExternal IDs
db: NVD ids: CVE-2023-21716