VARIoT latest news about IoT security

QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates - Cyber Security Reviews Trust: 4.75 Fetched: Feb. 1, 2023, 9:19 a.m., Published: Jan. 31, 2023, 9:50 a.m.	Vulnerabilities: injection attack, sql injection, code injection

Affected products

External IDs

db:

NVD

ids:

CVE-2022-27596

Over 4,000 Sophos Firewall devices vulnerable to RCE attacks - SPIXNET C2S Related entries in the VARIoT vulnerabilities database: VAR-202209-1931 Trust: 4.5 Fetched: Feb. 1, 2023, 9:18 a.m., Published: Jan. 24, 2023, 3:55 p.m.	Vulnerabilities: authentication bypass, code execution, sql injection...

Affected products

External IDs

vendor:	sophos	model:	xg firewall
vendor:	sophos	model:	firewall

db:

NVD

ids:

CVE-2022-3236, CVE-2022-1040

Critical QNAP NAS vulnerability fixed, update your device ASAP! (CVE-2022-27596) \| Vumetric Cyber Portal Trust: 3.5 Fetched: Feb. 1, 2023, 9:17 a.m., Published: Feb. 1, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2022-27596

Nozomi Networks Discovers Nine Vulnerabilities Affecting Sewio RTLS Studio - Security Boulevard Trust: 3.5 Fetched: Feb. 1, 2023, 9:16 a.m., Published: Jan. 31, 2023, 10:30 a.m.	Vulnerabilities: path traversal, os command injection, cross-site scripting...

Affected products

External IDs

db:

NVD

ids:

CVE-2022-47917, CVE-2022-45444, CVE-2022-47911, CVE-2022-41989, CVE-2022-45127, CVE-2022-46733, CVE-2022-47395, CVE-2022-43455, CVE-2022-43483

Week in review: ChatGPT cybersecurity, critical RCE vulnerabilities found in git, Riot Games breached - Help Net Security Related entries in the VARIoT vulnerabilities database: VAR-202212-1751 Trust: 4.5 Fetched: Feb. 1, 2023, 9:16 a.m., Published: Jan. 28, 2023, 11:49 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	apple	model:	webkit
vendor:	apple	model:	macos
vendor:	apple	model:	watchos
vendor:	riot	model:	riot

db:

NVD

ids:

CVE-2022-31711, CVE-2022-31704, CVE-2022-31710, CVE-2022-31706, CVE-2022-34689, CVE-2022-42856

134 million attacks on vulnerable IoT devices around the world and it's all the fault of one mistake Trust: 3.75 Fetched: Feb. 1, 2023, 9:15 a.m., Published: Jan. 31, 2023, 6:42 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	asus	model:	routers
vendor:	asus	model:	asus
vendor:	palo	model:	networks
vendor:	palo alto networks	model:	networks
vendor:	huawei	model:	huawei

db:

NVD

ids:

CVE-2021-35394

QNAP Rolls Out Urgent Patch to Fix SQL Injection Flaw in NAS Devices Trust: 5.25 Fetched: Feb. 1, 2023, 9:14 a.m., Published: Feb. 10, 2023, midnight	Vulnerabilities: sql injection

Affected products

External IDs

db:

NVD

ids:

CVE-2022-27596

OTORIO Reports Vulnerabilities in Sierra Wireless AirLink IIoT Related entries in the VARIoT vulnerabilities database: VAR-201905-0851 Trust: 4.5 Fetched: Feb. 1, 2023, 9:13 a.m., Published: Feb. 4, 2023, midnight	Vulnerabilities: code execution, command execution

Affected products

External IDs

vendor:	sierra	model:	es450
vendor:	sierra	model:	mp70
vendor:	sierra	model:	aleos
vendor:	sierra	model:	rv50x
vendor:	sierra	model:	gx450
vendor:	sierra	model:	rv50
vendor:	sierra wireless	model:	es450
vendor:	sierra wireless	model:	mp70
vendor:	sierra wireless	model:	aleos
vendor:	sierra wireless	model:	rv50x
vendor:	sierra wireless	model:	gx450
vendor:	sierra wireless	model:	rv50

db:

NVD

ids:

CVE-2022-46649, CVE-2022-46650, CVE-2018-4061

Critical QNAP Vulnerability Leads to Code Injection - SecurityWeek Trust: 4.75 Fetched: Feb. 1, 2023, 9:13 a.m., Published: Jan. 31, 2023, 12:52 p.m.	Vulnerabilities: sql injection, code injection

Affected products

External IDs

db:

NVD

ids:

CVE-2022-27596

Google Home speakers were vulnerable to eavesdropping hackers Trust: 3.5 Fetched: Feb. 1, 2023, 9:12 a.m., Published: Jan. 2, 2023, 10:49 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	google home
vendor:	google	model:	home

Cisco CVE - OpenCVE Trust: 3.5 Fetched: Feb. 1, 2023, 9:11 a.m., Published: April 6, 2023, midnight	Vulnerabilities: improper access control, cross-site scripting, denial of service...

Affected products

External IDs

vendor:	cisco	model:	ip phone 7800
vendor:	cisco	model:	industrial network director
vendor:	cisco	model:	unified communications manager session management edition
vendor:	cisco	model:	rv345p
vendor:	cisco	model:	cisco identity services engine
vendor:	cisco	model:	cisco email security appliance
vendor:	cisco	model:	asyncos software
vendor:	cisco	model:	cisco webex
vendor:	cisco	model:	rv345
vendor:	cisco	model:	link layer discovery protocol
vendor:	cisco	model:	anyconnect secure mobility client
vendor:	cisco	model:	rv340
vendor:	cisco	model:	cisco asyncos
vendor:	cisco	model:	routers
vendor:	cisco	model:	telepresence ce
vendor:	cisco	model:	rv160
vendor:	cisco	model:	rv345p dual wan gigabit vpn routers
vendor:	cisco	model:	cisco anyconnect secure mobility client
vendor:	cisco	model:	telepresence
vendor:	cisco	model:	asyncos
vendor:	cisco	model:	email security appliance
vendor:	cisco	model:	series routers
vendor:	cisco	model:	cisco industrial network director
vendor:	cisco	model:	rv340w
vendor:	cisco	model:	small business
vendor:	cisco	model:	unified communications
vendor:	cisco	model:	webex
vendor:	cisco	model:	rv042
vendor:	cisco	model:	unified communications manager
vendor:	cisco	model:	cisco telepresence
vendor:	cisco	model:	identity services engine
vendor:	cisco	model:	roomos
vendor:	cisco	model:	series
vendor:	cisco	model:	rv260
vendor:	cisco	model:	cisco small business
vendor:	cisco	model:	small business rv340
vendor:	cisco	model:	ip phone
vendor:	cisco	model:	cisco unified communications manager

Objects > Security Profiles > Vulnerability Protection Trust: 3.5 Fetched: Feb. 1, 2023, 9:11 a.m., Published: Jan. 23, 2023, 2:31 p.m.	Vulnerabilities: brute force attack

Affected products

External IDs

vendor:	palo	model:	networks
vendor:	palo	model:	firewall
vendor:	palo alto networks	model:	networks
vendor:	palo alto networks	model:	firewall

QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates Trust: 4.75 Fetched: Feb. 1, 2023, 9:11 a.m., Published: Jan. 31, 2023, 4:06 a.m.	Vulnerabilities: injection attack, sql injection, code injection

Affected products

External IDs

db:

NVD

ids:

CVE-2022-27596

Critical QNAP NAS vulnerability fixed, update your device ASAP! (CVE-2022-27596) - Help Net Security Trust: 3.75 Fetched: Feb. 1, 2023, 9:10 a.m., Published: Jan. 31, 2023, 9:55 a.m.	Vulnerabilities: injection attack, sql injection

Affected products

External IDs

db:

NVD

ids:

CVE-2022-27596

Realtek Vulnerability Under Attack: Over 134 Million Attempts to Hack IoT Devices - Domedigita Trust: 5.5 Fetched: Jan. 31, 2023, 9:22 a.m., Published: -	Vulnerabilities: code execution, command injection

Affected products

External IDs

vendor:	palo alto networks	model:	networks
vendor:	palo	model:	networks
vendor:	asus	model:	asus

db:

NVD

ids:

CVE-2021-35394

Over 134 Million Attempts to Hack IoT Devices - 443News Trust: 4.5 Fetched: Jan. 31, 2023, 9:22 a.m., Published: -	Vulnerabilities: code execution, command injection

Affected products

External IDs

vendor:	palo alto networks	model:	networks
vendor:	palo	model:	networks
vendor:	asus	model:	asus

db:

NVD

ids:

CVE-2021-35394

QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates - securityenews Trust: 4.75 Fetched: Jan. 31, 2023, 9:21 a.m., Published: Jan. 31, 2023, 4:39 a.m.	Vulnerabilities: sql injection, injection attack, code injection

Affected products

External IDs

db:

NVD

ids:

CVE-2022-27596

QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates - 443News Trust: 4.75 Fetched: Jan. 31, 2023, 9:21 a.m., Published: -	Vulnerabilities: sql injection, injection attack, code injection

Affected products

External IDs

db:

NVD

ids:

CVE-2022-27596

QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates - BEKER Trust: 4.75 Fetched: Jan. 31, 2023, 9:21 a.m., Published: Jan. 31, 2023, 4:06 a.m.	Vulnerabilities: sql injection, injection attack, code injection

Affected products

External IDs

db:

NVD

ids:

CVE-2022-27596

Apple Issues Updates for Older Devices to Fix Actively Exploited Vulnerability - pcte.ch Related entries in the VARIoT vulnerabilities database: VAR-202212-1751 Trust: 5.75 Fetched: Jan. 31, 2023, 9:20 a.m., Published: Jan. 31, 2023, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:	apple	model:	macos
vendor:	apple	model:	webkit
vendor:	apple	model:	safari
vendor:	apple	model:	ipad
vendor:	apple	model:	ipad air
vendor:	apple	model:	ipod touch
vendor:	apple	model:	watchos
vendor:	apple	model:	tvos
vendor:	apple	model:	iphone

db:

NVD

ids:

CVE-2022-42856

VARIoT news about IoT security