VARIoT latest news about IoT security

Chinese hackers exploit zero-day vulnerabilities in networking devices, CIO News, ET CIO Related entries in the VARIoT vulnerabilities database: VAR-202212-1132 Trust: 4.25 Fetched: Jan. 26, 2023, 10:10 a.m., Published: Jan. 23, 2023, 3:42 a.m.	Vulnerabilities: code execution, buffer overflow

Affected products

External IDs

vendor:	fortigate	model:	fortios
vendor:	google	model:	nexus

db:

NVD

ids:

CVE-2022-42475

Many ICS flaws remain unpatched as attacks against critical infrastructure rise - Reseller News Trust: 3.5 Fetched: Jan. 26, 2023, 10:07 a.m., Published: Jan. 26, 2023, midnight	Vulnerabilities: improper access control, buffer overflow, cross-site scripting...

Affected products

External IDs

vendor:

trend

model:

security

IoT vendors faulted for slow progress in setting up vulnerability disclosure programs \| The Daily Swig Trust: 3.75 Fetched: Jan. 26, 2023, 10:06 a.m., Published: Jan. 24, 2023, 1:22 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	samsung	model:	mobile
vendor:	trend	model:	security
vendor:	huawei	model:	huawei

How to get system shell access on any Samsung Galaxy device Trust: 3.5 Fetched: Jan. 26, 2023, 10:05 a.m., Published: Jan. 24, 2023, 7:42 p.m.	Vulnerabilities: privilege escalation

Affected products

External IDs

vendor:	samsung	model:	knox
vendor:	samsung	model:	galaxy
vendor:	samsung	model:	samsung galaxy
vendor:	google	model:	android

Cisco Warns of Many Old Vulnerabilities Being Exploited in Attacks - SecurityWeek Related entries in the VARIoT vulnerabilities database: VAR-201803-1387, VAR-201802-0594, VAR-201803-1369, VAR-201709-0655 Trust: 4.5 Fetched: Jan. 26, 2023, 10:04 a.m., Published: Dec. 19, 2022, midnight	Vulnerabilities: command execution, arbitrary command execution

Affected products

External IDs

vendor:	cisco	model:	small business rv
vendor:	cisco	model:	small business rv series routers
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	ip phone
vendor:	cisco	model:	routers
vendor:	cisco	model:	rv134w
vendor:	cisco	model:	small business
vendor:	cisco	model:	rv132w
vendor:	cisco	model:	series routers
vendor:	cisco	model:	nx-os
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	hyperflex
vendor:	cisco	model:	series
vendor:	cisco	model:	secure access control system

db:

NVD

ids:

CVE-2018-0171, CVE-2021-1497, CVE-2018-0125, CVE-2018-0147, CVE-2017-12240

Three Innocuous Linux Vulnerabilities Chained to Obtain Full Root Privileges - SecurityWeek Trust: 5.75 Fetched: Jan. 26, 2023, 10:04 a.m., Published: Dec. 2, 2022, midnight	Vulnerabilities: symlink attack, code execution, privilege escalation

Affected products

External IDs

vendor:

canonical

model:

ubuntu

db:

NVD

ids:

CVE-2021-44731, CVE-2022-41973, CVE-2022-3328, CVE-2022-41974

Google Reveals Spyware Vendor's Use of Samsung Phone Zero-Day Exploits - SecurityWeek Trust: 5.5 Fetched: Jan. 26, 2023, 10:03 a.m., Published: Nov. 9, 2022, 11:20 a.m.	Vulnerabilities: code execution, information leak

Affected products

External IDs

vendor:	samsung	model:	note
vendor:	google	model:	android
vendor:	google	model:	chrome

db:

NVD

ids:

CVE-2021-25337, CVE-2021-25370, CVE-2021-25369

BMC Firmware Vulnerabilities Expose OT, IoT Devices to Remote Attacks - SecurityWeek Trust: 3.5 Fetched: Jan. 26, 2023, 10:03 a.m., Published: Nov. 22, 2022, midnight	Vulnerabilities: access control issue, code execution, command injection

Affected products

External IDs

vendor:	lenovo	model:	system
vendor:	asus	model:	asus
vendor:	asus	model:	bmc firmware

Realtek SDK Vulnerability Attacks Highlight IoT Supply Chain Threats Trust: 4.25 Fetched: Jan. 26, 2023, 10:02 a.m., Published: Jan. 24, 2023, 1:24 p.m.	Vulnerabilities: denial of service, command execution, arbitrary command execution...

Affected products

External IDs

vendor:	d-link	model:	router
vendor:	realtek	model:	realtek sdk
vendor:	netgear	model:	router
vendor:	asus	model:	asus
vendor:	asus	model:	routers
vendor:	asus	model:	router
vendor:	palo	model:	firewall
vendor:	palo	model:	networks
vendor:	palo alto networks	model:	firewall
vendor:	palo alto networks	model:	networks
vendor:	belkin	model:	router

db:

NVD

ids:

CVE-2021-35394

Aiphone Intercom System Vulnerability Allows Hackers to Open Doors - SecurityWeek Trust: 5.0 Fetched: Jan. 26, 2023, 10:01 a.m., Published: Nov. 14, 2022, midnight	Vulnerabilities: information disclosure

Affected products

External IDs

db:

NVD

ids:

CVE-2022-40903

Cisco Working on Patch for Publicly Disclosed IP Phone Vulnerability - SecurityWeek Related entries in the VARIoT vulnerabilities database: VAR-202212-0864 Trust: 4.5 Fetched: Jan. 26, 2023, 10:01 a.m., Published: Dec. 9, 2022, midnight	Vulnerabilities: code execution, buffer overflow

Affected products

External IDs

vendor:	cisco	model:	identity services engine
vendor:	cisco	model:	series
vendor:	cisco	model:	ip phone
vendor:	cisco	model:	ip phones

db:

NVD

ids:

CVE-2022-20968

Apple Issues Updates for Older Devices to Fix Actively Exploited Vulnerability Related entries in the VARIoT vulnerabilities database: VAR-202212-1751 Trust: 5.75 Fetched: Jan. 26, 2023, 10:01 a.m., Published: Jan. 24, 2023, 9:21 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	apple	model:	webkit
vendor:	apple	model:	ipod touch
vendor:	apple	model:	watchos
vendor:	apple	model:	macos
vendor:	apple	model:	ipad air
vendor:	apple	model:	iphone
vendor:	apple	model:	safari
vendor:	apple	model:	ipad
vendor:	apple	model:	tvos

db:

NVD

ids:

CVE-2022-42856

Cisco Working on Patch for Publicly Disclosed IP Phone Vulnerability - SecurityWeek Related entries in the VARIoT vulnerabilities database: VAR-202212-0864 Trust: 4.5 Fetched: Jan. 26, 2023, 10 a.m., Published: Dec. 9, 2022, midnight	Vulnerabilities: code execution, buffer overflow

Affected products

External IDs

vendor:	cisco	model:	identity services engine
vendor:	cisco	model:	series
vendor:	cisco	model:	ip phone
vendor:	cisco	model:	ip phones

db:

NVD

ids:

CVE-2022-20968

Realtek SDK Vulnerability Attacks Highlight IoT Supply Chain Threats Trust: 4.25 Fetched: Jan. 26, 2023, 9:58 a.m., Published: Jan. 24, 2023, 1:24 p.m.	Vulnerabilities: denial of service, command execution, arbitrary command execution...

Affected products

External IDs

vendor:	d-link	model:	router
vendor:	realtek	model:	realtek sdk
vendor:	netgear	model:	router
vendor:	asus	model:	asus
vendor:	asus	model:	routers
vendor:	asus	model:	router
vendor:	palo	model:	firewall
vendor:	palo	model:	networks
vendor:	palo alto networks	model:	firewall
vendor:	palo alto networks	model:	networks
vendor:	belkin	model:	router

db:

NVD

ids:

CVE-2021-35394

System BIOS komputera Alienware Aurora Ryzen Edition \| Szczegóły sterownika \| Dell Polska Trust: 3.25 Fetched: Jan. 24, 2023, 9:51 a.m., Published: Jan. 16, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

dell

model:

bios

Apple fixes actively exploited iOS zero-day on older iPhones, iPads - Security & Privacy News - Nsane Forums Related entries in the VARIoT vulnerabilities database: VAR-202212-1751 Trust: 4.75 Fetched: Jan. 24, 2023, 9:51 a.m., Published: Jan. 23, 2023, 7:48 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	apple	model:	watchos
vendor:	apple	model:	ipod touch
vendor:	apple	model:	ipad air
vendor:	apple	model:	ipad
vendor:	apple	model:	macos
vendor:	apple	model:	iphone
vendor:	apple	model:	webkit
vendor:	apple	model:	safari

db:

NVD

ids:

CVE-2022-42856

Vulnerabilities in the web interface of Juniper network devices shipped with JunOS \| ValeurBit Infosec Related entries in the VARIoT vulnerabilities database: VAR-202210-0918, VAR-202210-1013, VAR-202210-0898, VAR-202210-0815, VAR-202210-0849 Trust: 3.0 Fetched: Jan. 24, 2023, 9:50 a.m., Published: Jan. 19, 2023, 7:04 a.m.	Vulnerabilities: cross-site scripting

Affected products

External IDs

db:

NVD

ids:

CVE-2022-22242, CVE-2022-22241, CVE-2022-22246, CVE-2022-22243, CVE-2022-22245

Chinese hackers exploit zero-day vulnerabilities in networking devices \| Radarr Africa Related entries in the VARIoT vulnerabilities database: VAR-202212-1132 Trust: 4.25 Fetched: Jan. 24, 2023, 9:49 a.m., Published: Jan. 23, 2023, 7:23 a.m.	Vulnerabilities: buffer overflow, code execution

Affected products

External IDs

vendor:	google	model:	nexus
vendor:	fortigate	model:	fortios

db:

NVD

ids:

CVE-2022-42475

End-of-life Cisco VPN Routers Open for RCE Attacks Trust: 3.0 Fetched: Jan. 24, 2023, 9:48 a.m., Published: Jan. 23, 2023, 5:16 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	small business
vendor:	cisco	model:	router
vendor:	cisco	model:	routers
vendor:	cisco	model:	cisco small business

All Samsung Galaxy owners must have the most recent version of the Galaxy Store installed on their devices - Bollyinside Related entries in the VARIoT vulnerabilities database: VAR-202302-0598, VAR-202302-0502 Trust: 3.75 Fetched: Jan. 24, 2023, 9:47 a.m., Published: Jan. 23, 2023, 7:22 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	android
vendor:	google	model:	google chrome
vendor:	google	model:	chrome
vendor:	samsung	model:	galaxy
vendor:	samsung	model:	samsung galaxy
vendor:	samsung	model:	notes

db:

NVD

ids:

CVE-2023-21433, CVE-2023-21434

VARIoT news about IoT security