Sign-up

VARIoT news about IoT security

Multiple Critical Vulnerabilities Found in D-Link WiFi Routers: Immediate Firmware Updates Advised

Related entries in the VARIoT vulnerabilities database: VAR-202409-1026, VAR-202409-1099, VAR-202409-0703

Trust: 6.0

Fetched: Sept. 16, 2024, 7:37 p.m., Published: Sept. 16, 2024, 10:27 a.m.
 Vulnerabilities: os command injection, command injection, improper validation...
Affected productsExternal IDs
vendor: d-link model: router
db: NVD ids: CVE-2024-45698, CVE-2024-45696, CVE-2024-45697, CVE-2024-45694, CVE-2024-45695

CVE-2021-20123, CVE-2021-20124: DrayTek Vulnerabilities Discovered by Tenable Research Added to CISA KEV - Blog | TenableĀ®

Trust: 4.25

Fetched: Sept. 16, 2024, 7:36 p.m., Published: Sept. 9, 2024, 4:20 p.m.
 Vulnerabilities: path traversal, local file inclusion, file inclusion
Affected productsExternal IDs
vendor: draytek model: vigor
vendor: draytek model: routers
db: NVD ids: CVE-2021-20124, CVE-2021-20123

Command Injection Vulnerability in "RAISECOM" Gateway Devices || CVE-2024-7120 POC - YouTube

Trust: 4.75

Fetched: Sept. 16, 2024, 7:35 p.m., Published: Aug. 30, 2024, 6 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-7120

CVE-2024-8190: Investigating CISA KEV Ivanti Cloud Service Appliance Command Injection Vulnerability

Trust: 4.5

Fetched: Sept. 16, 2024, 7:35 p.m., Published: Sept. 16, 2024, 11:26 p.m.
 Vulnerabilities: command injection, os command injection, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-8190

Critical Bluetooth vulnerability CVE-2023-45866 - YouTube

Trust: 3.25

Fetched: Sept. 16, 2024, 7:35 p.m., Published: July 7, 2024, 3:10 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-45866

CISA Adds Ivanti Cloud Services Appliance Vulnerability to Known Exploited Vulnerabilities Catalog (CVE-2024-8190)

Trust: 4.75

Fetched: Sept. 16, 2024, 7:34 p.m., Published: Sept. 16, 2024, 10:01 p.m.
 Vulnerabilities: command injection, os command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-8190

New Windows Zero-Day Exploited in Active Attacks | Black Hat Ethical Hacking

Trust: 4.75

Fetched: Sept. 16, 2024, 7:34 p.m., Published: Sept. 16, 2024, 9:26 a.m.
 Vulnerabilities: file execution
Affected productsExternal IDs
vendor: trend model: security
vendor: trend micro model: security
db: NVD ids: CVE-2024-43461

16th September - Threat Intelligence Report - Check Point Research

Trust: 5.5

Fetched: Sept. 16, 2024, 7:32 p.m., Published: Sept. 16, 2024, 11:56 a.m.
 Vulnerabilities: command injection, privilege escalation, code execution
Affected productsExternal IDs
vendor: check point model: check point
db: NVD ids: CVE-2024-38014, CVE-2024-8253, CVE-2024-8190, CVE-2024-43491, CVE-2024-29847

This devious malware looked to exploit braille characters to breach Windows security flaws | TechRadar

Trust: 4.0

Fetched: Sept. 16, 2024, 7:32 p.m., Published: Sept. 16, 2024, 2:02 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: check point model: check point
db: NVD ids: CVE-2024-43461

September 2024 Windows 11 KB5043076 KB5043067 Patches And 4 Zero Day Vulnerabilities 79 Flaws HTMD Blog

Trust: 3.5

Fetched: Sept. 16, 2024, 7:32 p.m., Published: Sept. 10, 2024, 5:52 p.m.
 Vulnerabilities: privilege escalation, information disclosure, security feature bypass...
Affected productsExternal IDs
db: NVD ids: CVE-2024-38217, CVE-2024-38226, CVE-2024-43491, CVE-2024-38014

Can Your Wi-Fi Get Hacked? Yes. Yes It Can. Here's How to Secure Your Network - CNET

Trust: 3.75

Fetched: Sept. 16, 2024, 7:30 p.m., Published: May 16, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: essential model: phone

Patch Tuesday September 2024: Upcoming Automatic Windows 11 22H2 Feature Update and EoS Windows 10 Security Update - N-able

Trust: 3.75

Fetched: Sept. 16, 2024, 7:28 p.m., Published: Sept. 12, 2024, 3:24 p.m.
 Vulnerabilities: security feature bypass, code execution, feature bypass
Affected productsExternal IDs
db: NVD ids: CVE-2024-43464, CVE-2024-38249, CVE-2020-17042, CVE-2024-38194, CVE-2024-38014, CVE-2024-38241, CVE-2024-38253, CVE-2024-38063, CVE-2024-38226, CVE-2024-38252, CVE-2024-43491, CVE-2024-38217, CVE-2024-38220, CVE-2024-38242, CVE-2024-38119, CVE-2024-38216, CVE-2024-38018

Protecting against digital disruption in manufacturing | Wipfli

Trust: 3.75

Fetched: Sept. 16, 2024, 7:28 p.m., Published: Sept. 16, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: essential model: phone

The paranoid's guide to securing your smart home | PCWorld

Trust: 3.5

Fetched: Sept. 16, 2024, 7:27 p.m., Published: Sept. 10, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: home
vendor: google model: google home

SonicWall devices are coming under attack from major assault | TechRadar

Trust: 5.0

Fetched: Sept. 16, 2024, 7:27 p.m., Published: Sept. 10, 2024, 11:07 a.m.
 Vulnerabilities: improper access control, access control vulnerability
Affected productsExternal IDs
vendor: sonicwall model: sonicos
db: NVD ids: CVE-2024-40766

Multiple attacks force CISA to order agencies to upgrade or remove end-of-life Ivanti appliance

Trust: 3.25

Fetched: Sept. 16, 2024, 7:25 p.m., Published: Sept. 14, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-8190

Arctic Wolf Observes Akira Ransomware Campaign Targeting SonicWall SSLVPN Accounts | Arctic Wolf

Trust: 4.75

Fetched: Sept. 16, 2024, 7:24 p.m., Published: Sept. 6, 2024, 8:38 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: sonicwall model: sonicos
vendor: sonicwall model: soho
vendor: sonicwall model: ssl-vpn
db: NVD ids: CVE-2024-40766

ERROR: The request could not be satisfied

Trust: 3.25

Fetched: Sept. 16, 2024, 7:23 p.m., Published: -
 Vulnerabilities: configuration error
Affected productsExternal IDs

INTEL-SA-01071

Trust: 4.75

Fetched: Sept. 16, 2024, 7:22 p.m., Published: Sept. 6, 2024, 8:35 p.m.
 Vulnerabilities: improper access control, information disclosure, denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2023-43753, CVE-2023-22351, CVE-2023-42772, CVE-2024-21829, CVE-2023-23904, CVE-2023-25546, CVE-2024-21871, CVE-2023-41833, CVE-2023-43626, CVE-2024-21781, CVE-2024-23599

Wifi Vulnerability Affecting Windows Devices CVE-2024-30078 Explained. Update Now! - YouTube

Trust: 4.0

Fetched: Sept. 16, 2024, 7:22 p.m., Published: Aug. 16, 2024, 9:08 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: wifi
db: NVD ids: CVE-2024-30078