Sign-up

VARIoT news about IoT security

Exploring the Vulnerability of IoT Devices and the Best Practices for Securing Them - eBuilder Security

Trust: 4.25

Fetched: March 8, 2023, 9:12 a.m., Published: Feb. 15, 2023, 5:07 a.m.
 Vulnerabilities: denial of service, weak password
Affected productsExternal IDs
vendor: trend model: security
vendor: delegate model: delegate

Android fixes two critical remote code execution vulnerabilities with its March 2023 update - The Hindu

Trust: 4.5

Fetched: March 8, 2023, 9:11 a.m., Published: March 8, 2023, 7:30 a.m.
 Vulnerabilities: information disclosure, code execution
Affected productsExternal IDs
vendor: google model: android
vendor: motorola model: android
vendor: motorola model: motorola
vendor: samsung model: mobile
vendor: huawei model: huawei

Billions of PCs and other devices vulnerable to newly discovered TPM 2.0 flaws

Trust: 4.75

Fetched: March 8, 2023, 9:10 a.m., Published: March 2, 2023, midnight
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: lenovo model: updates
vendor: lenovo model: system
vendor: asus model: asus
db: NVD ids: CVE-2023-1017, CVE-2023-1018

Onboard to the Microsoft Defender for Endpoint service | Microsoft Learn

Trust: 3.0

Fetched: March 8, 2023, 9:09 a.m., Published: Dec. 18, 2020, midnight
 Vulnerabilities: configuration attack
Affected productsExternal IDs

'AMNESIA:33' Vulnerabilities in TCP/IP Stacks Expose Millions of Devices to Attacks - SecurityWeek

Related entries in the VARIoT vulnerabilities database: VAR-202012-0485

Trust: 4.5

Fetched: March 8, 2023, 9:09 a.m., Published: Dec. 9, 2020, 12:07 p.m.
 Vulnerabilities: denial of service, information disclosure, integer overflow...
Affected productsExternal IDs
vendor: treck model: tcp/ip stack
db: NVD ids: CVE-2020-24338, CVE-2020-25111, CVE-2020-24336

Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Arbitrary File Upload Vulnerability

Trust: 5.0

Fetched: March 8, 2023, 9:08 a.m., Published: Feb. 1, 2023, 3:56 p.m.
 Vulnerabilities: file upload vulnerability
Affected productsExternal IDs
vendor: cisco model: rv340
vendor: cisco model: rv340w
vendor: cisco model: rv345p
vendor: cisco model: rv345
vendor: cisco model: routers
vendor: cisco model: small business
vendor: cisco model: cisco small business
vendor: cisco model: series
vendor: cisco model: small business rv340
vendor: cisco model: rv345p dual wan gigabit vpn routers

Cisco Prime Infrastructure and Evolved Programmable Network Manager Stored Cross-Site Scripting Vulnerability

Trust: 5.0

Fetched: March 8, 2023, 9:08 a.m., Published: March 1, 2023, 3:51 p.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
vendor: cisco model: cisco prime infrastructure
vendor: cisco model: prime infrastructure
vendor: cisco model: evolved programmable network manager

Network Vulnerability | Network Security Vulnerabilities

Trust: 3.5

Fetched: March 8, 2023, 9:07 a.m., Published: May 8, 2023, midnight
 Vulnerabilities: sql injection, cross-site scripting
Affected productsExternal IDs
vendor: essential model: phone

TPM 2.0 Library Vulnerabilities May Affect Billions of IoT Devices - Fast VPN Proxy

Trust: 3.0

Fetched: March 7, 2023, 9:21 a.m., Published: March 5, 2023, 6:25 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-1018

IoT Devices are at Risk due to TPM 2.0 Library Vulnerabilities - TheCyberThrone

Trust: 4.25

Fetched: March 7, 2023, 9:21 a.m., Published: March 6, 2023, 2:17 p.m.
 Vulnerabilities: information disclosure
Affected productsExternal IDs
db: NVD ids: CVE-2023-1018

New Flaws in TPM 2.0 Library Pose Threat to Billions of IoT and Enterprise Devices

Trust: 4.0

Fetched: March 7, 2023, 9:21 a.m., Published: March 2, 2023, midnight
 Vulnerabilities: information disclosure, privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2023-1018, CVE-2023-1017

New Flaws in TPM 2.0 Library Pose Threat to Billions of IoT and Enterprise Devices - Domedigita

Trust: 3.0

Fetched: March 7, 2023, 9:20 a.m., Published: March 4, 2023, 8:14 a.m.
 Vulnerabilities: information disclosure, privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2023-1018, CVE-2023-1017

TPM 2.0 Library Vulnerabilities May Affect Billions of IoT Devices - Cyber Security Reviews

Trust: 4.0

Fetched: March 7, 2023, 9:20 a.m., Published: March 5, 2023, 12:59 p.m.
 Vulnerabilities: information disclosure
Affected productsExternal IDs
db: NVD ids: CVE-2023-1018

OWASP Top 10 Vulnerabilities | Craw Cyber Security - Craw Security

Trust: 3.5

Fetched: March 7, 2023, 9:19 a.m., Published: March 6, 2023, 7:17 a.m.
 Vulnerabilities: cross-site scripting, sql injection, privilege escalation...
Affected productsExternal IDs

Billions of PCs and other devices vulnerable to newly discovered TPM 2.0 flaws | Sounds Nerdy

Trust: 4.75

Fetched: March 7, 2023, 9:18 a.m., Published: March 2, 2023, midnight
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: lenovo model: updates
vendor: lenovo model: system
db: NVD ids: CVE-2023-1018, CVE-2023-1017

Billion Devices at Risk: Two Buffer Overflow Flaws Found in TPM 2.0 Specification | Black Hat Ethical Hacking

Trust: 4.75

Fetched: March 7, 2023, 9:17 a.m., Published: March 6, 2023, 8:25 a.m.
 Vulnerabilities: information disclosure, buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2023-1018, CVE-2023-1017

Billions of PCs and other devices vulnerable to newly discovered TPM 2.0 flaws

Trust: 4.75

Fetched: March 7, 2023, 9:17 a.m., Published: March 2, 2023, midnight
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: lenovo model: updates
vendor: lenovo model: system
vendor: asus model: asus
db: NVD ids: CVE-2023-1018, CVE-2023-1017

Billions of PCs and other devices vulnerable to newly discovered TPM 2.0 flaws | Tom's Guide

Trust: 4.75

Fetched: March 7, 2023, 9:16 a.m., Published: March 6, 2023, 4:54 p.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: lenovo model: updates
vendor: lenovo model: system
db: NVD ids: CVE-2023-1018, CVE-2023-1017

About the security content of iOS 16.3.1 and iPadOS 16.3.1 - Apple Support

Related entries in the VARIoT vulnerabilities database: VAR-202302-2116, VAR-202302-1169, VAR-202302-1097

Trust: 5.5

Fetched: March 7, 2023, 9:15 a.m., Published: March 16, 2001, midnight
 Vulnerabilities: use after free, code execution
Affected productsExternal IDs
vendor: apple model: ipad
vendor: apple model: ipad air
vendor: apple model: iphone
vendor: apple model: webkit
vendor: google model: google chrome
vendor: google model: chrome
db: NVD ids: CVE-2023-23524, CVE-2023-23514, CVE-2023-23529

ARC Informatique PcVue (Update A) | CISA

Trust: 3.5

Fetched: March 7, 2023, 9:15 a.m., Published: Feb. 9, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: arc informatique model: pcvue
vendor: arc informatique model: informatique pcvue
db: NVD ids: CVE-2022-4311, CVE-2022-4312