Sign-up

VARIoT news about IoT security

Apple iOS 15.0.2 is here; check what’s up with the new update | PINKVILLA

Related entries in the VARIoT vulnerabilities database: VAR-202108-2057

Trust: 3.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 12, 2021, 2:35 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: ipad air
vendor: apple model: iphone
vendor: apple model: ipad
db: NVD ids: CVE-2021-30883

Cisco Bug: CSCuw77959 - Cisco IOS and IOS XE Software DHCP Remote Code Execution Vulnerability

Trust: 5.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 25, 2021, midnight
 Vulnerabilities: buffer overflow, denial of service, code execution
Affected productsExternal IDs
vendor: cisco model: series switches
vendor: cisco model: asr 1000 series
vendor: cisco model: ios xe software
vendor: cisco model: asr 1000
vendor: cisco model: series wireless controllers
vendor: cisco model: cisco ios
vendor: cisco model: integrated services routers
vendor: cisco model: routers
vendor: cisco model: cisco ios xe
vendor: cisco model: catalyst
vendor: cisco model: series integrated services routers
vendor: cisco model: integrated services virtual router
vendor: cisco model: catalyst 9800
vendor: cisco model: router
vendor: cisco model: series
vendor: cisco model: ios xe
vendor: cisco model: cisco asr 1000 series
db: CISCO ids: CISCO-SA-20170927-DHCP

Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution | New York State Office of Information Technology Services

Trust: 3.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 27, 2021, 4:24 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs

Protecting Your Fortinet Devices With Firmware Security - Security Boulevard

Related entries in the VARIoT vulnerabilities database: VAR-201906-0815, VAR-202008-0193, VAR-201901-0568, VAR-202007-0079

Trust: 3.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Nov. 2, 2021, 5:58 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security
db: NVD ids: CVE-2018-13379, CVE-2019-5591, CVE-2018-13374, CVE-2020-12812

Cybersecurity report reveals critical business vulnerabilities | VentureBeat

Trust: 3.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 14, 2021, 6:31 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: citrix model: netscaler
vendor: cisco model: adaptive security appliance
vendor: trend model: security

Top 20 most exploited software vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-202008-0248, VAR-201703-0755, VAR-202007-1393

Trust: 3.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 30, 2021, noon
 Vulnerabilities: -
Affected productsExternal IDs
vendor: citrix model: gateway
vendor: citrix model: application delivery controller
vendor: pulse secure model: pulse policy secure
vendor: pulse secure model: pulse connect secure
vendor: pulse secure model: connect secure
vendor: pulse secure model: policy secure
vendor: mobileiron model: sentry
vendor: cisco model: integrated services router
vendor: cisco model: router
db: NVD ids: CVE-2020-1472, CVE-2019-19781, CVE-2017-5638, CVE-2020-5902, CVE-2017-0143, CVE-2021-27102, CVE-2017-8759, CVE-2015-1641, CVE-2019-11510, CVE-2020-15505, CVE-2021-27101, CVE-2019-0406, CVE-2018-7600, CVE-2012-0158, CVE-2017-0199, CVE-2017-11882, CVE-2020-0688, CVE-2018-4878

Top 10 Most Exploited Vulnerabilities - SYXSENSE

Trust: 4.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 17, 2021, 6:53 p.m.
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
vendor: citrix model: netscaler
vendor: citrix model: gateway
db: NVD ids: CVE-2019-19781, CVE-2019-3396, CVE-2019-11510, CVE-2020-15505, CVE-2017-11882, CVE-2020-0688

Cisco Nexus 9500 Series Switches Access Control List Bypass Vulnerability - Cisco

Trust: 3.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 15, 2021, 3:35 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: series switches
vendor: cisco model: nexus 9000 series
vendor: cisco model: nexus 3000
vendor: cisco model: nexus 9500
vendor: cisco model: nx-os
vendor: cisco model: nexus 9000
vendor: cisco model: nexus 1000v
vendor: cisco model: cisco nx-os
vendor: cisco model: nx-os software
vendor: cisco model: nexus
vendor: cisco model: series
vendor: cisco model: nexus 7000
vendor: cisco model: 1000v

Cisco Small Business RV Series Routers Command Injection Vulnerability

Trust: 4.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Nov. 3, 2021, 3:46 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: cisco model: cisco small business
vendor: cisco model: routers
vendor: cisco model: small business
vendor: cisco model: series routers
vendor: cisco model: small business rv series routers
vendor: cisco model: small business rv
vendor: cisco model: series

Millions of Web Camera and Baby Monitor Feeds Are Exposed | WIRED

Trust: 3.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 17, 2021, noon
 Vulnerabilities: code execution
Affected productsExternal IDs

CVE-2021-3437 | HP OMEN Gaming Hub Privilege Escalation Bug Hits Millions of Gaming Devices - SentinelOne

Trust: 4.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 14, 2021, 3:23 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2021-3437

Unpatched Fortinet FortiWeb vulnerability allows remote OS command injection - Help Net Security

Related entries in the VARIoT vulnerabilities database: VAR-202106-0667

Trust: 4.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 17, 2021, 2:25 p.m.
 Vulnerabilities: authentication bypass, os command injection, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2021-22123

CISA Says BlackBerry Vulnerability to Impact Medical Device Security

Trust: 4.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 18, 2021, 5:01 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: blackberry model: blackberry
db: NVD ids: CVE-2021-22156

FORCEDENTRY: NSO Group iMessage Zero-Click Exploit Captured in the Wild - The Citizen Lab

Related entries in the VARIoT vulnerabilities database: VAR-202108-1057

Trust: 4.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 13, 2021, 7:26 p.m.
 Vulnerabilities: integer overflow, code execution
Affected productsExternal IDs
vendor: apple model: itunes
vendor: apple model: macos
vendor: apple model: watchos
db: NVD ids: CVE-2021-30860, CVE-2019-3568

Cisco: Security devices are vulnerable to SNIcat data exfiltration technique - The Record by Recorded Future

Trust: 3.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 19, 2021, 2:13 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: check point model: check point
vendor: palo alto networks model: palo alto networks
vendor: palo alto networks model: networks
vendor: palo model: palo alto networks
vendor: palo model: networks
vendor: cisco model: industrial security appliance
vendor: cisco model: firepower threat defense
vendor: cisco model: firepower
vendor: cisco model: web security appliance

Advisory: Multiple Issues in Realtek SDK Affects Hundreds of Thousands of Devices Down the Supply Chain - IoT Inspector

Related entries in the VARIoT vulnerabilities database: VAR-201812-1038, VAR-202001-0633, VAR-201505-0274

Trust: 5.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 16, 2021, 6:48 a.m.
 Vulnerabilities: command execution, code execution, default user account...
Affected productsExternal IDs
vendor: mesh model: mesh
vendor: tenda model: ac10
vendor: tenda model: router
vendor: elecom model: wrc-300febk-a
vendor: elecom model: wrc-300febk
vendor: buffalo model: wmr-433
vendor: buffalo model: wsr-1166dhp4
vendor: buffalo model: wsr-1166dhp3
vendor: buffalo model: router
vendor: netgear model: router
vendor: netgear model: n300
vendor: netis model: wf2419
vendor: netis model: wf2411
vendor: compal model: networks
vendor: google model: home
vendor: google model: wifi
vendor: luna model: cover
vendor: buffalo inc model: wmr-433
vendor: buffalo inc model: wsr-1166dhp4
vendor: buffalo inc model: wsr-1166dhp3
vendor: buffalo inc model: router
vendor: trendnet model: tew-637ap
vendor: trendnet model: tew-651br
vendor: trendnet model: tew-638apb
vendor: zyxel model: p-330w
vendor: zyxel model: nbg-418n
vendor: compal broadband networks model: networks
vendor: beeline model: smart box
vendor: unbound model: unbound
vendor: realtek model: realtek sdk
vendor: belkin model: n150 wireless router
vendor: belkin model: router
vendor: belkin model: n300
vendor: belkin model: n300 wireless router
vendor: d-link model: dir-600l
vendor: d-link model: dir-605l
vendor: d-link model: dir-825
vendor: d-link model: dir-815
vendor: d-link model: dsl-2640u
vendor: d-link model: dir-615
vendor: d-link model: dvg-n5402sp
vendor: d-link model: dir-842
vendor: d-link model: dap-1360
vendor: d-link model: dir-300
vendor: d-link model: dir-820l
vendor: d-link model: router
vendor: d-link model: dir-619l
vendor: d-link model: dir-809
vendor: d-link model: dsl-2750u
vendor: goahead model: webserver
vendor: asustek model: rt-n10e
vendor: asustek model: router
db: NVD ids: CVE-2018-20057, CVE-2019-19824, CVE-2014-8361

The SSID Stripping Vulnerability: When You Don’t See What You Get

Related entries in the VARIoT vulnerabilities database: VAR-202109-0821

Trust: 4.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 13, 2021, 5:43 a.m.
 Vulnerabilities: format string vulnerability
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: macos
db: NVD ids: CVE-2021-30800

BlackBerry QNX Cybersecurity Vulnerabilities May Affect Drug Manufacturing Equipment | FDA

Trust: 3.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 17, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: blackberry model: blackberry

Flaws in Moxa Railway Devices Could Allow Hackers to Cause Disruptions | SecurityWeek.Com

Trust: 5.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 17, 2022, midnight
 Vulnerabilities: cross-site scripting, command injection
Affected productsExternal IDs
vendor: moxa model: wac-1001
vendor: moxa model: moxa
vendor: moxa model: wac-2004 series
vendor: moxa model: wac-2004
db: NVD ids: CVE-2021-39278, CVE-2021-39279

Attackers Exploit Flaw that Could Impact Millions of Routers, IoT Devices | eSecurityPlanet

Related entries in the VARIoT vulnerabilities database: VAR-202104-0768

Trust: 5.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 10, 2021, 11:45 p.m.
 Vulnerabilities: password guessing, cross-site request forgery, request forgery...
Affected productsExternal IDs
vendor: tenda model: ac11
vendor: tenda model: router
vendor: palo model: networks
vendor: palo model: palo alto networks
vendor: cisco model: routers
vendor: cisco model: hyperflex
vendor: cisco model: cisco systems
vendor: cisco model: router
vendor: palo alto networks model: networks
vendor: palo alto networks model: palo alto networks
vendor: cisco systems model: routers
vendor: cisco systems model: hyperflex
vendor: cisco systems model: cisco systems
vendor: cisco systems model: router
vendor: dlink model: router
db: NVD ids: CVE-2021-20090