Sign-up

VARIoT news about IoT security

Forescout uncovers 21 Sierra Wireless router vulnerabilities | TechTarget

Trust: 4.25

Fetched: Dec. 8, 2023, 9:47 a.m., Published: Dec. 6, 2023, midnight
 Vulnerabilities: cross-site scripting, code execution
Affected productsExternal IDs
vendor: cisco model: cisco routers
vendor: cisco model: routers
vendor: cisco model: router
vendor: sierra wireless model: aleos
vendor: sierra model: aleos
db: NVD ids: CVE-2023-41101

IoT Cybersecurity in 2023: Importance & Tips To Deal With Attacks

Trust: 3.25

Fetched: Dec. 8, 2023, 9:46 a.m., Published: Dec. 8, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: tesla model: model
vendor: google model: wifi router
vendor: google model: wifi
vendor: delegate model: delegate

Bluetooth Security Vulnerability Puts Mobile and PC Devices at Risk

Trust: 5.75

Fetched: Dec. 8, 2023, 9:43 a.m., Published: Dec. 7, 2023, 10:53 p.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: apple model: macos
db: NVD ids: CVE-2023-45866

New BLUFFS Bluetooth Attack Expose Devices to Adversary-in-the-Middle Attacks

Trust: 5.0

Fetched: Dec. 8, 2023, 9:42 a.m., Published: Dec. 4, 2023, 1:16 p.m.
 Vulnerabilities: device impersonation
Affected productsExternal IDs
vendor: apple model: macos
db: NVD ids: CVE-2023-24023

Common Network Security Vulnerabilities | Cobalt

Trust: 3.5

Fetched: Dec. 8, 2023, 9:41 a.m., Published: Dec. 8, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: essential model: phone

Government issues an ‘important’ warning for Android devices, here’s what users can do - Times of India

Related entries in the VARIoT vulnerabilities database: VAR-202312-1927, VAR-202312-1066, VAR-202312-1919, VAR-202312-0897, VAR-202312-1228, VAR-202312-1728, VAR-202312-0888, VAR-202312-2276

Trust: 6.0

Fetched: Dec. 8, 2023, 9:40 a.m., Published: Dec. 7, 2023, 5:10 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2023-33022, CVE-2023-32818, CVE-2023-40082, CVE-2023-40103, CVE-2023-40091, CVE-2023-45773, CVE-2023-3889, CVE-2023-21215, CVE-2023-40088, CVE-2022-48455, CVE-2023-40081, CVE-2023-32847, CVE-2023-35690, CVE-2023-21162, CVE-2023-32850, CVE-2023-28587, CVE-2023-45774, CVE-2023-21228, CVE-2023-33092, CVE-2023-21218, CVE-2023-28588, CVE-2023-45775, CVE-2022-22076, CVE-2023-33087, CVE-2023-40094, CVE-2023-21402, CVE-2023-45779, CVE-2023-33080, CVE-2022-40507, CVE-2023-33018, CVE-2023-21664, CVE-2023-40083, CVE-2023-21163, CVE-2023-32848, CVE-2023-40090, CVE-2023-40084, CVE-2023-40080, CVE-2023-33054, CVE-2023-21403, CVE-2022-48454, CVE-2023-33063, CVE-2023-45781, CVE-2023-21216, CVE-2023-40078, CVE-2023-28551, CVE-2023-28550, CVE-2023-21267, CVE-2023-21394, CVE-2023-21662, CVE-2023-40073, CVE-2023-40097, CVE-2022-48459, CVE-2023-32804, CVE-2023-40096, CVE-2023-40076, CVE-2023-35668, CVE-2023-40098, CVE-2023-21164, CVE-2023-21652, CVE-2023-45776, CVE-2023-28586, CVE-2023-33098, CVE-2023-33081, CVE-2023-21166, CVE-2023-33107, CVE-2023-40087, CVE-2023-33089, CVE-2022-48456, CVE-2023-21217, CVE-2023-28546, CVE-2023-32851, CVE-2023-45866, CVE-2022-48458, CVE-2023-40092, CVE-2023-21263, CVE-2023-40079, CVE-2023-33079, CVE-2022-48461, CVE-2023-40074, CVE-2023-40077, CVE-2023-21227, CVE-2023-45777, CVE-2023-4272, CVE-2023-40089, CVE-2022-48457, CVE-2023-40075, CVE-2023-33097, CVE-2023-28585, CVE-2023-21401, CVE-2023-33106, CVE-2023-33053, CVE-2023-40095, CVE-2023-33017, CVE-2023-33088

Android phones can be taken over remotely - update when you can | Malwarebytes

Trust: 5.5

Fetched: Dec. 8, 2023, 9:40 a.m., Published: Dec. 7, 2023, 12:07 p.m.
 Vulnerabilities: use after free, code execution
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android
db: NVD ids: CVE-2023-40088, CVE-2023-40077

Sierra router vulnerabilities pose hacking risk for critical infrastructure | SC Media

Trust: 4.5

Fetched: Dec. 8, 2023, 9:39 a.m., Published: Dec. 6, 2023, 9:13 p.m.
 Vulnerabilities: authentication bypass, buffer overflow, code execution
Affected productsExternal IDs
vendor: sierra wireless model: aleos
vendor: sierra model: aleos
db: NVD ids: CVE-2023-41101

Critical Bluetooth Flaw Exposes Android, Apple & Linux Devices to Takeover

Trust: 3.5

Fetched: Dec. 8, 2023, 9:38 a.m., Published: Dec. 5, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: macos
vendor: apple model: macbook pro
vendor: apple model: macbook
vendor: apple model: macbook air
vendor: google model: pixel
vendor: google model: android
vendor: google model: nexus
vendor: canonical model: ubuntu
vendor: canonical model: ubuntu linux
db: NVD ids: CVE-2023-45866, CVE-2023-42929

Finding LogoFAIL: The Dangers of Image Parsing During System Boot | Binarly - AI -Powered Firmware Supply Chain Security Platform

Trust: 4.25

Fetched: Dec. 8, 2023, 9:31 a.m., Published: Dec. 6, 2023, midnight
 Vulnerabilities: memory corruption, integer overflow, buffer overflow...
Affected productsExternal IDs
vendor: dell model: bios
vendor: lenovo model: system
vendor: lenovo model: bios
db: NVD ids: CVE-2023-24932, CVE-2022-21894

Pretty much all Windows and Linux computers are vulnerable to this new cyberattack | TechRadar

Trust: 3.0

Fetched: Dec. 8, 2023, 9:30 a.m., Published: Dec. 7, 2023, 1:28 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-39539, CVE-2023-40238, CVE-2023-39538, CVE-2023-5058

Citrix Bleed and Monitoring Network Devices - Security Boulevard

Trust: 4.25

Fetched: Dec. 8, 2023, 9:30 a.m., Published: Dec. 5, 2023, 4 p.m.
 Vulnerabilities: memory corruption, command injection, default credentials
Affected productsExternal IDs
vendor: trend model: security
vendor: citrix model: netscaler
db: NVD ids: CVE-2023-4966

This 'critical security vulnerability' has gone unnoticed on Apple and Android devices for a decade | iMore

Trust: 3.0

Fetched: Dec. 8, 2023, 9:30 a.m., Published: Dec. 7, 2023, 4:36 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macbook

New Bluetooth Flaw Let Hackers Take Over Android, Linux, macOS, and iOS Devices

Trust: 5.5

Fetched: Dec. 8, 2023, 9:29 a.m., Published: Dec. 7, 2023, 11:46 a.m.
 Vulnerabilities: authentication bypass, code execution
Affected productsExternal IDs
vendor: apple model: macos
vendor: google model: android
db: NVD ids: CVE-2023-45866

LogoFAIL: A new vulnerability affects hundreds of devices | Windows Central

Trust: 3.5

Fetched: Dec. 8, 2023, 9:29 a.m., Published: Dec. 7, 2023, 7:41 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: lenovo model: system
vendor: lenovo model: bios
vendor: lenovo model: updates
db: NVD ids: CVE-2023-39539, CVE-2023-40238, CVE-2023-39538

This critical Bluetooth flaw can let hackers control your devices - what you need to know | Tom's Guide

Trust: 3.5

Fetched: Dec. 8, 2023, 9:29 a.m., Published: Dec. 7, 2023, 6:08 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos
vendor: google model: android
db: NVD ids: CVE-2022-45866

Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack | Ars Technica

Trust: 3.75

Fetched: Dec. 8, 2023, 9:28 a.m., Published: Dec. 6, 2023, 3:02 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: dell model: bios
vendor: lenovo model: system
vendor: lenovo model: bios

Uncovering FileWave Mobile Device Management (MDM) Vulnerabilities | Claroty

Trust: 3.5

Fetched: Dec. 8, 2023, 9:20 a.m., Published: July 25, 2022, midnight
 Vulnerabilities: authentication bypass, arbitrary command execution, command execution
Affected productsExternal IDs
db: NVD ids: CVE-2022-34906, CVE-2022-34907

More Healthcare Devices Means More Cyberattacks-How Weak Medical IoT Security Threatens Patient Care | Capterra

Trust: 4.5

Fetched: Dec. 8, 2023, 9:19 a.m., Published: -
 Vulnerabilities: default credentials
Affected productsExternal IDs
vendor: rising model: antivirus

CVE-2021-43702 from Discovery to Patch | Kroll

Related entries in the VARIoT vulnerabilities database: VAR-202207-0160

Trust: 3.75

Fetched: Dec. 8, 2023, 9:17 a.m., Published: June 21, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: asuswrt model: rt-ac52u
vendor: asuswrt model: rt-ac3200
vendor: asuswrt model: rt-n12e b1
vendor: asuswrt model: rt-ac51u
vendor: asuswrt model: rt-n18u
vendor: asuswrt model: rt-ac85p
vendor: asuswrt model: rt-ac1300uhp
vendor: asuswrt model: rt-ac1200
vendor: asuswrt model: routers
vendor: asuswrt model: rt-ac2200
vendor: asuswrt model: rt-ac58u
vendor: asuswrt model: rt-ac87u
vendor: asuswrt model: rt-ac2600
vendor: asuswrt model: rt-ac1750 b1
vendor: asuswrt model: rt-n14uhp
vendor: asuswrt model: rt-ac5300
vendor: asuswrt model: 4g-ac68u
vendor: asuswrt model: 4g-ac53u
vendor: asuswrt model: rt-ac65p
vendor: asuswrt model: rt-ac55uhp
vendor: asuswrt model: rt-ac1900
vendor: asuswrt model: rt-ac68u
vendor: asuswrt model: rt-ac57u
vendor: asuswrt model: rt-ac52u b1
vendor: asuswrt model: rt-ac85u
vendor: asuswrt model: rt-ac86u
vendor: asuswrt model: asuswrt
vendor: asuswrt model: rt-n12
vendor: asuswrt model: rt-ac1750
vendor: asuswrt model: asus
vendor: asuswrt model: rt-ac2900
vendor: asuswrt model: rt-ac1200g
vendor: asuswrt model: rt-n12d1
vendor: asuswrt model: rt-ac88u
vendor: asuswrt model: rt-ac66u b1
vendor: asuswrt model: rt-ac1900p
vendor: asuswrt model: rt-ac66u
vendor: asuswrt model: rt-n12hp b1
vendor: asuswrt model: rt-n12vp
vendor: asuswrt model: rt-n12hp
vendor: asuswrt model: rt-ac56u
vendor: asuswrt model: rt-ac53
vendor: asuswrt model: rt-ac2400
vendor: asuswrt model: rt-ac55u
vendor: asuswrt model: rt-ac3100
vendor: asuswrt model: rt-acrh13
vendor: asuswrt model: rt-acrh17
vendor: asuswrt model: rt-n66u
vendor: asuswrt model: router
vendor: asus model: rt-ac52u
vendor: asus model: rt-ac3200
vendor: asus model: rt-n12e b1
vendor: asus model: rt-ac51u
vendor: asus model: rt-n18u
vendor: asus model: rt-ac85p
vendor: asus model: rt-ac1300uhp
vendor: asus model: rt-ac1200
vendor: asus model: routers
vendor: asus model: rt-ac2200
vendor: asus model: rt-ac58u
vendor: asus model: rt-ac87u
vendor: asus model: rt-ac2600
vendor: asus model: rt-ac1750 b1
vendor: asus model: rt-n14uhp
vendor: asus model: rt-ac5300
vendor: asus model: 4g-ac68u
vendor: asus model: 4g-ac53u
vendor: asus model: rt-ac65p
vendor: asus model: rt-ac55uhp
vendor: asus model: rt-ac1900
vendor: asus model: rt-ac68u
vendor: asus model: rt-ac57u
vendor: asus model: rt-ac52u b1
vendor: asus model: rt-ac85u
vendor: asus model: rt-ac86u
vendor: asus model: asuswrt
vendor: asus model: rt-n12
vendor: asus model: rt-ac1750
vendor: asus model: asus
vendor: asus model: rt-ac2900
vendor: asus model: rt-ac1200g
vendor: asus model: rt-n12d1
vendor: asus model: rt-ac88u
vendor: asus model: rt-ac66u b1
vendor: asus model: rt-ac1900p
vendor: asus model: rt-ac66u
vendor: asus model: rt-n12hp b1
vendor: asus model: rt-n12vp
vendor: asus model: rt-n12hp
vendor: asus model: rt-ac56u
vendor: asus model: rt-ac53
vendor: asus model: rt-ac2400
vendor: asus model: rt-ac55u
vendor: asus model: rt-ac3100
vendor: asus model: rt-acrh13
vendor: asus model: rt-acrh17
vendor: asus model: rt-n66u
vendor: asus model: router
vendor: asustek model: rt-ac52u
vendor: asustek model: rt-ac3200
vendor: asustek model: rt-n12e b1
vendor: asustek model: rt-ac51u
vendor: asustek model: rt-n18u
vendor: asustek model: rt-ac85p
vendor: asustek model: rt-ac1300uhp
vendor: asustek model: rt-ac1200
vendor: asustek model: routers
vendor: asustek model: rt-ac2200
vendor: asustek model: rt-ac58u
vendor: asustek model: rt-ac87u
vendor: asustek model: rt-ac2600
vendor: asustek model: rt-ac1750 b1
vendor: asustek model: rt-n14uhp
vendor: asustek model: rt-ac5300
vendor: asustek model: 4g-ac68u
vendor: asustek model: 4g-ac53u
vendor: asustek model: rt-ac65p
vendor: asustek model: rt-ac55uhp
vendor: asustek model: rt-ac1900
vendor: asustek model: rt-ac68u
vendor: asustek model: rt-ac57u
vendor: asustek model: rt-ac52u b1
vendor: asustek model: rt-ac85u
vendor: asustek model: rt-ac86u
vendor: asustek model: asuswrt
vendor: asustek model: rt-n12
vendor: asustek model: rt-ac1750
vendor: asustek model: asus
vendor: asustek model: rt-ac2900
vendor: asustek model: rt-ac1200g
vendor: asustek model: rt-n12d1
vendor: asustek model: rt-ac88u
vendor: asustek model: rt-ac66u b1
vendor: asustek model: rt-ac1900p
vendor: asustek model: rt-ac66u
vendor: asustek model: rt-n12hp b1
vendor: asustek model: rt-n12vp
vendor: asustek model: rt-n12hp
vendor: asustek model: rt-ac56u
vendor: asustek model: rt-ac53
vendor: asustek model: rt-ac2400
vendor: asustek model: rt-ac55u
vendor: asustek model: rt-ac3100
vendor: asustek model: rt-acrh13
vendor: asustek model: rt-acrh17
vendor: asustek model: rt-n66u
vendor: asustek model: router
db: NVD ids: CVE-2021-43702