VARIoT latest news about IoT security

Cisco IOS XE Web UI Vulnerability: A Glimpse into CVE-2023-20198 - Horizon3.ai Related entries in the VARIoT vulnerabilities database: VAR-202103-0773 Trust: 4.5 Fetched: Dec. 20, 2023, 9:10 a.m., Published: Oct. 19, 2023, 10:34 p.m.	Vulnerabilities: privilege escalation, user interface vulnerability

Affected products

External IDs

vendor:	cisco	model:	routers
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	cisco ios

db:

NVD

ids:

CVE-2023-20198, CVE-2021-1435

CVE-2023-50164 Coverage Advisory \| ThreatLabz Trust: 4.0 Fetched: Dec. 19, 2023, 9:47 a.m., Published: Dec. 19, 2023, midnight	Vulnerabilities: path traversal

Affected products

External IDs

db:

NVD

ids:

CVE-2023-50164

The Art of Securing Cloud-Native Mobile Applications - DZone Trust: 3.25 Fetched: Dec. 19, 2023, 9:46 a.m., Published: Dec. 2, 2023, midnight	Vulnerabilities: cross-site scripting, request forgery, improper validation...

Affected products

External IDs

vendor:	trend	model:	security
vendor:	google	model:	android

Qualcomm Vulnerabilities in Android Devices \| Lookout Threat Intelligence Related entries in the VARIoT vulnerabilities database: VAR-202312-0888 Trust: 4.0 Fetched: Dec. 19, 2023, 9:46 a.m., Published: Dec. 12, 2023, midnight	Vulnerabilities: integer overflow

Affected products

External IDs

db:

NVD

ids:

CVE-2023-33106, CVE-2023-33063, CVE-2023-33107

CVE-2022-41677 - vulnerability database \| Vulners.com Trust: 5.25 Fetched: Dec. 19, 2023, 9:46 a.m., Published: Dec. 18, 2023, 1:15 p.m.	Vulnerabilities: information disclosure

Affected products

External IDs

db:

NVD

ids:

CVE-2022-41677

Tenda AC Router Command Injection (CVE-2018-14558) - vulnerability database \| Vulners.com Related entries in the VARIoT vulnerabilities database: VAR-201810-0977 Trust: 6.0 Fetched: Dec. 19, 2023, 9:45 a.m., Published: Nov. 28, 2023, midnight	Vulnerabilities: command injection

Affected products

External IDs

vendor:	tenda	model:	router
vendor:	tenda	model:	ac10

db:

NVD

ids:

CVE-2018-14558

7 Types of Security Attacks on RFID Systems - atlasRFIDstore Trust: 3.0 Fetched: Dec. 19, 2023, 9:43 a.m., Published: Dec. 7, 2023, midnight	Vulnerabilities: denial of service

Affected products	External IDs

Windows Hello Fingerprint Authentication Vulnerability Exposed by Security Researchers - Gizchina.com Trust: 3.0 Fetched: Dec. 19, 2023, 9:42 a.m., Published: Nov. 25, 2023, 5:45 p.m.	Vulnerabilities: authentication vulnerability

Affected products	External IDs

Decoding CVE-2023-50164: Unveiling the Apache Struts File Upload Exploit Related entries in the VARIoT vulnerabilities database: VAR-201703-0755 Trust: 5.25 Fetched: Dec. 19, 2023, 9:42 a.m., Published: Dec. 15, 2023, midnight	Vulnerabilities: code execution, path traversal

Affected products

External IDs

vendor:	trend	model:	security
vendor:	trend	model:	deep security
vendor:	trend micro	model:	security
vendor:	trend micro	model:	deep security

db:

NVD

ids:

CVE-2023-50164, CVE-2017-5638

Mobile Hacking Lab - Document - HackMD Trust: 3.5 Fetched: Dec. 19, 2023, 9:38 a.m., Published: Dec. 1, 2023, midnight	Vulnerabilities: code execution, traversal attack, directory traversal...

Affected products	External IDs

Vulnerability Summary for the Week of December 4, 2023 \| CISA Related entries in the VARIoT vulnerabilities database: VAR-202312-2496, VAR-202312-0929, VAR-202312-0897, VAR-202312-1927, VAR-202312-0247, VAR-202312-0346, VAR-202312-2011, VAR-202312-1216, VAR-202312-1066, VAR-202312-1228, VAR-202312-0246, VAR-202312-2012, VAR-202312-2070, VAR-202312-0868, VAR-202312-1919, VAR-202312-2276, VAR-202312-1728, VAR-202312-0888 Trust: 5.25 Fetched: Dec. 19, 2023, 9:33 a.m., Published: Dec. 4, 2023, midnight	Vulnerabilities: permission management vulnerability, cross-site scripting, integer overflow...

Affected products

External IDs

vendor:	supermicro	model:	intelligent platform management interface
vendor:	supermicro	model:	intelligent platform management
vendor:	d-link	model:	dir-846
vendor:	d-link	model:	dar-7000
vendor:	samsung	model:	samsung_mobile
vendor:	samsung	model:	note
vendor:	samsung	model:	mobile
vendor:	samsung	model:	gallery
vendor:	samsung	model:	galaxy
vendor:	netgear	model:	orbi
vendor:	netgear	model:	rbr750
vendor:	totolink	model:	n300rt
vendor:	totolink	model:	a3002ru
vendor:	netgate	model:	pfsense
vendor:	google	model:	android
vendor:	google	model:	chrome
vendor:	google	model:	pixel
vendor:	google	model:	google chrome
vendor:	brocade	model:	brocade fabric os
vendor:	brocade	model:	fabric os
vendor:	sonicwall	model:	sma100
vendor:	sonicwall	model:	switch
vendor:	sonicwall	model:	ssl-vpn
vendor:	huawei	model:	huawei
vendor:	orange	model:	web server
vendor:	draytek	model:	routers
vendor:	bitcoin core	model:	bitcoin core
vendor:	dell	model:	bios
vendor:	lenovo	model:	bios
vendor:	lenovo	model:	system
vendor:	lenovo	model:	desktop
vendor:	ruijie	model:	switch
vendor:	ruckus	model:	zonedirector

db:

NVD

ids:

CVE-2023-6607, CVE-2023-47440, CVE-2023-46871, CVE-2023-46932, CVE-2023-22522, CVE-2023-49956, CVE-2023-45084, CVE-2023-28579, CVE-2023-5711, CVE-2023-39172, CVE-2023-47548, CVE-2023-49096, CVE-2023-41835, CVE-2023-42580, CVE-2023-5714, CVE-2023-28580, CVE-2023-48421, CVE-2023-22668, CVE-2023-50431, CVE-2023-33024, CVE-2023-49241, CVE-2023-46641, CVE-2023-42575, CVE-2023-28876, CVE-2023-33017, CVE-2023-45866, CVE-2023-6606, CVE-2022-45362, CVE-2023-46493, CVE-2023-45285, CVE-2023-5058, CVE-2023-48860, CVE-2023-6617, CVE-2023-33413, CVE-2023-6393, CVE-2023-46496, CVE-2023-47304, CVE-2023-34320, CVE-2023-5970, CVE-2023-6061, CVE-2023-43743, CVE-2023-6560, CVE-2023-28017, CVE-2023-49493, CVE-2023-48940, CVE-2020-0556, CVE-2023-24547, CVE-2023-48325, CVE-2023-6578, CVE-2023-33083, CVE-2021-27795, CVE-2023-47722, CVE-2023-49485, CVE-2023-49297, CVE-2023-44099, CVE-2023-48420, CVE-2023-6527, CVE-2023-48698, CVE-2023-28551, CVE-2023-44298, CVE-2023-42572, CVE-2023-49243, CVE-2023-6574, CVE-2023-48410, CVE-2023-44297, CVE-2023-5756, CVE-2023-42576, CVE-2023-28869, CVE-2023-33022, CVE-2023-5710, CVE-2023-46497, CVE-2023-2861, CVE-2023-28873, CVE-2023-43299, CVE-2023-32268, CVE-2023-48407, CVE-2023-49282, CVE-2023-50430, CVE-2023-33070, CVE-2023-37572, CVE-2023-28523, CVE-2023-48402, CVE-2023-33054, CVE-2023-39909, CVE-2023-6459, CVE-2023-33106, CVE-2023-6618, CVE-2023-28870, CVE-2023-48311, CVE-2023-6566, CVE-2023-33092, CVE-2023-48861, CVE-2023-46693, CVE-2023-43303, CVE-2023-49246, CVE-2023-39326, CVE-2023-23372, CVE-2023-6599, CVE-2023-6579, CVE-2022-47531, CVE-2023-48422, CVE-2023-46916, CVE-2023-49782, CVE-2023-33081, CVE-2023-28588, CVE-2023-33089, CVE-2023-49788, CVE-2023-6581, CVE-2023-49465, CVE-2023-21634, CVE-2023-28585, CVE-2023-49462, CVE-2023-6622, CVE-2023-48399, CVE-2023-42569, CVE-2023-45839, CVE-2023-48930, CVE-2023-43302, CVE-2023-6580, CVE-2023-43300, CVE-2023-28871, CVE-2023-49283, CVE-2023-6448, CVE-2023-45838, CVE-2023-48928, CVE-2023-41106, CVE-2023-26158, CVE-2023-48413, CVE-2023-33042, CVE-2023-49248, CVE-2023-46218, CVE-2023-33053, CVE-2023-50164, CVE-2023-49247, CVE-2023-43298, CVE-2023-49800, CVE-2023-43305, CVE-2023-6120, CVE-2023-42578, CVE-2023-6614, CVE-2023-49958, CVE-2023-41913, CVE-2023-33044, CVE-2023-40300, CVE-2023-49897, CVE-2023-48416, CVE-2023-48207, CVE-2023-6609, CVE-2023-49460, CVE-2023-32968, CVE-2023-49070, CVE-2023-48411, CVE-2023-42574, CVE-2023-48122, CVE-2023-43304, CVE-2023-45840, CVE-2023-6288, CVE-2023-43102, CVE-2023-44295, CVE-2023-49468, CVE-2023-4486, CVE-2023-33082, CVE-2021-46899, CVE-2023-49486, CVE-2023-6273, CVE-2023-48409, CVE-2023-6180, CVE-2023-43628, CVE-2023-45085, CVE-2023-49007, CVE-2023-42573, CVE-2023-6337, CVE-2023-33411, CVE-2023-6507, CVE-2020-25835, CVE-2023-45083, CVE-2023-45841, CVE-2023-6510, CVE-2023-49799, CVE-2023-41170, CVE-2023-48423, CVE-2023-41168, CVE-2023-46498, CVE-2023-34439, CVE-2023-49240, CVE-2023-48408, CVE-2023-28874, CVE-2023-49955, CVE-2023-39248, CVE-2023-49444, CVE-2023-43256, CVE-2023-33080, CVE-2023-49225, CVE-2022-24403, CVE-2023-49492, CVE-2023-6269, CVE-2023-49242, CVE-2023-43301, CVE-2023-33079, CVE-2023-49467, CVE-2023-28550, CVE-2023-39539, CVE-2023-6575, CVE-2023-47465, CVE-2023-6394, CVE-2023-33071, CVE-2023-6612, CVE-2023-49245, CVE-2023-32975, CVE-2023-33098, CVE-2023-22523, CVE-2023-46857, CVE-2023-46736, CVE-2023-28868, CVE-2023-43742, CVE-2023-45287, CVE-2023-41268, CVE-2023-48859, CVE-2023-44221, CVE-2023-22383, CVE-2023-6458, CVE-2023-48401, CVE-2023-40301, CVE-2023-42581, CVE-2023-5761, CVE-2023-6646, CVE-2023-47254, CVE-2023-41172, CVE-2023-6577, CVE-2023-49244, CVE-2023-36655, CVE-2023-46494, CVE-2023-42579, CVE-2023-46495, CVE-2023-22524, CVE-2023-46307, CVE-2023-6511, CVE-2023-49443, CVE-2023-6146, CVE-2023-49797, CVE-2023-43608, CVE-2023-33043, CVE-2023-46499, CVE-2023-6509, CVE-2023-43103, CVE-2023-6608, CVE-2023-33097, CVE-2023-6508, CVE-2023-28527, CVE-2023-50428, CVE-2023-6333, CVE-2023-46157, CVE-2023-35039, CVE-2023-48397, CVE-2023-48398, CVE-2023-26154, CVE-2023-46688, CVE-2023-48406, CVE-2023-6615, CVE-2023-48205, CVE-2023-42577, CVE-2023-33087, CVE-2023-50429, CVE-2023-33063, CVE-2023-5713, CVE-2023-43744, CVE-2023-48414, CVE-2023-32460, CVE-2023-49798, CVE-2023-49239, CVE-2023-41169, CVE-2023-44113, CVE-2023-48403, CVE-2023-49464, CVE-2023-28875, CVE-2023-6514, CVE-2023-47565, CVE-2023-33088, CVE-2023-45842, CVE-2023-6588, CVE-2023-33018, CVE-2023-6610, CVE-2023-28526, CVE-2023-33412, CVE-2023-49463, CVE-2023-48958, CVE-2023-28546, CVE-2023-6611, CVE-2023-46674, CVE-2023-42571, CVE-2023-28586, CVE-2023-45762, CVE-2023-44288, CVE-2023-48412, CVE-2023-47779, CVE-2023-43472, CVE-2023-6576, CVE-2023-41905, CVE-2023-48415, CVE-2023-48404, CVE-2023-41804, CVE-2023-35909, CVE-2023-39538, CVE-2023-49746, CVE-2023-49484, CVE-2023-49487, CVE-2023-6245, CVE-2023-6613, CVE-2023-48405, CVE-2023-48849, CVE-2023-6619, CVE-2023-49957, CVE-2023-40238, CVE-2023-46773, CVE-2023-6512, CVE-2023-5712, CVE-2023-33041, CVE-2023-48929, CVE-2023-45210, CVE-2023-42570, CVE-2023-40302, CVE-2023-48123, CVE-2023-41171, CVE-2023-28587, CVE-2023-6616, CVE-2023-33107

Microsoft December Patch Tuesday tackles nasty critical Outlook RCE bug \| SC Media Trust: 5.0 Fetched: Dec. 19, 2023, 9:31 a.m., Published: Dec. 6, 2023, 7 p.m.	Vulnerabilities: code execution, information disclosure

Affected products

External IDs

db:

NVD

ids:

CVE-2023-20588, CVE-2023-35641, CVE-2023-35628, CVE-2023-35630

About the Deep Security protection modules \| Deep Security Trust: 3.5 Fetched: Dec. 19, 2023, 9:31 a.m., Published: May 19, 2023, midnight	Vulnerabilities: cross-site scripting, sql injection

Affected products

External IDs

vendor:	trend	model:	security
vendor:	trend	model:	trend micro deep security
vendor:	trend	model:	micro deep security
vendor:	trend	model:	deep security
vendor:	trend micro	model:	security
vendor:	trend micro	model:	trend micro deep security
vendor:	trend micro	model:	micro deep security
vendor:	trend micro	model:	deep security

Philips Patient Monitoring Devices (Update C) \| CISA Related entries in the VARIoT vulnerabilities database: VAR-202009-0608, VAR-202009-0603, VAR-202009-0595, VAR-202009-0606, VAR-202009-0604, VAR-202009-0607, VAR-202009-0605, VAR-202009-0602 Trust: 5.75 Fetched: Dec. 19, 2023, 9:25 a.m., Published: Dec. 14, 2023, midnight	Vulnerabilities: cross-site scripting, improper validation, service crash

Affected products

External IDs

vendor:

philips

model:

intellivue patient monitors mx100

db:

NVD

ids:

CVE-2020-16224, CVE-2020-16214, CVE-2020-16228, CVE-2020-16220, CVE-2020-16216, CVE-2020-16222, CVE-2020-16218, CVE-2020-16212

Samsung Phones High-Risk: Government has 'warning' for Galaxy S23, other Samsung smartphone users - Times of India Trust: 3.5 Fetched: Dec. 19, 2023, 9:21 a.m., Published: Dec. 16, 2023, 5:43 p.m.	Vulnerabilities: improper access control, input validation vulnerability, access control flaw...

Affected products

External IDs

vendor:	samsung	model:	galaxy
vendor:	samsung	model:	note
vendor:	samsung	model:	knox

Mandiant Discloses Critical Vulnerability Affecting Millions of IoT Devices \| Mandiant Trust: 4.5 Fetched: Dec. 19, 2023, 9:15 a.m., Published: Dec. 25, 2023, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:	apple	model:	watch
vendor:	google	model:	home
vendor:	wireshark	model:	wireshark

db:

NVD

ids:

CVE-2021-28372

SCATTERED SPIDER Attempts to Avoid Detection with Bring-Your-Own-Driver Tactic Related entries in the VARIoT vulnerabilities database: VAR-201708-0246 Trust: 4.5 Fetched: Dec. 19, 2023, 9:14 a.m., Published: Jan. 10, 2023, 8:27 a.m.	Vulnerabilities: control bypass

Affected products

External IDs

vendor:	palo alto networks	model:	networks
vendor:	palo	model:	networks

db:

NVD

ids:

CVE-2015-2291

Inside the Smart Home: IoT Device Threats and Attack Scenarios - Security News Trust: 3.25 Fetched: Dec. 19, 2023, 9:13 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	trend	model:	security
vendor:	trend micro	model:	security

URGENT/11 \| Armis Related entries in the VARIoT vulnerabilities database: VAR-201908-0704, VAR-201908-0713, VAR-201908-0703, VAR-201908-0706, VAR-201908-0702, VAR-201908-0705, VAR-201908-0699, VAR-201908-0715, VAR-201908-0712, VAR-201908-0714, VAR-201908-0701 Trust: 5.25 Fetched: Dec. 19, 2023, 9:12 a.m., Published: Aug. 22, 2023, 1:59 p.m.	Vulnerabilities: code execution, memory corruption, information leak...

Affected products

External IDs

vendor:	samsung	model:	note
vendor:	samsung	model:	printers
vendor:	samsung	model:	printer
vendor:	siemens	model:	nucleus rtos
vendor:	siemens	model:	nucleus
vendor:	rockwell	model:	arena
vendor:	nats	model:	server
vendor:	snort	model:	snort
vendor:	rockwell automation	model:	arena

db:

NVD

ids:

CVE-2019-12263, CVE-2019-12256, CVE-2019-12262, CVE-2019-12265, CVE-2019-12261, CVE-2019-12264, CVE-2019-12259, CVE-2019-12258, CVE-2019-12255, CVE-2019-12257, CVE-2019-12260

Phosphorus’s Cyber-Physical System (CPS) Protection Trust: 3.75 Fetched: Dec. 17, 2023, 10:17 a.m., Published: Dec. 7, 2023, midnight	Vulnerabilities: default credentials

Affected products

External IDs

vendor:

trend

model:

security

VARIoT news about IoT security