Sign-up

VARIoT news about IoT security

Most ransomware attacks rely on exploiting older, unpatched vulnerabilities

Trust: 3.0

Fetched: Dec. 7, 2021, 8:04 a.m., Published: March 14, 2021, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2009-3960, CVE-2010-2861

Cisco IOS XE Software Interface Queue Wedge Denial of Service Vulnerability - Cisco

Trust: 3.75

Fetched: Dec. 7, 2021, 8:04 a.m., Published: Sept. 28, 2021, 2:52 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: cisco ios
vendor: cisco model: ios xe
vendor: cisco model: cisco ios xe
vendor: cisco model: ios xe software

Finding 0-days with Jackalope | McAfee Blogs

Trust: 3.75

Fetched: Dec. 7, 2021, 8:04 a.m., Published: Sept. 27, 2021, 4:01 a.m.
 Vulnerabilities: access violation
Affected productsExternal IDs
db: NVD ids: CVE-2021-36134

Printing Shellz FAQ - F-Secure Blog

Trust: 3.75

Fetched: Dec. 7, 2021, 8:04 a.m., Published: Nov. 30, 2021, 1:24 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-39238, CVE-2021-39237

Device management complexities could create cybersecurity gaps and leave NHS Trusts vulnerable - EIN Presswire

Trust: 3.5

Fetched: Dec. 7, 2021, 8:04 a.m., Published: Nov. 18, 2021, 12:55 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: palo model: networks

Vulnerability Remediation | A Step-by-Step Guide | HackerOne

Trust: 3.5

Fetched: Dec. 7, 2021, 8:04 a.m., Published: Jan. 14, 2022, midnight
 Vulnerabilities: sql injection, cross-site scripting
Affected productsExternal IDs
vendor: serve model: serve

Cisco Email Security Appliance URL Filtering Bypass Vulnerability - Cisco

Trust: 3.0

Fetched: Dec. 7, 2021, 8:04 a.m., Published: Oct. 17, 2021, 3:48 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: email security appliance
vendor: cisco model: cisco email security appliance

NVD - CVE-2021-34711

Related entries in the VARIoT vulnerabilities database: VAR-202110-0201

Trust: 3.75

Fetched: Dec. 7, 2021, 8:04 a.m., Published: Jan. 3, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: wireless_ip_phone_8821_firmware
vendor: cisco model: ip_conference_phone_7832_firmware
vendor: cisco model: ip_phone_7841_firmware
vendor: cisco model: ip_phone_7821_firmware
vendor: cisco model: ip_phone_8811_firmware
vendor: cisco model: ip_conference_phone_8832_firmware
vendor: cisco model: ip_phone_8841_firmware
vendor: cisco model: ip_phone_7861_firmware
vendor: cisco model: ip_phone_7832_firmware
vendor: cisco model: ip_phone_7811_firmware
vendor: cisco model: ip_phone_8831_firmware
db: NVD ids: CVE-2021-34711

Android Security Bulletin-December 2021 | Android Open Source Project

Related entries in the VARIoT vulnerabilities database: VAR-202112-0901, VAR-202112-0906, VAR-202112-0910, VAR-202112-0911, VAR-202112-1035, VAR-202112-0916, VAR-202112-0908, VAR-202112-0909, VAR-202112-0900

Trust: 5.25

Fetched: Dec. 7, 2021, 8:04 a.m., Published: Dec. 14, 2021, midnight
 Vulnerabilities: information disclosure, memory corruption, denial of service...
Affected productsExternal IDs
vendor: nokia model: nokia
vendor: motorola model: motorola
vendor: motorola model: android
vendor: broadcom model: broadcom
vendor: huawei model: huawei
vendor: google model: pixel
vendor: google model: android
vendor: samsung model: notes
vendor: samsung model: samsung
vendor: samsung model: mobile
db: NVD ids: CVE-2021-0963, CVE-2021-0704, CVE-2021-30278, CVE-2020-11263, CVE-2021-30351, CVE-2021-30279, CVE-2021-1894, CVE-2021-30276, CVE-2021-0955, CVE-2021-30268, CVE-2021-0958, CVE-2021-0966, CVE-2021-1918, CVE-2021-30272, CVE-2021-30273, CVE-2021-0970, CVE-2021-30289, CVE-2021-30303, CVE-2021-0953, CVE-2021-0956, CVE-2021-30283, CVE-2021-30274, CVE-2021-0952, CVE-2021-30282, CVE-2021-30267, CVE-2021-30270, CVE-2021-30275, CVE-2021-0675, CVE-2021-0954, CVE-2021-30271, CVE-2021-0964, CVE-2021-0969, CVE-2021-30336, CVE-2021-0968, CVE-2021-0971, CVE-2021-0967, CVE-2021-30269, CVE-2021-0965, CVE-2021-30293, CVE-2021-0904

Cisco Web Security Appliance Proxy Service Denial of Service Vulnerability - Cisco

Trust: 4.0

Fetched: Dec. 7, 2021, 8:04 a.m., Published: Oct. 23, 2021, 6:48 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: cisco web security appliance
vendor: cisco model: web security appliance

Cisco Email Security Appliance Denial of Service Vulnerability - Cisco

Trust: 3.75

Fetched: Dec. 7, 2021, 8:04 a.m., Published: Nov. 3, 2021, 11:24 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: email security appliance
vendor: cisco model: cisco email security appliance

NVD - CVE-2021-34773

Related entries in the VARIoT vulnerabilities database: VAR-202111-0419

Trust: 5.5

Fetched: Dec. 7, 2021, 8:04 a.m., Published: Jan. 3, 2022, midnight
 Vulnerabilities: request forgery, cross-site request forgery
Affected productsExternal IDs
vendor: cisco model: unified communications manager
vendor: cisco model: cisco unified communications manager
vendor: cisco model: unified_communications_manager
vendor: cisco model: cisco systems
vendor: cisco model: unified_communications_manager_im_and_presence_service
vendor: cisco model: unified communications manager session management edition
vendor: cisco model: unified communications
vendor: cisco systems model: unified communications manager
vendor: cisco systems model: cisco unified communications manager
vendor: cisco systems model: unified_communications_manager
vendor: cisco systems model: cisco systems
vendor: cisco systems model: unified_communications_manager_im_and_presence_service
vendor: cisco systems model: unified communications manager session management edition
vendor: cisco systems model: unified communications
db: NVD ids: CVE-2021-34773

CVE security vulnerability database. Security vulnerabilities, exploits, references and more

Related entries in the VARIoT vulnerabilities database: VAR-202111-0965, VAR-202109-1098, VAR-202111-1567, VAR-202111-0964, VAR-202111-1224, VAR-202111-0616

Trust: 5.25

Fetched: Dec. 7, 2021, 8:04 a.m., Published: Jan. 2, 2021, midnight
 Vulnerabilities: path traversal, code injection, privilege escalation...
Affected productsExternal IDs
vendor: asus model: rt-ax86u
vendor: asus model: rt-ax58u
vendor: asus model: rt-ax88u
vendor: asus model: rt-ax92u
vendor: asus model: gt-ax11000
vendor: asus model: rt-ax3000
vendor: asus model: asus
vendor: asus model: router
vendor: asus model: rt-ax56u
vendor: netgear model: r6020
vendor: netgear model: router
vendor: tp-link model: gateway
vendor: tp-link model: tl-wr840n
vendor: tp-link model: wr840n
vendor: d-link model: router
db: NVD ids: CVE-2009-1234, CVE-2021-43048, CVE-2021-42726, CVE-2021-42266, CVE-2021-44480, CVE-2021-42839, CVE-2021-42298, CVE-2021-42723, CVE-2021-43359, CVE-2021-42271, CVE-2021-43130, CVE-2021-43011, CVE-2021-41315, CVE-2021-42783, CVE-2021-41619, CVE-2021-43033, CVE-2021-41383, CVE-2021-43413, CVE-2021-43360, CVE-2020-28328, CVE-2021-41301, CVE-2021-43397, CVE-2021-42721, CVE-2021-43046, CVE-2021-42071, CVE-2021-43283, CVE-2021-43408, CVE-2021-41299, CVE-2021-43012, CVE-2021-41583, CVE-2021-42784, CVE-2021-41290, CVE-2021-42524, CVE-2021-42270, CVE-2021-43015, CVE-2021-42338, CVE-2021-41435, CVE-2021-42077, CVE-2021-42057, CVE-2021-42731, CVE-2021-42267, CVE-2021-42372, CVE-2021-42840, CVE-2021-42237, CVE-2021-42269, CVE-2021-41653, CVE-2021-43013, CVE-2021-42109, CVE-2021-43019, CVE-2021-42272, CVE-2021-42669, CVE-2021-42738

HP patches wormable bug impacting more than 150 multi-functional printers - The Record by Recorded Future

Trust: 4.5

Fetched: Dec. 7, 2021, 8:04 a.m., Published: Nov. 30, 2021, 1 p.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: hewlett packard model: hewlett packard
vendor: hewlett packard model: hp laserjet
vendor: hewlett packard model: laserjet
db: NVD ids: CVE-2021-39237, CVE-2021-39238

SonicWall warns users to patch critical vulnerability "as soon as possible" | Malwarebytes Labs

Related entries in the VARIoT vulnerabilities database: VAR-202109-1777

Trust: 4.75

Fetched: Dec. 7, 2021, 8:04 a.m., Published: Sept. 24, 2021, 11:09 a.m.
 Vulnerabilities: path traversal, improper access control, privilege escalation...
Affected productsExternal IDs
vendor: sonicwall model: sma 100
vendor: sonicwall model: secure mobile access
db: NVD ids: CVE-2021-20034

USB Devices the Common Denominator in All Attacks on Air-Gapped Systems

Trust: 4.75

Fetched: Dec. 7, 2021, 8:04 a.m., Published: Dec. 3, 2021, 3:19 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2010-2568

Thousands of AT&T customers in the US infected by new data-stealing malware | Ars Technica

Related entries in the VARIoT vulnerabilities database: VAR-201705-3536

Trust: 4.5

Fetched: Dec. 7, 2021, 8:04 a.m., Published: Dec. 1, 2021, midnight
 Vulnerabilities: denial of service, default credentials
Affected productsExternal IDs
vendor: ribbon communications model: edgemarc
vendor: ribbon model: edgemarc
vendor: qemu model: qemu
vendor: edgewater model: edgemarc
db: NVD ids: CVE-2017-6079, cve-2017-6079

Google Patches Over 50 Serious Vulnerabilities in Android | SecurityWeek.Com

Trust: 5.75

Fetched: Dec. 7, 2021, 8:04 a.m., Published: Oct. 5, 2021, midnight
 Vulnerabilities: denial of service, code execution, information disclosure
Affected productsExternal IDs
vendor: google model: android
vendor: google model: pixel
db: NVD ids: CVE-2021-0870
db: POSIVITIVE TECHNOLOGY ids: ID:11

MediaTek Has Fixed A Crucial Security Bug On Its Chipsets

Trust: 4.75

Fetched: Dec. 7, 2021, 8:04 a.m., Published: Nov. 26, 2021, 1:34 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: xiaomi model: redmi
vendor: check point model: check point

HP printer vulnerabilities left enterprise networks open to abuse via ‘cross-site printing’ attack | The Daily Swig

Trust: 3.0

Fetched: Dec. 7, 2021, 8:04 a.m., Published: Nov. 30, 2021, 1:17 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs