VARIoT latest news about IoT security

Microsoft Issues January Security Patches Addressing 97 Vulnerabilities -- Redmondmag.com Related entries in the VARIoT vulnerabilities database: VAR-202109-1789, VAR-202105-1269 Trust: 5.75 Fetched: May 13, 2022, 7:57 a.m., Published: Jan. 13, 2022, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:	trend micro	model:	security
vendor:	google	model:	chrome
vendor:	trend	model:	security
vendor:	cisco	model:	cisco routers

db:

NVD

ids:

CVE-2022-21855, CVE-2022-21969, CVE-2022-21846, CVE-2022-21857, CVE-2022-21840, CVE-2021-22947, CVE-2021-31166, CVE-2022-21917, CVE-2022-21833, CVE-2022-21912, CVE-2021-21907, CVE-2022-21907, CVE-2022-21898

Over 50% Internet-connected Devices In Hospitals Vulnerable To Cybercrime: Report #hospitals #vulnerable - Cybercrime Cybersecurity Ransomware Washington Windows-TeluguStop Trust: 3.0 Fetched: May 13, 2022, 7:57 a.m., Published: Jan. 20, 2022, midnight	Vulnerabilities: -

Affected products	External IDs

53% of Connected Medical Devices Have Serious Vulnerabilities \| The CISO Times Trust: 3.75 Fetched: May 13, 2022, 7:57 a.m., Published: May 19, 2022, midnight	Vulnerabilities: default credentials

Affected products	External IDs

Cisco StarOS Flaw Let Attackers Gain RCE on Vulnerable Device Trust: 5.75 Fetched: May 13, 2022, 7:57 a.m., Published: May 10, 2022, midnight	Vulnerabilities: information disclosure, code execution

Affected products

External IDs

vendor:	cisco	model:	cisco staros
vendor:	cisco	model:	staros

db:

NVD

ids:

CVE-2022-20648, CVE-2022-20649

Around 300K MikroTik devices are vulnerable to remote botnet attacks Related entries in the VARIoT vulnerabilities database: VAR-201910-0546, VAR-201803-2171, VAR-201910-0547 Trust: 4.75 Fetched: May 13, 2022, 7:57 a.m., Published: Dec. 9, 2021, midnight	Vulnerabilities: directory traversal, code injection, code execution...

Affected products

External IDs

vendor:	mikrotik	model:	router
vendor:	mikrotik	model:	mikrotik routers
vendor:	mikrotik	model:	winbox
vendor:	mikrotik	model:	routers

db:

NVD

ids:

CVE-2019-3977, CVE-2018-7445, CVE-2019-3978, CVE-2018-74847

Full Disclosure: [RT-SA-2021-009] Credential Disclosure in Web Interface of Crestron Device Trust: 4.75 Fetched: May 13, 2022, 7:57 a.m., Published: Feb. 4, 2022, midnight	Vulnerabilities: information disclosure, credential disclosure

Affected products

External IDs

db:

NVD

ids:

CVE-2022-23178

Over 50% internet-connected devices in hospitals vulnerable to cybercrime: Report Trust: 3.0 Fetched: May 13, 2022, 7:57 a.m., Published: May 13, 2022, midnight	Vulnerabilities: -

Affected products	External IDs

Is Your Hospital Safe From A Cyber Attack? Probably Not, Report Warns Trust: 3.75 Fetched: May 13, 2022, 7:57 a.m., Published: May 2, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	macos
vendor:	trend	model:	security

Remotely Exploitable NetUSB Flaw Puts Millions of Devices at Risk Trust: 5.5 Fetched: May 13, 2022, 7:56 a.m., Published: June 23, 2022, midnight	Vulnerabilities: denial of service, code execution, buffer overflow...

Affected products

External IDs

vendor:	netgear	model:	r6700
vendor:	netgear	model:	r6400
vendor:	netgear	model:	d7800
vendor:	d-link	model:	router
vendor:	kcodes	model:	netusb

db:

NVD

ids:

CVE-2021-45388

Fortinet : Security vulnerabilities Related entries in the VARIoT vulnerabilities database: VAR-202111-0284, VAR-202110-0150, VAR-202112-0729, VAR-202111-0313, VAR-202112-0524, VAR-202112-0401, VAR-202111-0330, VAR-202112-0420, VAR-202112-0400, VAR-202112-0330, VAR-202110-0151, VAR-202112-0328, VAR-202112-0523, VAR-202112-0406, VAR-202112-0331, VAR-202112-0525, VAR-202112-0405, VAR-202112-0287, VAR-202112-0288, VAR-202111-0305, VAR-202109-0501, VAR-202112-0383, VAR-202112-0384, VAR-202112-1045, VAR-202110-0149, VAR-202112-0339, VAR-202112-0421, VAR-202111-0343, VAR-202111-0307, VAR-202112-0367, VAR-202112-0286, VAR-202111-0314, VAR-202111-0322, VAR-202109-0502, VAR-202111-0317, VAR-202112-1044, VAR-202112-0379, VAR-202112-0399, VAR-202111-0241, VAR-202112-0356, VAR-202112-0332, VAR-202112-0378, VAR-202112-0670, VAR-202108-0712, VAR-202112-0526, VAR-202112-0380, VAR-202112-0329, VAR-202112-0338, VAR-202111-0306, VAR-202111-0302 Trust: 5.75 Fetched: May 13, 2022, 7:56 a.m., Published: May 13, 2050, midnight	Vulnerabilities: os command injection, information disclosure, denial of service...

Affected products

External IDs

vendor:

fortigate

model:

fortios

db:

NVD

ids:

CVE-2021-36192, CVE-2021-36175, CVE-2021-42758, CVE-2021-36185, CVE-2021-43071, CVE-2021-36189, CVE-2021-36176, CVE-2021-41030, CVE-2021-36194, CVE-2021-41024, CVE-2021-36178, CVE-2021-43063, CVE-2021-36188, CVE-2021-36195, CVE-2021-41015, CVE-2021-43065, CVE-2021-41017, CVE-2021-42752, CVE-2021-41029, CVE-2021-36187, CVE-2021-36179, CVE-2021-41025, CVE-2021-41021, CVE-2021-41028, CVE-2021-36170, CVE-2021-36180, CVE-2021-41013, CVE-2021-36183, CVE-2021-36184, CVE-2021-43068, CVE-2021-43067, CVE-2021-36174, CVE-2021-41019, CVE-2021-36182, CVE-2021-36181, CVE-2021-44168, CVE-2021-41027, CVE-2021-43204, CVE-2021-36172, CVE-2021-42760, CVE-2021-41014, CVE-2021-36190, CVE-2021-36169, CVE-2021-36168, CVE-2021-36167, CVE-2021-36191, CVE-2021-43064, CVE-2021-42757, CVE-2021-36186, CVE-2021-42754

Vulnerability in IDEMIA Biometric Readers Allows Hackers to Unlock Doors \| SecurityWeek.Com Trust: 3.75 Fetched: May 13, 2022, 7:56 a.m., Published: May 13, 2022, midnight	Vulnerabilities: denial of service

Affected products	External IDs

53% of medical devices have a known critical vulnerability - Help Net Security Trust: 3.75 Fetched: May 13, 2022, 7:56 a.m., Published: Jan. 25, 2022, midnight	Vulnerabilities: default credentials

Affected products	External IDs

More than half of medical devices found to have critical vulnerabilities \| ZDNet Trust: 3.75 Fetched: May 13, 2022, 7:56 a.m., Published: May 5, 2022, midnight	Vulnerabilities: default credentials

Affected products	External IDs

Cisco Patches Critical Vulnerability in RCM for StarOS \| SecurityWeek.Com Trust: 4.5 Fetched: May 13, 2022, 7:56 a.m., Published: May 13, 2022, midnight	Vulnerabilities: denial of service, buffer overflow

Affected products

External IDs

vendor:	cisco	model:	catalyst
vendor:	cisco	model:	meraki mx
vendor:	cisco	model:	asr 5000
vendor:	cisco	model:	staros
vendor:	snort	model:	snort

db:

NVD

ids:

CVE-2022-20655, CVE-2022-20685, CVE-2022-20648, CVE-2022-20649

Cisco : Security vulnerabilities Related entries in the VARIoT vulnerabilities database: VAR-202111-0400, VAR-202110-0203, VAR-202201-1486, VAR-202110-1394, VAR-202110-0619, VAR-202111-0412, VAR-202109-0618, VAR-202201-1476, VAR-202201-1483, VAR-202111-0413, VAR-202110-1392, VAR-202110-1350, VAR-202201-1474, VAR-202111-0419, VAR-202110-1354, VAR-202201-1477, VAR-202110-0617, VAR-202111-0393, VAR-202110-1393, VAR-202201-1482, VAR-202110-1395, VAR-202111-1196, VAR-202110-0618, VAR-202110-1352, VAR-202109-0617, VAR-202111-1198, VAR-202110-1402, VAR-202111-0401, VAR-202110-1375, VAR-202201-1481, VAR-202201-1478, VAR-202111-0664, VAR-202110-1377, VAR-202201-1475, VAR-202111-0418, VAR-202110-1353, VAR-202110-0622, VAR-202112-0566, VAR-202201-1484, VAR-202110-1351, VAR-202110-0213, VAR-202110-0212, VAR-202201-1479, VAR-202111-0417, VAR-202111-1197, VAR-202201-1480, VAR-202109-0631, VAR-202201-1522, VAR-202110-1376, VAR-202201-1485 Trust: 5.25 Fetched: May 13, 2022, 7:56 a.m., Published: May 13, 2050, midnight	Vulnerabilities: denial of service, cross-site scripting, resource exhaustion...

Affected products

External IDs

vendor:	snort	model:	snort
vendor:	cisco	model:	cisco webex meetings
vendor:	cisco	model:	unified communications manager session management edition
vendor:	cisco	model:	cisco anyconnect secure mobility client
vendor:	cisco	model:	meeting
vendor:	cisco	model:	anyconnect secure mobility client
vendor:	cisco	model:	security manager
vendor:	cisco	model:	cisco evolved programmable network manager
vendor:	cisco	model:	ios xr software
vendor:	cisco	model:	cisco small business
vendor:	cisco	model:	cisco prime infrastructure
vendor:	cisco	model:	unified communications manager
vendor:	cisco	model:	cisco identity services engine
vendor:	cisco	model:	umbrella
vendor:	cisco	model:	dna center
vendor:	cisco	model:	small business rv series routers
vendor:	cisco	model:	firepower
vendor:	cisco	model:	ios xr
vendor:	cisco	model:	cisco adaptive security appliance
vendor:	cisco	model:	cisco meeting
vendor:	cisco	model:	evolved programmable network manager
vendor:	cisco	model:	small business rv
vendor:	cisco	model:	series
vendor:	cisco	model:	cisco policy suite
vendor:	cisco	model:	cisco ios xr
vendor:	cisco	model:	firepower threat defense
vendor:	cisco	model:	webex
vendor:	cisco	model:	series routers
vendor:	cisco	model:	webex meetings
vendor:	cisco	model:	cisco security manager
vendor:	cisco	model:	adaptive security appliance
vendor:	cisco	model:	meeting server
vendor:	cisco	model:	identity services engine
vendor:	cisco	model:	prime infrastructure
vendor:	cisco	model:	common services platform collector
vendor:	cisco	model:	policy suite
vendor:	cisco	model:	cisco unified communications manager
vendor:	cisco	model:	cisco meeting server
vendor:	cisco	model:	cisco webex
vendor:	mesh	model:	mesh

db:

NVD

ids:

CVE-2021-40128, CVE-2021-34782, CVE-2022-20635, CVE-2021-34783, CVE-2021-40121, CVE-2021-40124, CVE-2021-34786, CVE-2022-20647, CVE-2022-20642, CVE-2021-40120, CVE-2021-34791, CVE-2021-40118, CVE-2022-20639, CVE-2021-34773, CVE-2021-34787, CVE-2022-20645, CVE-2021-40123, CVE-2021-40126, CVE-2021-34790, CVE-2022-20637, CVE-2021-34781, CVE-2021-40131, CVE-2021-40122, CVE-2021-40116, CVE-2021-34785, CVE-2021-40129, CVE-2021-40125, CVE-2021-40115, CVE-2021-34794, CVE-2022-20640, CVE-2022-20646, CVE-2021-40119, CVE-2021-34792, CVE-2022-20641, CVE-2021-34774, CVE-2021-40114, CVE-2021-34789, CVE-2021-44228, CVE-2022-20643, CVE-2021-40117, CVE-2021-34772, CVE-2021-34766, CVE-2022-20636, CVE-2021-34784, CVE-2021-40130, CVE-2022-20638, CVE-2021-34771, CVE-2022-20658, CVE-2021-34793, CVE-2022-20644

Threat Signal Report \| FortiGuard Trust: 5.0 Fetched: May 13, 2022, 7:56 a.m., Published: Jan. 2, 2012, 8:22 p.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2022-21907

100 million IoT devices affected by zero-day flaw \| IT PRO Trust: 3.0 Fetched: May 13, 2022, 7:55 a.m., Published: May 13, 2022, midnight	Vulnerabilities: code execution

Affected products	External IDs

Command Injection Vulnerability in QVR - Security Advisory \| QNAP Trust: 5.25 Fetched: May 13, 2022, 7:55 a.m., Published: May 6, 2022, midnight	Vulnerabilities: command injection

Affected products

External IDs

db:

NVD

ids:

CVE-2021-38685

Heap-Based Buffer Overflow Vulnerability in QTS and QuTS hero - Security Advisory \| QNAP Trust: 3.0 Fetched: May 13, 2022, 7:55 a.m., Published: May 6, 2022, midnight	Vulnerabilities: buffer overflow

Affected products	External IDs

Command Injection Vulnerability in QVR - Security Advisory \| QNAP Trust: 4.25 Fetched: May 13, 2022, 7:54 a.m., Published: May 6, 2022, midnight	Vulnerabilities: command injection

Affected products

External IDs

db:

NVD

ids:

CVE-2021-34352

VARIoT news about IoT security