VARIoT latest news about IoT security

AT&T Networking Devices' Old Flaw Now Exploited by New Malware to Conduct DoS Attacks! Thousands of US Customers Affected \| Tech Times Related entries in the VARIoT vulnerabilities database: VAR-201705-3536 Trust: 4.0 Fetched: Dec. 6, 2021, 2:33 p.m., Published: Dec. 1, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

edgewater

model:

edgemarc

db:

NVD

ids:

CVE-2017-6079

Routersploit Tutorial - KaliTut Trust: 3.25 Fetched: Dec. 6, 2021, 2:33 p.m., Published: May 24, 2021, midnight	Vulnerabilities: directory traversal, path traversal, password disclosure...

Affected products

External IDs

vendor:	asus	model:	rt-n66u
vendor:	asus	model:	asus
vendor:	asus	model:	router
vendor:	dlink	model:	router
vendor:	jquery	model:	jquery
vendor:	d-link	model:	router
vendor:	belkin	model:	router
vendor:	dnrd	model:	dnrd
vendor:	iproute2	model:	iproute2

Finding and reporting a device vulnerability - SPLICE Trust: 3.0 Fetched: Dec. 6, 2021, 2:33 p.m., Published: June 2, 2021, 7:10 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

wireshark

model:

wireshark

USN-5165-1: Linux kernel (OEM) vulnerabilities \| Ubuntu security notices \| Ubuntu Trust: 4.75 Fetched: Dec. 6, 2021, 2:33 p.m., Published: Nov. 30, 2021, midnight	Vulnerabilities: system crash, denial of service

Affected products

External IDs

db:	NVD	ids:	CVE-2021-43056, CVE-2021-3772, CVE-2021-43389, CVE-2021-3760, CVE-2021-43267, CVE-2021-42327, CVE-2021-42739
db:	UBUNTU	ids:	USN-5165-1, USN-5139-1

USB ISP Mode Vulnerability - NXP Community Trust: 3.0 Fetched: Dec. 6, 2021, 2:33 p.m., Published: Dec. 1, 2021, 8 p.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2021-40154

CVE - CVE-2021-34739 Trust: 3.75 Fetched: Dec. 6, 2021, 2:33 p.m., Published: Jan. 3, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	small business series
vendor:	cisco	model:	series
vendor:	cisco	model:	cisco small business
vendor:	cisco	model:	series switches
vendor:	cisco	model:	cisco systems
vendor:	cisco	model:	small business series switches
vendor:	cisco	model:	small business
vendor:	cisco systems	model:	small business series
vendor:	cisco systems	model:	series
vendor:	cisco systems	model:	cisco small business
vendor:	cisco systems	model:	series switches
vendor:	cisco systems	model:	cisco systems
vendor:	cisco systems	model:	small business series switches
vendor:	cisco systems	model:	small business

db:

NVD

ids:

CVE-2021-34739

NVD - CVE-2021-34724 Trust: 4.75 Fetched: Dec. 6, 2021, 2:33 p.m., Published: Oct. 13, 2021, midnight	Vulnerabilities: improper access control

Affected products

External IDs

vendor:	cisco	model:	cisco systems
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	sd-wan
vendor:	cisco	model:	asr_1000
vendor:	cisco	model:	ios xe sd-wan software
vendor:	cisco	model:	cisco ios xe
vendor:	cisco systems	model:	cisco systems
vendor:	cisco systems	model:	cisco ios
vendor:	cisco systems	model:	ios xe
vendor:	cisco systems	model:	sd-wan
vendor:	cisco systems	model:	asr_1000
vendor:	cisco systems	model:	ios xe sd-wan software
vendor:	cisco systems	model:	cisco ios xe

db:

NVD

ids:

CVE-2021-34724

Cisco : Security vulnerabilities Related entries in the VARIoT vulnerabilities database: VAR-202110-1286, VAR-202110-1351, VAR-202110-1353, VAR-202110-0209, VAR-202110-0619, VAR-202110-1297, VAR-202110-1376, VAR-202111-0418, VAR-202111-1197, VAR-202110-0203, VAR-202111-0401, VAR-202110-1377, VAR-202110-0211, VAR-202110-1350, VAR-202110-0212, VAR-202111-0417, VAR-202111-0412, VAR-202109-0624, VAR-202109-0623, VAR-202110-1305, VAR-202110-0618, VAR-202110-1375, VAR-202111-0413, VAR-202110-1367, VAR-202110-0617, VAR-202109-0631, VAR-202111-1198, VAR-202111-0400, VAR-202108-0824, VAR-202110-1394, VAR-202110-1393, VAR-202108-0823, VAR-202110-1392, VAR-202111-0419, VAR-202110-1402, VAR-202110-1395, VAR-202110-0623, VAR-202110-1298, VAR-202109-0622, VAR-202109-0617, VAR-202110-0622, VAR-202110-1065, VAR-202111-1196, VAR-202110-1366, VAR-202109-0618, VAR-202110-0213, VAR-202110-1354, VAR-202111-0393, VAR-202111-0664, VAR-202110-1352 Trust: 5.25 Fetched: Dec. 6, 2021, 2:33 p.m., Published: Jan. 2, 2021, midnight	Vulnerabilities: directory traversal, traversal attack, improper validation...

Affected products

External IDs

vendor:	cisco	model:	unified communications manager
vendor:	cisco	model:	cisco adaptive security appliance
vendor:	cisco	model:	firepower management center
vendor:	cisco	model:	cisco webex
vendor:	cisco	model:	identity services engine
vendor:	cisco	model:	webex
vendor:	cisco	model:	cisco small business
vendor:	cisco	model:	nexus
vendor:	cisco	model:	small business
vendor:	cisco	model:	common services platform collector
vendor:	cisco	model:	small business rv
vendor:	cisco	model:	series routers
vendor:	cisco	model:	cisco anyconnect secure mobility client
vendor:	cisco	model:	anyconnect secure mobility client
vendor:	cisco	model:	cisco ios xr
vendor:	cisco	model:	cisco webex meetings
vendor:	cisco	model:	firepower threat defense
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	roomos
vendor:	cisco	model:	evolved programmable network manager
vendor:	cisco	model:	webex meetings
vendor:	cisco	model:	dna center
vendor:	cisco	model:	cisco identity services engine
vendor:	cisco	model:	policy suite
vendor:	cisco	model:	cisco telepresence
vendor:	cisco	model:	cisco telepresence management suite
vendor:	cisco	model:	series
vendor:	cisco	model:	meeting
vendor:	cisco	model:	cisco firepower management center
vendor:	cisco	model:	cisco unified communications manager
vendor:	cisco	model:	adaptive security appliance
vendor:	cisco	model:	cisco evolved programmable network manager
vendor:	cisco	model:	cisco meeting
vendor:	cisco	model:	unified communications manager session management edition
vendor:	cisco	model:	cisco meeting server
vendor:	cisco	model:	meeting server
vendor:	cisco	model:	telepresence
vendor:	cisco	model:	umbrella
vendor:	cisco	model:	cisco prime infrastructure
vendor:	cisco	model:	cisco web security appliance
vendor:	cisco	model:	web security appliance
vendor:	cisco	model:	prime infrastructure
vendor:	cisco	model:	routers
vendor:	cisco	model:	ios xr software
vendor:	cisco	model:	ios xr
vendor:	cisco	model:	firepower
vendor:	cisco	model:	small business rv series routers
vendor:	cisco	model:	cisco policy suite
vendor:	cisco	model:	cisco roomos
vendor:	cisco	model:	telepresence management suite
vendor:	cisco	model:	webex video mesh
vendor:	cisco	model:	telepresence collaboration endpoint
vendor:	cisco	model:	unified communications
vendor:	mesh	model:	mesh
vendor:	snort	model:	snort

db:

NVD

ids:

CVE-2021-34754, CVE-2021-40117, CVE-2021-40114, CVE-2021-34748, CVE-2021-40121, CVE-2021-34756, CVE-2021-34793, CVE-2021-34774, CVE-2021-40130, CVE-2021-34782, CVE-2021-40115, CVE-2021-34792, CVE-2021-34758, CVE-2021-40118, CVE-2021-34766, CVE-2021-34784, CVE-2021-40124, CVE-2021-34765, CVE-2021-34759, CVE-2021-34761, CVE-2021-40122, CVE-2021-34794, CVE-2021-40120, CVE-2021-34763, CVE-2021-40123, CVE-2021-34771, CVE-2021-40129, CVE-2021-40128, CVE-2021-34749, CVE-2021-34783, CVE-2021-34790, CVE-2021-34745, CVE-2021-34791, CVE-2021-34773, CVE-2021-40125, CVE-2021-34781, CVE-2021-34760, CVE-2021-34755, CVE-2021-34746, CVE-2021-34785, CVE-2021-34789, CVE-2021-34762, CVE-2021-40131, CVE-2021-34764, CVE-2009-1234, CVE-2021-34786, CVE-2021-34772, CVE-2021-34787, CVE-2021-40126, CVE-2021-40119, CVE-2021-40116

New Axis OS Security Research Aided by Transparent Design Trust: 4.75 Fetched: Dec. 6, 2021, 2:33 p.m., Published: Oct. 5, 2021, 3 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	axis	model:	communications
vendor:	axis	model:	axis
vendor:	axis	model:	ip cameras
vendor:	axis communications	model:	communications
vendor:	axis communications	model:	axis
vendor:	axis communications	model:	ip cameras

Microsoft : Security vulnerabilities Related entries in the VARIoT vulnerabilities database: VAR-202111-0789, VAR-202111-0697, VAR-202111-0473, VAR-202111-0660 Trust: 3.75 Fetched: Dec. 6, 2021, 2:33 p.m., Published: Jan. 1, 2021, midnight	Vulnerabilities: information disclosure, feature bypass, memory corruption...

Affected products

External IDs

db:

NVD

ids:

CVE-2021-41372, CVE-2021-41367, CVE-2021-41375, CVE-2021-41373, CVE-2021-43208, CVE-2021-42322, CVE-2021-41374, CVE-2021-42298, CVE-2021-42285, CVE-2021-42306, CVE-2021-42304, CVE-2021-42305, CVE-2021-41349, CVE-2021-42288, CVE-2021-42284, CVE-2021-42323, CVE-2021-43221, CVE-2021-42300, CVE-2021-42297, CVE-2021-42302, CVE-2021-41379, CVE-2021-42274, CVE-2021-43220, CVE-2021-41371, CVE-2021-42321, CVE-2021-41376, CVE-2021-42276, CVE-2021-42280, CVE-2021-42278, CVE-2021-43209, CVE-2021-41366, CVE-2021-42286, CVE-2021-38631, CVE-2021-42301, CVE-2021-42308, CVE-2021-42282, CVE-2021-42303, CVE-2021-41377, CVE-2021-42291, CVE-2009-1234, CVE-2021-42292, CVE-2021-41368, CVE-2021-41370, CVE-2021-42279, CVE-2021-41378, CVE-2021-42283, CVE-2021-42275, CVE-2021-42316, CVE-2021-43211, CVE-2021-26444, CVE-2021-42296, CVE-2021-42287, CVE-2021-42319, CVE-2021-42277

Unpatched Unauthorized File Read Vulnerability Affects Microsoft Windows OS Related entries in the VARIoT vulnerabilities database: VAR-202108-1005, VAR-202111-0697 Trust: 4.0 Fetched: Dec. 6, 2021, 2:33 p.m., Published: Nov. 30, 2021, 9:11 a.m.	Vulnerabilities: information disclosure, privilege escalation

Affected products

External IDs

db:

NVD

ids:

CVE-2021-24084, CVE-2021-34484, CVE-2021-41379

0patch Blog: Micropatching Unpatched Local Privilege Escalation in Mobile Device Management Service (CVE-2021-24084 / 0day) Trust: 4.5 Fetched: Dec. 6, 2021, 2:33 p.m., Published: Nov. 26, 2021, midnight	Vulnerabilities: information disclosure, privilege escalation

Affected products

External IDs

db:

NVD

ids:

CVE-2021-24084

HP patches bugs in over 150 printer models Trust: 3.0 Fetched: Dec. 6, 2021, 2:33 p.m., Published: Nov. 30, 2021, midnight	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2021-39238, CVE-2021-39237

These 19 issues on EMUI 11 and 13 other versions got fixed with December 2021 patch - Huawei Update Related entries in the VARIoT vulnerabilities database: VAR-202111-1767, VAR-202202-0422, VAR-202202-0423, VAR-202112-0224, VAR-202202-1310, VAR-202202-0420, VAR-202112-0944, VAR-202112-0943, VAR-202202-0421, VAR-202202-1311, VAR-202202-1312, VAR-202112-0344, VAR-202111-1769, VAR-202112-0333, VAR-202111-1763, VAR-202111-1765, VAR-202110-1864, VAR-202112-0345, VAR-202201-1016 Trust: 5.5 Fetched: Dec. 6, 2021, 2:33 p.m., Published: Nov. 28, 2021, 5:06 a.m.	Vulnerabilities: integer overflow, input verification vulnerability, system crash...

Affected products

External IDs

vendor:	huawei	model:	hisuite
vendor:	huawei	model:	emui
vendor:	huawei	model:	huawei

db:

NVD

ids:

CVE-2021-37133, CVE-2021-37115, CVE-2021-37107, CVE-2021-37096, CVE-2021-39992, CVE-2021-39994, CVE-2021-39996, CVE-2021-39998, CVE-2021-39991, CVE-2021-39986, CVE-2021-37109, CVE-2021-37074, CVE-2021-39974, CVE-2021-37043, CVE-2021-37118, CVE-2021-37112, CVE-2021-37125, CVE-2021-37069, CVE-2021-39993

Google warns of data-stealing macOS bug \| IT PRO Related entries in the VARIoT vulnerabilities database: VAR-202108-1374 Trust: 3.5 Fetched: Dec. 6, 2021, 2:33 p.m., Published: Jan. 14, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	macos
vendor:	apple	model:	safari

db:

NVD

ids:

CVE-2021-30869

Vulnerabilities detected in over 150 HP printer models, now patched Trust: 5.75 Fetched: Dec. 6, 2021, 2:33 p.m., Published: Dec. 1, 2021, 8:11 a.m.	Vulnerabilities: memory corruption, code execution

Affected products

External IDs

vendor:

hewlett-packard

model:

laserjet

db:

NVD

ids:

CVE-2021-39238, CVE-2021-39237

Microsoft Security Bulletins: November 2021 Related entries in the VARIoT vulnerabilities database: VAR-202111-0660, VAR-202111-0697 Trust: 4.75 Fetched: Dec. 6, 2021, 2:33 p.m., Published: Nov. 14, 2021, midnight	Vulnerabilities: request forgery, cross-site request forgery, cross-site scripting...

Affected products

External IDs

db:

NVD

ids:

CVE-2021-41372, CVE-2021-41377, CVE-2021-42296, CVE-2021-41368, CVE-2021-42274, CVE-2021-42319, CVE-2021-42285, CVE-2021-42280, CVE-2021-38665, CVE-2021-38631, CVE-2021-42276, CVE-2021-42278, CVE-2021-38666, CVE-2021-41367, CVE-2021-43208, CVE-2021-42277, CVE-2021-42286, CVE-2021-42291, CVE-2021-42322, CVE-2021-42275, CVE-2021-41366, CVE-2021-41371, CVE-2021-41379, CVE-2021-42284, CVE-2021-42288, CVE-2021-41370, CVE-2021-41349, CVE-2021-40442, CVE-2021-3711, CVE-2021-42283, CVE-2021-42292, CVE-2021-42305, CVE-2021-42282, CVE-2021-43209, CVE-2021-42316, CVE-2021-42298, CVE-2021-42321, CVE-2021-36957, CVE-2021-41356, CVE-2021-42287, CVE-2021-41378, CVE-2021-26443, CVE-2021-42279

0patch beats Microsoft to fix serious local privilege escalation vulnerability in Windows Trust: 3.75 Fetched: Dec. 6, 2021, 2:33 p.m., Published: Nov. 29, 2021, 1:42 p.m.	Vulnerabilities: information disclosure, privilege escalation

Affected products

External IDs

db:

NVD

ids:

CVE-2021-24084

Identified High Risk Vulnerabilities in the CATIE Web… \| Bishop Fox Trust: 4.25 Fetched: Dec. 6, 2021, 2:33 p.m., Published: Dec. 2, 2021, midnight	Vulnerabilities: information disclosure

Affected products	External IDs

Multiple Bugs Enable Eavesdropping on 37% of Android Phones - Infosecurity Magazine Trust: 3.75 Fetched: Dec. 6, 2021, 2:33 p.m., Published: Nov. 24, 2021, 11 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	check point	model:	check point
vendor:	vivo	model:	vivo

db:

NVD

ids:

CVE-2021-0662, CVE-2021-0663, CVE-2021-0661, CVE-2021-0673

VARIoT news about IoT security