VARIoT latest news about IoT security

Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: Vulnerability Spotlight: Vulnerabilities in Anker Eufy Homebase could lead to code execution, buffer overflows Trust: 5.5 Fetched: Jan. 18, 2022, 11:39 a.m., Published: Jan. 13, 2022, midnight	Vulnerabilities: privilege escalation, code execution, buffer overflow

Affected products

External IDs

vendor:	cisco	model:	firepower
vendor:	cisco	model:	series
vendor:	cisco	model:	firepower management center
vendor:	snort	model:	snort
vendor:	snort.org	model:	snort

db:

NVD

ids:

CVE-2021-21940, CVE-2021-21950, CVE-2021-21954, CVE-2021-21941, CVE-2021-21952, CVE-2021-21951, CVE-2021-21955, CVE-2021-21953

Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: Vulnerability Spotlight: Information disclosure vulnerability in D-LINK DIR-3040 mesh router Related entries in the VARIoT vulnerabilities database: VAR-202109-0383 Trust: 5.75 Fetched: Jan. 18, 2022, 11:39 a.m., Published: Jan. 13, 2022, midnight	Vulnerabilities: information disclosure

Affected products

External IDs

vendor:	cisco	model:	router
vendor:	cisco	model:	firepower
vendor:	cisco	model:	firepower management center
vendor:	d-link	model:	router
vendor:	d-link	model:	dir-3040
vendor:	snort	model:	snort
vendor:	snort.org	model:	snort
vendor:	mesh	model:	mesh

db:

NVD

ids:

CVE-2021-21913

CISA releases alert on BadAlloc vulnerability in BlackBerry products \| ZDNet Trust: 5.75 Fetched: Jan. 18, 2022, 11:39 a.m., Published: Aug. 17, 2021, midnight	Vulnerabilities: integer overflow

Affected products

External IDs

vendor:

blackberry

model:

blackberry

db:

NVD

ids:

CVE-2021-22156

PrintNightmare Vulnerability: Detection, Explanation, and Mitigation Related entries in the VARIoT vulnerabilities database: VAR-202106-0639, VAR-202107-1010 Trust: 4.5 Fetched: Jan. 18, 2022, 11:39 a.m., Published: Nov. 9, 2021, midnight	Vulnerabilities: privilege escalation, code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2021-1675, CVE-2021-34527

Over 300,000 MikroTik Devices Found Vulnerable to Remotely Exploitable Vulnerabilities \| Cyware Alerts - Hacker News Trust: 3.25 Fetched: Jan. 18, 2022, 11:38 a.m., Published: Dec. 9, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

mikrotik

model:

mikrotik

Security Advisories Related entries in the VARIoT vulnerabilities database: VAR-202109-1803, VAR-202201-1475, VAR-202105-1476, VAR-202201-1481, VAR-202105-1493, VAR-202110-0618, VAR-202105-0257, VAR-202112-2011, VAR-202201-1482, VAR-202109-1802, VAR-202111-0418, VAR-202105-1431, VAR-202105-1428, VAR-202101-1010, VAR-202201-1483, VAR-202201-1480, VAR-202201-1476, VAR-202201-1485, VAR-202201-1486, VAR-202201-1477, VAR-202112-0566, VAR-202201-1484, VAR-202201-1474, VAR-202105-1430, VAR-202105-1429, VAR-202201-1479, VAR-202105-1475, VAR-202111-1198, VAR-202105-1477, VAR-202111-1197, VAR-202109-1805, VAR-202109-1804, VAR-202112-1782, VAR-202105-1432, VAR-202006-1140, VAR-202112-0562, VAR-202201-0897, VAR-202201-0872, VAR-202201-1478, VAR-202111-1196 Trust: 5.5 Fetched: Jan. 18, 2022, 11:37 a.m., Published: Jan. 18, 2022, midnight	Vulnerabilities: traversal attack, denial of service, cross-site scripting...

Affected products

External IDs

vendor:	snort	model:	snort
vendor:	cisco	model:	adaptive security device manager
vendor:	cisco	model:	evolved programmable network manager
vendor:	cisco	model:	series smart switches
vendor:	cisco	model:	ip phone
vendor:	cisco	model:	prime infrastructure
vendor:	cisco	model:	cisco security manager
vendor:	cisco	model:	device manager
vendor:	cisco	model:	security manager
vendor:	cisco	model:	meeting server
vendor:	cisco	model:	link layer discovery protocol
vendor:	cisco	model:	cisco small business
vendor:	cisco	model:	cisco prime infrastructure
vendor:	cisco	model:	security device manager
vendor:	cisco	model:	small business
vendor:	cisco	model:	common services platform collector
vendor:	cisco	model:	cisco meeting server
vendor:	cisco	model:	asdm
vendor:	cisco	model:	meeting
vendor:	cisco	model:	cisco evolved programmable network manager
vendor:	cisco	model:	prime access registrar
vendor:	cisco	model:	cisco meeting
vendor:	cisco	model:	series
vendor:	cisco	model:	access registrar

db:

NVD

ids:

CVE-2022-20657, CVE-2021-39275, CVE-2022-20656, CVE-2021-34777, CVE-2022-20641, CVE-2020-26144, CVE-2022-20640, CVE-2022-20633, CVE-2020-26143, CVE-2021-40122, CVE-2020-26145, CVE-2021-44832, CVE-2022-20631, CVE-2022-20637, CVE-2022-20632, CVE-2021-40438, CVE-2021-34774, CVE-2020-24588, CVE-2020-26141, CVE-2021-1236, CVE-2021-34775, CVE-2020-24586, CVE-2022-20642, CVE-2022-20652, CVE-2022-20663, CVE-2020-26142, CVE-2021-34780, CVE-2022-20638, CVE-2022-20647, CVE-2022-20644, CVE-2022-20635, CVE-2021-34779, CVE-2022-20645, CVE-2021-44228, CVE-2022-20643, CVE-2022-20639, CVE-2021-33193, CVE-2020-26139, CVE-2020-26140, CVE-2022-20636, CVE-2020-26147, CVE-2021-40129, CVE-2020-26146, CVE-2021-40130, CVE-2021-34778, CVE-2021-34798, CVE-2021-36160, CVE-2021-45105, CVE-2022-20634, CVE-2020-24587, CVE-2020-3339, CVE-2021-45046, CVE-2022-20660, CVE-2022-20626, CVE-2022-20651, CVE-2022-20646, CVE-2021-34776, CVE-2021-40131

Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: Threat Advisory: Critical Apache Log4j vulnerability being exploited in the wild Related entries in the VARIoT vulnerabilities database: VAR-202112-2011, VAR-202112-1782, VAR-202112-0562, VAR-202112-0566 Trust: 4.25 Fetched: Jan. 18, 2022, 11:37 a.m., Published: Jan. 13, 2022, midnight	Vulnerabilities: denial of service, code execution, information leakage

Affected products

External IDs

vendor:	cisco	model:	firepower
vendor:	cisco	model:	device manager
vendor:	cisco	model:	meraki mx
vendor:	cisco	model:	adaptive security appliance
vendor:	cisco	model:	firepower threat defense
vendor:	cisco	model:	umbrella
vendor:	cisco	model:	clamav
vendor:	snort	model:	snort
vendor:	snort.org	model:	snort
vendor:	clamav	model:	clamav

db:

NVD

ids:

CVE-2021-44832, CVE-2021-45105, CVE-2021-45046, CVE-2021-44228, CVE-2021-4104

Get patching: SonicWall warns of vulnerabilties in SMA 100 series remote access devices \| ZDNet Related entries in the VARIoT vulnerabilities database: VAR-202102-0898 Trust: 3.75 Fetched: Jan. 18, 2022, 11:37 a.m., Published: Jan. 18, 2022, 11:37 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	sonicwall	model:	remote access
vendor:	sonicwall	model:	netextender
vendor:	sonicwall	model:	sma 100
vendor:	sonicwall	model:	secure mobile access

db:

NVD

ids:

CVE-2021-20016

עדכון האבטחה החודשי של מיקרוסופט - דצמבר 2021 \| מערך הסייבר הלאומי Related entries in the VARIoT vulnerabilities database: VAR-202112-1833 Trust: 3.75 Fetched: Jan. 18, 2022, 11:37 a.m., Published: Dec. 18, 2021, midnight	Vulnerabilities: feature bypass, denial of service, code execution...

Affected products

External IDs

db:

NVD

ids:

CVE-2021-43877, CVE-2020-0655, CVE-2021-43905, CVE-2021-43217, CVE-2021-43239, CVE-2021-43232, CVE-2021-42309, CVE-2019-0887, CVE-2021-43882, CVE-2021-42315, CVE-2021-43229, CVE-2021-40453, CVE-2021-43899, CVE-2021-43893, CVE-2021-42311, CVE-2021-43238, CVE-2021-41360, CVE-2021-41365, CVE-2021-40452, CVE-2021-42310, CVE-2021-43214, CVE-2021-43247, CVE-2021-43246, CVE-2021-43226, CVE-2021-43883, CVE-2021-42294, CVE-2021-43256, CVE-2021-43245, CVE-2021-41333, CVE-2021-42293, CVE-2021-43219, CVE-2021-43248, CVE-2021-43231, CVE-2021-42313, CVE-2021-43240, CVE-2021-43891, CVE-2021-43890, CVE-2021-43207, CVE-2021-1669, CVE-2021-43907, CVE-2021-43225, CVE-2021-43889, CVE-2021-42314, CVE-2021-42312, CVE-2021-43230, CVE-2021-40441, CVE-2021-43223, CVE-2021-43237, CVE-2021-43228, CVE-2021-43215, CVE-2021-43233, CVE-2021-43234, CVE-2021-43875, CVE-2021-43880

NPort W2150A/W2250A Series Serial Device Servers Vulnerability Trust: 3.0 Fetched: Jan. 18, 2022, 11:37 a.m., Published: Jan. 16, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	moxa	model:	moxa
vendor:	moxa	model:	nport w2150a
vendor:	moxa	model:	nport

NPort W2150A/W2250A Series Serial Device Servers Vulnerability Trust: 3.0 Fetched: Jan. 18, 2022, 11:37 a.m., Published: Jan. 16, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	moxa	model:	moxa
vendor:	moxa	model:	nport w2150a
vendor:	moxa	model:	nport

Security Advisories Trust: 3.25 Fetched: Jan. 18, 2022, 11:36 a.m., Published: Jan. 16, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

moxa

model:

moxa

Norton Community \| Forum, Release Announcements Trust: 3.0 Fetched: Jan. 18, 2022, 11:35 a.m., Published: Jan. 17, 2022, 6:51 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

macos

NAS-maker Synology reveals new remote code execution vulnerabilities Trust: 5.0 Fetched: Jan. 18, 2022, 11:35 a.m., Published: Aug. 27, 2021, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:	synology	model:	synology router manager
vendor:	synology	model:	router manager
vendor:	synology	model:	diskstation manager
vendor:	synology	model:	diskstation

db:

NVD

ids:

CVE-2021-3712, CVE-2021-3711

Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: Vulnerability Spotlight: Multiple vulnerabilities in ZTE MF971R LTE router Related entries in the VARIoT vulnerabilities database: VAR-202110-0397, VAR-202110-0396 Trust: 5.5 Fetched: Jan. 18, 2022, 11:35 a.m., Published: Jan. 13, 2022, midnight	Vulnerabilities: buffer overflow, cross-site scripting

Affected products

External IDs

vendor:	snort	model:	snort
vendor:	snort.org	model:	snort
vendor:	cisco	model:	router
vendor:	cisco	model:	firepower
vendor:	cisco	model:	firepower management center

db:

NVD

ids:

CVE-2021-21745, CVE-2021-21748

Security Vulnerabilities fixed in Firefox 94 - Mozilla Trust: 3.0 Fetched: Jan. 18, 2022, 11:35 a.m., Published: Oct. 18, 2021, midnight	Vulnerabilities: memory corruption

Affected products	External IDs

HP Threat Research Shows Attackers Exploiting Zero‐Day Vulnerability before Enterprises Can Patch \| WebWire Related entries in the VARIoT vulnerabilities database: VAR-202109-1909 Trust: 3.75 Fetched: Jan. 18, 2022, 11:35 a.m., Published: Dec. 2, 2021, midnight	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2021-404441, CVE-2021-40444

Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: Vulnerability Spotlight: Vulnerabilities in Lantronix PremierWave 2050 could lead to code execution, file deletion Trust: 5.5 Fetched: Jan. 18, 2022, 11:34 a.m., Published: Jan. 13, 2022, midnight	Vulnerabilities: code execution, local file inclusion, file inclusion...

Affected products

External IDs

vendor:	cisco	model:	firepower
vendor:	cisco	model:	firepower management center
vendor:	snort	model:	snort
vendor:	snort.org	model:	snort

db:

NVD

ids:

CVE-2021-21878, CVE-2021-21886, CVE-2021-21896

Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: Cisco Talos finds 10 vulnerabilities in Azure Sphere’s Linux kernel, Security Monitor and Pluton Related entries in the VARIoT vulnerabilities database: VAR-202111-0789, VAR-202111-0473 Trust: 5.25 Fetched: Jan. 18, 2022, 11:34 a.m., Published: Jan. 13, 2022, midnight	Vulnerabilities: denial of service, information leak, information disclosure

Affected products

External IDs

vendor:	snort	model:	snort
vendor:	snort.org	model:	snort

db:

NVD

ids:

CVE-2021-41375, CVE-2021-42300, CVE-2021-41374, CVE-2021-41376

Microsoft Surface Pro 3 Security Feature Bypass Vulnerability Surface - Windows 10 Forums Trust: 3.0 Fetched: Jan. 18, 2022, 11:33 a.m., Published: Jan. 13, 2022, midnight	Vulnerabilities: security feature bypass, feature bypass

Affected products	External IDs

VARIoT news about IoT security