VARIoT latest news about IoT security

Technical Advisory - Multiple Vulnerabilities in Victure WR1200 WiFi Router (CVE-2021-43282, CVE-2021-43283, CVE-2021-43284) - NCC Group Research Related entries in the VARIoT vulnerabilities database: VAR-202111-1568, VAR-202111-1567, VAR-202111-1566 Trust: 4.5 Fetched: Nov. 16, 2021, 1:27 p.m., Published: Nov. 12, 2021, 3 p.m.	Vulnerabilities: command injection, default password, os command injection...

Affected products

External IDs

db:

NVD

ids:

CVE-2021-43282, CVE-2021-43283, CVE-2021-43284

NUCLEUS:13 TCP security bugs impact critical healthcare devices Related entries in the VARIoT vulnerabilities database: VAR-202111-1605, VAR-202111-1604, VAR-202111-1616 Trust: 5.5 Fetched: Nov. 16, 2021, 1:27 p.m., Published: Jan. 13, 2022, midnight	Vulnerabilities: improper validation, code execution

Affected products

External IDs

vendor:	treck	model:	tcp/ip stack
vendor:	siemens	model:	nucleus
vendor:	siemens	model:	nucleus rtos
vendor:	siemens	model:	nucleus readystart

db:

NVD

ids:

CVE-2021-31886, CVE-2021-31887, CVE-2021-31888

Positive Technologies Discovers Vulnerability in Intel Processors Used in Laptops, Cars and Other Devices Trust: 4.75 Fetched: Nov. 16, 2021, 1:27 p.m., Published: Jan. 4, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	tesla	model:	model 3
vendor:	tesla	model:	model

db:

NVD

ids:

CVE-2021-0146

Vulnerable IoT devices can stake your breath \| Cooltechzone Related entries in the VARIoT vulnerabilities database: VAR-201903-1617, VAR-201903-0181, VAR-202006-0826, VAR-202006-1820, VAR-202006-1819, VAR-202006-0827 Trust: 3.5 Fetched: Nov. 16, 2021, 1:27 p.m., Published: Sept. 30, 2021, 7:36 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	medtronic	model:	carelink 2090
vendor:	medtronic	model:	mycarelink monitor

db:

NVD

ids:

CVE-2019-6540, CVE-2019-6538, CVE-2019-18248, CVE-2019-18254, CVE-2019-18256, CVE-2019-18252

NUCLEUS:13: 13 Vulnerabilities Found in Siemens Nucleus TCP/IP Stack - Blog \| Tenable® Related entries in the VARIoT vulnerabilities database: VAR-202111-1605, VAR-202111-1616, VAR-202111-1604, VAR-202111-1606 Trust: 4.5 Fetched: Nov. 16, 2021, 1:27 p.m., Published: Nov. 10, 2021, 9:15 p.m.	Vulnerabilities: code execution, buffer overflow, information disclosure

Affected products

External IDs

vendor:	siemens	model:	nucleus net
vendor:	siemens	model:	nucleus rtos
vendor:	siemens	model:	nucleus

db:

NVD

ids:

CVE-2021-31886, CVE-2021-31888, CVE-2021-31887, CVE-2021-31885

D-Link DIR-825 R1 Device < 3.0.2 RCE (CVE-2020-29557) Related entries in the VARIoT vulnerabilities database: VAR-202101-0529 Trust: 5.75 Fetched: Nov. 16, 2021, 1:27 p.m., Published: Nov. 12, 2021, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:	dlink	model:	router
vendor:	dlink	model:	dir-825 r1
vendor:	dlink	model:	dir-825
vendor:	d-link	model:	router
vendor:	d-link	model:	dir-825 r1
vendor:	d-link	model:	dir-825

db:

NVD

ids:

CVE-2020-29557

Ubuntu : Security vulnerabilities Related entries in the VARIoT vulnerabilities database: VAR-201803-0134, VAR-200504-0293, VAR-200704-0229, VAR-200704-0737 Trust: 5.25 Fetched: Nov. 16, 2021, 1:27 p.m., Published: -	Vulnerabilities: application crash, symlink attack, timing attack...

Affected products

External IDs

vendor:	freetype	model:	freetype
vendor:	dovecot	model:	dovecot
vendor:	clamav	model:	clamav
vendor:	canonical	model:	ubuntu linux
vendor:	canonical	model:	ubuntu
vendor:	perl	model:	perl
vendor:	cups	model:	cups
vendor:	x.org	model:	x.org
vendor:	x.org	model:	libxfont

db:

NVD

ids:

CVE-2005-3626, CVE-2011-4613, CVE-2006-3378, CVE-2005-0077, CVE-2011-1842, CVE-2006-3597, CVE-2009-3232, CVE-2004-0888, CVE-2013-1069, CVE-2005-4158, CVE-2015-1322, CVE-2017-14461, CVE-2005-0988, CVE-2006-5466, CVE-2005-0754, CVE-2004-1337, CVE-2008-6792, CVE-2005-0750, CVE-2009-0578, CVE-2008-2285, CVE-2009-1601, CVE-2014-1424, CVE-2015-5479, CVE-2005-0156, CVE-2015-2150, CVE-2009-1295, CVE-2009-1296, CVE-2006-5649, CVE-2005-3625, CVE-2005-0384, CVE-2007-5365, CVE-2013-2186, CVE-2005-1527, CVE-2008-4306, CVE-2005-0106, CVE-2007-4601, CVE-2006-6235, CVE-2005-0109, CVE-2007-1352, CVE-2005-0080, CVE-2006-0151, CVE-2008-0166, CVE-2009-1234, CVE-2006-1183, CVE-2006-7229, CVE-2006-5648, CVE-2011-0729, CVE-2008-4395, CVE-2005-0206, CVE-2005-3624, CVE-2013-1070, CVE-2007-1351, CVE-2009-0365, CVE-2006-3747

How to Scan for Vulnerabilities on Any Website Using Nikto " Null Byte :: WonderHowTo Trust: 3.5 Fetched: Nov. 16, 2021, 1:27 p.m., Published: -	Vulnerabilities: sql injection, information disclosure, authentication bypass...

Affected products

External IDs

db:	NVD	ids:	CVE-2018-10933
db:	MICROSOFT	ids:	MS10-070

HikPwn : Simple Scanner For Hikvision Devices With Basic Vulnerability Related entries in the VARIoT vulnerabilities database: VAR-201705-3762, VAR-201705-3742 Trust: 4.25 Fetched: Nov. 16, 2021, 1:27 p.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:

hikvision

model:

hikvision

db:	ICS CERT	ids:	ICSA-17-124-01
db:	US CERT	ids:	ICSA-17-124-01

Device Vulnerability Management Market Size, Share, Industry Forecast 2028 Trust: 3.75 Fetched: Nov. 16, 2021, 1:27 p.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	trend	model:	security
vendor:	hewlett-packard company	model:	hewlett-packard company
vendor:	hewlett-packard	model:	hewlett-packard company
vendor:	google	model:	android

db:

NVD

ids:

CVE-2020-0601

NVD - CVE-2021-1586 Trust: 5.75 Fetched: Nov. 16, 2021, 1:27 p.m., Published: -	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	cisco	model:	nexus_92160yc-x
vendor:	cisco	model:	nexus_92304qc
vendor:	cisco	model:	nexus 9000 series
vendor:	cisco	model:	cisco nexus 9000 series
vendor:	cisco	model:	nx-os
vendor:	cisco	model:	nexus_9000v
vendor:	cisco	model:	nexus_92300yc
vendor:	cisco	model:	nexus
vendor:	cisco	model:	series
vendor:	cisco	model:	cisco systems
vendor:	cisco	model:	nexus 9000
vendor:	cisco systems	model:	nexus_92160yc-x
vendor:	cisco systems	model:	nexus_92304qc
vendor:	cisco systems	model:	nexus 9000 series
vendor:	cisco systems	model:	cisco nexus 9000 series
vendor:	cisco systems	model:	nx-os
vendor:	cisco systems	model:	nexus_9000v
vendor:	cisco systems	model:	nexus_92300yc
vendor:	cisco systems	model:	nexus
vendor:	cisco systems	model:	series
vendor:	cisco systems	model:	cisco systems
vendor:	cisco systems	model:	nexus 9000

db:

NVD

ids:

CVE-2021-1586

Researchers find 13 medical device vulnerabilities potentially capable of taking hospitals offline Trust: 3.0 Fetched: Nov. 16, 2021, 1:27 p.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:

siemens

model:

nucleus

Vulnerability Analysis of Network Scanning on SCADA Systems Trust: 4.5 Fetched: Nov. 16, 2021, 1:27 p.m., Published: -	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	codesys	model:	linux
vendor:	codesys	model:	gateway
vendor:	codesys	model:	codesys
vendor:	codesys	model:	control
vendor:	codesys	model:	web server
vendor:	modbus	model:	slave
vendor:	siemens	model:	s7-1200 plc
vendor:	siemens	model:	simatic
vendor:	siemens	model:	simatic s7-1200
vendor:	siemens	model:	dnp3
vendor:	siemens	model:	simatic s7-1200 plc
vendor:	cisco	model:	series
vendor:	cisco	model:	routers
vendor:	wireshark	model:	wireshark

GE Medical Devices Vulnerability \| CISA Related entries in the VARIoT vulnerabilities database: VAR-201508-0596, VAR-201508-0003, VAR-201508-0002, VAR-201508-0018, VAR-201508-0008, VAR-201508-0001, VAR-201803-0185, VAR-201508-0275, VAR-201508-0006, VAR-201508-0007, VAR-201508-0597, VAR-201508-0020, VAR-201508-0151, VAR-201508-0019, VAR-201803-0183, VAR-201508-0009, VAR-201508-0011, VAR-201508-0004 Trust: 3.5 Fetched: Nov. 16, 2021, 1:27 p.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	ge healthcare	model:	centricity pacs server
vendor:	ge healthcare	model:	discovery xr656
vendor:	ge healthcare	model:	centricity dms
vendor:	ge healthcare	model:	optima mr360
vendor:	ge healthcare	model:	infinia hawkeye 4
vendor:	ge healthcare	model:	centricity pacs
vendor:	ge healthcare	model:	discovery vh
vendor:	gehealthcare	model:	centricity pacs server
vendor:	gehealthcare	model:	discovery xr656
vendor:	gehealthcare	model:	centricity dms
vendor:	gehealthcare	model:	optima mr360
vendor:	gehealthcare	model:	infinia hawkeye 4
vendor:	gehealthcare	model:	centricity pacs
vendor:	gehealthcare	model:	discovery vh

db:	NVD	ids:	CVE-2012-6660, CVE-2014-7232, CVE-2003-1603, CVE-2009-5143, CVE-2012-6693, CVE-2010-5306, CVE-2007-6757, CVE-2017-14006, CVE-2013-7442, CVE-2002-2446, CVE-2004-2777, CVE-2017-14008, CVE-2014-7233, CVE-2010-5310, CVE-2017-14004, CVE-2012-6695, CVE-2013-7404, CVE-2012-6694, CVE-2017-14002, CVE-2010-5307, CVE-2010-5309, CVE-2001-1594, CVE-2011-5322
db:	ICS CERT	ids:	ICSMA-18-037-02

Medical device vulnerabilities Related entries in the VARIoT vulnerabilities database: VAR-201508-0597, VAR-201508-0003, VAR-201508-0020, VAR-201508-0019, VAR-201508-0018, VAR-201508-0596, VAR-201508-0001, VAR-201508-0151, VAR-201508-0002, VAR-201508-0004, VAR-201508-0006, VAR-201508-0007, VAR-201803-0185, VAR-201803-0183, VAR-201508-0275, VAR-201508-0008, VAR-201508-0009, VAR-201508-0011 Trust: 3.5 Fetched: Nov. 16, 2021, 1:27 p.m., Published: -	Vulnerabilities: default password, default credentials

Affected products

External IDs

db:

ICS CERT

ids:

ICSMA-18-037-02

7 Network Vulnerability Scanner for Small to Enterprise Business Trust: 3.5 Fetched: Nov. 16, 2021, 1:27 p.m., Published: -	Vulnerabilities: sql injection, weak password

Affected products

External IDs

vendor:	cisco	model:	guard
vendor:	cisco	model:	umbrella
vendor:	cisco	model:	routers

NVD - CVE-2021-1619 Related entries in the VARIoT vulnerabilities database: VAR-202109-0245 Trust: 5.25 Fetched: Nov. 16, 2021, 1:27 p.m., Published: -	Vulnerabilities: memory corruption, denial of service

Affected products

External IDs

vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	series
vendor:	cisco	model:	cisco systems
vendor:	cisco systems	model:	cisco ios xe
vendor:	cisco systems	model:	cisco ios
vendor:	cisco systems	model:	ios xe software
vendor:	cisco systems	model:	ios xe
vendor:	cisco systems	model:	series
vendor:	cisco systems	model:	cisco systems

db:

NVD

ids:

CVE-2021-1619

NVD - CVE-2021-34730 Related entries in the VARIoT vulnerabilities database: VAR-202108-0848 Trust: 5.5 Fetched: Nov. 16, 2021, 1:27 p.m., Published: Jan. 3, 2022, midnight	Vulnerabilities: buffer overflow, improper validation, denial of service

Affected products

External IDs

vendor:	cisco systems	model:	rv110w_wireless-n_vpn_firewall
vendor:	cisco systems	model:	rv215w
vendor:	cisco systems	model:	application_extension_platform
vendor:	cisco systems	model:	cisco small business
vendor:	cisco systems	model:	routers
vendor:	cisco systems	model:	rv130
vendor:	cisco systems	model:	rv215w_wireless-n_vpn_router_firmware
vendor:	cisco systems	model:	small business
vendor:	cisco systems	model:	cisco systems
vendor:	cisco systems	model:	rv110w_wireless-n_vpn_firewall_firmware
vendor:	cisco systems	model:	rv110w
vendor:	cisco systems	model:	rv215w_wireless-n_vpn_router
vendor:	cisco systems	model:	rv130w_wireless-n_multifunction_vpn_router_firmware
vendor:	cisco systems	model:	rv130_vpn_router_firmware
vendor:	cisco systems	model:	rv130w_wireless-n_multifunction_vpn_router
vendor:	cisco systems	model:	rv130w
vendor:	cisco	model:	rv110w_wireless-n_vpn_firewall
vendor:	cisco	model:	rv215w
vendor:	cisco	model:	application_extension_platform
vendor:	cisco	model:	cisco small business
vendor:	cisco	model:	routers
vendor:	cisco	model:	rv130
vendor:	cisco	model:	rv215w_wireless-n_vpn_router_firmware
vendor:	cisco	model:	small business
vendor:	cisco	model:	cisco systems
vendor:	cisco	model:	rv110w_wireless-n_vpn_firewall_firmware
vendor:	cisco	model:	rv110w
vendor:	cisco	model:	rv215w_wireless-n_vpn_router
vendor:	cisco	model:	rv130w_wireless-n_multifunction_vpn_router_firmware
vendor:	cisco	model:	rv130_vpn_router_firmware
vendor:	cisco	model:	rv130w_wireless-n_multifunction_vpn_router
vendor:	cisco	model:	rv130w

db:

NVD

ids:

CVE-2021-34730

Three dangerous vulnerabilities in Google Chrome \| Kaspersky official blog Trust: 5.75 Fetched: Nov. 16, 2021, 1:27 p.m., Published: -	Vulnerabilities: code execution

Affected products

External IDs

vendor:	google	model:	google chrome
vendor:	google	model:	chrome

db:

NVD

ids:

CVE-2021-37976, CVE-2021-37975, cve-2021-40449, CVE-2021-37974

CVE security vulnerability database. Security vulnerabilities, exploits, references and more Trust: 5.25 Fetched: Nov. 16, 2021, 1:27 p.m., Published: -	Vulnerabilities: memory overwrite, buffer overflow, code execution...

Affected products

External IDs

vendor:	samsung	model:	mobile
vendor:	samsung	model:	mobile devices n
vendor:	samsung	model:	mobile devices
vendor:	samsung	model:	samsung mobile
vendor:	samsung	model:	mobile devices p
vendor:	samsung	model:	samsung
vendor:	samsung	model:	exynos
vendor:	google	model:	android
vendor:	google	model:	wifi

db:	NVD	ids:	CVE-2019-1010298, CVE-2020-0080, CVE-2019-20607, CVE-2019-20622, CVE-2019-20567, CVE-2020-0229, CVE-2019-1010297, CVE-2020-0278, CVE-2019-1010200, CVE-2020-0002, CVE-2019-20586, CVE-2019-20587, CVE-2019-20583, CVE-2020-0267, CVE-2020-0225, CVE-2020-0071, CVE-2020-0117, CVE-2020-0070, CVE-2019-1010260, CVE-2020-0072, CVE-2019-20588, CVE-2019-20585, CVE-2020-0253, CVE-2020-0339, CVE-2019-20610, CVE-2020-0240, CVE-2020-0099, CVE-2020-0252, CVE-2019-1010296, CVE-2019-20537, CVE-2019-20584, CVE-2020-0123, CVE-2020-0245, CVE-2019-20451, CVE-2019-20621, CVE-2019-20605, CVE-2020-0224, CVE-2019-20545, CVE-2019-20893, CVE-2009-1234, CVE-2019-25029, CVE-2020-0103, CVE-2020-0073, CVE-2019-20478, CVE-2019-20467, CVE-2019-20589, CVE-2019-20427, CVE-2019-20611, CVE-2020-0283, CVE-2020-0032, CVE-2019-25024
db:	SAMSUNG	ids:	SVE-2019-15283, SVE-2019-14651, SVE-2019-14867, SVE-2019-14847, SVE-2019-14851, SVE-2019-13963, SVE-2019-13910, SVE-2019-14126, SVE-2019-14892, SVE-2018-13188, SVE-2019-14666, SVE-2019-14864, SVE-2019-14993, SVE-2018-13187, SVE-2019-14891, SVE-2019-14850, SVE-2019-14071

VARIoT news about IoT security