Sign-up

VARIoT news about IoT security

New Vulnerability Could Put IoT Devices at Risk

Trust: 3.75

Fetched: Nov. 9, 2021, 12:59 p.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2020-15858

Medical Device Vulnerability in GE Anesthesia and Respiratory Devices - SystemTek

Trust: 4.75

Fetched: Nov. 9, 2021, 12:59 p.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: ge healthcare model: aespire
vendor: ge healthcare model: aestiva
db: NVD ids: CVE-2019-10337

How to resolve the 'Rom-0 vulnerability found' alert | Avast

Related entries in the VARIoT vulnerabilities database: VAR-202002-0775

Trust: 3.5

Fetched: Nov. 9, 2021, 12:59 p.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: safari
vendor: google model: home
vendor: google model: google chrome
vendor: google model: chrome
db: NVD ids: CVE-2014-4019

NVD - CVE-2021-40124

Related entries in the VARIoT vulnerabilities database: VAR-202111-0412

Trust: 3.75

Fetched: Nov. 9, 2021, 12:59 p.m., Published: Jan. 3, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco systems model: cisco systems
vendor: cisco systems model: anyconnect secure mobility client
vendor: cisco systems model: anyconnect_secure_mobility_client
vendor: cisco systems model: cisco anyconnect secure mobility client
vendor: cisco model: cisco systems
vendor: cisco model: anyconnect secure mobility client
vendor: cisco model: anyconnect_secure_mobility_client
vendor: cisco model: cisco anyconnect secure mobility client
db: NVD ids: CVE-2021-40124

NVD - CVE-2021-34741

Trust: 5.5

Fetched: Nov. 9, 2021, 12:59 p.m., Published: Jan. 3, 2022, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco systems model: email security appliance
vendor: cisco systems model: cisco systems
vendor: cisco systems model: asyncos
vendor: cisco systems model: asyncos software
vendor: cisco systems model: cisco email security appliance
vendor: cisco systems model: cisco asyncos
vendor: cisco model: email security appliance
vendor: cisco model: cisco systems
vendor: cisco model: asyncos
vendor: cisco model: asyncos software
vendor: cisco model: cisco email security appliance
vendor: cisco model: cisco asyncos
db: NVD ids: CVE-2021-34741

FabulaTech USB device vulnerability exposes devices to risk - TechRepublic

Trust: 3.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 15, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: home
db: NVD ids: CVE-2002-9332, CVE-2020-9332

PTES Technical Guidelines - The Penetration Testing Execution Standard

Trust: 4.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 1, 2022, midnight
 Vulnerabilities: replay attack, data injection, file inclusion...
Affected productsExternal IDs
vendor: essential model: phone
vendor: novell model: client
vendor: novell model: netware
vendor: sony computer entertainment model: camera
vendor: netgear model: router
vendor: serve model: serve
vendor: barracuda model: running
vendor: barracuda model: web application firewall
vendor: barracuda model: barracuda
vendor: citrix model: gateway
vendor: rapid model: scada
vendor: aircrack-ng model: aircrack-ng
vendor: cisco systems model: guard
vendor: cisco systems model: cisco ios
vendor: cisco systems model: router
vendor: cisco systems model: wireless access point
vendor: cisco systems model: ip phone
vendor: cisco systems model: catalyst
vendor: cisco systems model: meeting
vendor: cisco systems model: network access control
vendor: cisco systems model: access points
vendor: cisco systems model: routers
vendor: cisco systems model: cisco systems
vendor: cisco systems model: hsrp
vendor: cisco systems model: series
vendor: cisco systems model: eigrp
vendor: cisco systems model: support tools
vendor: cisco systems model: leap
vendor: asterisk model: open source
vendor: canary model: canary
vendor: wireshark model: wireshark
vendor: sonicwall model: switch
vendor: sonicwall model: analyzer
vendor: sonicwall model: web application firewall
vendor: google model: wifi
vendor: google model: home
vendor: cisco model: guard
vendor: cisco model: cisco ios
vendor: cisco model: router
vendor: cisco model: wireless access point
vendor: cisco model: ip phone
vendor: cisco model: catalyst
vendor: cisco model: meeting
vendor: cisco model: network access control
vendor: cisco model: access points
vendor: cisco model: routers
vendor: cisco model: cisco systems
vendor: cisco model: hsrp
vendor: cisco model: series
vendor: cisco model: eigrp
vendor: cisco model: support tools
vendor: cisco model: leap
vendor: mesh model: mesh
vendor: hewlett packard model: hp-ux
vendor: hewlett packard model: integrity
vendor: hewlett packard model: stream
vendor: hewlett packard model: switches
vendor: hewlett packard model: hewlett packard
vendor: palo model: firewall
vendor: palo model: networks
vendor: sony model: camera
vendor: modbus model: slave

Internet of things - Wikipedia

Trust: 4.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 1, 2022, midnight
 Vulnerabilities: injection attack, default credentials, weak password...
Affected productsExternal IDs
vendor: huawei model: huawei
vendor: huawei model: smart phones
vendor: serve model: serve
vendor: rising model: antivirus
vendor: home assistant model: assistant
vendor: schneider model: concept
vendor: schneider model: software update
vendor: schneider model: modbus
vendor: schneider model: monitor
vendor: samsung smartthings model: printers
vendor: samsung smartthings model: samsung
vendor: samsung smartthings model: smartthings hub
vendor: samsung smartthings model: mobile
vendor: samsung smartthings model: note
vendor: samsung smartthings model: mobile devices
vendor: samsung smartthings model: notes
vendor: smartthings model: smartthings hub
vendor: samsung model: printers
vendor: samsung model: samsung
vendor: samsung model: smartthings hub
vendor: samsung model: mobile
vendor: samsung model: note
vendor: samsung model: mobile devices
vendor: samsung model: notes
vendor: lenovo model: updates
vendor: lenovo model: edge
vendor: lenovo model: system
vendor: mikrotik model: mikrotik
vendor: mikrotik model: routers
vendor: domoticz model: domoticz
vendor: mesh model: mesh
vendor: trend model: security
vendor: trend model: antivirus
vendor: cisco systems model: meeting
vendor: cisco systems model: routers
vendor: cisco systems model: cisco systems
vendor: cisco systems model: h
vendor: cisco systems model: service management
vendor: cisco systems model: series
vendor: cisco systems model: spark
vendor: google model: google home
vendor: google model: android
vendor: google model: home
vendor: cisco model: meeting
vendor: cisco model: routers
vendor: cisco model: cisco systems
vendor: cisco model: h
vendor: cisco model: service management
vendor: cisco model: series
vendor: cisco model: spark
vendor: ring model: ring
vendor: sony model: camera
vendor: sony model: playstation 3
vendor: sony model: playstation
vendor: notion model: bridge
vendor: dahua model: camera
vendor: apple model: iphone
vendor: apple model: watch

Details Disclosed for Critical Vulnerability in Sophos Appliances | SecurityWeek.Com

Trust: 5.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 15, 2022, midnight
 Vulnerabilities: privilege escalation, code execution
Affected productsExternal IDs
vendor: sophos model: cyberoam
db: NVD ids: CVE-2020-25223

A New Citrix Device Vulnerability Has Been Discovered

Trust: 3.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: citrix model: application delivery controller
vendor: citrix model: gateway
vendor: citrix model: sd-wan wanop
db: NVD ids: CVE-2019-19781

ManageEngine NetFlow Analyzer Read Me

Related entries in the VARIoT vulnerabilities database: VAR-201806-1164, VAR-201806-1163, VAR-201911-1328

Trust: 4.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 17, 2022, midnight
 Vulnerabilities: sql injection, cross-site scripting, code execution...
Affected productsExternal IDs
vendor: essential model: phone
vendor: huawei model: huawei
vendor: huawei model: webui
vendor: trend model: security
vendor: axis model: axis
vendor: pfsense model: pfsense
vendor: zoho model: manageengine oputils
vendor: zoho model: manageengine applications manager
vendor: zoho model: manageengine opmanager
vendor: zoho model: manageengine netflow analyzer
vendor: zoho model: opmanager
vendor: zoho model: oputils
vendor: zoho model: manageengine servicedesk plus
vendor: google model: nexus
vendor: google model: android
vendor: google model: google chrome
vendor: google model: chrome
vendor: aruba model: instant
vendor: cisco model: cisco ios
vendor: cisco model: router
vendor: cisco model: nexus
vendor: cisco model: quad
vendor: cisco model: access points
vendor: cisco model: aireos
vendor: cisco model: routers
vendor: cisco model: technical support
vendor: cisco model: wireless lan controller
vendor: cisco model: wide area application services
vendor: cisco model: wireless lan controllers
vendor: cisco model: series
vendor: cisco model: wireless controller
vendor: cisco model: cisco routers
vendor: cisco model: spark
vendor: palo model: firewall
vendor: palo model: networks
vendor: jquery model: jquery
db: NVD ids: CVE-2019-8929, CVE-2019-7427, CVE-2018-12998, CVE-2018-12997, CVE-2019-7423, CVE-2018-10803, CVE-2020-11946, CVE-2019-8926, CVE-2019-12196, CVE-2020-12116, CVE-2021-20078, CVE-2021-3287, CVE-2021-41075, CVE-2019-8927, CVE-2019-17421, CVE-2018-19403, CVE-2019-7425, CVE-2019-7424, CVE-2020-10541, CVE-2017-11560, CVE-2019-8928, CVE-2019-7422, CVE-2019-7426, CVE-2008-0128, CVE-2021-44514, CVE-2019-8925

New BrakTooth Flaws Leave Millions of Bluetooth-enabled Devices Vulnerable

Trust: 4.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 2, 2021, 12:29 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-28139

NETGEAR Patches Severe Vulnerabilities in Business Switches | SecurityWeek.Com

Trust: 3.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 15, 2022, midnight
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: netgear model: netgear router
vendor: netgear model: netgear router firmware
vendor: netgear model: gs750e
vendor: netgear model: router
vendor: netgear model: gs752tpp
vendor: netgear model: gs728tppv2

Top 10 IoT Security Issues: Ransom, Botnet Attacks, Spying

Trust: 4.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: serve model: serve
vendor: trend model: security

NVD - CVE-2021-1592

Trust: 5.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 3, 2022, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco systems model: ucs manager
vendor: cisco systems model: cisco systems
vendor: cisco systems model: cisco ucs manager
vendor: cisco systems model: unified_computing_system
vendor: cisco model: ucs manager
vendor: cisco model: cisco systems
vendor: cisco model: cisco ucs manager
vendor: cisco model: unified_computing_system
db: NVD ids: CVE-2021-1592

Device Vulnerabilities in the Connected Home

Related entries in the VARIoT vulnerabilities database: VAR-201505-0274

Trust: 6.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: command execution, command injection, buffer overflow...
Affected productsExternal IDs
vendor: realtek model: realtek sdk
vendor: d-link model: eyeon baby monitor
vendor: d-link model: dcs-825l
vendor: d-link model: router
vendor: buffalo model: wsr-300hp
vendor: buffalo model: router
vendor: trend micro model: security
vendor: trend micro model: home network security
vendor: dahua model: ptz camera
vendor: dahua model: camera
vendor: dahua model: ip camera
vendor: belkin model: router
vendor: trend model: security
vendor: trend model: home network security
db: NVD ids: CVE-2014-8361

Siemens TCP/IP Stack Vulnerabilities-AMNESIA:33 in SENTRON PAC / 3VA Devices (Update B) | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202012-0245, VAR-202012-0125

Trust: 3.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: sentron pac4200
vendor: siemens model: sentron pac3200
vendor: siemens model: modbus tcp
db: SIEMENS ids: SSA-541018
db: NVD ids: CVE-2020-17437, CVE-2020-13987
db: ICS CERT ids: ICSA-21-068-06
db: US CERT ids: ICSA-21-068-06

Cisco Patches Critical Enterprise NFVIS Vulnerability for Which PoC Exploit Is Available | SecurityWeek.Com

Related entries in the VARIoT vulnerabilities database: VAR-202109-0622

Trust: 5.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 15, 2022, midnight
 Vulnerabilities: code execution, authentication bypass
Affected productsExternal IDs
vendor: cisco model: prime infrastructure
vendor: cisco model: firepower
vendor: cisco model: identity services engine
vendor: cisco model: device manager
vendor: cisco model: routers
vendor: cisco model: prime collaboration provisioning
vendor: cisco model: nexus
vendor: cisco model: prime collaboration
db: NVD ids: CVE-2021-34746

Critical ThroughTek SDK Bug Could Let Attackers Spy On Millions of IoT Devices

Trust: 4.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 18, 2021, 3:48 p.m.
 Vulnerabilities: improper access control, code execution, access control flaw
Affected productsExternal IDs
db: NVD ids: CVE-2021-28372, CVE-2021-32934

IoT: Device Vulnerability & Security Concerns in Wearable Devices

Trust: 3.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 20, 2021, midnight
 Vulnerabilities: data injection, brute force attack, injection attack
Affected productsExternal IDs