VARIoT latest news about IoT security

Hundreds Of Millions Of Devices At Risk From New Software Vulnerability \| iHeart Trust: 3.0 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 14, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

icloud

Apache log4j Vulnerability CVE-2021-44228: Analysis and Mitigations Related entries in the VARIoT vulnerabilities database: VAR-202112-1782, VAR-202112-0566, VAR-202112-2011, VAR-202112-0562, VAR-201704-1589, VAR-201912-0889 Trust: 5.25 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 10, 2021, 9 p.m.	Vulnerabilities: denial of service, code execution, code injection

Affected products

External IDs

vendor:	canary	model:	canary
vendor:	palo	model:	networks
vendor:	palo	model:	firewall
vendor:	palo	model:	palo alto networks
vendor:	palo alto networks	model:	networks
vendor:	palo alto networks	model:	firewall
vendor:	palo alto networks	model:	palo alto networks
vendor:	snort	model:	snort

db:

NVD

ids:

CVE-2021-45105, CVE-2021-44228, CVE-2021-44832, CVE-2021-45046, CVE-2017-5645, CVE-2019-17571

Mobile vulnerabilities: What they are and how they impact the enterprise Trust: 3.0 Fetched: Dec. 16, 2021, 3:47 p.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

android

The Top 5 Bluetooth Security Vulnerabilities Trust: 4.75 Fetched: Dec. 16, 2021, 3:47 p.m., Published: -	Vulnerabilities: denial of service

Affected products

External IDs

vendor:

raspberry pi

model:

3

Smart Yet Flawed: IoT Device Vulnerabilities Explained - Security News Related entries in the VARIoT vulnerabilities database: VAR-202003-1707 Trust: 4.25 Fetched: Dec. 16, 2021, 3:47 p.m., Published: -	Vulnerabilities: denial of service, default credentials

Affected products

External IDs

vendor:	serve	model:	serve
vendor:	trend micro	model:	home network security
vendor:	trend micro	model:	security
vendor:	sonos	model:	sonos
vendor:	trend	model:	home network security
vendor:	trend	model:	security

db:

NVD

ids:

CVE-2020-9054

DHS CISA: Serious Vulnerabilities Found in 6 Medical Device Systems Trust: 3.5 Fetched: Dec. 16, 2021, 3:47 p.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	baxter	model:	prismax
vendor:	baxter	model:	prismaflex
vendor:	baxter	model:	spectrum infusion system
vendor:	baxter	model:	wireless battery module

Moxa NPort Device Vulnerabilities (Update B) \| CISA Related entries in the VARIoT vulnerabilities database: VAR-201702-0860, VAR-201702-0862, VAR-201702-0593, VAR-201702-0594, VAR-201702-0595, VAR-201702-0596, VAR-201702-0597, VAR-201702-0851 Trust: 4.75 Fetched: Dec. 16, 2021, 3:47 p.m., Published: -	Vulnerabilities: request forgery, code execution, cross-site request forgery...

Affected products

External IDs

vendor:	moxa	model:	nport 5600 series
vendor:	moxa	model:	nport 5200a series
vendor:	moxa	model:	nport 5600-dt/dtl
vendor:	moxa	model:	nport 5400 series
vendor:	moxa	model:	nport p5150a
vendor:	moxa	model:	nport
vendor:	moxa	model:	nport 5200a
vendor:	moxa	model:	nport 5100a series
vendor:	moxa	model:	nport 5100a
vendor:	moxa	model:	nport 5200 series
vendor:	moxa	model:	nport p5150a series
vendor:	moxa	model:	nport 5x50ai-m12
vendor:	moxa	model:	moxa
vendor:	moxa	model:	nport 5100 series

db:	ICS CERT	ids:	ICSA-16-336-02
db:	ICS CERT ALERT	ids:	ICS-ALERT-10-301-01, ICS-ALERT-16-099-01B, ICS-ALERT-16-099-01A, ICS-ALERT-16-099-01
db:	US CERT	ids:	ICSA-16-336-02

Insulin pumps among millions of devices facing risk from newly disclosed cyber vulnerability, IBM says \| MedTech Dive Trust: 4.75 Fetched: Dec. 16, 2021, 3:47 p.m., Published: -	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

cve-2020-15858

NVD - CVE-2021-27408 Trust: 4.75 Fetched: Dec. 16, 2021, 3:47 p.m., Published: Jan. 1, 2022, midnight	Vulnerabilities: code execution, information leakage

Affected products

External IDs

db:

NVD

ids:

CVE-2021-27408

Android Devices and Vulnerabilities - SC Dashboard \| Tenable® Trust: 4.0 Fetched: Dec. 16, 2021, 3:47 p.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:

trend

model:

security

Cisco IOS : List of security vulnerabilities Related entries in the VARIoT vulnerabilities database: VAR-201909-0158, VAR-201810-0561, VAR-201903-0559, VAR-202109-0601, VAR-201810-0345, VAR-201903-0571, VAR-201810-0565, VAR-202009-0479, VAR-201810-0569, VAR-201909-0165, VAR-202109-0747, VAR-201909-0160, VAR-201810-0351, VAR-201810-0346, VAR-201909-0184, VAR-202006-1148, VAR-201903-0569, VAR-201903-0563, VAR-202006-1097, VAR-202006-1093, VAR-201901-0473, VAR-202006-1151, VAR-201903-0565, VAR-201909-0181, VAR-201903-0599, VAR-201810-0568, VAR-202103-0545, VAR-202103-0537, VAR-201909-0166, VAR-201909-0186, VAR-201909-1523, VAR-201903-0574, VAR-201903-0595, VAR-202009-1160, VAR-201903-0592, VAR-201810-0339, VAR-202103-0540, VAR-201903-0600, VAR-202103-0550, VAR-201903-0558, VAR-202006-1150, VAR-201810-0567, VAR-201909-0161, VAR-201903-0597, VAR-202006-1095, VAR-202006-1098, VAR-201903-0567, VAR-202006-1092, VAR-202006-1084, VAR-201903-0596 Trust: 5.25 Fetched: Dec. 16, 2021, 3:47 p.m., Published: -	Vulnerabilities: memory corruption, denial of service, improper memory handling...

Affected products

External IDs

vendor:	cisco	model:	hsrp
vendor:	cisco	model:	nx-os
vendor:	cisco	model:	ios software
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	series switches
vendor:	cisco	model:	routers
vendor:	cisco	model:	4451-x
vendor:	cisco	model:	integrated services router
vendor:	cisco	model:	integrated services routers
vendor:	cisco	model:	catalyst 2960-l series switches
vendor:	cisco	model:	catalyst 6500 series
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	cisco iox
vendor:	cisco	model:	ios xr
vendor:	cisco	model:	iox application
vendor:	cisco	model:	nx-os software
vendor:	cisco	model:	ios xr software
vendor:	cisco	model:	catalyst cdb-8p switches
vendor:	cisco	model:	catalyst
vendor:	cisco	model:	catalyst 6500
vendor:	cisco	model:	cisco nx-os
vendor:	cisco	model:	isr g2
vendor:	cisco	model:	isr4451
vendor:	cisco	model:	isr4451-x
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	cisco iox application
vendor:	cisco	model:	4451-x integrated services router
vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	industrial integrated services routers
vendor:	cisco	model:	cisco ios xr
vendor:	cisco	model:	series
vendor:	cisco	model:	router

db:

NVD

ids:

CVE-2019-12649, CVE-2018-15369, CVE-2019-1748, CVE-2021-34705, CVE-2018-0473, CVE-2019-1756, CVE-2018-15373, CVE-2019-16009, CVE-2018-15377, CVE-2019-12655, CVE-2021-34699, CVE-2019-12650, CVE-2018-0485, CVE-2018-0475, CVE-2019-12670, CVE-2020-3201, CVE-2019-1758, CVE-2019-1752, CVE-2020-3230, CVE-2020-3226, CVE-2018-0484, CVE-2020-3200, CVE-2019-1757, CVE-2019-12668, CVE-2019-1739, CVE-2018-15376, CVE-2021-1385, CVE-2021-1392, CVE-2019-12656, CVE-2019-12672, CVE-2019-12665, CVE-2019-1762, CVE-2019-1746, CVE-2020-3476, CVE-2019-1737, CVE-2018-0466, CVE-2021-1377, CVE-2019-1738, CVE-2009-1234, CVE-2021-1391, CVE-2019-1761, CVE-2020-3204, CVE-2018-15375, CVE-2019-12651, CVE-2019-1740, CVE-2020-3228, CVE-2020-3231, CVE-2019-1751, CVE-2020-3225, CVE-2020-3217, CVE-2019-1747

Series of Zero-Day Vulnerabilities Could Endanger 200 Million Devices Related entries in the VARIoT vulnerabilities database: VAR-202112-0566 Trust: 3.5 Fetched: Dec. 16, 2021, 3:47 p.m., Published: -	Vulnerabilities: code execution, denial of service, information leak

Affected products

External IDs

db:

NVD

ids:

cve-2021-44228, CVE-2021-44228

NVD - CVE-2020-9054 Related entries in the VARIoT vulnerabilities database: VAR-202003-1707 Trust: 3.75 Fetched: Dec. 16, 2021, 3:47 p.m., Published: Jan. 5, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	zyxel	model:	usg310
vendor:	zyxel	model:	usg60
vendor:	zyxel	model:	vpn300
vendor:	zyxel	model:	zywall1100
vendor:	zyxel	model:	usg60w_firmware
vendor:	zyxel	model:	usg60w
vendor:	zyxel	model:	vpn1000
vendor:	zyxel	model:	nas542_firmware
vendor:	zyxel	model:	usg20-vpn_firmware
vendor:	zyxel	model:	vpn100_firmware
vendor:	zyxel	model:	nas520
vendor:	zyxel	model:	vpn100
vendor:	zyxel	model:	usg20w-vpn
vendor:	zyxel	model:	usg20w-vpn_firmware
vendor:	zyxel	model:	zywall1100_firmware
vendor:	zyxel	model:	atp100_firmware
vendor:	zyxel	model:	usg110_firmware
vendor:	zyxel	model:	zywall110_firmware
vendor:	zyxel	model:	usg310_firmware
vendor:	zyxel	model:	vpn1000_firmware
vendor:	zyxel	model:	usg40w_firmware
vendor:	zyxel	model:	zywall310
vendor:	zyxel	model:	vpn300_firmware
vendor:	zyxel	model:	usg1100_firmware
vendor:	zyxel	model:	nas542
vendor:	zyxel	model:	vpn50
vendor:	zyxel	model:	vpn50_firmware
vendor:	zyxel	model:	nas326_firmware
vendor:	zyxel	model:	usg1900
vendor:	zyxel	model:	usg210_firmware
vendor:	zyxel	model:	usg1100
vendor:	zyxel	model:	atp500_firmware
vendor:	zyxel	model:	atp100
vendor:	zyxel	model:	nas326
vendor:	zyxel	model:	usg60_firmware
vendor:	zyxel	model:	zywall110
vendor:	zyxel	model:	atp200_firmware
vendor:	zyxel	model:	zywall310_firmware
vendor:	zyxel	model:	usg1900_firmware
vendor:	zyxel	model:	nas520_firmware
vendor:	zyxel	model:	usg210
vendor:	zyxel	model:	usg20-vpn
vendor:	zyxel	model:	usg40
vendor:	zyxel	model:	usg2200_firmware
vendor:	zyxel	model:	usg2200
vendor:	zyxel	model:	usg40_firmware
vendor:	zyxel	model:	atp500
vendor:	zyxel	model:	nas540_firmware
vendor:	zyxel	model:	usg110
vendor:	zyxel	model:	atp200
vendor:	zyxel	model:	atp800_firmware
vendor:	zyxel	model:	nas540
vendor:	zyxel	model:	atp800
vendor:	zyxel	model:	usg40w

db:

NVD

ids:

CVE-2020-9054

Bluetooth Spoofing Bug Affects Billions of IoT Devices \| Threatpost Related entries in the VARIoT vulnerabilities database: VAR-202004-1957 Trust: 3.25 Fetched: Dec. 16, 2021, 3:47 p.m., Published: -	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

cve-2020-9770, CVE-2020-9770

Recent Cyberattack Reveals Reality of Smart Home Device Vulnerability Trust: 3.5 Fetched: Dec. 16, 2021, 3:47 p.m., Published: -	Vulnerabilities: denial of service, default password

Affected products	External IDs

Medical device vulnerability scoring flaws put patients’ lives at risk Related entries in the VARIoT vulnerabilities database: VAR-201906-1020 Trust: 4.0 Fetched: Dec. 16, 2021, 3:47 p.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:

medtronic

model:

paradigm

db:

NVD

ids:

CVE-2019-10964

Billions of devices affected by UPnP vulnerability - Naked Security Related entries in the VARIoT vulnerabilities database: VAR-202006-0391 Trust: 3.25 Fetched: Dec. 16, 2021, 3:47 p.m., Published: -	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2020-12695

Top 15 Paid and Free Vulnerability Scanner Tools - DNSstuff Trust: 3.25 Fetched: Dec. 16, 2021, 3:47 p.m., Published: -	Vulnerabilities: sql injection, path traversal, cross-site scripting...

Affected products

External IDs

vendor:	tripwire	model:	ip360
vendor:	wireshark	model:	wireshark

IP-in-IP Vulnerability Affects Devices From Cisco and Others \| SecurityWeek.Com Related entries in the VARIoT vulnerabilities database: VAR-202006-0258 Trust: 4.5 Fetched: Dec. 16, 2021, 3:47 p.m., Published: Jan. 15, 2022, midnight	Vulnerabilities: information leak, process crash

Affected products

External IDs

vendor:	digi	model:	saros
vendor:	cisco	model:	nx-os
vendor:	cisco	model:	firepower
vendor:	cisco	model:	mds 9000
vendor:	cisco	model:	nx-os software
vendor:	cisco	model:	nexus 9000
vendor:	cisco	model:	series
vendor:	cisco	model:	1000v
vendor:	cisco	model:	firepower 2100
vendor:	cisco	model:	nexus 9000 series
vendor:	cisco	model:	nexus
vendor:	cisco	model:	firepower 9300
vendor:	cisco	model:	mds 9000 series
vendor:	hewlett packard enterprise	model:	hewlett packard enterprise
vendor:	hewlett packard enterprise	model:	switches
vendor:	hewlett packard enterprise	model:	9000
vendor:	hewlett packard enterprise	model:	hewlett packard
vendor:	hewlett packard enterprise	model:	1000 series
vendor:	hewlett packard	model:	hewlett packard enterprise
vendor:	hewlett packard	model:	switches
vendor:	hewlett packard	model:	9000
vendor:	hewlett packard	model:	hewlett packard
vendor:	hewlett packard	model:	1000 series
vendor:	digi international	model:	saros

db:

NVD

ids:

CVE-2020-10136

2 Million IoT Devices Vulnerable to Complete Takeover \| Threatpost Related entries in the VARIoT vulnerabilities database: VAR-202012-0977 Trust: 3.25 Fetched: Dec. 16, 2021, 3:47 p.m., Published: -	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2020-29583, CVE-2019-11220, CVE-2019-11219

VARIoT news about IoT security