VARIoT latest news about IoT security

Critical Bug Could Allow Remote Snooping Via Millions of Devices - Infosecurity Magazine Trust: 4.25 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 18, 2021, 10:06 a.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2021-28372

Honeywell Critical Vulnerabilities Discovered in Experion PKS Trust: 3.75 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 7, 2021, 11:17 a.m.	Vulnerabilities: denial of service, path traversal, code execution

Affected products

External IDs

vendor:	honeywell	model:	experion process knowledge system
vendor:	honeywell	model:	honeywell experion process knowledge system
vendor:	honeywell	model:	experion

Millions of IoT Devices Vulnerable to Cloud Platform Flaws Trust: 4.25 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 18, 2021, 3:20 p.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2021-28372

Millions Of IOT Devices Are Identified with Critical Vulnerability - CyberWorkx Trust: 3.0 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 18, 2021, 4:39 p.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2021-28372

Update your Apple devices now. New Pegasus hack prompts company to issue new software to fix iMessage vulnerability. Trust: 3.75 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 13, 2021, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:

apple

model:

iphone

Microsoft acknowledges Windows zero-day vulnerability based on malicious Office files - OnMSFT.com Related entries in the VARIoT vulnerabilities database: VAR-202109-1909 Trust: 4.25 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 8, 2021, 2:27 p.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2021-40444

Realtek-based routers, smart devices are being gobbled up by a voracious botnet \| Malwarebytes Labs Related entries in the VARIoT vulnerabilities database: VAR-202104-0768 Trust: 4.5 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 24, 2021, 1:36 p.m.	Vulnerabilities: denial of service, command injection

Affected products

External IDs

vendor:	orange	model:	web server
vendor:	huawei	model:	huawei
vendor:	belkin	model:	router
vendor:	asustek	model:	asus
vendor:	asustek	model:	router
vendor:	asus	model:	asus
vendor:	asus	model:	router
vendor:	d-link	model:	router
vendor:	realtek	model:	realtek sdk
vendor:	buffalo	model:	router
vendor:	netgear	model:	router

db:

NVD

ids:

CVE-2021-35395, CVE-2021-20090

Microsoft finds new macOS vulnerability, Shrootless, that could bypass System Integrity Protection Related entries in the VARIoT vulnerabilities database: VAR-202108-2056 Trust: 3.75 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 28, 2021, 4 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

macos

db:

NVD

ids:

CVE-2021-30892

Multiple attempts to exploit Realtek vulnerabilities discovered by our researchers - SAM Seamless Network Related entries in the VARIoT vulnerabilities database: VAR-202104-0768 Trust: 5.75 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 19, 2021, 2:31 p.m.	Vulnerabilities: command injection

Affected products

External IDs

vendor:	paloaltonetworks	model:	networks
vendor:	paloaltonetworks	model:	palo alto networks
vendor:	palo	model:	networks
vendor:	palo	model:	palo alto networks
vendor:	palo alto networks	model:	networks
vendor:	palo alto networks	model:	palo alto networks
vendor:	realtek	model:	realtek sdk

db:

NVD

ids:

CVE-2021-35395, CVE-2021-20090

Researchers Develop Toolkit to Test Apple Security, Find Vulnerability • Electrical and Computer Engineering Trust: 4.0 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 13, 2021, 4:26 p.m.	Vulnerabilities: timing attack

Affected products

External IDs

vendor:

apple

model:

iphone

Here's how hackers exploit IoT device vulnerabilities to invade hardware Trust: 3.0 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 19, 2021, 9:50 a.m.	Vulnerabilities: -

Affected products	External IDs

Update Your Apple Devices to Avoid This Zero-Click Malware \| Tech.co Trust: 3.0 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 14, 2021, 8:33 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

iphone

Severe Bugs in Realtek SDK Affects Around Millions of IoT Devices Trust: 6.5 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 17, 2021, 7:18 p.m.	Vulnerabilities: buffer overflow, command execution, memory corruption...

Affected products

External IDs

vendor:

realtek

model:

realtek sdk

db:

NVD

ids:

CVE-2021-35394, CVE-2021-35393, CVE-2021-35392, CVE-2021-35395

CVE-2021-30860: Fix Your Apple Device against the FORCEDENTRY Zero-Day Related entries in the VARIoT vulnerabilities database: VAR-202108-1057 Trust: 5.5 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 14, 2021, 10:16 a.m.	Vulnerabilities: integer overflow, buffer overflow, code execution

Affected products

External IDs

vendor:	apple	model:	iphone
vendor:	apple	model:	watchos

db:

NVD

ids:

CVE-2019-3568, CVE-2021-30860

65 vendors affected by severe vulnerabilities in Realtek chips - Help Net Security Trust: 4.75 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 16, 2021, 10:36 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	asustek	model:	wireless routers
vendor:	realtek	model:	realtek sdk

db:

NVD

ids:

CVE-2021-35394, CVE-2021-35393, CVE-2021-35392, CVE-2021-35395

Apple IOS Zero-day Vulnerabilities AreRunning Rampant in 2021 Related entries in the VARIoT vulnerabilities database: VAR-202108-2172, VAR-202108-1057 Trust: 4.0 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 14, 2021, 2:55 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

macos

db:

NVD

ids:

CVE-2021-30858, CVE-2021-30860

Top 10 Network Vulnerabilities to Watch Out Trust: 4.25 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 15, 2021, 3:01 p.m.	Vulnerabilities: denial of service, injection attack, cross-site scripting...

Affected products

External IDs

vendor:	apple	model:	watch
vendor:	google	model:	wifi
vendor:	google	model:	home
vendor:	essential	model:	phone

Apple patches zero-click vulnerability discovered by Canadian researchers \| IT World Canada News Related entries in the VARIoT vulnerabilities database: VAR-202108-1057, VAR-202108-2172 Trust: 4.5 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 14, 2021, 1:28 p.m.	Vulnerabilities: code execution, integer overflow

Affected products

External IDs

vendor:	apple	model:	webkit
vendor:	apple	model:	ipad
vendor:	apple	model:	ipod touch
vendor:	apple	model:	watchos
vendor:	apple	model:	ipad air
vendor:	apple	model:	safari
vendor:	apple	model:	macos
vendor:	apple	model:	iphone
vendor:	google	model:	android

db:

NVD

ids:

CVE-2021-30860, CVE-2019-3568, CVE-2021-30858

Vulnerability Allows Remote Hacking of Annke Video Surveillance Product \| SecurityWeek.Com Trust: 4.75 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 16, 2022, midnight	Vulnerabilities: cross-site request forgery, request forgery, denial of service...

Affected products

External IDs

vendor:

realtek

model:

realtek sdk

db:

NVD

ids:

CVE-2021-32941

A Vulnerability In an NPM Package Could Allow for Remote Code Execution Trust: 5.25 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 7, 2022, 7:33 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:

node.js

model:

node.js

VARIoT news about IoT security