VARIoT latest news about IoT security

Vulnerabilities in TCP/IP stack may affect millions of devices, warn researchers \| IT World Canada News Trust: 3.5 Fetched: Nov. 29, 2021, 2:59 p.m., Published: April 15, 2021, 3:56 p.m.	Vulnerabilities: denial of service, code execution

Affected products

External IDs

vendor:	treck	model:	tcp/ip stack
vendor:	siemens	model:	nucleus net
vendor:	siemens	model:	nucleus rtos
vendor:	siemens	model:	vstar
vendor:	siemens	model:	nucleus 4
vendor:	siemens	model:	nucleus readystart
vendor:	siemens	model:	nucleus source code
vendor:	siemens	model:	nucleus

Exclusive: Resecurity discovered 0-day vulnerability in TP-Link Wi-Fi 6 devices - My Blog Trust: 4.75 Fetched: Nov. 29, 2021, 2:59 p.m., Published: Jan. 6, 2022, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:	tp-link	model:	ac1750
vendor:	tp-link	model:	routers

CVE security vulnerability database. Security vulnerabilities, exploits, references and more Related entries in the VARIoT vulnerabilities database: VAR-202111-0656 Trust: 5.25 Fetched: Nov. 29, 2021, 2:59 p.m., Published: -	Vulnerabilities: cross-site request forgery, integer overflow, code execution...

Affected products

External IDs

vendor:	quagga	model:	quagga
vendor:	realtek	model:	rtl8195am
vendor:	node.js	model:	node.js

db:

NVD

ids:

CVE-2021-44219, CVE-2021-43776, CVE-2021-36799, CVE-2021-44140, CVE-2021-43574, CVE-2021-43578, CVE-2021-44094, CVE-2021-43576, CVE-2021-43616, CVE-2021-43996, CVE-2021-44026, CVE-2021-43975, CVE-2021-43669, CVE-2021-44143, CVE-2021-44025, CVE-2021-43620, CVE-2021-43778, CVE-2021-43668, CVE-2021-44036, CVE-2021-44033, CVE-2021-43777, CVE-2021-44150, CVE-2021-43611, CVE-2021-43780, CVE-2021-43617, CVE-2021-43618, CVE-2021-44147, CVE-2021-43571, CVE-2021-44093, CVE-2021-43569, CVE-2021-43997, CVE-2021-43577, CVE-2021-44225, CVE-2021-44144, CVE-2021-43979, CVE-2009-1234, CVE-2021-43667, CVE-2021-43775, CVE-2021-43582, CVE-2021-44038, CVE-2021-44079, CVE-2021-43572, CVE-2021-43573, CVE-2021-43976, CVE-2021-43610, CVE-2021-43575, CVE-2021-43581, CVE-2021-44037, CVE-2021-43977, CVE-2021-43785, CVE-2021-43570, CVE-2021-44223, CVE-2021-33056

Researchers Uncover 125 Vulnerabilities Across 13 Routers and NAS Devices - Slashdot Trust: 3.5 Fetched: Nov. 29, 2021, 2:59 p.m., Published: -	Vulnerabilities: cross-site scripting, sql injection, command injection

Affected products

External IDs

vendor:	totolink	model:	a3002ru
vendor:	netgear	model:	r9000
vendor:	drobo	model:	drobo 5n2
vendor:	buffalo	model:	ts5600d1206

FDA issues warning on medical devices that are vulnerable to cyberattacks Trust: 3.0 Fetched: Nov. 29, 2021, 2:59 p.m., Published: -	Vulnerabilities: denial of service

Affected products	External IDs

Home - Lighttpd - fly light Trust: 3.0 Fetched: Nov. 29, 2021, 2:59 p.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:

lighttpd

model:

lighttpd

Vulnerabilities in MediaTek chips expose millions of Android devices to eavesdropping - Games of News Trust: 3.0 Fetched: Nov. 29, 2021, 2:59 p.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:

check point

model:

check point

Attackers Actively Target Windows Installer Zero-Day \| Threatpost Related entries in the VARIoT vulnerabilities database: VAR-202111-0697 Trust: 3.25 Fetched: Nov. 29, 2021, 2:59 p.m., Published: -	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2021-41379

Netgear Patches Code Execution Vulnerability Affecting Many Products \| All the news of the world, England, Europe, US on the news portal Related entries in the VARIoT vulnerabilities database: VAR-202111-0632 Trust: 5.5 Fetched: Nov. 29, 2021, 2:59 p.m., Published: Jan. 13, 2022, midnight	Vulnerabilities: code execution, buffer overflow

Affected products

External IDs

vendor:	netgear	model:	netgear router
vendor:	netgear	model:	netgear router firmware
vendor:	netgear	model:	router

db:

NVD

ids:

CVE-2021-34991

Windows 11 bug disclosed by researcher unhappy with Microsoft bug bounties \| Windows Central Trust: 4.25 Fetched: Nov. 29, 2021, 2:59 p.m., Published: Nov. 23, 2021, 6:08 p.m.	Vulnerabilities: privilege elevation

Affected products	External IDs

AMD Windows 10 graphics drivers with vulnerabilities (Nov. 2021) \| Born's Tech and Windows World Trust: 4.75 Fetched: Nov. 29, 2021, 2:59 p.m., Published: Nov. 16, 2021, 1:24 p.m.	Vulnerabilities: privilege escalation, denial of service, information disclosure...

Affected products

External IDs

db:

NVD

ids:

CVE-2020-12985, CVE-2020-12891, CVE-2020-12980, CVE-2020-12900, CVE-2020-12905, CVE-2020-12987, CVE-2020-12892, CVE-2020-12903, CVE-2020-12899, CVE-2020-12894, CVE-2020-12895, CVE-2020-12986, CVE-2020-12982, CVE-2020-12904, CVE-2020-12929, CVE-2020-12964, CVE-2020-12983, CVE-2020-12962, CVE-2020-12920, CVE-2020-12963, CVE-2020-12901, CVE-2020-12981, CVE-2020-12902, CVE-2020-12893, CVE-2020-12897, CVE-2020-12960, CVE-2020-12898

GovCERT.HK - Security Alert (A21-11-05): Multiple Vulnerabilities in Cisco Products Related entries in the VARIoT vulnerabilities database: VAR-202111-0402, VAR-202111-0412, VAR-202111-0664, VAR-202111-0413, VAR-202111-0421, VAR-202111-0400, VAR-202111-0420, VAR-202111-0419, VAR-202111-0417, VAR-202111-0418, VAR-202111-0401, VAR-202111-0393 Trust: 4.5 Fetched: Nov. 29, 2021, 2:59 p.m., Published: -	Vulnerabilities: cross-site request forgery, restriction bypass, code execution...

Affected products

External IDs

vendor:	cisco	model:	umbrella
vendor:	cisco	model:	unified communications
vendor:	cisco	model:	cisco policy suite
vendor:	cisco	model:	webex video mesh
vendor:	cisco	model:	anyconnect secure mobility client
vendor:	cisco	model:	cisco anyconnect secure mobility client
vendor:	cisco	model:	cisco prime infrastructure
vendor:	cisco	model:	webex
vendor:	cisco	model:	common services platform collector
vendor:	cisco	model:	series
vendor:	cisco	model:	cisco webex
vendor:	cisco	model:	email security appliance
vendor:	cisco	model:	small business series
vendor:	cisco	model:	policy suite
vendor:	cisco	model:	prime infrastructure
vendor:	cisco	model:	evolved programmable network manager
vendor:	cisco	model:	cisco email security appliance
vendor:	cisco	model:	small business series switches
vendor:	cisco	model:	series switches
vendor:	cisco	model:	prime access registrar
vendor:	cisco	model:	small business rv series routers
vendor:	cisco	model:	access registrar
vendor:	cisco	model:	small business
vendor:	cisco	model:	small business rv
vendor:	cisco	model:	catalyst
vendor:	cisco	model:	series routers
vendor:	cisco	model:	routers
vendor:	cisco	model:	cisco small business
vendor:	mesh	model:	mesh

db:

NVD

ids:

CVE-2021-1500, CVE-2021-40124, CVE-2021-34795, CVE-2021-34739, CVE-2021-40119, CVE-2021-34741, CVE-2021-40113, CVE-2021-40120, CVE-2021-34701, CVE-2021-40128, CVE-2021-34731, CVE-2021-34773, CVE-2021-34784, CVE-2021-34774, CVE-2021-40115, CVE-2021-40126, CVE-2021-40112

Exclusive: Resecurity discovered 0-day vulnerability in TP-Link Wi-Fi 6 devices_HackDig Trust: 3.75 Fetched: Nov. 29, 2021, 2:59 p.m., Published: Jan. 6, 2022, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:	tp-link	model:	ac1750
vendor:	tp-link	model:	routers

Fortinet : Security vulnerabilities Related entries in the VARIoT vulnerabilities database: VAR-202111-0330, VAR-202108-0675, VAR-202111-0305, VAR-202110-0131, VAR-202108-0656, VAR-202111-0317, VAR-202107-1087, VAR-202107-1086, VAR-202107-0839, VAR-202104-0997, VAR-202111-0314, VAR-202106-1430, VAR-202110-0150, VAR-202111-0307, VAR-202111-0322, VAR-202111-0986, VAR-202111-0232, VAR-202111-0343, VAR-202108-0731, VAR-202107-0629, VAR-202111-0302, VAR-202110-0149, VAR-202108-1025, VAR-202107-0631, VAR-202111-0284, VAR-202107-0838, VAR-202107-1088, VAR-202111-0241, VAR-202111-0313, VAR-202108-0674, VAR-202110-0132, VAR-202108-0676, VAR-202107-0837, VAR-202108-0658, VAR-202108-0672, VAR-202109-0399, VAR-202107-0632, VAR-202107-0836, VAR-202109-0502, VAR-202110-0151, VAR-202108-0712, VAR-202108-0673, VAR-202111-0306, VAR-202108-2100, VAR-202108-0655, VAR-202108-0657, VAR-202109-0501, VAR-202111-0231, VAR-202108-0730, VAR-202109-0400 Trust: 5.75 Fetched: Nov. 26, 2021, 7:29 a.m., Published: -	Vulnerabilities: improper access control, file upload vulnerability, information disclosure...

Affected products

External IDs

vendor:

fortigate

model:

fortios

db:

NVD

ids:

CVE-2021-36176, CVE-2021-32594, CVE-2021-36187, CVE-2021-24019, CVE-2021-32598, CVE-2021-36181, CVE-2021-26100, CVE-2021-26099, CVE-2021-26095, CVE-2021-24024, CVE-2021-36174, CVE-2021-26111, CVE-2021-36175, CVE-2021-36184, CVE-2021-41019, CVE-2021-32600, CVE-2021-26107, CVE-2021-36183, CVE-2021-26097, CVE-2021-24015, CVE-2021-42754, CVE-2021-36170, CVE-2021-26098, CVE-2021-24020, CVE-2021-36192, CVE-2021-26090, CVE-2021-26106, CVE-2021-36172, CVE-2021-36185, CVE-2021-32590, CVE-2021-24021, CVE-2021-32596, CVE-2021-26089, CVE-2021-32603, CVE-2021-32587, CVE-2009-1234, CVE-2021-24016, CVE-2021-24022, CVE-2021-26088, CVE-2021-36182, CVE-2021-36178, CVE-2021-36168, CVE-2021-32588, CVE-2021-36186, CVE-2021-24018, CVE-2021-32597, CVE-2021-32602, CVE-2021-36179, CVE-2021-32595, CVE-2021-26096, CVE-2021-24017

CVE-2021-42114 : Modern DRAM devices (PC-DDR4, LPDDR4X) are affected by a vulnerability in their internal Target Row Refresh (TRR) mitiga Trust: 4.5 Fetched: Nov. 26, 2021, 7:29 a.m., Published: -	Vulnerabilities: information disclosure

Affected products

External IDs

vendor:	dram	model:	dram
vendor:	samsung	model:	samsung

db:

NVD

ids:

CVE-2021-42114, CVE-2009-1234

NVD - CVE-2021-40117 Related entries in the VARIoT vulnerabilities database: VAR-202110-1351 Trust: 4.0 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Jan. 3, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	asa_5580_firmware
vendor:	cisco	model:	adaptive_security_appliance
vendor:	cisco	model:	asa_5545-x_firmware
vendor:	cisco	model:	asa_5580
vendor:	cisco	model:	asa_5505_firmware
vendor:	cisco	model:	asa_5555-x_firmware
vendor:	cisco	model:	asa_5585-x
vendor:	cisco	model:	asa_5525-x_firmware
vendor:	cisco	model:	asa_5585-x_firmware
vendor:	cisco	model:	asa_5505
vendor:	cisco	model:	asa_5512-x_firmware
vendor:	cisco	model:	asa_5515-x_firmware

db:

NVD

ids:

CVE-2021-40117

CVE-2021-40831 : The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the ro Trust: 3.75 Fetched: Nov. 26, 2021, 7:29 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:

node.js

model:

node.js

db:

NVD

ids:

CVE-2021-40831, CVE-2009-1234

Vulnerabilities in MediaTek chips expose millions of Android devices to eavesdropping \| TechRadar Trust: 3.0 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Nov. 24, 2021, 4:48 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

check point

model:

check point

Vulnerabilities in MediaTek chips expose millions of Android devices to eavesdropping \| TechRadar Trust: 3.0 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Nov. 24, 2021, 4:48 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

check point

model:

check point

MediaTek chip vulnerabilities expose millions of Android devices to eavesdropping - TechRadar - OLTNEWS Trust: 3.0 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Nov. 25, 2021, 2:37 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

check point

model:

check point

VARIoT news about IoT security