VARIoT latest news about IoT security

15th November - Threat Intelligence Report - Check Point Research Related entries in the VARIoT vulnerabilities database: VAR-202108-1005, VAR-202002-1447, VAR-201704-0303, VAR-202003-0363, VAR-202109-1909, VAR-201502-0201 Trust: 5.5 Fetched: Nov. 26, 2021, 7:29 a.m., Published: -	Vulnerabilities: security feature bypass, privilege escalation, remote command injection...

Affected products

External IDs

vendor:	netgear	model:	r6400
vendor:	netgear	model:	router
vendor:	netgear	model:	r7000
vendor:	dasan	model:	gpon router
vendor:	draytek	model:	vigor
vendor:	draytek	model:	routers
vendor:	d-link	model:	router
vendor:	check point	model:	check point
vendor:	solarwinds	model:	serv-u
vendor:	xiongmai	model:	uc-httpd

db:

NVD

ids:

CVE-2021-42321, CVE-2021-34484, CVE-2021-42237, CVE-2020-8515, CVE-2016-1555, CVE-2020-10173, CVE-2021-40444, CVE-2021-26411, CVE-2021-42292, CVE-2015-2051

Positive Technologies Discovers Vulnerability in Intel Processors used in Laptops, Cars and Other devices Trust: 4.75 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Nov. 14, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	tesla	model:	model 3
vendor:	tesla	model:	model

db:

NVD

ids:

CVE-2021-0146

Security Advisory for WiFi WPS and IEEE-1905 Vulnerabilities on Multiple Products, PSV-2021-0298 & PSV-2021-0300 \| Answer \| NETGEAR Support Trust: 3.75 Fetched: Nov. 26, 2021, 7:29 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:

netgear

model:

orbi

db:

NVD

ids:

CVE-2021-32467, CVE-2021-37565, CVE-2021-37560, CVE-2021-37562, CVE-2021-37571, CVE-2021-37567, CVE-2021-37584, CVE-2021-32469, CVE-2021-37563, CVE-2021-32468, CVE-2021-37572, CVE-2021-37569, CVE-2021-37570, CVE-2021-37564, CVE-2021-37561, CVE-2021-37568, CVE-2021-37566, CVE-2021-37583, CVE-2021-35055

Vulnerability in Cisco security devices could cause firewalls to fail Related entries in the VARIoT vulnerabilities database: VAR-202110-1796, VAR-202007-1057, VAR-202005-0685, VAR-202005-0696 Trust: 5.75 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Nov. 23, 2021, 6:15 p.m.	Vulnerabilities: denial of service, buffer overflow

Affected products

External IDs

vendor:	cisco	model:	cisco adaptive security appliance
vendor:	cisco	model:	firepower threat defense
vendor:	cisco	model:	firepower
vendor:	cisco	model:	device manager
vendor:	cisco	model:	adaptive security appliance

db:

NVD

ids:

CVE-2021-34704, CVE-2020-3452, CVE-2020-3187, CVE-2020-3259

MediaTek quickly fixes recent eavesdrop vulnerability Trust: 4.75 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Nov. 25, 2021, 2:38 p.m.	Vulnerabilities: privilege escalation

Affected products

External IDs

vendor:	xiaomi	model:	redmi
vendor:	check point	model:	check point
vendor:	huawei	model:	huawei

Vulnerabilities in MediaTek Chips Found in 37% of Smartphones Worldwide Trust: 4.75 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Nov. 25, 2021, 2 p.m.	Vulnerabilities: privilege escalation

Affected products

External IDs

vendor:	check point	model:	check point
vendor:	vivo	model:	vivo

db:

NVD

ids:

CVE-2021-0663, CVE-2021-0673, CVE-2021-0661, CVE-2021-0662

A Vulnerability in Multiple NETGEAR Products Could Allow for Arbitrary Code Execution Trust: 4.75 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Jan. 7, 2022, 7:33 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	netgear	model:	d6400
vendor:	netgear	model:	ex3700
vendor:	netgear	model:	d6220
vendor:	netgear	model:	d7000v2
vendor:	netgear	model:	ex6130
vendor:	netgear	model:	ex3800
vendor:	netgear	model:	ex6120

Vulnerabilities Identified in Philips IntelliBridge, Patient Information Center and Efficia Patient Monitors Related entries in the VARIoT vulnerabilities database: VAR-202111-1714, VAR-202111-1712 Trust: 4.0 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Nov. 19, 2021, 2:01 p.m.	Vulnerabilities: authentication bypass

Affected products

External IDs

db:

NVD

ids:

CVE-2021-43548, CVE-2021-32993, CVE-2021-43552, CVE-2021-33017

(Part 3) Key security vulnerabilities in IoT environment and how to effectively counteract them Trust: 3.75 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Nov. 10, 2021, midnight	Vulnerabilities: default password

Affected products	External IDs

MIRAT’s Vulnerability Scanners Make Sure Their Customer’s Businesses are Frisk-Free - iCrowdNewswire Trust: 3.0 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Nov. 16, 2021, 11:19 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

serve

model:

serve

eavesdropping vulnerabilities Archives • Penetration Testing Trust: 3.25 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Nov. 25, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2021-0662, CVE-2021-0661, CVE-2021-0663

Smart Home Devices. More Security Vulnerabilities. Daniel Wroclawski, Consumer Reports. - Cybercrime Magazine Podcast - Podcast en iVoox Trust: 3.25 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Jan. 10, 2022, midnight	Vulnerabilities: -

Affected products	External IDs

Cisco IOS XE SD-WAN Software Privilege Escalation Vulnerability - Cisco Trust: 4.0 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Sept. 28, 2021, 2:52 a.m.	Vulnerabilities: privilege escalation

Affected products

External IDs

vendor:	cisco	model:	sd-wan
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	ios xe sd-wan software
vendor:	cisco	model:	cisco ios xe

A Vulnerability in Apple iOS and iPadOS Could Allow for Arbitrary Code Execution. Related entries in the VARIoT vulnerabilities database: VAR-202108-2057 Trust: 5.75 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Jan. 7, 2022, 7:33 p.m.	Vulnerabilities: integer overflow, code execution

Affected products

External IDs

vendor:	apple	model:	ipod touch
vendor:	apple	model:	iphone
vendor:	apple	model:	ipad

db:

NVD

ids:

CVE-2021-30883

Lights, Cameras…Vulnerabilities? Rise of Non-Business IoT Devices Putting North American Corporate Networks At Risk Trust: 3.25 Fetched: Nov. 26, 2021, 7:29 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	palo	model:	palo alto networks
vendor:	palo	model:	firewall
vendor:	palo	model:	networks
vendor:	palo alto networks	model:	palo alto networks
vendor:	palo alto networks	model:	firewall
vendor:	palo alto networks	model:	networks
vendor:	paloaltonetworks	model:	palo alto networks
vendor:	paloaltonetworks	model:	firewall
vendor:	paloaltonetworks	model:	networks

Lights, Cameras…Vulnerabilities? Rise of Non-Business IoT Devices Putting North American Corporate Networks At Risk Trust: 3.25 Fetched: Nov. 26, 2021, 7:29 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	palo	model:	palo alto networks
vendor:	palo	model:	firewall
vendor:	palo	model:	networks
vendor:	palo alto networks	model:	palo alto networks
vendor:	palo alto networks	model:	firewall
vendor:	palo alto networks	model:	networks
vendor:	paloaltonetworks	model:	palo alto networks
vendor:	paloaltonetworks	model:	firewall
vendor:	paloaltonetworks	model:	networks

Siemens PROFINET Devices (Update K) \| CISA Related entries in the VARIoT vulnerabilities database: VAR-201910-1595 Trust: 4.0 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Jan. 1, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	siemens	model:	sinamics g150
vendor:	siemens	model:	sinamics gm150
vendor:	siemens	model:	simatic hmi
vendor:	siemens	model:	ek-ertec 200
vendor:	siemens	model:	simatic et 200ecopn
vendor:	siemens	model:	simatic et 200pro
vendor:	siemens	model:	ek-ertec
vendor:	siemens	model:	simatic s7-400 h v6
vendor:	siemens	model:	simatic s7-1200 cpu family
vendor:	siemens	model:	sinamics s120
vendor:	siemens	model:	sinumerik 840d
vendor:	siemens	model:	s7-410
vendor:	siemens	model:	s7-300
vendor:	siemens	model:	profinet driver
vendor:	siemens	model:	simatic s7-1500 cpu
vendor:	siemens	model:	840d
vendor:	siemens	model:	sinamics dcp
vendor:	siemens	model:	simatic hmi comfort outdoor panels
vendor:	siemens	model:	s7-1200 cpu
vendor:	siemens	model:	simatic et 200sp open controller cpu 1515sp pc
vendor:	siemens	model:	simatic s7-1200 cpu
vendor:	siemens	model:	ek-ertec 200p
vendor:	siemens	model:	sinumerik 840d sl
vendor:	siemens	model:	simatic s7-300 cpu
vendor:	siemens	model:	pn/pn coupler
vendor:	siemens	model:	simatic s7-410 v8
vendor:	siemens	model:	simatic cfu pa
vendor:	siemens	model:	sinamics g110m
vendor:	siemens	model:	simatic et 200al
vendor:	siemens	model:	simatic hmi ktp mobile panels
vendor:	siemens	model:	simatic et 200sp open
vendor:	siemens	model:	simatic et 200sp im 155-6 pn ba
vendor:	siemens	model:	simatic et 200m
vendor:	siemens	model:	simatic et 200sp
vendor:	siemens	model:	simatic pn/pn coupler
vendor:	siemens	model:	simatic s7-400 pn/dp
vendor:	siemens	model:	sinamics dcm
vendor:	siemens	model:	s7-400 pn/dp
vendor:	siemens	model:	sinamics gl150
vendor:	siemens	model:	sinamics gh150
vendor:	siemens	model:	simatic s7-400
vendor:	siemens	model:	simatic hmi comfort panels
vendor:	siemens	model:	simatic et 200sp im 155-6 pn hs
vendor:	siemens	model:	s7-1500 cpu
vendor:	siemens	model:	simatic s7-1500
vendor:	siemens	model:	simatic s7-410
vendor:	siemens	model:	sinamics sm120
vendor:	siemens	model:	simatic s7-400 pn
vendor:	siemens	model:	simatic et 200mp im 155-5 pn ba
vendor:	siemens	model:	simatic profinet driver
vendor:	siemens	model:	simatic s7-400 pn/dp v7
vendor:	siemens	model:	sinamics s110
vendor:	siemens	model:	simatic et 200s
vendor:	siemens	model:	sinamics
vendor:	siemens	model:	simatic winac rtx
vendor:	siemens	model:	profinet io
vendor:	siemens	model:	simatic s7-1200
vendor:	siemens	model:	simatic et 200mp im 155-5 pn hf
vendor:	siemens	model:	simatic et 200sp im 155-6 pn hf
vendor:	siemens	model:	et 200sp open controller
vendor:	siemens	model:	sinumerik 828d
vendor:	siemens	model:	simatic s7-300
vendor:	siemens	model:	simatic s7-1500 cpu family
vendor:	siemens	model:	simatic et 200sp im 155-6 pn st
vendor:	siemens	model:	simatic
vendor:	siemens	model:	simatic s7-400 pn/dp v6
vendor:	siemens	model:	simatic s7-300 cpu family
vendor:	siemens	model:	s7-400
vendor:	siemens	model:	simatic et
vendor:	siemens	model:	dk standard ethernet controller
vendor:	siemens	model:	sinamics sl150
vendor:	siemens	model:	sinamics s150
vendor:	siemens	model:	simatic et 200mp
vendor:	siemens	model:	simatic et 200sp im 155-6 pn ha
vendor:	siemens	model:	simatic tdc cp51m1
vendor:	siemens	model:	simatic s7-400 h
vendor:	siemens	model:	sinamics g130
vendor:	siemens	model:	simatic et 200mp im 155-5 pn st
vendor:	siemens	model:	simatic et 200sp open controller
vendor:	siemens	model:	simatic tdc cpu555
vendor:	siemens	model:	sinamics g120

db:

NVD

ids:

CVE-2019-10936

Windows Installer vulnerability becomes actively exploited zero-day Related entries in the VARIoT vulnerabilities database: VAR-202111-0697 Trust: 3.5 Fetched: Nov. 25, 2021, 9:59 a.m., Published: Nov. 24, 2021, 2:21 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	trend	model:	security
vendor:	trend micro	model:	security

db:

NVD

ids:

CVE-2021-41379

Vulnerabilities in MediaTek chips expose millions of Android devices to eavesdropping - Wilson's Media Trust: 3.0 Fetched: Nov. 25, 2021, 9:59 a.m., Published: Nov. 24, 2021, 4:48 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

check point

model:

check point

Vulnerabilities in MediaTek chips expose millions of Android devices to eavesdropping Trust: 3.0 Fetched: Nov. 25, 2021, 9:59 a.m., Published: Nov. 24, 2021, 11:56 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

check point

model:

check point

VARIoT news about IoT security