Sign-up

VARIoT news about IoT security

Security Post | Samsung Mobile Security

Related entries in the VARIoT vulnerabilities database: VAR-202105-1428, VAR-202109-0009, VAR-202105-1476, VAR-202105-0257, VAR-202105-1477, VAR-202105-1475, VAR-202105-1431, VAR-202107-1287, VAR-202106-1606, VAR-202105-1430, VAR-202104-1702, VAR-202109-0010, VAR-202105-1493, VAR-202105-1429, VAR-202107-1301, VAR-202105-1432

Trust: 4.5

Fetched: May 13, 2022, 10:50 a.m., Published: Jan. 17, 2022, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: samsung model: samsung mobile
vendor: samsung model: mobile
db: NVD ids: CVE-2020-26141, CVE-2021-25391, CVE-2020-11264, CVE-2020-26144, CVE-2021-25400, CVE-2021-25377, CVE-2020-26145, CVE-2020-26146, CVE-2021-25392, CVE-2020-26147, CVE-2021-25388, CVE-2021-25390, CVE-2021-25413, CVE-2020-24586, CVE-2021-25356, CVE-2021-25397, CVE-2020-24588, CVE-2021-25426, CVE-2021-25404, CVE-2021-25393, CVE-2021-25414, CVE-2020-26139, CVE-2021-25401, CVE-2021-25379, CVE-2020-11301, CVE-2020-26142, CVE-2020-26143, CVE-2020-26140, CVE-2021-25410, CVE-2021-25440, CVE-2020-24587

New Java Vulnerability Spring4Shell Has Been Resolved

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566, VAR-202203-1506

Trust: 3.5

Fetched: May 13, 2022, 10:50 a.m., Published: April 12, 2022, 7:35 a.m.
 Vulnerabilities: code execution, information leak
Affected productsExternal IDs
db: NVD ids: CVE-2022-22963, CVE-2021-44228, CVE-2022-22965

Known Security Vulnerabilities in 75% Of Medical Infusion Pumps Jeopardize Patients’ Lives and Sensitive Data - CPO Magazine

Related entries in the VARIoT vulnerabilities database: VAR-201908-0712, VAR-201702-0856, VAR-202006-0328, VAR-201702-0080

Trust: 5.5

Fetched: May 13, 2022, 10:50 a.m., Published: March 10, 2022, 4:59 a.m.
 Vulnerabilities: default credentials
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo alto networks model: networks
db: NVD ids: CVE-2019-12255, CVE-2016-9355, CVE-2020-12040, CVE-2016-8375

Linux "Dirty Pipe" vulnerability gives unprivileged users root access | Malwarebytes Labs

Related entries in the VARIoT vulnerabilities database: VAR-201611-0386, VAR-202203-0043

Trust: 4.75

Fetched: May 13, 2022, 10:50 a.m., Published: March 11, 2022, 2:38 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2016-5195, CVE-2022-0847

Update now! Apple fixes several serious vulnerabilities in iOS and macOS | Malwarebytes Labs

Trust: 4.5

Fetched: May 13, 2022, 10:50 a.m., Published: March 15, 2022, 9:28 p.m.
 Vulnerabilities: code execution, memory leak, buffer overflow...
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: safari
vendor: apple model: webkit

Critical RCE Vulnerability Found in Over a Million GPON Home Routers

Related entries in the VARIoT vulnerabilities database: VAR-201805-0262, VAR-201805-0263

Trust: 5.25

Fetched: May 13, 2022, 10:50 a.m., Published: April 5, 2022, midnight
 Vulnerabilities: authentication bypass, command injection
Affected productsExternal IDs
vendor: dasan zhone solutions model: gpon routers
vendor: dasan model: gpon routers
db: NVD ids: CVE-2018-10561, CVE-2018-10562

Fresh TOTOLINK Vulnerabilities Picked Up by Beastmode Mirai Campaign

Related entries in the VARIoT vulnerabilities database: VAR-201803-1048, VAR-202202-1281, VAR-202203-0288, VAR-201608-0087, VAR-202203-0505, VAR-202203-0700, VAR-202202-0832

Trust: 4.75

Fetched: May 13, 2022, 10:50 a.m., Published: April 1, 2022, 7 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: d-link model: router
vendor: d-link model: dir-830l
vendor: d-link model: dir-836l
vendor: d-link model: dir-826l
vendor: d-link model: dir-820l
vendor: d-link model: dir-810l
vendor: tp-link model: routers
vendor: nuuo model: crystal
vendor: nuuo model: nvrsolo
vendor: nuuo model: nvrmini2
vendor: netgear model: readynas surveillance
vendor: huawei model: hg532
vendor: huawei model: huawei
db: NVD ids: CVE-2017-17215, CVE-2021-45382, CVE-2021-4045, CVE-2016-5674, CVE-2022-26186, CVE-2022-26210, CVE-2022-25075

Microsoft Fixes 52 Vulnerabilities in February, 2022 Patches - Sophos News

Related entries in the VARIoT vulnerabilities database: VAR-202202-0304, VAR-202202-0303, VAR-202202-1349

Trust: 5.5

Fetched: May 13, 2022, 10:50 a.m., Published: Feb. 9, 2022, 6:48 p.m.
 Vulnerabilities: code execution, feature bypass, security feature bypass...
Affected productsExternal IDs
vendor: sophos model: mobile
db: NVD ids: CVE-2022-22000, CVE-2022-22718, CVE-2022-22001, CVE-2022-23254, CVE-2022-22715, CVE-2022-21991, CVE-2022-22710, CVE-2022-21981, CVE-2022-23264, CVE-2022-21992, CVE-2022-22717, CVE-2022-23252, CVE-2022-21999, CVE-2022-22005, CVE-2022-23269, CVE-2021-0470, CVE-2022-23263, CVE-2022-21965, CVE-2022-22002, CVE-2022-21994, CVE-2021-0452, CVE-2022-21984, CVE-2022-21985, CVE-2022-21968, CVE-2022-23262, CVE-2022-21995, CVE-2022-21993, CVE-2022-21927, CVE-2022-23280, CVE-2022-21988, CVE-2022-21989, CVE-2022-22712, CVE-2022-21987, CVE-2022-21974, CVE-2022-22716, CVE-2022-23261, CVE-2022-23274, CVE-2022-22004, CVE-2022-21996, CVE-2022-21986, CVE-2022-21997, CVE-2022-21926, CVE-2022-21844, CVE-2022-23256, CVE-2022-23276, CVE-2022-21998, CVE-2022-21971, CVE-2022-23271, CVE-2022-21957, CVE-2022-22003, CVE-2022-23255, CVE-2022-22709, CVE-2022-23273, CVE-2022-23272

5 Free WiFi Router Vulnerabilities Scanners - Who Hacked My Wifi?

Trust: 3.5

Fetched: May 13, 2022, 10:50 a.m., Published: March 8, 2018, 3:34 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: d-link model: router
vendor: tp-link model: routers
vendor: asus model: router
vendor: asus model: asus
vendor: cisco model: router
vendor: cisco model: linksys
vendor: avast model: antivirus

Armis Finds Three Critical Zero-Day Vulnerabilities in APC Smart-UPS Devices, Dubbed "TLStorm," Exposing More than 20 Million Enterprise Devices

Related entries in the VARIoT vulnerabilities database: VAR-202108-1890, VAR-202203-0235, VAR-202203-0237, VAR-202203-0236

Trust: 4.25

Fetched: May 13, 2022, 10:50 a.m., Published: March 14, 2022, 1:15 p.m.
 Vulnerabilities: code execution, buffer overflow, authentication bypass...
Affected productsExternal IDs
vendor: schneider model: monitor
vendor: schneider electric model: monitor
db: NVD ids: CVE-2021-37160, CVE-2022-0715, CVE-2022-22805, CVE-2022-22806

Binarly Discovers 16 New, High-Impact Vulnerabilities in Firmware Affecting HP Enterprise Devices

Trust: 3.75

Fetched: May 13, 2022, 10:50 a.m., Published: March 8, 2022, midnight
 Vulnerabilities: code execution, privilege escalation, buffer overflow...
Affected productsExternal IDs
db: NVD ids: CVE-2022-23924, CVE-2021-39300, CVE-2022-23928, CVE-2021-39301, CVE-2021-39299, CVE-2022-23931, CVE-2022-23934, CVE-2021-39298, CVE-2022-23927, CVE-2021-39297, CVE-2022-23929, CVE-2022-23925, CVE-2022-23926, CVE-2022-23930, CVE-2022-23932, CVE-2022-23933

Cyble - Critical Vulnerabilities in Serial-to-Ethernet Devices

Trust: 3.25

Fetched: May 13, 2022, 10:50 a.m., Published: Feb. 17, 2022, 11:15 a.m.
 Vulnerabilities: resource exhaustion, information exposure
Affected productsExternal IDs
vendor: moxa model: nport 5110
vendor: moxa model: nport

Vulnerabilities Identified in Wyze Cam IoT Device

Related entries in the VARIoT vulnerabilities database: VAR-202203-1706, VAR-202203-1880

Trust: 7.0

Fetched: May 13, 2022, 10:50 a.m., Published: April 10, 2022, midnight
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: netgear model: orbi
db: NVD ids: CVE-2019-12266, CVE-2019-9564

Here’s Why Apple Device Vulnerabilities Just Skyrocketed A Startling 467 Percent | HotHardware

Related entries in the VARIoT vulnerabilities database: VAR-202108-1057

Trust: 4.75

Fetched: May 13, 2022, 10:50 a.m., Published: April 14, 2022, 12:30 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: safari
vendor: apple model: macos
vendor: trend model: security
vendor: huawei model: huawei
db: NVD ids: CVE-2021-30860

Are All Apple Devices Vulnerable to Pegasus?

Related entries in the VARIoT vulnerabilities database: VAR-202108-1057

Trust: 3.5

Fetched: May 13, 2022, 10:50 a.m., Published: April 14, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: watchos
vendor: apple model: iphone
db: NVD ids: CVE-2021-30860

NVD - CVE-2022-0018

Trust: 5.5

Fetched: May 13, 2022, 10:50 a.m., Published: April 5, 2022, midnight
 Vulnerabilities: information exposure
Affected productsExternal IDs
vendor: palo model: networks globalprotect
vendor: palo model: palo alto networks globalprotect
vendor: palo model: networks
vendor: apple model: macos
vendor: paloaltonetworks model: networks globalprotect
vendor: paloaltonetworks model: palo alto networks globalprotect
vendor: paloaltonetworks model: networks
vendor: palo alto networks model: networks globalprotect
vendor: palo alto networks model: palo alto networks globalprotect
vendor: palo alto networks model: networks
db: NVD ids: CVE-2022-0018

Google Android : List of security vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-202203-1012, VAR-202203-1029, VAR-202204-1532, VAR-202203-0318, VAR-202203-0306, VAR-202203-0322, VAR-202203-0319

Trust: 5.25

Fetched: May 13, 2022, 10:50 a.m., Published: April 21, 2050, midnight
 Vulnerabilities: code execution, buffer overflow, use after free...
Affected productsExternal IDs
vendor: samsung model: knox
vendor: google model: android
vendor: google model: home
db: NVD ids: CVE-2022-27573, CVE-2022-26090, CVE-2022-27825, CVE-2022-24932, CVE-2022-24931, CVE-2022-27824, CVE-2022-27570, CVE-2022-25817, CVE-2022-25833, CVE-2022-26092, CVE-2022-27822, CVE-2022-25816, CVE-2022-27576, CVE-2022-24925, CVE-2022-25818, CVE-2022-27823, CVE-2022-24001, CVE-2022-26093, CVE-2022-27572, CVE-2022-25815, CVE-2022-27836, CVE-2022-27831, CVE-2022-27828, CVE-2022-27829, CVE-2022-27830, CVE-2022-27575, CVE-2022-27826, CVE-2022-27569, CVE-2022-26094, CVE-2022-26096, CVE-2022-24928, CVE-2022-26091, CVE-2022-26098, CVE-2022-27567, CVE-2022-27827, CVE-2022-26095, CVE-2022-27568, CVE-2022-24929, CVE-2022-27832, CVE-2022-27574, CVE-2022-25831, CVE-2022-27571, CVE-2022-25832, CVE-2022-25822, CVE-2022-25814, CVE-2022-26097, CVE-2022-26099, CVE-2022-27821, CVE-2022-27835, CVE-2022-25820

Spring4Shell Vulnerability Exploited To Spread Mirai Botnet Malware, According to Security Researchers - CPO Magazine

Trust: 4.25

Fetched: May 13, 2022, 10:50 a.m., Published: April 15, 2022, 9:45 a.m.
 Vulnerabilities: code execution, password guessing, denial of service
Affected productsExternal IDs
vendor: palo model: networks
vendor: trend micro model: security
vendor: trend model: security
vendor: palo alto networks model: networks

Healthcare IoT, Medical Device Vulnerability Disclosures Skyrocket

Trust: 3.5

Fetched: May 13, 2022, 10:50 a.m., Published: March 4, 2022, 1:30 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: trend model: security
vendor: palo alto networks model: networks
vendor: palo model: networks

IoT/connected Device Discovery and Security Auditing in Corporate Networks

Trust: 4.75

Fetched: May 13, 2022, 10:50 a.m., Published: Feb. 7, 2022, 9:20 a.m.
 Vulnerabilities: default credentials
Affected productsExternal IDs
vendor: trend model: security