Sign-up

VARIoT news about IoT security

Multiple Flaws in Realtek SDK Affect Wide Range of IoT Devices | Decipher

Trust: 4.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 16, 2021, midnight
 Vulnerabilities: command injection, buffer overflow
Affected productsExternal IDs
vendor: realtek model: realtek sdk
vendor: asus model: asus

Microsoft MSHTML Remote Code Execution Vulnerability: Security Bulletins: Information Security & Policy: Indiana University

Related entries in the VARIoT vulnerabilities database: VAR-202109-1909

Trust: 5.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 12, 2022, midnight
 Vulnerabilities: file execution, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-40444

Mandiant Discloses Critical Vulnerability Affecting Millions of IoT Devices | Mandiant

Trust: 4.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 17, 2021, midnight
 Vulnerabilities: device impersonation, code execution
Affected productsExternal IDs
vendor: google model: home
vendor: wireshark model: wireshark
vendor: apple model: watch
db: NVD ids: CVE-2021-28372

Apple iOS and iPadOS Vulnerability Exploited by Cybercriminals

Related entries in the VARIoT vulnerabilities database: VAR-202108-2057

Trust: 5.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 13, 2021, 4:34 p.m.
 Vulnerabilities: integer overflow, privilege escalation
Affected productsExternal IDs
vendor: apple model: ipod touch
vendor: apple model: ipad
vendor: apple model: iphone os
vendor: apple model: iphone
db: NVD ids: CVE-2021-30883

These Bluetooth security flaws could affect billions of devices | TechRadar

Trust: 3.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 3, 2021, 2:01 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs

Security Advisory - CSV Injection Vulnerability in Some Huawei Products

Related entries in the VARIoT vulnerabilities database: VAR-202110-1355

Trust: 4.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 14, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: huawei model: huawei
db: NVD ids: CVE-2021-37131

PTES Technical Guidelines - pentest-standard 1.1 documentation

Trust: 4.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 1, 2022, midnight
 Vulnerabilities: authentication attack, account lockout, buffer overflow...
Affected productsExternal IDs
vendor: cisco model: meeting
vendor: cisco model: network access control
vendor: cisco model: guard
vendor: cisco model: cisco systems
vendor: cisco model: catalyst
vendor: cisco model: routers
vendor: cisco model: hsrp
vendor: cisco model: wireless access point
vendor: cisco model: eigrp
vendor: cisco model: series
vendor: cisco model: access points
vendor: cisco model: router
vendor: cisco model: leap
vendor: cisco model: cisco ios
vendor: sonicwall model: web application firewall
vendor: sonicwall model: switch
vendor: sonicwall model: analyzer
vendor: barracuda model: web application firewall
vendor: barracuda model: barracuda
vendor: barracuda model: running
vendor: essential model: phone
vendor: mesh model: mesh
vendor: citrix model: gateway
vendor: rapid model: scada
vendor: wireshark model: wireshark
vendor: canary model: canary
vendor: google model: wifi
vendor: google model: home
vendor: palo model: networks
vendor: palo model: firewall
vendor: aircrack-ng model: aircrack-ng
vendor: serve model: serve
vendor: cisco systems model: meeting
vendor: cisco systems model: network access control
vendor: cisco systems model: guard
vendor: cisco systems model: cisco systems
vendor: cisco systems model: catalyst
vendor: cisco systems model: routers
vendor: cisco systems model: hsrp
vendor: cisco systems model: wireless access point
vendor: cisco systems model: eigrp
vendor: cisco systems model: series
vendor: cisco systems model: access points
vendor: cisco systems model: router
vendor: cisco systems model: leap
vendor: cisco systems model: cisco ios
vendor: hewlett packard model: hp-ux
vendor: hewlett packard model: switches
vendor: hewlett packard model: hewlett packard
vendor: hewlett packard model: integrity
vendor: novell model: netware
vendor: novell model: client

Mirai’s Variant Mukashi Malware Exploits Zyxel NAS Device Vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-202003-1707

Trust: 5.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: command injection, default credentials, code execution
Affected productsExternal IDs
vendor: zyxel model: nsa210
vendor: zyxel model: nas540
vendor: zyxel model: nas326
vendor: zyxel model: nsa325
vendor: zyxel model: nsa320s
vendor: zyxel model: nsa220
vendor: zyxel model: nas542
vendor: zyxel model: nas520
vendor: zyxel model: nsa310s
vendor: zyxel model: nsa320
vendor: zyxel model: nsa325v2
vendor: zyxel model: nsa310
vendor: zyxel model: nsa221
vendor: palo model: palo alto networks
vendor: palo model: networks
vendor: palo alto networks model: palo alto networks
vendor: palo alto networks model: networks
db: NVD ids: CVE-2020-9054

BadAlloc Vulnerability Affecting BlackBerry QNX RTOS | CISA

Trust: 4.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 23, 2021, midnight
 Vulnerabilities: code execution, integer overflow
Affected productsExternal IDs
vendor: blackberry model: blackberry
vendor: blackberry model: link
db: NVD ids: CVE-2021-22156

iOS 11 - Wikipedia

Trust: 3.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 11, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: wifi
vendor: google model: home
vendor: apple model: ipad
vendor: apple model: icloud
vendor: apple model: apple tv
vendor: apple model: macos
vendor: apple model: itunes
vendor: apple model: safari
vendor: apple model: iphone
vendor: apple model: watch
vendor: apple model: ipod touch
vendor: apple model: watchos

GovCERT.HK - Security Alert (A21-09-03): Multiple Vulnerabilities in Bluetooth devices

Related entries in the VARIoT vulnerabilities database: VAR-202109-0564

Trust: 3.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-31717, CVE-2021-28139, CVE-2021-28155, CVE-2021-28136, CVE-2021-31785, CVE-2021-31786, CVE-2021-34150, CVE-2021-28135, CVE-2021-31609, CVE-2021-34143, CVE-2021-31613

NVD - CVE-2021-40114

Related entries in the VARIoT vulnerabilities database: VAR-202110-1353

Trust: 5.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 3, 2022, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco systems model: firepower_threat_defense
vendor: cisco systems model: cisco systems
vendor: cisco systems model: series
vendor: cisco systems model: firepower_management_center
vendor: cisco model: firepower_threat_defense
vendor: cisco model: cisco systems
vendor: cisco model: series
vendor: cisco model: firepower_management_center
vendor: snort model: snort
db: NVD ids: CVE-2021-40114

CVE-2021-40118 - CVE.report

Related entries in the VARIoT vulnerabilities database: VAR-202110-1350

Trust: 6.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 7, 2022, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: adaptive security appliance
vendor: cisco model: cisco adaptive security appliance
vendor: cisco model: firepower
vendor: cisco model: firepower threat defense
db: NVD ids: CVE-2021-40118

CVE-2021-40114 - CVE.report

Related entries in the VARIoT vulnerabilities database: VAR-202110-1353

Trust: 5.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 7, 2022, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: series
vendor: cisco model: firepower management center
vendor: cisco model: firepower
vendor: snort model: snort
db: NVD ids: CVE-2021-40114

Researchers say they've found a flaw exposing millions of devices' camera data and audio to hackers - Washington Times

Trust: 3.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: home
vendor: google model: google home
vendor: home assistant model: assistant

CVE-2021-40114 : Multiple Cisco products are affected by a vulnerability in the way the Snort detection engine processes ICMP traffic tha

Related entries in the VARIoT vulnerabilities database: VAR-202110-1353

Trust: 5.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: series
vendor: snort model: snort
db: NVD ids: CVE-2009-1234, CVE-2021-40114

NVD - CVE-2021-1523

Trust: 4.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: nexus 9000 series
vendor: cisco model: series
vendor: cisco model: nexus
vendor: cisco model: nx-os
vendor: cisco model: cisco nexus 9000 series
vendor: cisco model: cisco systems
vendor: cisco model: nexus 9000
vendor: cisco systems model: nexus 9000 series
vendor: cisco systems model: series
vendor: cisco systems model: nexus
vendor: cisco systems model: nx-os
vendor: cisco systems model: cisco nexus 9000 series
vendor: cisco systems model: cisco systems
vendor: cisco systems model: nexus 9000
db: NVD ids: CVE-2021-1523

Disclosure of three 0-day iOS vulnerabilities and critique of Apple Security Bounty program / Habr

Trust: 3.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: wifi
vendor: delegate model: delegate
db: NVD ids: cve-2020-27937

What You Need To Know About New IoT Vulnerabilities - My TechDecisions

Trust: 5.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: command injection, memory corruption
Affected productsExternal IDs
vendor: realtek model: realtek sdk

IoT/connected device discovery and vulnerability assessment using IoTVAS API

Trust: 4.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 4, 2022, midnight
 Vulnerabilities: system crash, default credentials
Affected productsExternal IDs
vendor: trend model: security
db: NVD ids: CVE-2016-2148