Sign-up

VARIoT news about IoT security

Security Advisory for Fragment and Forge vulnerabilities on some WiFi capable devices, PSV-2021-0014 & PSV-2021-0080 | Answer | NETGEAR Support

Related entries in the VARIoT vulnerabilities database: VAR-202105-1431, VAR-202105-1477, VAR-202105-1432

Trust: 3.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: netgear model: r7850
vendor: netgear model: rbw30
vendor: netgear model: rbr40
vendor: netgear model: rbr750
vendor: netgear model: wn3000rpv2
vendor: netgear model: r7000p
vendor: netgear model: rbs750
vendor: netgear model: rbr50
vendor: netgear model: rax45
vendor: netgear model: rax120
vendor: netgear model: ex6410
vendor: netgear model: router
vendor: netgear model: ex6400v2
vendor: netgear model: ex7000
vendor: netgear model: r6700v3
vendor: netgear model: r7900p
vendor: netgear model: ex3700
vendor: netgear model: r8300
vendor: netgear model: ex7500
vendor: netgear model: rax35
vendor: netgear model: r6900p
vendor: netgear model: ex6130
vendor: netgear model: ex7700
vendor: netgear model: r6220
vendor: netgear model: rax15
vendor: netgear model: xr300
vendor: netgear model: rbs50
vendor: netgear model: r8500
vendor: netgear model: r7900
vendor: netgear model: orbi
vendor: netgear model: r6400v2
vendor: netgear model: r8000p
vendor: netgear model: ex2700
vendor: netgear model: r6350
vendor: netgear model: r6020
vendor: netgear model: r7000
vendor: netgear model: r6850
vendor: netgear model: r6120
vendor: netgear model: rbr20
vendor: netgear model: srs60
vendor: netgear model: r6230
vendor: netgear model: mr60
vendor: netgear model: ex6150v2
vendor: netgear model: ex8000
vendor: netgear model: wac505
vendor: netgear model: ex6200v2
vendor: netgear model: rbs850
vendor: netgear model: ex3800
vendor: netgear model: rs400
vendor: netgear model: c6900
vendor: netgear model: ex6250
vendor: netgear model: ex6420
vendor: netgear model: wn3000rpv3
vendor: netgear model: rbs10
vendor: netgear model: r7100lg
vendor: netgear model: rbs40
vendor: netgear model: rbr850
vendor: netgear model: rbs50y
vendor: netgear model: ex6120
vendor: netgear model: dc112a
vendor: netgear model: rax40
vendor: netgear model: rax20
vendor: netgear model: ex6100v2
vendor: netgear model: r6400
vendor: netgear model: ex7300v2
vendor: netgear model: rbs20
vendor: netgear model: ex7320
vendor: netgear model: r8000
vendor: netgear model: rax38
vendor: netgear model: r6080
vendor: netgear model: lax20
vendor: netgear model: r6260
vendor: netgear model: srr60
vendor: netgear model: rbr10
vendor: netgear model: wac510
vendor: netgear model: rax50
vendor: netgear model: r6700v2
vendor: netgear model: lbr20
vendor: mesh model: mesh
db: NVD ids: CVE-2020-24588, CVE-2020-26146, CVE-2020-24587

NVD - CVE-2021-34783

Related entries in the VARIoT vulnerabilities database: VAR-202110-1394

Trust: 4.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 3, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: asa_5580_firmware
vendor: cisco model: adaptive_security_appliance
vendor: cisco model: asa_5545-x_firmware
vendor: cisco model: asa_5580
vendor: cisco model: asa_5505_firmware
vendor: cisco model: asa_5555-x_firmware
vendor: cisco model: asa_5585-x
vendor: cisco model: asa_5525-x_firmware
vendor: cisco model: asa_5585-x_firmware
vendor: cisco model: asa_5505
vendor: cisco model: asa_5512-x_firmware
vendor: cisco model: asa_5515-x_firmware
db: NVD ids: CVE-2021-34783

IoT Devices Affected by Multiple Vulnerabilities in Realtek WiFi Modules

Trust: 3.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2021-35392

Out-of-Bounds Vulnerabilities in OpenSSL - Security Advisory | QNAP (US)

Trust: 3.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2021-3711, CVE-2021-3712

Meltdown and Spectre Vulnerabilities | Allied Telesis

Related entries in the VARIoT vulnerabilities database: VAR-201801-0826, VAR-201801-1711, VAR-201801-1712

Trust: 3.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2017-5715, CVE-2017-5754, CVE-2017-5753

Unpatched, Unprepared, Unprotected: How Critical Device Vulnerabilities Remain Unaddressed

Trust: 3.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: schneider model: modicon m580
vendor: schneider model: m580
vendor: schneider model: modicon plc
vendor: schneider model: monitor
vendor: ring model: ring
vendor: cisco model: routers
vendor: schneider electric model: modicon m580
vendor: schneider electric model: m580
vendor: schneider electric model: modicon plc
vendor: schneider electric model: monitor

Mobile vulnerabilities: What they are and how they impact the enterprise

Trust: 3.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android

FabulaTech USB device vulnerability exposes devices to risk - TechRepublic

Trust: 3.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 15, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: home
db: NVD ids: CVE-2002-9332, CVE-2020-9332

PTES Technical Guidelines - The Penetration Testing Execution Standard

Trust: 4.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 1, 2022, midnight
 Vulnerabilities: replay attack, data injection, file inclusion...
Affected productsExternal IDs
vendor: essential model: phone
vendor: novell model: client
vendor: novell model: netware
vendor: sony computer entertainment model: camera
vendor: netgear model: router
vendor: serve model: serve
vendor: barracuda model: running
vendor: barracuda model: web application firewall
vendor: barracuda model: barracuda
vendor: citrix model: gateway
vendor: rapid model: scada
vendor: aircrack-ng model: aircrack-ng
vendor: cisco systems model: guard
vendor: cisco systems model: cisco ios
vendor: cisco systems model: router
vendor: cisco systems model: wireless access point
vendor: cisco systems model: ip phone
vendor: cisco systems model: catalyst
vendor: cisco systems model: meeting
vendor: cisco systems model: network access control
vendor: cisco systems model: access points
vendor: cisco systems model: routers
vendor: cisco systems model: cisco systems
vendor: cisco systems model: hsrp
vendor: cisco systems model: series
vendor: cisco systems model: eigrp
vendor: cisco systems model: support tools
vendor: cisco systems model: leap
vendor: asterisk model: open source
vendor: canary model: canary
vendor: wireshark model: wireshark
vendor: sonicwall model: switch
vendor: sonicwall model: analyzer
vendor: sonicwall model: web application firewall
vendor: google model: wifi
vendor: google model: home
vendor: cisco model: guard
vendor: cisco model: cisco ios
vendor: cisco model: router
vendor: cisco model: wireless access point
vendor: cisco model: ip phone
vendor: cisco model: catalyst
vendor: cisco model: meeting
vendor: cisco model: network access control
vendor: cisco model: access points
vendor: cisco model: routers
vendor: cisco model: cisco systems
vendor: cisco model: hsrp
vendor: cisco model: series
vendor: cisco model: eigrp
vendor: cisco model: support tools
vendor: cisco model: leap
vendor: mesh model: mesh
vendor: hewlett packard model: hp-ux
vendor: hewlett packard model: integrity
vendor: hewlett packard model: stream
vendor: hewlett packard model: switches
vendor: hewlett packard model: hewlett packard
vendor: palo model: firewall
vendor: palo model: networks
vendor: sony model: camera
vendor: modbus model: slave

Internet of things - Wikipedia

Trust: 4.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 1, 2022, midnight
 Vulnerabilities: injection attack, default credentials, weak password...
Affected productsExternal IDs
vendor: huawei model: huawei
vendor: huawei model: smart phones
vendor: serve model: serve
vendor: rising model: antivirus
vendor: home assistant model: assistant
vendor: schneider model: concept
vendor: schneider model: software update
vendor: schneider model: modbus
vendor: schneider model: monitor
vendor: samsung smartthings model: printers
vendor: samsung smartthings model: samsung
vendor: samsung smartthings model: smartthings hub
vendor: samsung smartthings model: mobile
vendor: samsung smartthings model: note
vendor: samsung smartthings model: mobile devices
vendor: samsung smartthings model: notes
vendor: smartthings model: smartthings hub
vendor: samsung model: printers
vendor: samsung model: samsung
vendor: samsung model: smartthings hub
vendor: samsung model: mobile
vendor: samsung model: note
vendor: samsung model: mobile devices
vendor: samsung model: notes
vendor: lenovo model: updates
vendor: lenovo model: edge
vendor: lenovo model: system
vendor: mikrotik model: mikrotik
vendor: mikrotik model: routers
vendor: domoticz model: domoticz
vendor: mesh model: mesh
vendor: trend model: security
vendor: trend model: antivirus
vendor: cisco systems model: meeting
vendor: cisco systems model: routers
vendor: cisco systems model: cisco systems
vendor: cisco systems model: h
vendor: cisco systems model: service management
vendor: cisco systems model: series
vendor: cisco systems model: spark
vendor: google model: google home
vendor: google model: android
vendor: google model: home
vendor: cisco model: meeting
vendor: cisco model: routers
vendor: cisco model: cisco systems
vendor: cisco model: h
vendor: cisco model: service management
vendor: cisco model: series
vendor: cisco model: spark
vendor: ring model: ring
vendor: sony model: camera
vendor: sony model: playstation 3
vendor: sony model: playstation
vendor: notion model: bridge
vendor: dahua model: camera
vendor: apple model: iphone
vendor: apple model: watch

A New Citrix Device Vulnerability Has Been Discovered

Trust: 3.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: citrix model: application delivery controller
vendor: citrix model: gateway
vendor: citrix model: sd-wan wanop
db: NVD ids: CVE-2019-19781

ManageEngine NetFlow Analyzer Read Me

Related entries in the VARIoT vulnerabilities database: VAR-201806-1164, VAR-201806-1163, VAR-201911-1328

Trust: 4.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 17, 2022, midnight
 Vulnerabilities: sql injection, cross-site scripting, code execution...
Affected productsExternal IDs
vendor: essential model: phone
vendor: huawei model: huawei
vendor: huawei model: webui
vendor: trend model: security
vendor: axis model: axis
vendor: pfsense model: pfsense
vendor: zoho model: manageengine oputils
vendor: zoho model: manageengine applications manager
vendor: zoho model: manageengine opmanager
vendor: zoho model: manageengine netflow analyzer
vendor: zoho model: opmanager
vendor: zoho model: oputils
vendor: zoho model: manageengine servicedesk plus
vendor: google model: nexus
vendor: google model: android
vendor: google model: google chrome
vendor: google model: chrome
vendor: aruba model: instant
vendor: cisco model: cisco ios
vendor: cisco model: router
vendor: cisco model: nexus
vendor: cisco model: quad
vendor: cisco model: access points
vendor: cisco model: aireos
vendor: cisco model: routers
vendor: cisco model: technical support
vendor: cisco model: wireless lan controller
vendor: cisco model: wide area application services
vendor: cisco model: wireless lan controllers
vendor: cisco model: series
vendor: cisco model: wireless controller
vendor: cisco model: cisco routers
vendor: cisco model: spark
vendor: palo model: firewall
vendor: palo model: networks
vendor: jquery model: jquery
db: NVD ids: CVE-2019-8929, CVE-2019-7427, CVE-2018-12998, CVE-2018-12997, CVE-2019-7423, CVE-2018-10803, CVE-2020-11946, CVE-2019-8926, CVE-2019-12196, CVE-2020-12116, CVE-2021-20078, CVE-2021-3287, CVE-2021-41075, CVE-2019-8927, CVE-2019-17421, CVE-2018-19403, CVE-2019-7425, CVE-2019-7424, CVE-2020-10541, CVE-2017-11560, CVE-2019-8928, CVE-2019-7422, CVE-2019-7426, CVE-2008-0128, CVE-2021-44514, CVE-2019-8925

Top 10 IoT Security Issues: Ransom, Botnet Attacks, Spying

Trust: 4.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: serve model: serve
vendor: trend model: security

NVD - CVE-2021-1592

Trust: 5.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 3, 2022, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco systems model: ucs manager
vendor: cisco systems model: cisco systems
vendor: cisco systems model: cisco ucs manager
vendor: cisco systems model: unified_computing_system
vendor: cisco model: ucs manager
vendor: cisco model: cisco systems
vendor: cisco model: cisco ucs manager
vendor: cisco model: unified_computing_system
db: NVD ids: CVE-2021-1592

Device Vulnerabilities in the Connected Home

Related entries in the VARIoT vulnerabilities database: VAR-201505-0274

Trust: 6.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: command execution, command injection, buffer overflow...
Affected productsExternal IDs
vendor: realtek model: realtek sdk
vendor: d-link model: eyeon baby monitor
vendor: d-link model: dcs-825l
vendor: d-link model: router
vendor: buffalo model: wsr-300hp
vendor: buffalo model: router
vendor: trend micro model: security
vendor: trend micro model: home network security
vendor: dahua model: ptz camera
vendor: dahua model: camera
vendor: dahua model: ip camera
vendor: belkin model: router
vendor: trend model: security
vendor: trend model: home network security
db: NVD ids: CVE-2014-8361

Siemens TCP/IP Stack Vulnerabilities-AMNESIA:33 in SENTRON PAC / 3VA Devices (Update B) | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202012-0245, VAR-202012-0125

Trust: 3.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: sentron pac4200
vendor: siemens model: sentron pac3200
vendor: siemens model: modbus tcp
db: SIEMENS ids: SSA-541018
db: NVD ids: CVE-2020-17437, CVE-2020-13987
db: ICS CERT ids: ICSA-21-068-06
db: US CERT ids: ICSA-21-068-06

Device Vulnerabilities in the Connected Home

Related entries in the VARIoT vulnerabilities database: VAR-201505-0274

Trust: 6.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: command execution, command injection, buffer overflow...
Affected productsExternal IDs
vendor: realtek model: realtek sdk
vendor: d-link model: eyeon baby monitor
vendor: d-link model: dcs-825l
vendor: d-link model: router
vendor: buffalo model: wsr-300hp
vendor: buffalo model: router
vendor: trend micro model: security
vendor: trend micro model: home network security
vendor: dahua model: ptz camera
vendor: dahua model: camera
vendor: dahua model: ip camera
vendor: belkin model: router
vendor: trend model: security
vendor: trend model: home network security
db: NVD ids: CVE-2014-8361

Mobile Application Security Threats and Vulnerabilities 2019: Mobile Device Security - Attacks Research

Related entries in the VARIoT vulnerabilities database: VAR-201611-0386

Trust: 4.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: configuration vulnerability, session hijacking, cross-site scripting...
Affected productsExternal IDs
vendor: google model: android
vendor: google model: wi-fi router
vendor: alcatel model: operating system
vendor: apple model: icloud
db: NVD ids: CVE-2019-5765, CVE-2016-5195

Full disclosure: 0day vulnerability (backdoor) in firmware for Xiaongmai-based DVRs, NVRs and IP cameras / Habr

Trust: 4.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: qemu model: qemu
vendor: xiongmai model: ip cameras

Android Patches Actively Exploited Zero-Day Kernel Bug | Threatpost

Related entries in the VARIoT vulnerabilities database: VAR-202111-0609, VAR-202108-1005, VAR-202111-0579

Trust: 3.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2021-1048, CVE-2021-1975, CVE-2021-0918, CVE-2021-34484, CVE-2021-0889, CVE-2021-1924, CVE-2021-0930