Sign-up

VARIoT news about IoT security

Multiple vulnerabilities in Moxa devices

Related entries in the VARIoT vulnerabilities database: VAR-202109-1171, VAR-202109-1172, VAR-201501-0737

Trust: 5.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 2, 2022, midnight
 Vulnerabilities: cross-site scripting, command injection, buffer overflow
Affected productsExternal IDs
vendor: moxa model: moxa
vendor: moxa model: wac-1001
db: NVD ids: CVE-2021-39278, CVE-2021-39279, CVE-2015-0235

Disclosing CVE-2021-40823 and CVE-2021-40824: E2EE vulnerability in multiple Matrix clients | Matrix.org

Trust: 3.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 13, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2021-40824, CVE-2021-40823

Report: Vulnerability Allows Hackers to Spy Via IoT Devices - My TechDecisions

Trust: 3.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs

NVD - CVE-2021-1583

Related entries in the VARIoT vulnerabilities database: VAR-202108-0317

Trust: 5.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: improper access control
Affected productsExternal IDs
vendor: cisco model: nexus_92300yc
vendor: cisco model: nexus 9000 series
vendor: cisco model: series
vendor: cisco model: nexus_9000
vendor: cisco model: nexus
vendor: cisco model: nexus_92160yc-x
vendor: cisco model: nexus_92304qc
vendor: cisco model: nx-os
vendor: cisco model: cisco nexus 9000 series
vendor: cisco model: cisco systems
vendor: cisco model: nexus 9000
vendor: cisco model: nexus_9000v
vendor: cisco systems model: nexus_92300yc
vendor: cisco systems model: nexus 9000 series
vendor: cisco systems model: series
vendor: cisco systems model: nexus_9000
vendor: cisco systems model: nexus
vendor: cisco systems model: nexus_92160yc-x
vendor: cisco systems model: nexus_92304qc
vendor: cisco systems model: nx-os
vendor: cisco systems model: cisco nexus 9000 series
vendor: cisco systems model: cisco systems
vendor: cisco systems model: nexus 9000
vendor: cisco systems model: nexus_9000v
db: NVD ids: CVE-2021-1583

Cisco Ios Xe version 16.9.6 : Security vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-202103-0768, VAR-202109-0747, VAR-202103-0540, VAR-202103-0550, VAR-202103-0773, VAR-202109-0245, VAR-202103-0778, VAR-202103-0546, VAR-202103-0544, VAR-202103-0534, VAR-202103-0763, VAR-202109-0601, VAR-202103-0549, VAR-202103-0470

Trust: 4.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: command injection, memory corruption, denial of service
Affected productsExternal IDs
vendor: cisco model: iox application
vendor: cisco model: cisco iox
vendor: cisco model: cisco iox application
vendor: cisco model: series
vendor: cisco model: cisco ios xe
vendor: cisco model: ios xe software
vendor: cisco model: series switches
vendor: cisco model: ios xe
vendor: cisco model: ios software
vendor: cisco model: catalyst
vendor: cisco model: cisco ios
db: NVD ids: CVE-2021-1446, CVE-2021-34699, CVE-2021-1377, CVE-2021-1391, CVE-2021-1435, CVE-2021-1619, CVE-2021-1442, CVE-2021-1390, CVE-2009-1234, CVE-2021-1384, CVE-2021-1403, CVE-2021-1453, CVE-2021-34705, CVE-2021-1376, CVE-2021-1352

Bug in Millions of Flawed IoT Devices Lets Attackers Eavesdrop | Threatpost

Related entries in the VARIoT vulnerabilities database: VAR-202108-1005

Trust: 3.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2021-28372, CVE-2021-34484

Top 10 Most Useful Vulnerability Assessment Scanning Tools

Trust: 3.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 5, 2022, 4:40 a.m.
 Vulnerabilities: sql injection, cross-site scripting
Affected productsExternal IDs
vendor: aircrack-ng model: aircrack-ng
vendor: netbsd model: netbsd
vendor: tripwire model: ip360
vendor: wireshark model: wireshark

Electric Vehicle Chargers Are Shockingly Vulnerable to Hacking

Trust: 4.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 23, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security

There is another serious vulnerability in iOS15.0.1!Hackers demonstrate remote control of iPhone and view sensitive information - iNEWS

Trust: 3.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone

Auth Bypass Bug Exploited, Millions of Routers Affected | Threatpost

Related entries in the VARIoT vulnerabilities database: VAR-202101-0529, VAR-202108-1005, VAR-202105-1126, VAR-202104-0768

Trust: 3.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2020-29557, CVE-2021-34484, CVE-2021-31755, CVE-2021-1498, CVE-2021-20090, CVE-2021-22502, CVE-2021-22506, CVE-2021-1497

Cisco Patches Critical Bug With Public Exploit | Threatpost

Related entries in the VARIoT vulnerabilities database: VAR-202107-0426, VAR-202108-1005, VAR-202109-0622

Trust: 3.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2021-1585, CVE-2021-34484, CVE-2021-34746

Shift to Remote work increasing risk and vulnerability from unsecured IoT devices, says report - CXO DX

Trust: 3.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Nov. 2, 2021, 7:38 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: palo alto networks model: networks
vendor: palo alto networks model: palo alto networks
vendor: palo model: networks
vendor: palo model: palo alto networks

Ss7 hack github

Trust: 3.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: security bypass, buffer overflow, brute force attack
Affected productsExternal IDs
vendor: google model: android
vendor: google model: chrome
vendor: google model: wifi
vendor: linksys model: wrt54g
vendor: zoom model: client
vendor: zoom model: zoom
vendor: wrt54g model: linksys

Realtek chips make routers and IoT devices from at least 65 manufacturers vulnerable

Trust: 4.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: synology model: diskstation

NVD - CVE-2021-34792

Related entries in the VARIoT vulnerabilities database: VAR-202110-1377

Trust: 4.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 3, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: asa_5580_firmware
vendor: cisco model: adaptive_security_appliance
vendor: cisco model: asa_5545-x_firmware
vendor: cisco model: asa_5580
vendor: cisco model: asa_5505_firmware
vendor: cisco model: asa_5555-x_firmware
vendor: cisco model: asa_5585-x
vendor: cisco model: asa_5525-x_firmware
vendor: cisco model: asa_5585-x_firmware
vendor: cisco model: asa_5505
vendor: cisco model: asa_5512-x_firmware
vendor: cisco model: asa_5515-x_firmware
db: NVD ids: CVE-2021-34792

Pegasus (spyware) - Wikipedia

Related entries in the VARIoT vulnerabilities database: VAR-201608-0186, VAR-202108-1057, VAR-201608-0187, VAR-201608-0188

Trust: 4.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 15, 2021, midnight
 Vulnerabilities: information leak, memory corruption, code execution
Affected productsExternal IDs
vendor: trend model: security
vendor: google model: android
vendor: google model: home
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: safari
db: NVD ids: CVE-2016-4655, CVE-2021-30860, CVE-2016-4656, CVE-2016-4657

Blackberry Admits QNX OS Vulnerability

Trust: 4.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 15, 2021, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: blackberry model: blackberry

iOS jailbreaking - Wikipedia

Trust: 4.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 1, 2022, midnight
 Vulnerabilities: default password, memory corruption, privilege escalation
Affected productsExternal IDs
vendor: essential model: phone
vendor: google model: android
vendor: google model: home
vendor: apple model: ipad
vendor: apple model: webkit
vendor: apple model: apple tv
vendor: apple model: mac os
vendor: apple model: ipad air
vendor: apple model: iphone os
vendor: apple model: macos
vendor: apple model: iphone 3gs
vendor: apple model: itunes
vendor: apple model: safari
vendor: apple model: mac os x
vendor: apple model: iphone
vendor: apple model: watch
vendor: apple model: ipod touch

NVD - CVE-2021-20122

Related entries in the VARIoT vulnerabilities database: VAR-202110-0078, VAR-202104-0768

Trust: 5.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 3, 2022, midnight
 Vulnerabilities: authentication vulnerability, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2021-20122, CVE-2021-20090

Our Shared Security: Responsibly Disclosing Competitor Vulnerabilities | Ledger

Trust: 3.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: side channel attack
Affected productsExternal IDs