Sign-up

VARIoT news about IoT security

Latest news

The news are found with our scripts for filtering search results.
Additional information about vulnerabilities, affected products and external identifiers are obtained with NLP and custom filters from found news.

Cisco IP Phone 7800 and 8800 Series Web Management Interface Authentication Bypass Vulnerability

Trust: 3.75

Fetched: Feb. 5, 2023, 9:13 a.m., Published: Jan. 11, 2023, 3:47 p.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: cisco model: ip phone 8821
vendor: cisco model: ip phone 7800
vendor: cisco model: series
vendor: cisco model: wireless ip phone 8821
vendor: cisco model: ip phone

Flash Notice: Cisco Command-Injection Vulnerability Found in Production Equipment

Trust: 5.0

Fetched: Feb. 5, 2023, 9:13 a.m., Published: Feb. 3, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: cisco model: cisco iox application
vendor: cisco model: series
vendor: cisco model: ic3000
vendor: cisco model: iox application
vendor: cisco model: cgr1000
vendor: cisco model: industrial isrs
vendor: cisco model: catalyst
vendor: cisco model: cisco iox
vendor: cisco model: routers
vendor: cisco model: access points
vendor: cisco model: ir510 wpan
db: NVD ids: CVE-2023-20076

Uncovering the Hidden Risks: The Dangers of Mobile Phone Vulnerability | Melo Media - Zambia's No.1 News Platform

Trust: 3.0

Fetched: Feb. 5, 2023, 9:12 a.m., Published: Jan. 31, 2023, 6:42 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: essential model: phone

30k Internet-Exposed QNAP NAS Devices Affected by Recent Vulnerability - SecurityWeek

Trust: 5.0

Fetched: Feb. 5, 2023, 9:12 a.m., Published: Feb. 1, 2023, 12:10 p.m.
 Vulnerabilities: sql injection, code injection
Affected productsExternal IDs
db: NVD ids: CVE-2022-27596

Cisco BroadWorks Application Delivery Platform and Xtended Services Platform Denial of Service Vulnerability

Trust: 3.0

Fetched: Feb. 5, 2023, 9:12 a.m., Published: Jan. 11, 2023, 3:47 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs

Cisco Small Business RV160 and RV260 Series VPN Routers Remote Command Execution Vulnerability

Trust: 5.0

Fetched: Feb. 5, 2023, 9:12 a.m., Published: Jan. 11, 2023, 3:47 p.m.
 Vulnerabilities: command execution
Affected productsExternal IDs
vendor: cisco model: rv340
vendor: cisco model: series routers
vendor: cisco model: small business rv series routers
vendor: cisco model: series
vendor: cisco model: cisco small business
vendor: cisco model: rv160 vpn routers
vendor: cisco model: rv160w wireless-ac vpn routers
vendor: cisco model: rv260 vpn routers
vendor: cisco model: rv345p
vendor: cisco model: rv160
vendor: cisco model: routers
vendor: cisco model: rv160w
vendor: cisco model: small business
vendor: cisco model: rv345
vendor: cisco model: rv260w wireless-ac vpn routers
vendor: cisco model: rv260
vendor: cisco model: rv260p
vendor: cisco model: small business rv
vendor: cisco model: rv340w
vendor: cisco model: rv260w

Cisco Warns of Critical Vulnerability in End-of-Life Routers - Infosecurity Magazine

Trust: 5.5

Fetched: Feb. 3, 2023, 9:10 a.m., Published: Jan. 13, 2023, 4 p.m.
 Vulnerabilities: authentication bypass, code execution
Affected productsExternal IDs
vendor: cisco model: rv082
vendor: cisco model: routers
vendor: cisco model: rv042
vendor: cisco model: small business
vendor: cisco model: rv016
vendor: cisco model: cisco small business
vendor: cisco model: rv042g
db: NVD ids: CVE-2023-20025

Cisco IOx Application Hosting Environment Command Injection Vulnerability

Trust: 3.75

Fetched: Feb. 3, 2023, 9:10 a.m., Published: Feb. 1, 2023, 3:56 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: cisco model: ios xe software
vendor: cisco model: cisco ios
vendor: cisco model: iox application
vendor: cisco model: ios xe
vendor: cisco model: cisco iox
vendor: cisco model: cisco iox application

Essential vulnerabilities in Siemens PLC gadgets may permit bypass of secure boot options (CVE-2022-38773) - Lemon Shood

Related entries in the VARIoT vulnerabilities database: VAR-202301-0605

Trust: 3.75

Fetched: Feb. 1, 2023, 9:20 a.m., Published: Jan. 31, 2023, 12:08 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: simatic s7-1500 cpu 1511c
vendor: siemens model: simatic s7-1500 cpu 1511f-1 pn
vendor: siemens model: simatic s7-1500 cpu 1515-2 pn
vendor: siemens model: cpu 1513-1 pn
vendor: siemens model: cpu 1516pro f-2 pn
vendor: siemens model: simatic s7-1500 cpu 1512c
vendor: siemens model: cpu 1515f-2
vendor: siemens model: cpu 1515tf-2 pn
vendor: siemens model: cpu 1515-2
vendor: siemens model: cpu 1512sp-1 pn
vendor: siemens model: cpu 1512c-1 pn
vendor: siemens model: simatic s7-1500 cpu 1515f-2 pn
vendor: siemens model: simatic s7-1500 cpu 1518-4 pn
vendor: siemens model: s7-1500 cpu
vendor: siemens model: cpu 1513r-1 pn
vendor: siemens model: simatic s7-1500 cpu 1511-1 pn
vendor: siemens model: simatic s7-1500 cpu 1513-1 pn
vendor: siemens model: simatic s7-1500
vendor: siemens model: cpu 1512sp f-1 pn
vendor: siemens model: cpu 1516f-3
vendor: siemens model: simatic s7-1500 cpu 1513f-1 pn
vendor: siemens model: cpu 1516pro-2 pn
vendor: siemens model: simatic
vendor: siemens model: simatic s7-1500 cpu 1517-3 pn
vendor: siemens model: simatic s7-1500 cpu
vendor: siemens model: cpu 1516-3
vendor: siemens model: cpu 1515r-2 pn
vendor: siemens model: cpu 1511c-1 pn
vendor: siemens model: simatic s7-1500 cpu 1516-3 pn
vendor: siemens model: simatic s7-1500 cpu 1518
vendor: siemens model: cpu 1513f-1 pn
vendor: siemens model: cpu 1515t-2 pn
vendor: siemens model: cpu 1513pro f-2 pn
db: NVD ids: CVE-2022-38773

Critical QNAP NAS vulnerability fixed, update your device ASAP! (CVE-2022-27596) - MalwareForum.com

Trust: 3.0

Fetched: Feb. 1, 2023, 9:19 a.m., Published: Jan. 31, 2023, 12:13 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-27596

Critical QNAP NAS vulnerability fixed, update your device ASAP! (CVE-2022-27596) - New York Tech Media

Trust: 4.75

Fetched: Feb. 1, 2023, 9:19 a.m., Published: Jan. 31, 2023, 9:55 a.m.
 Vulnerabilities: injection attack, sql injection
Affected productsExternal IDs
db: NVD ids: CVE-2022-27596

QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates - Cyber Security Reviews

Trust: 4.75

Fetched: Feb. 1, 2023, 9:19 a.m., Published: Jan. 31, 2023, 9:50 a.m.
 Vulnerabilities: injection attack, sql injection, code injection
Affected productsExternal IDs
db: NVD ids: CVE-2022-27596

Over 4,000 Sophos Firewall devices vulnerable to RCE attacks - SPIXNET C2S

Related entries in the VARIoT vulnerabilities database: VAR-202209-1931

Trust: 4.5

Fetched: Feb. 1, 2023, 9:18 a.m., Published: Jan. 24, 2023, 3:55 p.m.
 Vulnerabilities: authentication bypass, code execution, sql injection...
Affected productsExternal IDs
vendor: sophos model: xg firewall
vendor: sophos model: firewall
db: NVD ids: CVE-2022-3236, CVE-2022-1040

Critical QNAP NAS vulnerability fixed, update your device ASAP! (CVE-2022-27596) | Vumetric Cyber Portal

Trust: 3.5

Fetched: Feb. 1, 2023, 9:17 a.m., Published: Feb. 1, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-27596

Nozomi Networks Discovers Nine Vulnerabilities Affecting Sewio RTLS Studio - Security Boulevard

Trust: 3.5

Fetched: Feb. 1, 2023, 9:16 a.m., Published: Jan. 31, 2023, 10:30 a.m.
 Vulnerabilities: path traversal, os command injection, cross-site scripting...
Affected productsExternal IDs
db: NVD ids: CVE-2022-47917, CVE-2022-45444, CVE-2022-47911, CVE-2022-41989, CVE-2022-45127, CVE-2022-46733, CVE-2022-47395, CVE-2022-43455, CVE-2022-43483

Week in review: ChatGPT cybersecurity, critical RCE vulnerabilities found in git, Riot Games breached - Help Net Security

Trust: 4.5

Fetched: Feb. 1, 2023, 9:16 a.m., Published: Jan. 28, 2023, 11:49 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: macos
vendor: apple model: watchos
vendor: riot model: riot
db: NVD ids: CVE-2022-31711, CVE-2022-31704, CVE-2022-31710, CVE-2022-31706, CVE-2022-34689, CVE-2022-42856

134 million attacks on vulnerable IoT devices around the world and it's all the fault of one mistake

Trust: 3.75

Fetched: Feb. 1, 2023, 9:15 a.m., Published: Jan. 31, 2023, 6:42 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: asus model: routers
vendor: asus model: asus
vendor: palo model: networks
vendor: palo alto networks model: networks
vendor: huawei model: huawei
db: NVD ids: CVE-2021-35394

QNAP Rolls Out Urgent Patch to Fix SQL Injection Flaw in NAS Devices

Trust: 5.25

Fetched: Feb. 1, 2023, 9:14 a.m., Published: Feb. 10, 2023, midnight
 Vulnerabilities: sql injection
Affected productsExternal IDs
db: NVD ids: CVE-2022-27596

OTORIO Reports Vulnerabilities in Sierra Wireless AirLink IIoT

Related entries in the VARIoT vulnerabilities database: VAR-201905-0851

Trust: 4.5

Fetched: Feb. 1, 2023, 9:13 a.m., Published: Feb. 4, 2023, midnight
 Vulnerabilities: code execution, command execution
Affected productsExternal IDs
vendor: sierra model: es450
vendor: sierra model: mp70
vendor: sierra model: aleos
vendor: sierra model: rv50x
vendor: sierra model: gx450
vendor: sierra model: rv50
vendor: sierra wireless model: es450
vendor: sierra wireless model: mp70
vendor: sierra wireless model: aleos
vendor: sierra wireless model: rv50x
vendor: sierra wireless model: gx450
vendor: sierra wireless model: rv50
db: NVD ids: CVE-2022-46649, CVE-2022-46650, CVE-2018-4061

Critical QNAP Vulnerability Leads to Code Injection - SecurityWeek

Trust: 4.75

Fetched: Feb. 1, 2023, 9:13 a.m., Published: Jan. 31, 2023, 12:52 p.m.
 Vulnerabilities: sql injection, code injection
Affected productsExternal IDs
db: NVD ids: CVE-2022-27596