Sign-up

VARIoT news about IoT security

Hackers Beware: Dell Laptop Firmware Vulnerabilities Put Credentials at Risk - SecPod Blog

Trust: 4.25

Fetched: Aug. 10, 2025, 10:05 a.m., Published: Aug. 6, 2025, 12:53 p.m.
 Vulnerabilities: code execution, buffer overflow, privilege escalation...
Affected productsExternal IDs
vendor: dell model: latitude
vendor: broadcom model: linux
vendor: cisco model: series
db: NVD ids: CVE-2025-25215, CVE-2025-24919, CVE-2025-24922, CVE-2025-24311, CVE-2025-25050

CVE-2020-25078 - D-Link DCS-2530L and DCS-2670L Devices Unspecified Vulnerability | ScyScan

Related entries in the VARIoT vulnerabilities database: VAR-202009-0782

Trust: 5.75

Fetched: Aug. 10, 2025, 10:05 a.m., Published: Aug. 5, 2025, midnight
 Vulnerabilities: password disclosure
Affected productsExternal IDs
vendor: d-link model: dcs-2670l
vendor: d-link model: dcs-2530l
vendor: dlink model: dcs-2670l
vendor: dlink model: dcs-2530l
db: NVD ids: CVE-2020-25078

Update Canonical Ubuntu Server: USN-7681-1: Linux kernel vulnerability

Trust: 3.0

Fetched: Aug. 10, 2025, 10:04 a.m., Published: Jan. 10, 7681, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu

D-Link cameras under attack! Hackers are still exploiting vulnerabilities from 2020. CISA warns.

Related entries in the VARIoT vulnerabilities database: VAR-202009-0782, VAR-202009-0783

Trust: 3.75

Fetched: Aug. 10, 2025, 10:04 a.m., Published: Aug. 6, 2025, 12:04 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: d-link model: dcs-2670l
vendor: d-link model: dnr-322l
vendor: d-link model: dcs-2530l
db: NVD ids: CVE-2020-40799, CVE-2020-25078, CVE-2020-25079

Vulnerability Management Lifecycle: An Easy Guide | SentinelOne

Trust: 3.75

Fetched: Aug. 10, 2025, 10:02 a.m., Published: July 25, 2025, 6:25 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: rapid model: scada

Google Addresses Fifth Zero-day Vulnerability impacting Chrome Browser (CVE-2025-6558) - Qualys ThreatPROTECT

Trust: 5.75

Fetched: Aug. 10, 2025, 10:02 a.m., Published: -
 Vulnerabilities: integer overflow
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: google chrome
db: NVD ids: CVE-2025-6558, CVE-2025-7657, CVE-2025-7656

CVE-2025-20332 - Cisco Identity Services Engine Authorization Bypass Vulnerability - SecAlerts

Trust: 3.75

Fetched: Aug. 10, 2025, 10:02 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: cisco identity services engine
vendor: cisco model: identity services engine
db: NVD ids: CVE-2025-20332

Joint Statement on SharePoint vulnerabilities - Assessment and advice on recovery and mitigating actions | ENISA

Trust: 3.0

Fetched: Aug. 10, 2025, 9:56 a.m., Published: July 22, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-53770, CVE-2025-49706, CVE-2025-53771, CVE-2025-49704

Watch out, another max-severity Cisco bug on the loose • The Register

Trust: 3.5

Fetched: Aug. 10, 2025, 9:55 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend micro model: security
vendor: trend model: security
vendor: cisco model: unified communications manager session management edition
vendor: cisco model: identity services engine
vendor: cisco model: unified communications
vendor: cisco model: unified communications manager
vendor: cisco model: network access control
db: NVD ids: CVE-2025-20337, CVE-2025-20282, CVE-2025-20281

MediaTek Chip Vulnerabilities Allow Attackers to Gain Elevated Access

Trust: 6.0

Fetched: Aug. 10, 2025, 9:55 a.m., Published: Aug. 5, 2025, 10:40 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2025-20698, CVE-2025-20697, CVE-2025-20696

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities - Cisco

Trust: 5.0

Fetched: Aug. 10, 2025, 9:54 a.m., Published: Aug. 6, 2025, 11:57 a.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
vendor: cisco model: identity services engine
vendor: cisco model: cisco identity services engine

Cisco Unified Intelligence Center Arbitrary File Upload Vulnerability

Trust: 3.75

Fetched: Aug. 10, 2025, 9:54 a.m., Published: July 16, 2025, 3:57 p.m.
 Vulnerabilities: file upload vulnerability
Affected productsExternal IDs
vendor: cisco model: unified intelligence center
vendor: cisco model: cisco unified intelligence center

CVE-2025-8286: Serious Vulnerability in Güralp FMUS Series Seismic Monitoring Devices - Cybersecurity Exploit Tracker by Ameeba

Trust: 3.25

Fetched: Aug. 10, 2025, 9:53 a.m., Published: Aug. 7, 2025, 12:13 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-8286

SonicWall Firewall Devices 0-day Vulnerability Actively Exploited by Akira Ransomware

Trust: 3.0

Fetched: Aug. 10, 2025, 9:53 a.m., Published: Aug. 2, 2025, 7:35 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: sonicwall model: sma 100
vendor: sonicwall model: remote access
vendor: sonicwall model: ssl vpn

14 Best Network Scanner for Effortless Network Management

Trust: 3.5

Fetched: Aug. 10, 2025, 9:52 a.m., Published: March 1, 2018, 11:23 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: delegate model: delegate
vendor: wireshark model: wireshark

CISA Warns of Active Exploitation of D-Link Devices - Rewterz

Related entries in the VARIoT vulnerabilities database: VAR-202009-0782, VAR-202009-0783

Trust: 5.75

Fetched: Aug. 10, 2025, 9:46 a.m., Published: Aug. 6, 2025, 1:27 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: trend micro model: security
vendor: d-link model: dcs-2670l
vendor: d-link model: dnr-322l
vendor: d-link model: dcs-2530l
vendor: trend model: security
db: NVD ids: CVE-2020-40799, CVE-2020-25078, CVE-2020-25079

CVE-2025-8636 : Firmware Update Command Injection Vulnerability in Kenwood DMX958XR Devices

Related entries in the VARIoT vulnerabilities database: VAR-202508-0144

Trust: 3.0

Fetched: Aug. 10, 2025, 9:45 a.m., Published: Aug. 6, 2025, 1:17 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2025-8636

What is IoT Security? - GeeksforGeeks

Trust: 3.75

Fetched: Aug. 10, 2025, 9:39 a.m., Published: March 31, 2024, 6:04 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities

Trust: 5.0

Fetched: Aug. 10, 2025, 9:39 a.m., Published: Aug. 6, 2025, 3:56 p.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
vendor: cisco model: identity services engine
vendor: cisco model: cisco identity services engine

CVE-2025-8637 : Firmware Update Command Injection Vulnerability in Kenwood DMX958XR

Trust: 4.0

Fetched: Aug. 10, 2025, 9:39 a.m., Published: Aug. 6, 2025, 1:17 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2025-8637