Sign-up

VARIoT news about IoT security

Critical Command Injection Flaw in UniFi Access Devices - Advisories

Trust: 5.0

Fetched: Aug. 10, 2025, 9:38 a.m., Published: Aug. 9, 2025, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: ubiquiti model: unifi
db: NVD ids: CVE-2025-27212

U.S. Agencies Ordered to Patch Actively Exploited D-Link Security Flaws

Related entries in the VARIoT vulnerabilities database: VAR-202211-1888, VAR-202009-0782, VAR-202009-0783

Trust: 6.0

Fetched: Aug. 10, 2025, 9:37 a.m., Published: Aug. 6, 2025, 8:48 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: d-link model: dcs-2670l
vendor: d-link model: dnr-322l
vendor: d-link model: dcs-2530l
db: NVD ids: CVE-2022-40799, CVE-2020-25078, CVE-2020-25079

Cross-Site Scripting (XSS) Testing for Websites | BrowserStack

Trust: 3.25

Fetched: Aug. 10, 2025, 9:36 a.m., Published: Aug. 4, 2025, 8:27 a.m.
 Vulnerabilities: session hijacking, cross-site scripting
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: android

CVE-2025-8635 : Command Injection Vulnerability in Kenwood DMX958XR Firmware

Trust: 3.0

Fetched: Aug. 10, 2025, 9:36 a.m., Published: Aug. 6, 2025, 1:17 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2025-8635

CVE-2025-41683 - Apache Device Command Injection Vulnerability

Trust: 5.25

Fetched: Aug. 10, 2025, 9:35 a.m., Published: July 23, 2025, 9:15 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2025-41683

Critical Security Flaw in Packet Power Devices Exposes Global Infrastructure to Remote Attacks | Windows Forum

Trust: 3.75

Fetched: Aug. 10, 2025, 9:34 a.m., Published: Aug. 7, 2025, 4:08 p.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2025-8284

Raft of firmware flaws on Dell business laptops could lead to device compromise - Cyber Daily

Trust: 4.75

Fetched: Aug. 10, 2025, 9:34 a.m., Published: Aug. 7, 2025, 1:42 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: dell model: latitude
db: NVD ids: CVE-2025-25215, CVE-2025-24919, CVE-2025-24922, CVE-2025-24311, CVE-2025-25050

Vulnerability Management Process: 5 Essential Steps | SentinelOne

Trust: 3.75

Fetched: Aug. 10, 2025, 9:32 a.m., Published: July 25, 2025, 6:27 a.m.
 Vulnerabilities: default credentials
Affected productsExternal IDs
vendor: trend model: security

SonicWall: Attackers did not exploit zero-day vulnerability to compromise Gen 7 firewalls - Help Net Security

Trust: 3.75

Fetched: Aug. 10, 2025, 9:32 a.m., Published: Aug. 7, 2025, 11:27 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: sonicwall model: ssl vpn
vendor: sonicwall model: sonicos
db: NVD ids: CVE-2024-40766

Ransomware spike linked to potential zero-day flaw in SonicWall devices | Cybersecurity Dive

Trust: 4.0

Fetched: Aug. 10, 2025, 9:32 a.m., Published: Aug. 1, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: sonicwall model: sonicos
db: NVD ids: CVE-2024-40766

SonicWall SMA Devices 0-Day RCE Vulnerability Exploited to Deploy OVERSTEP Ransomware

Trust: 4.0

Fetched: Aug. 10, 2025, 9:32 a.m., Published: July 17, 2025, 8:18 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: sonicwall model: sma 100
db: NVD ids: CVE-2025-328192025, CVE-2021-200382021, CVE-2021-200352021, CVE-2024-384752024, CVE-2021-200392021

CVE-2025-20702: Airoha Bluetooth Audio SDK Unauthorized Access Vulnerability - Cybersecurity Exploit Tracker by Ameeba

Trust: 3.0

Fetched: Aug. 10, 2025, 9:31 a.m., Published: Aug. 8, 2025, 10:29 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-20702

FUJIFILM Printer Flaw Allows Attackers to Trigger DoS Attacks

Trust: 4.0

Fetched: Aug. 10, 2025, 9:31 a.m., Published: Aug. 4, 2025, 12:38 p.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2025-48499

Trellix Insights: DVR Device Vulnerabilities Targeted by FreakOut Botnet

Trust: 3.25

Fetched: Aug. 10, 2025, 9:30 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs

CERT-EU - Critical Vulnerabilities in Microsoft SharePoint

Trust: 5.0

Fetched: Aug. 10, 2025, 9:29 a.m., Published: -
 Vulnerabilities: path traversal
Affected productsExternal IDs
db: NVD ids: CVE-2025-53770, CVE-2025-49706, CVE-2025-53771

Critical Vulnerability in Linux Kernel: USB Device Disconnect Warning

Trust: 3.0

Fetched: Aug. 10, 2025, 9:28 a.m., Published: Aug. 12, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-38385

Securing NHS Data: Best Practices - MedTechNews

Trust: 3.75

Fetched: Aug. 10, 2025, 9:26 a.m., Published: Aug. 2, 2025, 7:21 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: home

VU#554637 - TP-Link Archer C50 router is vulnerable to configuration-file decryption

Trust: 5.0

Fetched: Aug. 10, 2025, 9:25 a.m., Published: Aug. 4, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: tp-link model: archer c50
db: NVD ids: CVE-2025-6982

A Full-Chain Exploit of an Unfused Qualcomm Device

Trust: 4.25

Fetched: Aug. 10, 2025, 9:23 a.m., Published: Aug. 6, 2025, midnight
 Vulnerabilities: code execution, memory corruption
Affected productsExternal IDs
vendor: xiaomi model: redmi
vendor: huawei model: huawei
vendor: essential model: phone

Microsoft calls out Apple Intelligence AI security flaw which could have let hackers steal private data | TechRadar

Trust: 3.75

Fetched: Aug. 10, 2025, 9:23 a.m., Published: July 29, 2025, 1:48 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: icloud
vendor: apple model: macos
db: NVD ids: CVE-2025-31199