VARIoT latest news about IoT security

Samsung Galaxy Phones Get Official Fix For Major Security Vulnerability - Tech Advisor Trust: 3.75 Fetched: Oct. 1, 2025, 9:11 a.m., Published: Sept. 17, 2025, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	samsung	model:	galaxy
vendor:	samsung	model:	gallery
vendor:	samsung	model:	samsung galaxy
vendor:	samsung	model:	samsung

db:

NVD

ids:

CVE-2025-21043

CISA Warns Of CVE-2025-20333 In Cisco ASA Devices Trust: 4.5 Fetched: Oct. 1, 2025, 9:09 a.m., Published: Sept. 26, 2025, 1:10 p.m.	Vulnerabilities: code execution, privilege escalation

Affected products

External IDs

vendor:	cisco	model:	firepower 2100
vendor:	cisco	model:	firepower
vendor:	cisco	model:	firepower threat defense
vendor:	cisco	model:	asa 5500
vendor:	cisco	model:	series

db:

NVD

ids:

CVE-2025-20333, CVE-2025-20362

CVE-2025-30247: Critical Command Injection Flaw in Western Digital My Cloud NAS Devices Trust: 4.0 Fetched: Oct. 1, 2025, 9:09 a.m., Published: Sept. 30, 2025, 2:12 a.m.	Vulnerabilities: os command injection, command injection

Affected products

External IDs

db:

NVD

ids:

CVE-2025-30247

Samsung security flaw could let hackers remotely control your device - update your Galaxy phone right now \| Tom's Guide Trust: 3.75 Fetched: Oct. 1, 2025, 9:07 a.m., Published: Sept. 17, 2025, 3:33 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	android
vendor:	samsung	model:	notes
vendor:	samsung	model:	galaxy
vendor:	samsung	model:	samsung

db:

NVD

ids:

CVE-2025-21043

Chinese-made robot vacuums' security vulnerabilities risk privacy breaches Trust: 3.0 Fetched: Sept. 30, 2025, 12:11 p.m., Published: Sept. 2, 2025, 7:14 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

samsung

model:

samsung

OnePlus OxygenOS Vulnerability Allows Any App to Read SMS Data Without Permission Trust: 5.75 Fetched: Sept. 30, 2025, 12:10 p.m., Published: Sept. 24, 2025, 10:59 a.m.	Vulnerabilities: sql injection

Affected products

External IDs

vendor:	oneplus	model:	oxygenos
vendor:	oneplus	model:	one
vendor:	oneplus	model:	oneplus
vendor:	oneplus	model:	3
vendor:	google	model:	android

db:

NVD

ids:

CVE-2025-10184

Cisco IOS and XE Vulnerability Let Remote Attacker Bypass Authentication and Access Sensitive Data Trust: 4.75 Fetched: Sept. 30, 2025, 12:10 p.m., Published: Sept. 25, 2025, 11:27 a.m.	Vulnerabilities: authentication bypass

Affected products

External IDs

vendor:	cisco	model:	ios xe
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	cisco ios xe

CISA Warns: TP-Link Vulnerabilities Under Active Exploitation Related entries in the VARIoT vulnerabilities database: VAR-202508-2645, VAR-202312-0648 Trust: 5.5 Fetched: Sept. 30, 2025, 11:54 a.m., Published: Sept. 5, 2025, 11:05 a.m.	Vulnerabilities: authentication bypass, command injection, os command injection

Affected products

External IDs

vendor:	tp-link	model:	tl-wr841n
vendor:	tp-link	model:	tp-link tl-wr841n
vendor:	tp-link	model:	archer c7
vendor:	tp-link	model:	wr841n
vendor:	tp-link	model:	routers

db:

NVD

ids:

CVE-2025-9377, CVE-2023-50224

Numerous OnePlus smart devices have a significant SMS vulnerability, and a repair isn't coming before mid-October - Webnewswire Trust: 5.5 Fetched: Sept. 30, 2025, 11:54 a.m., Published: Sept. 29, 2025, 9:26 p.m.	Vulnerabilities: information disclosure

Affected products

External IDs

vendor:	oneplus	model:	oxygenos
vendor:	oneplus	model:	oneplus

db:

NVD

ids:

CVE-2025-10184

cisco-sa-nbar-dos-LAvwTmeT - Cisco IOS XE Software Network-Based Application Recognition Denial of Service Vulnerability - SecAlerts Trust: 4.5 Fetched: Sept. 30, 2025, 11:53 a.m., Published: -	Vulnerabilities: service disruption, denial of service

Affected products

External IDs

vendor:	cisco	model:	ios xe
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	access points
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	cisco ios xe

Access Blocked - SecNews.gr Trust: 3.25 Fetched: Sept. 30, 2025, 11:50 a.m., Published: -	Vulnerabilities: sql injection

Affected products	External IDs

Edge Computing for IoT Security Vulnerabilities Trust: 3.75 Fetched: Sept. 30, 2025, 11:49 a.m., Published: Sept. 30, 2025, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

trend

model:

security

Cisco ASA zero-day vulnerabilities exploited in sophisticated attacks - Help Net Security Trust: 4.75 Fetched: Sept. 30, 2025, 11:48 a.m., Published: Sept. 26, 2025, 11:19 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	cisco	model:	ios xe
vendor:	cisco	model:	firepower
vendor:	cisco	model:	ios xr
vendor:	cisco	model:	cisco adaptive security appliance
vendor:	cisco	model:	asa 5500
vendor:	cisco	model:	asa software
vendor:	cisco	model:	ios xr software
vendor:	cisco	model:	series
vendor:	cisco	model:	adaptive security appliance
vendor:	cisco	model:	routers

db:

NVD

ids:

CVE-2025-20363, CVE-2025-20362, CVE-2025-20333

Cisco IOS Software Industrial Ethernet Switch Device Manager Denial of Service Vulnerability - Cisco Trust: 4.75 Fetched: Sept. 30, 2025, 11:46 a.m., Published: Sept. 25, 2025, 6:51 a.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	cisco	model:	ios xe
vendor:	cisco	model:	device manager
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	ios xr
vendor:	cisco	model:	router
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	nx-os
vendor:	cisco	model:	ie 4000
vendor:	cisco	model:	ios software
vendor:	cisco	model:	ios xr software
vendor:	cisco	model:	series
vendor:	cisco	model:	industrial ethernet
vendor:	cisco	model:	series switches
vendor:	cisco	model:	nx-os software

China-linked RedNovember Targeted Unpatched Edge Devices Related entries in the VARIoT vulnerabilities database: VAR-202205-1958 Trust: 4.5 Fetched: Sept. 30, 2025, 11:45 a.m., Published: Sept. 29, 2025, 6:19 p.m.	Vulnerabilities: code execution, command injection, information disclosure

Affected products

External IDs

vendor:	check point	model:	check point
vendor:	palo	model:	pan-os
vendor:	palo	model:	networks globalprotect
vendor:	palo	model:	ssl vpn
vendor:	palo	model:	networks
vendor:	palo	model:	palo alto networks globalprotect
vendor:	cisco	model:	router
vendor:	palo alto networks	model:	pan-os
vendor:	palo alto networks	model:	networks globalprotect
vendor:	palo alto networks	model:	ssl vpn
vendor:	palo alto networks	model:	networks
vendor:	palo alto networks	model:	palo alto networks globalprotect
vendor:	huawei	model:	huawei
vendor:	sonicwall	model:	ssl vpn

db:

NVD

ids:

CVE-2024-3400, CVE-2022-30190, CVE-2024-24919

Cisco IOS Software Industrial Ethernet Switch Device Manager Denial of Service Vulnerability Trust: 4.75 Fetched: Sept. 30, 2025, 11:43 a.m., Published: Sept. 24, 2025, 4:12 p.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	cisco	model:	ios xe
vendor:	cisco	model:	device manager
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	ios xr
vendor:	cisco	model:	router
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	nx-os
vendor:	cisco	model:	ie 4000
vendor:	cisco	model:	ios software
vendor:	cisco	model:	ios xr software
vendor:	cisco	model:	series
vendor:	cisco	model:	industrial ethernet
vendor:	cisco	model:	series switches
vendor:	cisco	model:	nx-os software

Cisco IOS & IOS-XE CVE-2025-20352: find impacted assets Trust: 5.25 Fetched: Sept. 30, 2025, 11:42 a.m., Published: Sept. 29, 2025, 10 p.m.	Vulnerabilities: code execution, buffer overflow, privilege escalation

Affected products

External IDs

vendor:	cisco	model:	ios xe
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	cisco routers
vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	catalyst
vendor:	cisco	model:	sd-wan
vendor:	cisco	model:	series
vendor:	cisco	model:	wireless lan controllers
vendor:	cisco	model:	series switches
vendor:	cisco	model:	routers
vendor:	cisco systems	model:	ios xe
vendor:	cisco systems	model:	ios xe software
vendor:	cisco systems	model:	cisco ios
vendor:	cisco systems	model:	cisco routers
vendor:	cisco systems	model:	cisco ios xe
vendor:	cisco systems	model:	catalyst
vendor:	cisco systems	model:	sd-wan
vendor:	cisco systems	model:	series
vendor:	cisco systems	model:	wireless lan controllers
vendor:	cisco systems	model:	series switches
vendor:	cisco systems	model:	routers

db:

NVD

ids:

CVE-2023-20198, CVE-2025-20352, CVE-2025-20188

0-Click WhatsApp Vulnerability Exploited via Malicious DNG Image Trust: 4.5 Fetched: Sept. 30, 2025, 11:42 a.m., Published: Sept. 29, 2025, 1:09 p.m.	Vulnerabilities: code execution, improper bounds checking, memory corruption

Affected products

External IDs

vendor:	samsung	model:	samsung
vendor:	apple	model:	macos

db:

NVD

ids:

CVE-2025-55177, CVE-2025-43300, CVE-2025-21043

New Supermicro BMC vulnerabilities open servers to malicious attacks on firmware \| Network World Trust: 4.0 Fetched: Sept. 30, 2025, 11:41 a.m., Published: Sept. 25, 2025, midnight	Vulnerabilities: privilege elevation

Affected products

External IDs

db:

NVD

ids:

CVE-2025-6198, CVE-2025-7937, CVE-2024-10237

Titania unveils next-generation exposure management threats \| 2025 Trust: 3.0 Fetched: Sept. 30, 2025, 11:41 a.m., Published: Sept. 30, 2025, midnight	Vulnerabilities: privilege escalation

Affected products	External IDs

VARIoT news about IoT security