Sign-up

VARIoT news about IoT security

cyberne.ws -- Relevant headlines in cybersecurity. No fluff.

Trust: 4.25

Fetched: May 28, 2025, 9:20 a.m., Published: May 28, 2025, midnight
 Vulnerabilities: denial of service, header injection, privilege escalation...
Affected productsExternal IDs
vendor: d-link model: router
vendor: cisco model: meeting
vendor: cisco model: routers
vendor: cisco model: cisco webex meetings
vendor: cisco model: cisco identity services engine
vendor: cisco model: webex
vendor: cisco model: sd-wan
vendor: cisco model: vpn client
vendor: cisco model: router
vendor: cisco model: cisco webex
vendor: cisco model: webex meetings
vendor: cisco model: identity services engine
vendor: apple model: macos
vendor: google model: chrome
vendor: nissan model: leaf
vendor: nissan model: nissan leaf
vendor: sonicwall model: web application firewall
vendor: sonicwall model: email security
vendor: netgear model: router
vendor: netgear model: netgear router

CVE-2025-4338 : XML External Entity Vulnerability in Lantronix Device Installer

Trust: 3.25

Fetched: May 28, 2025, 9:20 a.m., Published: May 22, 2025, 11:15 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-4338

AirBorne flaws can lead to fully hijack Apple devices

Trust: 5.5

Fetched: May 28, 2025, 9:19 a.m., Published: April 30, 2025, 5:36 a.m.
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: macos
vendor: apple model: ipad
db: NVD ids: CVE-2025-24206, CVE-2025-24252, CVE-2025-24132

D-Link Technical Support

Trust: 5.0

Fetched: May 28, 2025, 9:08 a.m., Published: May 28, 2610, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: d-link model: dap-2610

Are Ring Cameras Safe? A Comprehensive Examination - BlinksAndButtons

Trust: 3.75

Fetched: May 28, 2025, 9:07 a.m., Published: May 22, 2025, 6:22 p.m.
 Vulnerabilities: -

CVE-2025-31219 Race Condition Vulnerability in Appleā€™s XNU Kernel - TheCyberThrone

Related entries in the VARIoT vulnerabilities database: VAR-202108-1374

Trust: 5.5

Fetched: May 28, 2025, 9:05 a.m., Published: May 24, 2025, 1:01 p.m.
 Vulnerabilities: privilege escalation, code execution, memory corruption
Affected productsExternal IDs
vendor: cisco model: cisco ios
vendor: cisco model: ios xr
vendor: cisco model: cisco ios xr
vendor: apple model: macos
vendor: apple model: tvos
vendor: apple model: watchos
vendor: google model: android
db: NVD ids: CVE-2021-0920, CVE-2022-20821, CVE-2021-1048, CVE-2025-31219, CVE-2021-30869

CVE-2025-41651 - Cisco Device Remote Command Execution Vulnerability

Trust: 5.0

Fetched: May 28, 2025, 9:05 a.m., Published: May 27, 2025, 9:15 a.m.
 Vulnerabilities: command execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-41651

Arm Mali GPU Vulnerability Enables Bypass of MTE and Arbitrary Kernel Code Execution

Trust: 5.25

Fetched: May 28, 2025, 9:05 a.m., Published: May 27, 2025, 10:42 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-0072

Cisco security flaw exploited to build botnet of thousands of devices | TechRadar

Related entries in the VARIoT vulnerabilities database: VAR-202304-1067

Trust: 4.75

Fetched: May 28, 2025, 9:04 a.m., Published: May 27, 2025, 6:34 p.m.
 Vulnerabilities: improper validation
Affected productsExternal IDs
vendor: asus model: router
vendor: asus model: routers
vendor: asus model: asus
vendor: cisco model: router
vendor: cisco model: rv082
vendor: cisco model: rv325
vendor: cisco model: cisco routers
vendor: cisco model: routers
vendor: cisco model: rv042g
vendor: cisco model: small business
vendor: cisco model: cisco small business
vendor: cisco model: rv320
vendor: cisco model: rv016
vendor: cisco model: rv042
db: NVD ids: CVE-2023-20118

CVE-2025-3078 : Passback Vulnerability Affecting Production Printers and Office Multifunction Devices by Canon

Trust: 3.25

Fetched: May 27, 2025, 9:30 a.m., Published: May 20, 2025, 12:15 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-3078

Multiple Vulnerabilities in SonicWall Secure Mobile Access (SMA) 100 Series Management Interface Could Allow for Remote Code Execution

Trust: 5.0

Fetched: May 27, 2025, 9:30 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: sonicwall model: secure mobile access

Update Canonical Ubuntu Server: USN-7491-1: Linux kernel (OEM) vulnerabilities

Trust: 4.25

Fetched: May 27, 2025, 9:29 a.m., Published: Jan. 27, 7491, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2025-21813, CVE-2025-21902

CVE-2025-5145 : Command Injection Vulnerability in Netcore Networking Devices

Trust: 4.5

Fetched: May 27, 2025, 9:28 a.m., Published: May 25, 2025, 5:31 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2025-5145

CVE-2025-20182: Critical Vulnerability in Cisco Device Software Allows DoS Attacks - Cybersecurity Exploit Tracker by Ameeba

Trust: 5.75

Fetched: May 27, 2025, 9:28 a.m., Published: May 17, 2025, 9:22 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: ios software
vendor: cisco model: cisco ios xe
vendor: cisco model: firepower threat defense
vendor: cisco model: firepower
vendor: cisco model: adaptive security appliance
vendor: cisco model: cisco adaptive security appliance
vendor: cisco model: cisco ios
vendor: cisco model: ios xe
vendor: cisco model: ios xe software
db: NVD ids: CVE-2025-20182

AutomationDirect MB-Gateway | CISA

Trust: 5.0

Fetched: May 27, 2025, 9:27 a.m., Published: May 1, 2025, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-36535

U.S. CISA adds GoVision device flaws to its Known Exploited Vulnerabilities catalog - ITSecurityNewsBox

Related entries in the VARIoT vulnerabilities database: VAR-202406-0975

Trust: 5.5

Fetched: May 27, 2025, 9:26 a.m., Published: May 8, 2025, midnight
 Vulnerabilities: os command injection, command injection
Affected productsExternal IDs
vendor: broadcom model: brocade fabric os
vendor: brocade model: fabric os
vendor: brocade model: brocade fabric os
db: NVD ids: CVE-2024-11120, CVE-2024-6047

Common Medical Device Communication Protocols - BMR TechWorks

Trust: 4.0

Fetched: May 27, 2025, 9:26 a.m., Published: May 15, 2025, 9:52 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: mesh model: mesh

CVE-2025-41645 - D-Link Device Hijacking Vulnerability - DevStackTips

Trust: 3.25

Fetched: May 27, 2025, 9:25 a.m., Published: May 13, 2025, 12:41 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-41645

What is Ethical Hacking? | IBM

Trust: 3.75

Fetched: May 27, 2025, 9:25 a.m., Published: Oct. 20, 2023, midnight
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
vendor: wireshark model: wireshark

SSA-864900

Trust: 4.25

Fetched: May 27, 2025, 9:25 a.m., Published: May 1, 2025, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2024-32122, CVE-2024-52963