Sign-up

VARIoT news about IoT security

Critical Vulnerability in Rockwell Automation KEPServer: Urgent Security Advisory | Windows Forum

Trust: 3.75

Fetched: Jan. 31, 2025, 9:23 a.m., Published: May 31, 2025, midnight
 Vulnerabilities: system crash
Affected productsExternal IDs
db: NVD ids: CVE-2023-3825

Researchers Warn of Zero-Day Vulnerability in Zyxel CPE Devices - Thailand Computer Emergency Response Team (ThaiCERT)

Trust: 5.0

Fetched: Jan. 31, 2025, 9:22 a.m., Published: Jan. 31, 2025, 5:10 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-57726, CVE-2024-57727, CVE-2024-40890, CVE-2024-57728, CVE-2024-40891

Salt Typhoon: An Analysis of Vulnerabilities Exploited by this State-Sponsored Actor - Blog | TenableĀ®

Related entries in the VARIoT vulnerabilities database: VAR-202403-2416, VAR-202209-1931

Trust: 4.25

Fetched: Jan. 31, 2025, 9:21 a.m., Published: Jan. 23, 2025, 2 p.m.
 Vulnerabilities: code injection, request forgery, command injection...
Affected productsExternal IDs
vendor: sophos model: firewall
vendor: sophos model: mobile
db: NVD ids: CVE-2024-21887, CVE-2021-26855, CVE-2021-27065, CVE-2023-48788, CVE-2023-46805, CVE-2021-26858, CVE-2022-3236, CVE-2021-26857

Apple update patches zero-day vulnerability in iOS devices - Cyber Security Review

Related entries in the VARIoT vulnerabilities database: VAR-201803-1048

Trust: 3.75

Fetched: Jan. 31, 2025, 9:21 a.m., Published: Jan. 28, 2025, 7:20 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: sonicwall model: sma1000
vendor: sonicwall model: secure mobile access
vendor: huawei model: hg532
vendor: huawei model: huawei
vendor: qnap model: qnap qts
vendor: apple model: macos
vendor: apple model: watch
vendor: apple model: apple tv
vendor: apple model: ipad
vendor: apple model: iphone
vendor: apple model: ipad air
db: NVD ids: CVE-2023-39298, CVE-2017-17215, CVE-2024-7029, CVE-2024-53691, CVE-2025-23006

Critical Vulnerability in SonicWall SMA1000 Devices Actively Exploited - Cyber Kendra

Trust: 4.0

Fetched: Jan. 31, 2025, 9:21 a.m., Published: Jan. 9, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: sonicwall model: sma1000
vendor: sonicwall model: sma 100
db: NVD ids: CVE-2025-23006

Global Cybersecurity Outlook 2025: Navigating Complexity and Building Resilience | WEF Report Analysis

Trust: 3.75

Fetched: Jan. 31, 2025, 9:20 a.m., Published: Jan. 14, 2025, 10 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security

Mirai Variant 'Aquabot' Exploits Mitel Device Flaws

Trust: 5.0

Fetched: Jan. 31, 2025, 9:19 a.m., Published: Jan. 29, 2025, midnight
 Vulnerabilities: default credentials
Affected productsExternal IDs
vendor: snort model: snort
db: NVD ids: CVE-2024-41710

Critical Vulnerabilities in AirPlay Protocol Affecting Multiple Apple Devices | Oligo Security

Trust: 5.5

Fetched: Jan. 31, 2025, 9:18 a.m., Published: Jan. 28, 2025, midnight
 Vulnerabilities: denial of service, code execution, input validation issue
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: watch
vendor: apple model: apple tv
vendor: apple model: iphone
db: NVD ids: CVE-2025-24126, CVE-2025-24137, CVE-2025-24177, CVE-2025-24129, CVE-2025-24131

New Zero-Day Vulnerability Hits Zyxel Devices

Trust: 5.0

Fetched: Jan. 31, 2025, 9:18 a.m., Published: Jan. 30, 2025, 8:05 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-40890, CVE-2024-40891

Unpatched CVE-2024-40891: A Critical Zero-Day Vulnerability in Zyxel CPE Devices Under Active Exploitation - UNDERCODE NEWS

Trust: 3.75

Fetched: Jan. 31, 2025, 9:16 a.m., Published: Jan. 29, 2025, 6:59 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-40890, CVE-2024-40891

Hackers Allegedly Selling Fortinet Exploit on Dark Web Forums

Trust: 4.75

Fetched: Jan. 31, 2025, 9:16 a.m., Published: Jan. 29, 2025, 3 p.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: node.js model: node.js
db: NVD ids: CVE-2024-55591

Critical Vulnerabilities in New Rock Technologies Devices: Immediate Cybersecurity Alert | Windows Forum

Trust: 4.75

Fetched: Jan. 31, 2025, 9:15 a.m., Published: May 31, 2025, midnight
 Vulnerabilities: command injection, os command injection
Affected productsExternal IDs
vendor: essential model: phone
db: NVD ids: CVE-2025-0681, CVE-2025-0680

Apple patches actively exploited zero-day vulnerability on iOS devices | TechSpot

Trust: 3.75

Fetched: Jan. 31, 2025, 9:14 a.m., Published: Jan. 31, 5090, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: watchos
vendor: apple model: macos
vendor: apple model: safari
vendor: apple model: tvos
vendor: apple model: webkit
vendor: apple model: iphone

New Rock Technologies Cloud Connected Devices | CISA

Trust: 4.5

Fetched: Jan. 31, 2025, 9:14 a.m., Published: Jan. 31, 2024, midnight
 Vulnerabilities: command injection, os command injection
Affected productsExternal IDs
db: NVD ids: CVE-2025-0681, CVE-2025-0680

Zero-Day Alert: Mirai Botnet Exploiting Unpatched Zyxel CPE Vulnerability (CVE-2024-40891)

Trust: 5.0

Fetched: Jan. 31, 2025, 9:13 a.m., Published: Jan. 31, 2025, 2:29 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-40890, CVE-2024-40891

TP-Link Vulnerability: PoC Exploit for CVE-2024-54887 Reveals Remote Code Execution Risks

Related entries in the VARIoT vulnerabilities database: VAR-202501-0795

Trust: 5.5

Fetched: Jan. 31, 2025, 9:12 a.m., Published: Jan. 21, 2025, 2:17 a.m.
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
vendor: tp-link model: wr940n
vendor: tp-link model: routers
vendor: tp-link model: tl-wr940n
db: NVD ids: CVE-2024-54887

Attackers exploit zero-day vulnerability in Zyxel CPE devices | Cybersecurity Dive

Trust: 3.75

Fetched: Jan. 31, 2025, 9:12 a.m., Published: Jan. 29, 2025, midnight
 Vulnerabilities: directory traversal, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-40890, CVE-2024-40891, CVE-2024-11667

Zyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 Vulnerability - CyberSRC

Trust: 3.0

Fetched: Jan. 31, 2025, 9:12 a.m., Published: Jan. 29, 2025, 11:37 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-40891

What Is Application Security? The Comprehensive Guide | Pathlock

Trust: 5.5

Fetched: Jan. 29, 2025, 9:43 a.m., Published: Jan. 6, 2025, 10:22 p.m.
 Vulnerabilities: request forgery, session hijacking, cross-site scripting...
Affected productsExternal IDs
vendor: zoho model: manageengine adselfservice plus
db: NVD ids: CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-26855, CVE-2021-26084, CVE-2021-21972

Google Chrome high-risk alert issued: CERT-In issues warning for Windows, Mac, and Linux users - India TV

Trust: 3.5

Fetched: Jan. 29, 2025, 9:42 a.m., Published: Jan. 28, 2025, 1:44 p.m.
 Vulnerabilities: buffer overflow, integer overflow
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: samsung model: galaxy
vendor: google model: google chrome
vendor: google model: home
vendor: google model: chrome
vendor: google model: android