Sign-up

VARIoT news about IoT security

Critical NAS-ty flaw strikes D-Link storage boxes | SC Media

Related entries in the VARIoT vulnerabilities database: VAR-202411-0293

Trust: 4.75

Fetched: Nov. 12, 2024, 9:23 a.m., Published: Feb. 13, 2024, 7 p.m.
 Vulnerabilities: command injection, code execution
Affected productsExternal IDs
vendor: d-link model: dns-320lw
vendor: d-link model: dns-340l
vendor: d-link model: dns-325
vendor: d-link model: dns-320
db: NVD ids: CVE-2024-10914

CISA warns of critical ICS vulnerabilities in Beckhoff, Delta, Bosch Systems equipment deployed across critical infrastructure - Industrial Cyber

Trust: 5.5

Fetched: Nov. 12, 2024, 9:21 a.m., Published: Nov. 11, 2024, 9:13 a.m.
 Vulnerabilities: code execution, denial of service, os command injection...
Affected productsExternal IDs
vendor: beckhoff model: twincat
vendor: trend model: security
vendor: trend micro model: security
vendor: beckhoff automation model: twincat
db: NVD ids: CVE-2024-8934, CVE-2024-47131, CVE-2024-39605, CVE-2024-48989, CVE-2024-39354

D-Link To Not Fix Critical Bug Found In End-of-Life NAS Devices - The Cyber Express

Related entries in the VARIoT vulnerabilities database: VAR-202411-0293

Trust: 5.75

Fetched: Nov. 12, 2024, 9:18 a.m., Published: Nov. 11, 2024, 6:34 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: d-link model: dns-320lw
vendor: d-link model: dns-340l
vendor: d-link model: dns-325
vendor: d-link model: dns-320
db: NVD ids: CVE-2024-10914

5 Reasons Vulnerability Management for IoT Isn’t Enough - Asimily

Trust: 4.0

Fetched: Nov. 12, 2024, 9:18 a.m., Published: Oct. 2, 2024, 11:54 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs

Epson Devices Vulnerability Let Attackers Create Rogue Admin Accounts

Trust: 4.25

Fetched: Nov. 12, 2024, 9:17 a.m., Published: Nov. 11, 2024, 11:56 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: epson model: connect
db: NVD ids: CVE-2024-47295

No Fix For Critical Vulnerability In Legacy D-Link NAS Devices

Related entries in the VARIoT vulnerabilities database: VAR-202411-0293

Trust: 5.75

Fetched: Nov. 12, 2024, 9:17 a.m., Published: Nov. 11, 2024, 2:51 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: dlink model: dns-320lw
vendor: dlink model: dns-340l
vendor: dlink model: dns-325
vendor: dlink model: dns-320
vendor: d-link model: dns-320lw
vendor: d-link model: dns-340l
vendor: d-link model: dns-325
vendor: d-link model: dns-320
vendor: draytek model: draytek routers
vendor: draytek model: routers
db: NVD ids: CVE-2024-10914

Risks associated with IoT devices: how to keep an IoT device safe?

Trust: 3.75

Fetched: Nov. 10, 2024, 9:33 a.m., Published: Oct. 17, 2024, 3:06 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs

Citrix Bleed | GO-Global

Trust: 3.5

Fetched: Nov. 10, 2024, 9:33 a.m., Published: Oct. 23, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: citrix model: gateway
vendor: citrix model: netscaler
vendor: citrix model: netscaler adc
vendor: citrix model: netscaler gateway
vendor: xfinity model: gateway
db: NVD ids: CVE-2023-3519, CVE-2023-4966

CVE-2024-47524 - LibreNMS has Stored Cross-site Scripting vulnerability in "Device Group" Name - SecAlerts

Trust: 5.0

Fetched: Nov. 10, 2024, 9:31 a.m., Published: Nov. 7, 2024, midnight
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
db: NVD ids: CVE-2024-47524

RISK:STATION (CVE-2024-10443) - Unpatched Synology Devices at Risk of RCE - SOCRadar® Cyber Intelligence Inc.

Trust: 5.5

Fetched: Nov. 10, 2024, 9:26 a.m., Published: Nov. 6, 2024, 10:56 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: synology model: drive
vendor: synology model: diskstation
db: NVD ids: CVE-2024-50387, CVE-2024-50389, CVE-2024-10443, CVE-2024-50388

Week in review: Zero-click flaw in Synology NAS devices, Google fixes exploited Android vulnerability - Help Net Security

Trust: 5.5

Fetched: Nov. 10, 2024, 9:25 a.m., Published: Nov. 8, 2024, 11:53 a.m.
 Vulnerabilities: command injection, code execution
Affected productsExternal IDs
vendor: synology model: diskstation
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: google model: android
vendor: palo model: networks
vendor: palo model: firewall
vendor: cisco model: access points
vendor: cisco model: threat response
vendor: apple model: macos
db: NVD ids: CVE-2024-43093, CVE-2024-20418, CVE-2024-10443, CVE-2024-43047, CVE-2024-5910

Bonjour Network Service Vulnerable to Privilege Escalation Attacks

Trust: 4.75

Fetched: Nov. 10, 2024, 9:25 a.m., Published: Sept. 3, 2024, 12:45 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: mdnsresponder model: mdnsresponder
vendor: apple model: mdnsresponder
vendor: apple model: watch
vendor: apple model: macos

Cisco Secure Firewall Management Center Privilege Escalation Vulnerability - Cisco

Trust: 5.25

Fetched: Nov. 10, 2024, 9:24 a.m., Published: Oct. 23, 2024, 11:03 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: cisco model: asa software

Cisco Secure Firewall Management Center Software Command Injection Vulnerability - Cisco

Trust: 4.0

Fetched: Nov. 10, 2024, 9:22 a.m., Published: Oct. 23, 2024, 11:03 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: cisco model: asa software

Cisco Nexus Dashboard Fabric Controller SQL Injection Vulnerability - Cisco

Trust: 4.0

Fetched: Nov. 10, 2024, 9:22 a.m., Published: Nov. 6, 2024, 10:18 a.m.
 Vulnerabilities: sql injection
Affected productsExternal IDs
vendor: cisco model: nexus

Cisco Nexus 3550-F Switches Access Control List Programming Vulnerability - Cisco

Trust: 3.25

Fetched: Nov. 10, 2024, 9:21 a.m., Published: Nov. 6, 2024, 10:18 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: nexus

Cisco Adaptive Security Appliance and Firepower Threat Defense Software Remote Access VPN Denial of Service Vulnerability - Cisco

Trust: 4.0

Fetched: Nov. 10, 2024, 9:20 a.m., Published: Oct. 23, 2024, 11:03 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: series
vendor: cisco model: asa software
vendor: cisco model: firepower
vendor: cisco model: adaptive security appliance
vendor: cisco model: firepower threat defense software
vendor: cisco model: series industrial security appliances
vendor: cisco model: firepower threat defense
vendor: cisco model: cisco adaptive security appliance

Cisco Adaptive Security Appliance Software SSH Server Resource Denial of Service Vulnerability - Cisco

Trust: 5.0

Fetched: Nov. 10, 2024, 9:17 a.m., Published: Oct. 23, 2024, 11:03 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: adaptive security appliance software
vendor: cisco model: series
vendor: cisco model: cisco adaptive security appliance software
vendor: cisco model: asa software
vendor: cisco model: adaptive security appliance
vendor: cisco model: series industrial security appliances
vendor: cisco model: cisco adaptive security appliance

GhostWrite: New RISC-V Vulnerability Enables Full Device Takeover

Trust: 3.0

Fetched: Nov. 10, 2024, 9:16 a.m., Published: Aug. 13, 2024, 1:52 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-44067

Cisco Enterprise Chat and Email Denial of Service Vulnerability - Cisco

Trust: 3.0

Fetched: Nov. 10, 2024, 9:16 a.m., Published: Nov. 6, 2024, 10:18 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs