Sign-up

VARIoT news about IoT security

RISK:STATION

Trust: 6.25

Fetched: Nov. 3, 2024, 9:36 a.m., Published: Nov. 3, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: synology model: diskstation
db: NVD ids: CVE-2024-10443

1 Million Vulnerable Fortinet, SonicWall Devices Exposed

Trust: 5.5

Fetched: Nov. 3, 2024, 9:35 a.m., Published: Nov. 1, 2024, 4:14 p.m.
 Vulnerabilities: improper access control, integer overflow, access control vulnerability
Affected productsExternal IDs
vendor: sonicwall model: sonicos
vendor: sonicwall model: ssl vpn
vendor: sonicwall model: remote access
vendor: litespeed model: litespeed web server
db: NVD ids: CVE-2024-51568, CVE-2024-47575, CVE-2024-46483, CVE-2024-40766, CVE-2024-51567, CVE-2024-23113, CVE-2024-9264

CISA Warns of Critical Software Vulnerabilities in Industrial Devices - Infosecurity Magazine

Related entries in the VARIoT vulnerabilities database: VAR-202410-3402, VAR-202410-2617

Trust: 4.5

Fetched: Nov. 3, 2024, 9:35 a.m., Published: Nov. 1, 2024, 11:45 a.m.
 Vulnerabilities: weak password, authentication bypass
Affected productsExternal IDs
vendor: mitsubishi model: melsec iq-r
vendor: mitsubishi model: melsec iq-r series
vendor: mitsubishi electric model: melsec iq-r
vendor: mitsubishi electric model: melsec iq-r series
vendor: rockwell model: factorytalk
vendor: rockwell model: automation factorytalk
vendor: rockwell automation model: factorytalk
vendor: rockwell automation model: automation factorytalk
db: NVD ids: CVE-2023-2060, CVE-2024-10386, CVE-2024-10387, CVE-2023-6943

A Deeper Look at FortiJump (FortiManager CVE-2024-47575) | Bishop Fox

Trust: 4.75

Fetched: Nov. 3, 2024, 9:34 a.m., Published: Nov. 1, 2024, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2024-47575, CVE-2024-23113

Millions of Devices Are Vulnerable to the Most Exploited Vulnerability - Cyber Warriors Middle East

Trust: 3.75

Fetched: Nov. 3, 2024, 9:34 a.m., Published: Oct. 18, 2024, 11:51 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security
vendor: treck model: tcp/ip stack
db: NVD ids: CVE-2020-11899

Understanding CVE-2024-33892 and Mitigating Insecure Permissions in Cosy+ Devices

Trust: 3.0

Fetched: Nov. 3, 2024, 9:33 a.m., Published: Nov. 21, 2024, midnight
 Vulnerabilities: information leakage
Affected productsExternal IDs
db: NVD ids: CVE-2024-33892

A Comprehensive Review and Assessment of Cybersecurity Vulnerability Detection Methodologies

Trust: 3.75

Fetched: Nov. 3, 2024, 9:32 a.m., Published: Oct. 7, 2024, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs

Cybersecurity threats: Main types and new threats in 2024 | NordVPN

Trust: 4.25

Fetched: Nov. 3, 2024, 9:31 a.m., Published: Aug. 6, 2024, 11:57 a.m.
 Vulnerabilities: session hijacking, cross-site scripting, privilege escalation...
Affected productsExternal IDs
vendor: nokia model: impact
vendor: google model: home
vendor: essential model: phone

Understanding CVE-2023-44097: Huawei's HarmonyOS and EMUI Vulnerabilities

Trust: 3.5

Fetched: Nov. 3, 2024, 9:31 a.m., Published: Oct. 3, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: huawei model: huawei
vendor: huawei model: emui
db: NVD ids: CVE-2023-44097

Top 10 Windows 7 Vulnerabilities And Remediation Tips | UpGuard

Related entries in the VARIoT vulnerabilities database: VAR-201112-0114

Trust: 5.0

Fetched: Nov. 3, 2024, 9:30 a.m., Published: Nov. 10, 2024, midnight
 Vulnerabilities: denial of service, untrusted search path, memory corruption...
Affected productsExternal IDs
db: NVD ids: CVE-2014-4114, CVE-2010-3147, CVE-2010-2744, CVE-2015-0016, CVE-2013-0008, CVE-2010-4398, CVE-2010-4701, CVE-2014-4113, CVE-2010-3227, CVE-2011-5046

Red Hat’s response to OpenPrinting CUPS vulnerabilities: CVE-2024-47076, CVE-2024-47175, CVE-2024-47176 and CVE-2024-47177

Trust: 5.25

Fetched: Nov. 3, 2024, 9:30 a.m., Published: Sept. 26, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: cups model: cups
db: NVD ids: CVE-2024-47176, CVE-2024-47177, CVE-2024-47175, CVE-2024-47076

ERROR: The request could not be satisfied

Trust: 3.25

Fetched: Nov. 3, 2024, 9:29 a.m., Published: April 3, 2024, midnight
 Vulnerabilities: configuration error
Affected productsExternal IDs

CERT-EU - Critical Vulnerabilities in FortiOS

Trust: 4.75

Fetched: Nov. 3, 2024, 9:29 a.m., Published: -
 Vulnerabilities: format string vulnerability, memory corruption
Affected productsExternal IDs
db: NVD ids: CVE-2024-23113, CVE-2024-21762

CUPS Vulnerabilities: Impact and Fixes - FOSSA

Trust: 3.75

Fetched: Nov. 3, 2024, 9:28 a.m., Published: Sept. 27, 2024, 11:52 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cups model: cups
db: NVD ids: CVE-2024-47176, CVE-2024-47177, CVE-2024-47175, CVE-2024-47076

CVE-2024-47945 - Mitigating Predictable Session ID Vulnerability in IoT Devices

Trust: 4.0

Fetched: Nov. 3, 2024, 9:22 a.m., Published: Nov. 3, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-47945

Pacific Rim timeline: Information for defenders from a braid of interlocking attack campaigns - Sophos News

Related entries in the VARIoT vulnerabilities database: VAR-202209-1931

Trust: 4.25

Fetched: Nov. 3, 2024, 9:20 a.m., Published: Oct. 31, 2024, 12:31 p.m.
 Vulnerabilities: command injection, account creation attack, password guessing...
Affected productsExternal IDs
vendor: mikrotik model: mikrotik
vendor: mikrotik model: routers
vendor: sophos model: firewall
vendor: sophos model: cyberoam
vendor: draytek model: routers
vendor: cisco model: guard
vendor: cisco model: series
vendor: cisco model: routers
vendor: cisco model: soho
vendor: cisco model: vpn client
vendor: barracuda networks model: running
vendor: barracuda networks model: barracuda
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: sonicwall model: remote access
vendor: sonicwall model: soho
vendor: cisco systems model: guard
vendor: cisco systems model: series
vendor: cisco systems model: routers
vendor: cisco systems model: soho
vendor: cisco systems model: vpn client
vendor: check point model: check point
vendor: tp-link model: routers
vendor: huawei model: huawei
vendor: barracuda model: running
vendor: barracuda model: barracuda
vendor: dropbear model: dropbear ssh
vendor: dropbear model: ssh server
vendor: palo model: networks
vendor: palo model: firewall
db: NVD ids: CVE-2020-15069, CVE-2022-1292, CVE-2020-12271, CVE-2022-1040, CVE-2020-29574, CVE-2022-3236

CVE-2024-2547: Understanding and Mitigating the Tenda AC18 Stack-based Buffer Overflow Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-202403-0846

Trust: 5.5

Fetched: Nov. 3, 2024, 9:20 a.m., Published: March 15, 2005, 5 a.m.
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
vendor: tenda model: ac18 firmware
vendor: tenda model: ac18
db: NVD ids: CVE-2024-2547

Understanding CVE-2024-45275: Hardcoded Credentials Vulnerability in Industrial Devices

Trust: 4.0

Fetched: Nov. 3, 2024, 9:19 a.m., Published: Nov. 3, 2024, midnight
 Vulnerabilities: default credentials, service disruption
Affected productsExternal IDs
db: NVD ids: CVE-2024-45275

NVIDIA shader out-of-bounds and eleven LevelOne router vulnerabilities

Trust: 5.5

Fetched: Nov. 1, 2024, 10 a.m., Published: Oct. 31, 2024, 3:29 p.m.
 Vulnerabilities: information disclosure, session hijacking, authentication vulnerability...
Affected productsExternal IDs
vendor: snort.org model: snort
vendor: snort model: snort
vendor: cisco model: series
vendor: cisco model: router
vendor: cisco model: soho
db: NVD ids: CVE-2024-28875, CVE-2024-33603, CVE-2024-28052, CVE-2024-33626, CVE-2024-0117, CVE-2024-33700, CVE-2024-31152, CVE-2024-31151, CVE-2024-0121, CVE-2024-0119, CVE-2024-32946, CVE-2024-0118, CVE-2024-33623, CVE-2024-23309, CVE-2024-24777, CVE-2024-0120, CVE-2024-33699

Cellular IoT Vulnerabilities: Another Door to Cellular Networks | Trend Micro (ZA)

Related entries in the VARIoT vulnerabilities database: VAR-202310-0004, VAR-202011-1308, VAR-202408-1859

Trust: 4.5

Fetched: Nov. 1, 2024, 10 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: trend micro model: security
vendor: d-link model: router
vendor: tp-link model: gateway
vendor: tp-link model: routers
vendor: trend model: security
db: NVD ids: CVE-2023-43261, CVE-2020-3657, CVE-2024-20082, CVE-2023-47610