Sign-up

VARIoT news about IoT security

Wiz Research Identifies Exploitation in the Wild of Aviatrix Controller RCE (CVE-2024-50603) | Wiz Blog

Trust: 5.5

Fetched: Jan. 14, 2025, 9:42 a.m., Published: Jan. 11, 2025, 5:23 p.m.
 Vulnerabilities: command injection, code execution, privilege escalation
Affected productsExternal IDs
vendor: aviatrix model: controller
db: NVD ids: CVE-2021-40870, CVE-2024-50603

Zyxel Urges Patch Application for Privilege Escalation Vulnerability (CVE-2024-12398)

Trust: 4.75

Fetched: Jan. 14, 2025, 9:41 a.m., Published: Jan. 14, 2025, 2:45 a.m.
 Vulnerabilities: privilege management flaw, privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2024-12398

USB-C vulnerability could result in new iPhone jailbreaks

Trust: 3.0

Fetched: Jan. 14, 2025, 9:39 a.m., Published: Jan. 13, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone

iPhone 16, iPhone 15 models’ USB-C ports can be hacked, security researcher claims - Hindustan Times

Trust: 3.0

Fetched: Jan. 14, 2025, 9:37 a.m., Published: Jan. 14, 2025, 8:07 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone

Ivanti zero-day has researchers scrambling | Cybersecurity Dive

Trust: 4.75

Fetched: Jan. 14, 2025, 9:36 a.m., Published: Jan. 13, 2025, midnight
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2023-46805, CVE-2025-0282, CVE-2024-21887, CVE-2025-0283

Access Denied

Trust: 3.25

Fetched: Jan. 14, 2025, 9:34 a.m., Published: Jan. 14, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung

Sign in | Samsung account

Trust: 3.25

Fetched: Jan. 14, 2025, 9:33 a.m., Published: April 1, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung

Nest Security Bulletin-December 2024 - Help

Related entries in the VARIoT vulnerabilities database: VAR-202203-1690

Trust: 5.5

Fetched: Jan. 14, 2025, 9:29 a.m., Published: Dec. 14, 2024, midnight
 Vulnerabilities: information disclosure, denial of service, code execution
Affected productsExternal IDs
vendor: google model: wifi
vendor: google model: home
vendor: google model: wifi router
db: NVD ids: CVE-2018-25032, CVE-2024-26923, CVE-2023-45853

7 New Flaws In Android & Google Pixel Devices Let Attackers Elevate Privileges

Trust: 5.5

Fetched: Jan. 14, 2025, 9:29 a.m., Published: Nov. 26, 2024, 6:33 a.m.
 Vulnerabilities: configuration flaw
Affected productsExternal IDs
vendor: google model: android
vendor: google model: chrome
vendor: google model: google chrome
vendor: google model: pixel
db: NVD ids: CVE-2024-34719, CVE-2023-20963, CVE-2023-21292, CVE-2024-0017, CVE-2021-0600, CVE-2023-21383

0-Click Vulnerability in Samsung S24 Devices: PoC Releases for CVE-2024-49415

Trust: 3.75

Fetched: Jan. 14, 2025, 9:28 a.m., Published: Jan. 13, 2025, 2:09 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: notes
vendor: samsung model: samsung
db: NVD ids: CVE-2024-49415

Hacking Your Own IoT: A White Hat’s Guide to Securing Smart Devices

Trust: 4.25

Fetched: Jan. 14, 2025, 9:27 a.m., Published: Jan. 14, 2025, 2 p.m.
 Vulnerabilities: sql injection, default credentials, cross-site scripting
Affected productsExternal IDs
vendor: wireshark model: wireshark

Zero-Click Exploit Uncovered on Samsung Devices: What You Need to Know - theafricalogistics.com

Trust: 3.75

Fetched: Jan. 14, 2025, 9:27 a.m., Published: Jan. 12, 2025, 12:43 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: galaxy
vendor: samsung model: mobile
vendor: samsung model: samsung
vendor: google model: android
db: NVD ids: CVE-2024-49415

CISA reports security vulnerabilities in ICS equipment from Schneider Electric, Delta Electronics, Rockwell Automation - Industrial Cyber

Trust: 6.5

Fetched: Jan. 14, 2025, 9:22 a.m., Published: Jan. 13, 2025, 8:39 a.m.
 Vulnerabilities: authentication vulnerability, code execution, use after free
Affected productsExternal IDs
vendor: schneider model: powerchute
vendor: rockwell automation model: arena
vendor: trend model: security
vendor: schneider electric model: powerchute
vendor: rockwell model: arena
vendor: trend micro model: security
db: NVD ids: CVE-2024-12834, CVE-2024-12835, CVE-2024-10511, CVE-2024-12836, CVE-2024-11999

Emerson AMS Device Manager | CISA

Related entries in the VARIoT vulnerabilities database: VAR-201810-0393, VAR-201810-0390

Trust: 5.5

Fetched: Jan. 14, 2025, 9:20 a.m., Published: Jan. 14, 2024, midnight
 Vulnerabilities: improper access control, code execution
Affected productsExternal IDs
vendor: emerson model: ams device manager
vendor: emerson model: deltav
db: NVD ids: CVE-2018-14808, CVE-2018-14804

CyberMDX Discusses Axeda Medical Device Vulnerabilities

Trust: 4.75

Fetched: Jan. 14, 2025, 9:18 a.m., Published: March 11, 2022, 4:40 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs

Security Researcher Hacks iPhone 15's USB-C Controller, Exposing New Vulnerabilities

Trust: 4.25

Fetched: Jan. 14, 2025, 9:18 a.m., Published: Jan. 12, 2025, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: iphone

Top BLE Cybersecurity Vulnerabilities - Blue Goat Cyber

Trust: 3.5

Fetched: Jan. 14, 2025, 9:15 a.m., Published: March 31, 2024, 3:09 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security

Worldwide Device Vulnerability Management Market Research Report 2025, Forecast to 2031 - PW Consulting

Trust: 3.75

Fetched: Jan. 14, 2025, 9:14 a.m., Published: Jan. 14, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security

Update Canonical Ubuntu Server: USN-7197-1: Go Networking vulnerability

Trust: 4.25

Fetched: Jan. 12, 2025, 9:49 a.m., Published: Jan. 12, 7197, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu

CVE-2024-3080 - Securin

Trust: 5.25

Fetched: Jan. 12, 2025, 9:49 a.m., Published: Dec. 29, 2024, 10:04 a.m.
 Vulnerabilities: authentication bypass, default credentials
Affected productsExternal IDs
vendor: asus model: routers
vendor: asus model: dsl-ac51
vendor: asus model: asus
vendor: asus model: router
vendor: asus model: dsl-ac52u
db: NVD ids: CVE-2024-3080