VARIoT latest news about IoT security

Apple patches first actively exploited zero-day of 2025 on its devices \| SC Media Related entries in the VARIoT vulnerabilities database: VAR-202501-3666 Trust: 5.5 Fetched: Feb. 11, 2025, 9:27 a.m., Published: June 11, 2024, 5 p.m.	Vulnerabilities: code execution, use after free, memory corruption...

Affected products

External IDs

vendor:	apple	model:	tvos
vendor:	apple	model:	macos
vendor:	apple	model:	watchos

db:

NVD

ids:

CVE-2025-24085

Apple seeds critical update to guard iPhones from USB hacking tools \| Digital Trends Trust: 4.0 Fetched: Feb. 11, 2025, 9:26 a.m., Published: Feb. 11, 2025, 1:14 a.m.	Vulnerabilities: authorization flaw

Affected products

External IDs

vendor:	apple	model:	ipad air
vendor:	apple	model:	ipad
vendor:	apple	model:	iphone
vendor:	apple	model:	software update

TrollStore on iOS 17.0.1 - 18.3: Can You Still Install It? - iDevice Central Related entries in the VARIoT vulnerabilities database: VAR-202205-1290 Trust: 3.5 Fetched: Feb. 11, 2025, 9:20 a.m., Published: Feb. 10, 2025, 9:26 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	home
vendor:	apple	model:	itunes

db:

NVD

ids:

CVE-2022-26766, CVE-2023-41991

Netgear critical vulns come amid global netsec concern • The Register Trust: 4.5 Fetched: Feb. 11, 2025, 9:19 a.m., Published: -	Vulnerabilities: authentication bypass, code execution

Affected products

External IDs

vendor:	netgear	model:	xr500
vendor:	netgear	model:	multiple routers

Weekly Cybersecurity Digest: Latest in Cyber Attacks, Vulnerabilities, and Data Breaches Trust: 5.25 Fetched: Feb. 11, 2025, 9:18 a.m., Published: Jan. 19, 2025, 1:57 p.m.	Vulnerabilities: os command injection, command injection, buffer overflow...

Affected products

External IDs

vendor:	google	model:	chrome
vendor:	aviatrix	model:	gateway
vendor:	aviatrix	model:	controller
vendor:	apple	model:	macos
vendor:	citrix	model:	gateway
vendor:	mikrotik	model:	routers
vendor:	mikrotik	model:	mikrotik routers
vendor:	mikrotik	model:	mikrotik

db:

NVD

ids:

CVE-2024-50603, CVE-2025-21225, CVE-2024-12084, CVE-2025-0282, CVE-2025-0500, CVE-2025-0501, CVE-2024-7344, CVE-2024-12686, CVE-2024-50623

Apple iOS 0-day Vulnerability Exploited Wild in Extremely Sophisticated Attack Trust: 4.0 Fetched: Feb. 11, 2025, 9:17 a.m., Published: Feb. 11, 2025, 2:22 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	ipad air
vendor:	apple	model:	iphone
vendor:	apple	model:	ipad

db:

NVD

ids:

CVE-2025-24200

Massive Brute Force Attack Targeting Networking Devices - Cyber and Fraud Centre - Scotland Trust: 3.75 Fetched: Feb. 11, 2025, 9:17 a.m., Published: Feb. 10, 2025, 2:30 p.m.	Vulnerabilities: brute force attack

Affected products

External IDs

vendor:	sonicwall	model:	remote access
vendor:	palo	model:	networks
vendor:	palo alto networks	model:	networks

Cisco IOS, IOS XE, and IOS XR Software SNMP Denial of Service Vulnerabilities - Cisco Trust: 3.75 Fetched: Feb. 11, 2025, 9:16 a.m., Published: Feb. 9, 2025, 10:12 p.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	ios xr software
vendor:	cisco	model:	ios xr
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	ios xe software

CVE-2024-46436 : Unauthorized Root Access Vulnerability in Tenda W18E Devices \| SecurityVulnerability.io Related entries in the VARIoT vulnerabilities database: VAR-202502-1067 Trust: 4.0 Fetched: Feb. 11, 2025, 9:16 a.m., Published: Feb. 10, 2025, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	tenda	model:	w18e
vendor:	tenda	model:	tenda w18e

db:

NVD

ids:

CVE-2024-46436

Google warns Android users of a kernel flaw under attack • The Register Trust: 5.5 Fetched: Feb. 11, 2025, 9:15 a.m., Published: -	Vulnerabilities: authentication bypass, code execution

Affected products

External IDs

vendor:	samsung	model:	note
vendor:	samsung	model:	mobile
vendor:	samsung	model:	notes
vendor:	samsung	model:	samsung
vendor:	google	model:	pixel
vendor:	google	model:	android
vendor:	netgear	model:	xr500
vendor:	netgear	model:	orbi

db:

NVD

ids:

CVE-2025-0088, CVE-2024-53104, CVE-2024-45569

Critical Netgear Vulnerabilities Let attackers Execute Remote Code Trust: 6.0 Fetched: Feb. 9, 2025, 9:35 a.m., Published: Feb. 5, 2025, 11:38 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	netgear	model:	netgear router
vendor:	netgear	model:	router
vendor:	netgear	model:	xr500

db:

NVD

ids:

CVE-2025-25246

15,000 Fortinet Device Configurations Exposed on Dark Web - VULNERA Related entries in the VARIoT vulnerabilities database: VAR-202210-0198, VAR-201906-0815 Trust: 4.0 Fetched: Feb. 9, 2025, 9:35 a.m., Published: Jan. 17, 2025, 7:44 p.m.	Vulnerabilities: authentication bypass

Affected products

External IDs

db:

NVD

ids:

CVE-2022-40684, CVE-2024-55591, CVE-2018-13379

Critical Zero-Day Vulnerability in Zyxel CPE Series Devices Actively Exploited - VULNERA Trust: 4.25 Fetched: Feb. 9, 2025, 9:34 a.m., Published: Jan. 29, 2025, 10:17 a.m.	Vulnerabilities: command injection

Affected products

External IDs

db:

NVD

ids:

CVE-2024-40891, CVE-2024-40890

New PoC Released For Ivanti Connect Secure RCE Vulnerability (CVE-2025-0282) Trust: 3.75 Fetched: Feb. 9, 2025, 9:33 a.m., Published: Jan. 17, 2025, 8:13 a.m.	Vulnerabilities: code execution, privilege escalation, buffer overflow

Affected products

External IDs

db:

NVD

ids:

CVE-2025-0282, CVE-2025-0283

Windows Common Log File System Zero-day Vulnerability (CVE-2024-49138) Exploited Trust: 3.75 Fetched: Feb. 9, 2025, 9:28 a.m., Published: Jan. 20, 2025, 6:28 a.m.	Vulnerabilities: privilege escalation, buffer overflow

Affected products

External IDs

db:

NVD

ids:

CVE-2024-49138

Update Canonical Ubuntu Server: USN-7258-1: CKEditor vulnerabilities Trust: 4.0 Fetched: Feb. 9, 2025, 9:28 a.m., Published: Jan. 9, 7258, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

canonical

model:

ubuntu

db:

NVD

ids:

CVE-2024-24815, CVE-2024-43411, CVE-2024-24816, CVE-2023-28439, CVE-2022-24728

Attention Android Users! Govt Issues High-Risk Warning for Android 12, 13, 14, and 15 Devices- Here's How To Stay Safe \| Technology News \| Zee News Trust: 5.25 Fetched: Feb. 9, 2025, 9:27 a.m., Published: Dec. 13, 2014, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:

google

model:

android

Critical AirPlay Vulnerabilities Discovered - Bastille Trust: 5.75 Fetched: Feb. 9, 2025, 9:27 a.m., Published: Feb. 6, 2025, 4:41 p.m.	Vulnerabilities: code execution, input validation flaw, memory corruption

Affected products

External IDs

vendor:	apple	model:	watch
vendor:	apple	model:	watchos
vendor:	apple	model:	apple tv
vendor:	apple	model:	macos
vendor:	apple	model:	tvos

db:

NVD

ids:

CVE-2025-24126, CVE-2025-24129, CVE-2025-24177, CVE-2025-24131, CVE-2025-24137

Emulators and Exploits: How QEMU Helped Researchers Uncover Critical Vulnerabilities in IoT Devices Trust: 3.75 Fetched: Feb. 9, 2025, 9:26 a.m., Published: Jan. 17, 2025, 6:45 a.m.	Vulnerabilities: integer overflow, command injection, os command injection...

Affected products	External IDs

Lexmark Printer Firmware Downgrade Prevention Vulnerability (CVE-2023-50738) - Vulnerability & Exploit Database Trust: 3.75 Fetched: Feb. 9, 2025, 9:24 a.m., Published: Feb. 4, 2025, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	lexmark	model:	lexmark printer firmware
vendor:	lexmark	model:	lexmark
vendor:	lexmark	model:	printer
vendor:	lexmark	model:	lexmark printer

db:

NVD

ids:

CVE-2023-50738

VARIoT news about IoT security