Sign-up

VARIoT news about IoT security

Zyxel says it won’t patch security flaws in its old routers | TechRadar

Trust: 4.75

Fetched: Feb. 7, 2025, 9:18 a.m., Published: Feb. 6, 2025, 3:10 p.m.
 Vulnerabilities: default credentials
Affected productsExternal IDs
vendor: zyxel model: vmg8924-b10a
vendor: zyxel model: vmg8324-b10a
vendor: zyxel model: vmg4380-b10a
vendor: zyxel model: vmg1312-b10a
db: NVD ids: CVE-2024-40890, CVE-2024-40891, CVE-2025-0890

CISA Adds Apache, Microsoft Bugs to Know Exploited Vulnerabilities Database

Related entries in the VARIoT vulnerabilities database: VAR-201807-1874

Trust: 4.75

Fetched: Feb. 7, 2025, 9:17 a.m., Published: Feb. 5, 2025, 5:54 a.m.
 Vulnerabilities: file inclusion, command injection, local file inclusion...
Affected productsExternal IDs
vendor: paessler model: prtg network monitor
db: NVD ids: CVE-2018-9276, CVE-2024-29059, CVE-2018-19410, CVE-2024-45195

Google warns Android users of a zero-day vulnerability

Trust: 3.75

Fetched: Feb. 7, 2025, 9:15 a.m., Published: Feb. 5, 2025, 3:40 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
vendor: samsung model: galaxy
vendor: samsung model: samsung
db: NVD ids: CVE-2024-53104, CVE-2024-45569

Cisco IOS SNMP Vulnerabilities Allow Attackers to Launch DoS Attacks"

Trust: 3.75

Fetched: Feb. 7, 2025, 9:14 a.m., Published: Feb. 6, 2025, 9:11 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: ios xr
vendor: cisco model: cisco ios xr
vendor: cisco model: ios xe
vendor: cisco model: cisco ios
vendor: cisco model: ios xr software
db: NVD ids: CVE-2025-20170, CVE-2025-20171, CVE-2025-20169

Update Canonical Ubuntu Server: USN-7254-1: OpenJDK 21 vulnerability

Trust: 3.25

Fetched: Feb. 7, 2025, 9:14 a.m., Published: Jan. 7, 7254, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu

Update Canonical Ubuntu Server: USN-7252-1: OpenJDK 11 vulnerability

Trust: 3.25

Fetched: Feb. 7, 2025, 9:14 a.m., Published: Jan. 7, 7252, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu

Update Canonical Ubuntu Server: USN-7253-1: OpenJDK 17 vulnerability

Trust: 3.25

Fetched: Feb. 7, 2025, 9:13 a.m., Published: Jan. 7, 7253, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu

Medical monitoring machines spotted stealing patient data • The Register

Trust: 5.5

Fetched: Feb. 7, 2025, 9:13 a.m., Published: -
 Vulnerabilities: authentication bypass, command injection, code execution
Affected productsExternal IDs
vendor: cisco model: routers
vendor: cisco model: series
db: NVD ids: CVE-2025-0683, CVE-2024-40891, CVE-2024-12248, CVE-2025-22604, CVE-2025-0626, CVE-2025-21415

Re: OpenSSL vulnerability in icls driver version 1.71.99.0 - Intel Community

Trust: 3.0

Fetched: Feb. 7, 2025, 9:13 a.m., Published: May 13, 2024, 5:53 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell model: optiplex
vendor: dell model: bios

Update Canonical Ubuntu Server: USN-7257-1: Kerberos vulnerability

Trust: 3.25

Fetched: Feb. 7, 2025, 9:12 a.m., Published: Jan. 7, 7257, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu

Cisco IOS, IOS XE, and IOS XR Software SNMP Denial of Service Vulnerabilities

Trust: 3.75

Fetched: Feb. 7, 2025, 9:11 a.m., Published: Feb. 5, 2025, 6:17 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: ios xe
vendor: cisco model: ios xr
vendor: cisco model: ios xe software
vendor: cisco model: ios xr software
vendor: cisco model: cisco ios

Apache Cassandra Vulnerability Let Attackers Gain Access to the Data Centers

Trust: 4.25

Fetched: Feb. 7, 2025, 9:11 a.m., Published: Feb. 4, 2025, 1:07 p.m.
 Vulnerabilities: authorization vulnerability
Affected productsExternal IDs
db: NVD ids: CVE-2025-24860

Cisco Expressway Series Cross-Site Scripting Vulnerability

Trust: 5.0

Fetched: Feb. 7, 2025, 9:10 a.m., Published: Feb. 5, 2025, 3:57 p.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
vendor: cisco model: cisco expressway
vendor: cisco model: expressway series
vendor: cisco model: expressway
vendor: cisco model: series

Android Security Bulletin February 2025 | Android Open Source Project

Related entries in the VARIoT vulnerabilities database: VAR-202502-0055

Trust: 4.25

Fetched: Feb. 7, 2025, 9:09 a.m., Published: Feb. 7, 2025, midnight
 Vulnerabilities: information disclosure, denial of service, code execution
Affected productsExternal IDs
vendor: motorola model: motorola
vendor: motorola model: android
vendor: google model: android
vendor: google model: pixel
vendor: samsung model: mobile
vendor: samsung model: samsung
vendor: samsung model: notes
vendor: samsung model: note
vendor: huawei model: huawei
db: NVD ids: CVE-2024-47892, CVE-2023-40135, CVE-2025-0098, CVE-2023-40137, CVE-2024-20141, CVE-2025-0094, CVE-2024-49723, CVE-2025-0015, CVE-2024-38404, CVE-2024-43705, CVE-2024-20142, CVE-2024-53104, CVE-2024-49721, CVE-2024-52935, CVE-2024-38420, CVE-2025-0099, CVE-2025-0088, CVE-2023-40134, CVE-2025-0091, CVE-2024-49746, CVE-2023-40136, CVE-2024-46973, CVE-2023-40133, CVE-2025-20634, CVE-2024-0037, CVE-2025-0096, CVE-2024-49741, CVE-2023-40122, CVE-2024-39441, CVE-2025-0097, CVE-2024-49743, CVE-2024-49729, CVE-2025-20636, CVE-2025-20635, CVE-2023-40138, CVE-2023-40139, CVE-2025-0095, CVE-2025-0100

Hackers Could Exploit GPU Vulnerabilities to Take Complete Control of Your Device

Trust: 3.75

Fetched: Feb. 7, 2025, 9:08 a.m., Published: Feb. 5, 2025, 11:50 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android
vendor: samsung model: samsung
db: NVD ids: CVE-2022-22706, CVE-2021-39793

Hard-Coded Passwords are Still a Medical Device Vulnerability in 2020

Trust: 4.0

Fetched: Feb. 7, 2025, 9:07 a.m., Published: Feb. 7, 2020, midnight
 Vulnerabilities: password guessing
Affected productsExternal IDs
vendor: baxter model: prismaflex

Canon Printer Vulnerabilities Let Attackers Execute Arbitrary Code Remotely

Trust: 5.75

Fetched: Feb. 7, 2025, 9:06 a.m., Published: Jan. 30, 2025, 3:38 p.m.
 Vulnerabilities: memory corruption, buffer overflow
Affected productsExternal IDs
vendor: google model: wi-fi router
db: NVD ids: CVE-2024-12649, CVE-2024-12648, CVE-2024-12647

Netgear warns users to patch critical WiFi router vulnerabilities - Security & Privacy News - Nsane Forums

Trust: 3.5

Fetched: Feb. 5, 2025, 9:35 a.m., Published: Feb. 5, 2025, 4:50 a.m.
 Vulnerabilities: cross-site scripting, code execution, authentication bypass
Affected productsExternal IDs
vendor: netgear model: n300
vendor: netgear model: wnr614
vendor: netgear model: xr500 firmware
vendor: netgear model: netgear router
vendor: netgear model: router
vendor: netgear model: xr500

Fortinet Zero-day Vulnerability (CVE-2024-55591) Exploited in Wild

Trust: 5.0

Fetched: Feb. 5, 2025, 9:34 a.m., Published: Jan. 15, 2025, 12:02 a.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: node.js model: node.js
db: NVD ids: CVE-2024-55591

Understanding and Mitigating CVE-2025-23673: WordPress Email on Publish Plugin Vulnerability

Trust: 5.0

Fetched: Feb. 5, 2025, 9:33 a.m., Published: Feb. 1, 2025, midnight
 Vulnerabilities: session hijacking, cross-site request forgery, request forgery
Affected productsExternal IDs
db: NVD ids: CVE-2025-23673