Sign-up

VARIoT news about IoT security

Zero-Days, Active Exploits, and Botnets: Key Cybersecurity risks of the week | Weely Reports | Loginsoft

Related entries in the VARIoT vulnerabilities database: VAR-201805-0262, VAR-202210-0198, VAR-202110-1691, VAR-202501-3666, VAR-201805-0263, VAR-202203-0233, VAR-201810-0455

Trust: 6.5

Fetched: Feb. 5, 2025, 9:32 a.m., Published: Jan. 31, 2025, midnight
 Vulnerabilities: input validation vulnerability, authentication bypass, request forgery...
Affected productsExternal IDs
vendor: apple model: cups
vendor: teltonika model: rut9xx
vendor: teltonika model: rut9xx routers
vendor: fortigate model: fortios
vendor: cups model: cups
vendor: sonicwall model: sma1000
db: NVD ids: CVE-2022-25168, CVE-2024-41710, CVE-2021-38647, CVE-2021-26084, CVE-2018-10561, CVE-2022-24847, CVE-2022-40684, CVE-2021-27905, CVE-2024-47176, CVE-2024-40891, CVE-2022-41040, CVE-2022-30023, CVE-2021-41773, CVE-2025-23006, CVE-2023-46747, CVE-2022-31137, CVE-2023-23752, CVE-2022-47945, CVE-2023-26801, CVE-2025-24085, CVE-2018-10562, CVE-2022-22947, CVE-2023-38646, CVE-2018-17532, CVE-2021-26086

Zyxel Security Advisory: Urgent Need for Device Replacement Due to Critical Vulnerabilities in CPE Series - UNDERCODE NEWS

Trust: 4.5

Fetched: Feb. 5, 2025, 9:30 a.m., Published: Feb. 4, 2025, 9:35 p.m.
 Vulnerabilities: default credentials, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-40891, CVE-2025-0890

Are Your Devices Safe? Critical Android and Linux Vulnerabilities Found | B2Bdaily.com

Trust: 5.5

Fetched: Feb. 5, 2025, 9:29 a.m., Published: Feb. 4, 2025, 12:41 p.m.
 Vulnerabilities: memory corruption, denial of service, code execution...
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2025-0099, CVE-2024-45569, CVE-2025-0097, CVE-2025-0103, CVE-2025-0108, CVE-2025-0111, CVE-2024-39441, CVE-2024-53104, CVE-2024-49721, CVE-2025-0104, CVE-2025-0098

D-Link Technical Support

Related entries in the VARIoT vulnerabilities database: VAR-202503-2605

Trust: 4.75

Fetched: Feb. 5, 2025, 9:28 a.m., Published: Feb. 5, 3788, midnight
 Vulnerabilities: code execution, buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2024-57440

Google Patches Linux Kernel RCE Vulnerability in Android, Allowing Unauthorized Read/Write Access

Trust: 6.0

Fetched: Feb. 5, 2025, 9:28 a.m., Published: Feb. 4, 2025, 2:10 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2024-53104

Exploitation of Critical Vulnerability CVE-2025-23006 in SonicWall SMA1000 Series Appliances - Cyber Security Review

Trust: 4.5

Fetched: Feb. 5, 2025, 9:27 a.m., Published: Jan. 23, 2025, 8:20 a.m.
 Vulnerabilities: certificate validation vulnerability, command execution, path traversal
Affected productsExternal IDs
vendor: mitel model: micollab
vendor: sonicwall model: ssl vpn
vendor: sonicwall model: secure mobile access
vendor: sonicwall model: sma1000
vendor: sonicwall model: remote access
db: NVD ids: CVE-2025-23006, CVE-2024-55550, CVE-2024-41713, CVE-2024-48865

Google Patched Linux Kernel Vulnerability In Android Allows Attackers Gain Write Access

Trust: 4.5

Fetched: Feb. 5, 2025, 9:27 a.m., Published: Feb. 4, 2025, 11:40 a.m.
 Vulnerabilities: memory corruption, privilege escalation, code execution...
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2025-0135, CVE-2024-45569, CVE-2025-0100, CVE-2025-0110, CVE-2025-0102, CVE-2025-0120, CVE-2025-0109, CVE-2025-0121, CVE-2025-0118, CVE-2025-0106, CVE-2025-0125, CVE-2025-0108, CVE-2025-0128, CVE-2025-0117, CVE-2025-0105, CVE-2025-0114, CVE-2025-0123, CVE-2025-0124, CVE-2025-0129, CVE-2025-0130, CVE-2025-0126, CVE-2025-0132, CVE-2025-0104, CVE-2025-0098, CVE-2025-0099, CVE-2025-0097, CVE-2025-0119, CVE-2025-0113, CVE-2024-39441, CVE-2025-0088, CVE-2025-0107, CVE-2025-0115, CVE-2025-0131, CVE-2024-53104, CVE-2025-0122, CVE-2025-0133, CVE-2025-0103, CVE-2025-0111, CVE-2025-0127, CVE-2025-0134, CVE-2025-0112, CVE-2025-0116, CVE-2025-0101, CVE-2024-49721, CVE-2024-51567

The TechCrunch Cyber Glossary | TechCrunch

Trust: 4.5

Fetched: Feb. 5, 2025, 9:24 a.m., Published: Jan. 31, 2025, 2 p.m.
 Vulnerabilities: code execution, denial of service
Affected productsExternal IDs
vendor: sony model: camera

Multiple Vulnerabilities in Google Android OS Could Allow for Privilege Escalation

Trust: 5.0

Fetched: Feb. 5, 2025, 9:23 a.m., Published: Feb. 4, 2025, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: google model: android

CVE-2025-20882 : Out-of-bounds Write Vulnerability in Samsung Mobile's libsthmbc.so | SecurityVulnerability.io

Trust: 3.75

Fetched: Feb. 5, 2025, 9:23 a.m., Published: Feb. 4, 2025, 7:19 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung mobile
vendor: samsung model: samsung
vendor: samsung model: mobile
db: NVD ids: CVE-2025-20882

Critical Vulnerability Alert: Schneider Electric Modicon M340 Affected | Windows Forum

Trust: 4.5

Fetched: Feb. 5, 2025, 9:17 a.m., Published: May 5, 2025, midnight
 Vulnerabilities: information disclosure, denial of service
Affected productsExternal IDs
vendor: schneider model: bmxnor0200h
vendor: schneider model: control expert
vendor: schneider model: software update
vendor: schneider model: m340
vendor: schneider model: bmxnoe0100
vendor: schneider model: modicon m340
vendor: schneider model: modicon m340 bmxnoe0100
vendor: schneider electric model: bmxnor0200h
vendor: schneider electric model: control expert
vendor: schneider electric model: software update
vendor: schneider electric model: m340
vendor: schneider electric model: bmxnoe0100
vendor: schneider electric model: modicon m340
vendor: schneider electric model: modicon m340 bmxnoe0100
db: NVD ids: CVE-2024-12142

Exploitation of vulnerability in Zyxel CPE targets legacy routers | Cybersecurity Dive

Trust: 3.75

Fetched: Feb. 5, 2025, 9:16 a.m., Published: Feb. 4, 2025, midnight
 Vulnerabilities: default credentials, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-40891, CVE-2024-40890, CVE-2025-0890

Google Patches Critical Kernel Vulnerability in Android Devices: CVE-2024-53104 - UNDERCODE NEWS

Trust: 5.5

Fetched: Feb. 5, 2025, 9:11 a.m., Published: Feb. 4, 2025, 4:28 p.m.
 Vulnerabilities: privilege escalation, buffer overflow
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2024-53104

CVE-2024-40891 : Command Injection Vulnerability in Zyxel DSL CPE Firmware | SecurityVulnerability.io

Trust: 4.25

Fetched: Feb. 5, 2025, 9:10 a.m., Published: Feb. 4, 2025, 10:02 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-40891

CVE-2024-53104: Critical Zero-Day Vulnerability Patched in February 2025 Android Security Update

Trust: 5.75

Fetched: Feb. 5, 2025, 9:10 a.m., Published: Feb. 4, 2025, 12:49 a.m.
 Vulnerabilities: memory corruption, privilege escalation, improper validation
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2024-53104, CVE-2024-45569, CVE-2025-0088

Zyxel security advisory for command injection and insecure default credentials vulnerabilities in certain legacy DSL CPE | Zyxel Networks

Trust: 5.25

Fetched: Feb. 5, 2025, 9:09 a.m., Published: Feb. 7, 2025, midnight
 Vulnerabilities: default credentials, command injection
Affected productsExternal IDs
vendor: zyxel model: vmg8924-b10a
vendor: zyxel model: vmg8324-b10a
vendor: zyxel model: vmg1312-b10a
vendor: zyxel model: vmg4380-b10a
db: NVD ids: CVE-2024-40891, CVE-2024-40890, CVE-2025-0890

Apple Releases Critical Security Updates to Patch Actively Exploited Zero-Day Vulnerability - ToolsLib Blog

Related entries in the VARIoT vulnerabilities database: VAR-202501-3666

Trust: 4.75

Fetched: Feb. 5, 2025, 9:08 a.m., Published: Feb. 4, 2025, 6:33 p.m.
 Vulnerabilities: authentication bypass, information exposure, command injection...
Affected productsExternal IDs
vendor: apple model: ipad
vendor: apple model: iphone
vendor: apple model: software update
vendor: apple model: apple tv
vendor: apple model: safari
vendor: apple model: macos
vendor: apple model: watch
vendor: apple model: ipad air
db: NVD ids: CVE-2023-32434, CVE-2025-24085

CVE-2025-24085 affecting Apple devices | Threat Intel

Related entries in the VARIoT vulnerabilities database: VAR-202501-3666

Trust: 4.75

Fetched: Feb. 5, 2025, 9:07 a.m., Published: Feb. 4, 2025, midnight
 Vulnerabilities: memory corruption, code execution
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: watchos
vendor: apple model: tvos
db: NVD ids: CVE-2025-24085

Fix Critical CVE-2025-0960 in C-more EA9 HMI

Trust: 5.5

Fetched: Feb. 5, 2025, 9:06 a.m., Published: Feb. 5, 2025, midnight
 Vulnerabilities: memory corruption, code execution, denial of service...
Affected productsExternal IDs
vendor: automationdirect model: c-more
db: NVD ids: CVE-2025-0960

Fortinet Confirms Exploitation Of ‘Critical’ Vulnerability In FortiOS, FortiProxy

Trust: 4.75

Fetched: Feb. 4, 2025, 9:39 a.m., Published: Jan. 14, 2025, 1:06 p.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: fortigate model: fortios
vendor: node.js model: node.js
db: NVD ids: CVE-2024-55591