Sign-up

VARIoT news about IoT security

Critical Vulnerabilities in AirPlay Protocol Affecting Multiple Apple Devices | Oligo Security

Trust: 5.5

Fetched: Jan. 31, 2025, 9:18 a.m., Published: Jan. 28, 2025, midnight
 Vulnerabilities: denial of service, code execution, input validation issue
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: watch
vendor: apple model: apple tv
vendor: apple model: iphone
db: NVD ids: CVE-2025-24126, CVE-2025-24137, CVE-2025-24177, CVE-2025-24129, CVE-2025-24131

New Zero-Day Vulnerability Hits Zyxel Devices

Trust: 5.0

Fetched: Jan. 31, 2025, 9:18 a.m., Published: Jan. 30, 2025, 8:05 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-40890, CVE-2024-40891

Unpatched CVE-2024-40891: A Critical Zero-Day Vulnerability in Zyxel CPE Devices Under Active Exploitation - UNDERCODE NEWS

Trust: 3.75

Fetched: Jan. 31, 2025, 9:16 a.m., Published: Jan. 29, 2025, 6:59 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-40890, CVE-2024-40891

Hackers Allegedly Selling Fortinet Exploit on Dark Web Forums

Trust: 4.75

Fetched: Jan. 31, 2025, 9:16 a.m., Published: Jan. 29, 2025, 3 p.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: node.js model: node.js
db: NVD ids: CVE-2024-55591

Critical Vulnerabilities in New Rock Technologies Devices: Immediate Cybersecurity Alert | Windows Forum

Trust: 4.75

Fetched: Jan. 31, 2025, 9:15 a.m., Published: May 31, 2025, midnight
 Vulnerabilities: command injection, os command injection
Affected productsExternal IDs
vendor: essential model: phone
db: NVD ids: CVE-2025-0681, CVE-2025-0680

Apple patches actively exploited zero-day vulnerability on iOS devices | TechSpot

Trust: 3.75

Fetched: Jan. 31, 2025, 9:14 a.m., Published: Jan. 31, 5090, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: watchos
vendor: apple model: macos
vendor: apple model: safari
vendor: apple model: tvos
vendor: apple model: webkit
vendor: apple model: iphone

New Rock Technologies Cloud Connected Devices | CISA

Trust: 4.5

Fetched: Jan. 31, 2025, 9:14 a.m., Published: Jan. 31, 2024, midnight
 Vulnerabilities: command injection, os command injection
Affected productsExternal IDs
db: NVD ids: CVE-2025-0681, CVE-2025-0680

Zero-Day Alert: Mirai Botnet Exploiting Unpatched Zyxel CPE Vulnerability (CVE-2024-40891)

Trust: 5.0

Fetched: Jan. 31, 2025, 9:13 a.m., Published: Jan. 31, 2025, 2:29 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-40890, CVE-2024-40891

TP-Link Vulnerability: PoC Exploit for CVE-2024-54887 Reveals Remote Code Execution Risks

Related entries in the VARIoT vulnerabilities database: VAR-202501-0795

Trust: 5.5

Fetched: Jan. 31, 2025, 9:12 a.m., Published: Jan. 21, 2025, 2:17 a.m.
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
vendor: tp-link model: wr940n
vendor: tp-link model: routers
vendor: tp-link model: tl-wr940n
db: NVD ids: CVE-2024-54887

Attackers exploit zero-day vulnerability in Zyxel CPE devices | Cybersecurity Dive

Trust: 3.75

Fetched: Jan. 31, 2025, 9:12 a.m., Published: Jan. 29, 2025, midnight
 Vulnerabilities: directory traversal, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-40890, CVE-2024-40891, CVE-2024-11667

Zyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 Vulnerability - CyberSRC

Trust: 3.0

Fetched: Jan. 31, 2025, 9:12 a.m., Published: Jan. 29, 2025, 11:37 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-40891

What Is Application Security? The Comprehensive Guide | Pathlock

Trust: 5.5

Fetched: Jan. 29, 2025, 9:43 a.m., Published: Jan. 6, 2025, 10:22 p.m.
 Vulnerabilities: request forgery, session hijacking, cross-site scripting...
Affected productsExternal IDs
vendor: zoho model: manageengine adselfservice plus
db: NVD ids: CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-26855, CVE-2021-26084, CVE-2021-21972

Google Chrome high-risk alert issued: CERT-In issues warning for Windows, Mac, and Linux users - India TV

Trust: 3.5

Fetched: Jan. 29, 2025, 9:42 a.m., Published: Jan. 28, 2025, 1:44 p.m.
 Vulnerabilities: buffer overflow, integer overflow
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: samsung model: galaxy
vendor: google model: google chrome
vendor: google model: home
vendor: google model: chrome
vendor: google model: android

Easily vulnerable Sonicwall gap: Thousands of devices still unpatched | heise online

Trust: 3.75

Fetched: Jan. 29, 2025, 9:42 a.m., Published: Jan. 28, 2025, 9:13 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: sonicwall model: sma1000
vendor: sonicwall model: ssl vpn
db: NVD ids: CVE-2025-23006

Major new online tunneling vulnerability could put…

Trust: 3.0

Fetched: Jan. 29, 2025, 9:42 a.m., Published: June 4, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-23018, CVE-2024-7596, CVE-2024-7595, CVE-2025-23019

DDoS Definition, Types, and Prevention Best Practices

Trust: 3.75

Fetched: Jan. 29, 2025, 9:40 a.m., Published: Jan. 7, 2025, 8:57 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs

What is Penetration Testing: Unveiling the Art of Cybersecurity

Trust: 3.5

Fetched: Jan. 29, 2025, 9:38 a.m., Published: Jan. 21, 2025, midnight
 Vulnerabilities: cross-site scripting, sql injection
Affected productsExternal IDs
vendor: essential model: phone

SEPE - Zyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 Vulnerability

Trust: 3.25

Fetched: Jan. 29, 2025, 9:34 a.m., Published: Jan. 29, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-40891

Apple Resolves Critical Zero-Day Flaw Impacting All Devices | Tubetorial

Trust: 3.5

Fetched: Jan. 29, 2025, 9:34 a.m., Published: Jan. 28, 2025, 9:17 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: software update
vendor: apple model: watchos

Urgent Alert for Apple Users! Protect Your Devices Now! - Hashtags Room

Related entries in the VARIoT vulnerabilities database: VAR-202501-3666

Trust: 3.75

Fetched: Jan. 29, 2025, 9:33 a.m., Published: Jan. 21, 2025, 2:12 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security
vendor: apple model: watch
vendor: apple model: ipad
vendor: apple model: apple tv
vendor: apple model: tvos
vendor: apple model: iphone
vendor: apple model: macos
vendor: apple model: watchos
db: NVD ids: CVE-2025-24085