Sign-up

VARIoT news about IoT security

Evaluate and Secure Your Network with Vulnerability Scans

Trust: 3.0

Fetched: Feb. 10, 2023, 9:09 a.m., Published: Feb. 10, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs

QNAP NAS Devices at Risk of Remote Malicious Code Injection | Black Hat Ethical Hacking

Trust: 3.25

Fetched: Feb. 10, 2023, 9:04 a.m., Published: Jan. 31, 2023, 8:29 a.m.
 Vulnerabilities: code injection
Affected productsExternal IDs

Critical Code Injection Flaw on QNAP NAS Devices | SecureTeam

Trust: 5.0

Fetched: Feb. 10, 2023, 9:03 a.m., Published: Feb. 1, 2023, 1:25 p.m.
 Vulnerabilities: injection attack, code injection, sql injection
Affected productsExternal IDs
db: NVD ids: CVE-2022-27596

Critical Infrastructure at Risk from New Vulnerabilities Found in Wireless IIoT Devices

Related entries in the VARIoT vulnerabilities database: VAR-202301-0630, VAR-202301-0629

Trust: 4.75

Fetched: Feb. 10, 2023, 9:03 a.m., Published: Feb. 9, 2023, 2:09 p.m.
 Vulnerabilities: command injection, privilege escalation, code execution...
Affected productsExternal IDs
vendor: siemens model: automation license manager
db: NVD ids: CVE-2022-46650, CVE-2022-46649, CVE-2022-40981, CVE-2022-41607, CVE-2022-43513, CVE-2022-43514, CVE-2022-3703

QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates - iHash

Trust: 4.75

Fetched: Feb. 8, 2023, 9:27 a.m., Published: Jan. 31, 2023, 4:06 a.m.
 Vulnerabilities: code injection, injection attack, sql injection
Affected productsExternal IDs
db: NVD ids: CVE-2022-27596

ImageMagick vulnerabilities can cause DoS, information leak - epicapplications

Trust: 4.75

Fetched: Feb. 8, 2023, 9:27 a.m., Published: Feb. 8, 2023, 8:01 a.m.
 Vulnerabilities: information leak, information leakage, denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2022-44267, CVE-2022-44268

A Not-yet-detailed Vulnerability is Directly Affecting Automotive Products - Cybellum

Trust: 3.0

Fetched: Feb. 8, 2023, 9:21 a.m., Published: Feb. 7, 2023, 1:01 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2022-33216

February 2023 update fixes four Pixel bugs, over 40 vulnerabilities

Trust: 3.75

Fetched: Feb. 8, 2023, 9:21 a.m., Published: Feb. 8, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: android
vendor: google model: pixel
vendor: samsung model: galaxy
vendor: samsung model: mobile
vendor: samsung model: notes

Update Android devices to avoid privilege escalation, urges tech group | SC Media

Trust: 5.0

Fetched: Feb. 8, 2023, 9:20 a.m., Published: Feb. 7, 2023, 11:18 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: google model: android

Critical Baicells Device Vulnerability Can Expose Telecoms Networks to Snooping

Trust: 5.0

Fetched: Feb. 8, 2023, 9:20 a.m., Published: Feb. 3, 2023, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2023-24508

Google Announces Vulnerability Scanner for Open Source Developers - SecurityWeek

Trust: 3.0

Fetched: Feb. 8, 2023, 9:20 a.m., Published: Dec. 14, 2022, 4:19 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android

Finding Cisco 7800 and 8800 series IP phone assets on your network

Related entries in the VARIoT vulnerabilities database: VAR-202212-0864

Trust: 5.75

Fetched: Feb. 8, 2023, 9:19 a.m., Published: Feb. 8, 7800, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: cisco model: ip phones
vendor: cisco model: ip phone 8821
vendor: cisco model: ip phone 7800
vendor: cisco model: voice vlan
vendor: cisco model: series
vendor: cisco model: wireless ip phone 8821
vendor: cisco model: ip phone
vendor: cisco model: series ip phones
db: NVD ids: CVE-2022-20968

Security Advisory: Remote Command Execution in binwalk - ONEKEY

Trust: 4.5

Fetched: Feb. 8, 2023, 9:19 a.m., Published: Jan. 31, 2023, 1:54 p.m.
 Vulnerabilities: code execution, directory traversal, path traversal...
Affected productsExternal IDs
db: NVD ids: CVE-2022-4510

Update Android devices to avoid privilege escalation, urges tech group | SC Media

Trust: 5.0

Fetched: Feb. 8, 2023, 9:18 a.m., Published: Feb. 7, 2023, 11:18 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: google model: android

Microsoft Warns of Boa Web Server Risks After Hackers Target It in Power Grid Attacks - SecurityWeek

Trust: 4.75

Fetched: Feb. 8, 2023, 9:18 a.m., Published: Nov. 23, 2022, 12:32 p.m.
 Vulnerabilities: code execution, information disclosure
Affected productsExternal IDs
vendor: realtek model: realtek sdk
db: NVD ids: CVE-2021-33558, CVE-2017-9833

Vulnerability in QTS and QuTS hero - Security Advisory | QNAP

Trust: 3.25

Fetched: Feb. 8, 2023, 9:17 a.m., Published: May 6, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-27596

High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation - SecurityWeek

Trust: 3.0

Fetched: Feb. 8, 2023, 9:16 a.m., Published: Feb. 3, 2023, midnight
 Vulnerabilities: code execution, authentication bypass, privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2023-20854

Security Advisories

Related entries in the VARIoT vulnerabilities database: VAR-202211-1027, VAR-201504-0262, VAR-202211-1056, VAR-202302-0213, VAR-202205-1535, VAR-202205-1536, VAR-202301-0952, VAR-202211-0677, VAR-202211-1102, VAR-202301-0961, VAR-202301-0962, VAR-202301-0957, VAR-202211-0485, VAR-202210-1371, VAR-202211-0351, VAR-202211-1003, VAR-202301-1375, VAR-202301-1643, VAR-202205-1557, VAR-202301-0958

Trust: 5.5

Fetched: Feb. 8, 2023, 9:16 a.m., Published: -
 Vulnerabilities: request forgery, improper access control, cross-site scripting...
Affected productsExternal IDs
vendor: cisco model: routers
vendor: cisco model: cisco asyncos
vendor: cisco model: cisco expressway
vendor: cisco model: data center network manager
vendor: cisco model: cisco prime infrastructure
vendor: cisco model: identity services engine
vendor: cisco model: unified communications manager session management edition
vendor: cisco model: iox application
vendor: cisco model: rv042
vendor: cisco model: expressway
vendor: cisco model: unified communications manager
vendor: cisco model: cisco prime data center network manager
vendor: cisco model: cisco identity services engine
vendor: cisco model: prime infrastructure
vendor: cisco model: unified communications
vendor: cisco model: ip phone 7800
vendor: cisco model: rv016
vendor: cisco model: industrial network director
vendor: cisco model: cisco iox application
vendor: cisco model: cisco telepresence video communication server
vendor: cisco model: asyncos
vendor: cisco model: expressway series
vendor: cisco model: prime data center network manager
vendor: cisco model: cisco email security appliance
vendor: cisco model: cisco telepresence
vendor: cisco model: telepresence
vendor: cisco model: cisco unified communications manager
vendor: cisco model: small business
vendor: cisco model: cisco industrial network director
vendor: cisco model: cisco iox
vendor: cisco model: asyncos software
vendor: cisco model: rv042g
vendor: cisco model: series
vendor: cisco model: ip phone
vendor: cisco model: cisco small business
vendor: cisco model: email security appliance
vendor: cisco model: telepresence video communication server
vendor: cisco model: rv082
db: NVD ids: CVE-2022-20965, CVE-2023-20021, CVE-2015-0666, CVE-2022-20964, CVE-2023-20057, CVE-2023-20076, CVE-2022-20807, CVE-2022-20809, CVE-2023-20018, CVE-2022-20951, CVE-2023-20022, CVE-2022-20967, CVE-2023-20026, CVE-2023-20025, CVE-2023-20038, CVE-2023-20030, CVE-2022-20956, CVE-2022-20822, CVE-2022-20958, CVE-2022-20966, CVE-2023-20040, CVE-2023-20068, CVE-2023-20010, CVE-2023-20023, CVE-2022-20806, CVE-2023-20037
db: CISCO ids: CISCO-SA-20150401-DCNM

RCE in Avaya Aura Device Services - Assetnote

Trust: 3.5

Fetched: Feb. 8, 2023, 9:15 a.m., Published: Feb. 1, 2023, midnight
 Vulnerabilities: code execution, cross-site scripting, directory traversal...
Affected productsExternal IDs

IoT Devices the Target of Realtek Jungle SDK Vulnerability

Trust: 5.5

Fetched: Feb. 8, 2023, 9:15 a.m., Published: Feb. 1, 2023, 8:46 p.m.
 Vulnerabilities: code execution, command injection, buffer overflow
Affected productsExternal IDs
vendor: asus model: asus
vendor: asus model: routers
db: NVD ids: CVE-2021-35394