Sign-up

VARIoT news about IoT security

CVE-2025-58432: Unauthorized File Upload Vulnerability in ZimaOS - Ameeba Exploit Tracker

Trust: 5.0

Fetched: Nov. 11, 2025, 9:36 a.m., Published: Nov. 9, 2025, 3:08 p.m.
 Vulnerabilities: file upload vulnerability
Affected productsExternal IDs
db: NVD ids: CVE-2025-58432

Samsung Flaw Used To Install Landfall - CyberMaterial

Trust: 3.75

Fetched: Nov. 11, 2025, 9:36 a.m., Published: Nov. 10, 2025, 2:13 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: palo model: networks
vendor: samsung model: samsung galaxy
vendor: samsung model: galaxy
vendor: samsung model: samsung
vendor: palo alto networks model: networks
db: NVD ids: CVE-2025-21043, CVE-2025-21042

RondoDox: From Pwn2Own Vulnerabilities to Global Exploitation | eSecurity Planet

Related entries in the VARIoT vulnerabilities database: VAR-202303-1268

Trust: 4.5

Fetched: Nov. 11, 2025, 9:35 a.m., Published: Oct. 14, 2025, 4:06 p.m.
 Vulnerabilities: default credentials, command execution, authentication bypass...
Affected productsExternal IDs
vendor: four-faith model: four-faith
vendor: trend model: security
vendor: tp-link model: routers
vendor: trend micro model: security
db: NVD ids: CVE-2024-12856, CVE-2024-3721, CVE-2023-1389

ZYXEL Authorization Bypass Vulnerability Let Attackers View and Download System Configuration

Trust: 3.75

Fetched: Nov. 11, 2025, 9:34 a.m., Published: Oct. 22, 2025, 7:56 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2025-9133, CVE-2025-8078

Seven QNAP Zero-Day Vulnerabilities Exploited at Pwn2Own 2025 Now Patched

Trust: 5.5

Fetched: Nov. 11, 2025, 9:33 a.m., Published: Nov. 10, 2025, 11 a.m.
 Vulnerabilities: code execution, privilege escalation
Affected productsExternal IDs
vendor: wireshark model: wireshark
db: NVD ids: CVE-2025-62847, CVE-2025-62848, CVE-2025-62849

U.S. CISA adds Samsung mobile devices flaw to its Known Exploited Vulnerabilities catalog

Trust: 3.5

Fetched: Nov. 11, 2025, 9:32 a.m., Published: Nov. 11, 2025, 8:59 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: palo model: networks
vendor: samsung model: mobile devices
vendor: samsung model: samsung galaxy
vendor: samsung model: galaxy
vendor: samsung model: samsung mobile
vendor: samsung model: samsung
vendor: samsung model: mobile
vendor: palo alto networks model: networks
db: NVD ids: CVE-2025-21043, CVE-2025-21042

Cisco Identity Services Engine Reflected Cross-Site Scripting and Information Disclosure Vulnerabilities

Trust: 5.75

Fetched: Nov. 11, 2025, 9:30 a.m., Published: Nov. 5, 2025, 3:55 p.m.
 Vulnerabilities: cross-site scripting, information disclosure
Affected productsExternal IDs
vendor: cisco model: identity services engine
vendor: cisco model: cisco identity services engine
db: NVD ids: CVE-2025-20304, CVE-2025-20303, CVE-2025-20289, CVE-2025-20305

Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution

Trust: 4.0

Fetched: Nov. 11, 2025, 9:30 a.m., Published: Nov. 10, 2025, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: android

Samsung Zero-Day Vulnerability Exploited via WhatsApp | Luis Oria Seidel posted on the topic | LinkedIn

Trust: 3.75

Fetched: Nov. 11, 2025, 9:29 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
vendor: samsung model: samsung
db: NVD ids: CVE-2024-4944

Access Denied

Trust: 3.0

Fetched: Nov. 11, 2025, 9:29 a.m., Published: Nov. 18, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: galaxy
vendor: samsung model: samsung

TP-Link Omada Vulnerabilities Put Business Networks at Severe Risk - Read.pk

Trust: 3.75

Fetched: Nov. 11, 2025, 9:29 a.m., Published: Nov. 10, 2025, 5:28 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: tp-link model: gateway
db: NVD ids: CVE-2025-7851, CVE-2025-6541, CVE-2025-6542, CVE-2025-7850

Multiple Cisco Contact Center Products Vulnerabilities

Trust: 5.5

Fetched: Nov. 11, 2025, 9:28 a.m., Published: Nov. 5, 2025, 3:55 p.m.
 Vulnerabilities: code execution, directory traversal, improper validation...
Affected productsExternal IDs
vendor: cisco model: unified ccx
vendor: cisco model: cisco unified intelligence center
vendor: cisco model: unified intelligence center
db: NVD ids: CVE-2025-20377, CVE-2025-20375, CVE-2025-20376, CVE-2025-20374

LANDFALL: Unveiling the Hidden Android Spyware Targeting Samsung Devices

Trust: 3.75

Fetched: Nov. 11, 2025, 9:28 a.m., Published: Nov. 11, 2025, 4:31 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: palo model: networks
vendor: samsung model: mobile devices
vendor: samsung model: samsung galaxy
vendor: samsung model: galaxy
vendor: samsung model: samsung
vendor: samsung model: mobile
vendor: palo alto networks model: networks
db: NVD ids: CVE-2025-21042

CVE-2025-21042 - Samsung Mobile Devices Out-of-Bounds Write Vulnerability | ScyScan

Trust: 3.5

Fetched: Nov. 11, 2025, 9:26 a.m., Published: Nov. 10, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: mobile devices
vendor: samsung model: samsung mobile
vendor: samsung model: samsung
vendor: samsung model: mobile
db: NVD ids: CVE-2025-21042

Rebooting the government, one cyber law at a time.

Trust: 4.5

Fetched: Nov. 11, 2025, 9:26 a.m., Published: Nov. 1, 2025, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: palo model: networks
vendor: google model: android
vendor: google model: nexus
vendor: samsung model: samsung galaxy
vendor: samsung model: galaxy
vendor: samsung model: notes
vendor: samsung model: note
vendor: samsung model: samsung
vendor: palo alto networks model: networks
db: NVD ids: CVE-2025-34299, CVE-2025-21042

CVE-2025-37147 - Secure Boot Bypass allows for Compromise of Hardware Root of Trust

Trust: 3.0

Fetched: Nov. 11, 2025, 9:24 a.m., Published: Oct. 14, 2025, 5:15 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-37147

CISA Warns of Samsung Mobile Devices 0-Day RCE Vulnerability Exploited in Attacks - Cyber Web Spider Blog - News

Trust: 5.75

Fetched: Nov. 11, 2025, 9:23 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: samsung model: mobile devices
vendor: samsung model: samsung mobile
vendor: samsung model: samsung
vendor: samsung model: mobile
db: NVD ids: CVE-2025-21043, CVE-2025-21042

Advantech DeviceOn/iEdge | CISA

Trust: 4.5

Fetched: Nov. 11, 2025, 9:23 a.m., Published: Nov. 1, 2025, midnight
 Vulnerabilities: code execution, cross-site scripting, path traversal...
Affected productsExternal IDs
db: NVD ids: CVE-2025-64302, CVE-2025-59171, CVE-2025-62630, CVE-2025-58423

CVE-2025-63835 - Tenda AC18 Stack-Based Buffer Overflow Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-202511-0360

Trust: 6.0

Fetched: Nov. 11, 2025, 9:23 a.m., Published: Nov. 10, 2025, 5:15 p.m.
 Vulnerabilities: denial of service, code execution, buffer overflow
Affected productsExternal IDs
vendor: tenda model: ac18
db: NVD ids: CVE-2025-63835

IPhone Users No Longer Immune To Cyber Fraud | TheReviewHive

Trust: 4.5

Fetched: Nov. 11, 2025, 9:22 a.m., Published: Nov. 11, 2025, 6:59 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: software update
vendor: apple model: macos
vendor: apple model: ipad
vendor: apple model: iphone
db: NVD ids: CVE-2025-43300