Sign-up

VARIoT news about IoT security

Cisco Identity Services Engine XML External Entity Processing Information Disclosure Vulnerability

Trust: 5.0

Fetched: Jan. 13, 2026, 9:45 a.m., Published: Jan. 7, 2026, 3:54 p.m.
 Vulnerabilities: information disclosure
Affected productsExternal IDs
vendor: cisco model: cisco identity services engine
vendor: cisco model: identity services engine

React2Shell Vulnerability Exploited to Build Massive IoT Botnet - Hackers Arise

Related entries in the VARIoT vulnerabilities database: VAR-202303-1268

Trust: 4.5

Fetched: Jan. 13, 2026, 9:44 a.m., Published: Jan. 8, 2026, 1:56 p.m.
 Vulnerabilities: sql injection, code execution
Affected productsExternal IDs
vendor: hikvision model: hikvision
db: NVD ids: CVE-2025-55182, CVE-2023-1389, CVE-2025-24893, CVE-2025-66478

Remote Code Execution Vulnerability in React and Next.js Frameworks: December 2025

Trust: 5.75

Fetched: Jan. 13, 2026, 9:43 a.m., Published: Dec. 17, 2025, 10:37 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: cisco model: finesse
vendor: cisco model: webex
vendor: cisco model: cisco finesse
vendor: cisco model: catalyst
vendor: cisco model: sd-wan
vendor: cisco model: webex meetings
vendor: cisco model: email encryption

CVE-2023-44112: Device Authentication Module Out-of-Bounds Access Vulnerability - Ameeba Exploit Tracker

Trust: 4.75

Fetched: Jan. 13, 2026, 9:42 a.m., Published: Nov. 30, 0001, midnight
 Vulnerabilities: bounds access flaw, bounds access vulnerability
Affected productsExternal IDs
db: NVD ids: CVE-2023-44112

CVE-2026-0855 - Merit LILIN|IP Camera - OS Command Injection

Trust: 6.0

Fetched: Jan. 13, 2026, 9:41 a.m., Published: Jan. 12, 2026, 7:16 a.m.
 Vulnerabilities: command injection, os command injection
Affected productsExternal IDs
db: NVD ids: CVE-2026-0855

CVE-2025-32470: Remote Unauthenticated IP Address Change Vulnerability - Ameeba Exploit Tracker

Trust: 5.25

Fetched: Jan. 13, 2026, 9:41 a.m., Published: Nov. 30, 0001, midnight
 Vulnerabilities: address change vulnerability
Affected productsExternal IDs
db: NVD ids: CVE-2025-32470

What Is Industrial Internet of Things (IIoT) Security? - Palo Alto Networks

Trust: 4.25

Fetched: Jan. 13, 2026, 9:40 a.m., Published: Jan. 6, 2026, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: palo alto networks model: networks
vendor: palo model: networks

Cisco identifies vulnerability in ISE network access control devices

Trust: 4.75

Fetched: Jan. 13, 2026, 9:39 a.m., Published: Jan. 8, 2026, midnight
 Vulnerabilities: default credentials
Affected productsExternal IDs
vendor: cisco model: identity services engine
vendor: cisco model: network access control
vendor: cisco systems model: identity services engine
vendor: cisco systems model: network access control
db: NVD ids: CVE-2026-20029

CVE-2025-3646 - Petlibro Smart Pet Feeder Platform through 1.7.31 Authorization Bypass via Device Share API

Trust: 4.0

Fetched: Jan. 13, 2026, 9:38 a.m., Published: Jan. 4, 2026, 12:15 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-3646

RondoDox Botnet Exploits Critical React2Shell Flaw to Hijack IoT Devices and Web Servers

Related entries in the VARIoT vulnerabilities database: VAR-202303-1268

Trust: 3.75

Fetched: Jan. 13, 2026, 9:34 a.m., Published: Jan. 1, 2026, 9:19 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-55182, CVE-2023-1389, CVE-2025-24893

CVE-2026-0853 A-Plus Video Technologies AP-RM864P, AP-RM86... CVETodo

Trust: 3.75

Fetched: Jan. 13, 2026, 9:34 a.m., Published: Jan. 12, 2026, 4:15 a.m.
 Vulnerabilities: default credentials, information disclosure
Affected productsExternal IDs
db: NVD ids: CVE-2026-08531, CVE-2026-0853

CVE-2025-68657 - espressif/usb_host_hid Double-Free Race Condition in USB Host HID Device Close Path - SecAlerts

Trust: 3.0

Fetched: Jan. 13, 2026, 9:33 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-68657

Patchday: Dolby Digital security vulnerability in Android closed | heise online

Trust: 3.5

Fetched: Jan. 13, 2026, 9:31 a.m., Published: Jan. 6, 2026, 12:20 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: google model: android
db: NVD ids: CVE-2025-54957

TOTOLINK EX200 Vulnerability Allows Full Device Takeover via Unauthenticated Telnet

Trust: 3.0

Fetched: Jan. 13, 2026, 9:31 a.m., Published: Jan. 7, 2026, 1:55 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-65606

CVE vulnerability via command injection in D-Link

Trust: 3.25

Fetched: Jan. 13, 2026, 9:30 a.m., Published: Jan. 10, 2026, 9:30 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs

CVE-2025-66176 - Hikvision Access Control Stack Overflow Vulnerability

Trust: 4.0

Fetched: Jan. 13, 2026, 9:29 a.m., Published: Jan. 13, 2026, 3:16 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: hikvision model: hikvision
db: NVD ids: CVE-2025-66176

IoT vulnerabilities and security in connected devices

Trust: 4.0

Fetched: Jan. 13, 2026, 9:28 a.m., Published: Dec. 20, 2025, 2:43 p.m.
 Vulnerabilities: privilege escalation, default credentials, code execution
Affected productsExternal IDs
vendor: google model: home
vendor: google model: wifi

CVE-2025-64093 - Unauthenticated Remote Code Execution via the device hostname

Trust: 5.0

Fetched: Jan. 13, 2026, 9:27 a.m., Published: Jan. 9, 2026, 10:15 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-64093

CVE-2026-0625 - D-Link DSL/DIR/DNS Command Injection via DNS Configuration Endpoint

Trust: 5.5

Fetched: Jan. 13, 2026, 9:27 a.m., Published: Jan. 5, 2026, 10:15 p.m.
 Vulnerabilities: command injection, code execution, access control vulnerability...
Affected productsExternal IDs
vendor: d-link model: dsl-2740r
vendor: d-link model: dsl-2640b
vendor: dlink model: dsl-2740r
vendor: dlink model: dsl-2640b
db: NVD ids: CVE-2026-0625

CVE-2025-66176 Hikvision DS-K1T331, DS-K1T341A/K1T341B, DS... CVETodo

Trust: 4.5

Fetched: Jan. 13, 2026, 9:26 a.m., Published: Jan. 13, 2026, 3:16 a.m.
 Vulnerabilities: improper validation, buffer overflow, code execution
Affected productsExternal IDs
vendor: hikvision model: hikvision
db: NVD ids: CVE-2025-66176, CVE-2025-661761