Sign-up

VARIoT news about IoT security

Hackers Exploiting TP-Link Vulnerability to Gain Root Access

Trust: 4.5

Fetched: March 18, 2025, 9:16 a.m., Published: March 17, 2025, 6:29 a.m.
 Vulnerabilities: authentication bypass, brute force attack
Affected productsExternal IDs
vendor: tp-link model: wr840n
vendor: tp-link model: tl-wr841n
vendor: tp-link model: wr841n
vendor: tp-link model: routers
vendor: tp-link model: tl-wr840n
db: NVD ids: CVE-2024-57040

CISA KEV Catalog Update: Five High-Risk Vulnerabilities to Watch | Windows Forum

Related entries in the VARIoT vulnerabilities database: VAR-202304-1067

Trust: 4.5

Fetched: March 18, 2025, 9:15 a.m., Published: May 18, 2025, midnight
 Vulnerabilities: arbitrary command execution, command injection, privilege escalation...
Affected productsExternal IDs
vendor: hitachi vantara model: pentaho
vendor: hitachi vantara model: pentaho business analytics
vendor: cisco model: small business rv
vendor: cisco model: series routers
vendor: cisco model: rv016
vendor: cisco model: rv042
vendor: cisco model: rv320
vendor: cisco model: router
vendor: cisco model: small business
vendor: cisco model: cisco routers
vendor: cisco model: small business rv series routers
vendor: cisco model: series
vendor: cisco model: rv082
vendor: cisco model: rv042g
vendor: cisco model: routers
vendor: cisco model: rv325
vendor: cisco model: cisco small business
vendor: hitachi model: vantara pentaho
db: NVD ids: CVE-2022-43939, CVE-2023-20118, CVE-2018-8639, CVE-2024-4885, CVE-2022-43769

CVE-2025-2369 : Stack-Based Buffer Overflow Vulnerability in TOTOLINK EX1800T Devices | SecurityVulnerability.io

Related entries in the VARIoT vulnerabilities database: VAR-202503-0542

Trust: 4.25

Fetched: March 18, 2025, 9:15 a.m., Published: March 17, 2025, 9:15 a.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2025-2369

CVE-2024-53032 - VMware ESXi Keyboard Virtual Device Memory Corruption Vulnerability

Trust: 3.0

Fetched: March 18, 2025, 9:14 a.m., Published: March 3, 2025, 11:15 a.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs
db: NVD ids: CVE-2024-53032

If you're using an Apple device, update it right now to avoid a zero-day vulnerability - MSPoweruser

Trust: 4.0

Fetched: March 18, 2025, 9:14 a.m., Published: March 12, 2025, 11:51 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: ipad air
vendor: apple model: iphone
vendor: apple model: webkit
vendor: apple model: ipad
vendor: apple model: safari
db: NVD ids: CVE-2025-24201

How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932 - Microsoft Support

Trust: 4.5

Fetched: March 18, 2025, 9:11 a.m., Published: May 9, 2023, midnight
 Vulnerabilities: security feature bypass, feature bypass
Affected productsExternal IDs
vendor: apple model: macos
db: NVD ids: CVE-2023-24932

Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution

Trust: 5.0

Fetched: March 18, 2025, 9:08 a.m., Published: March 12, 2025, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: android

Update your iPhone now: Apple patches vulnerability used in “extremely sophisticated attacks” | Malwarebytes

Trust: 3.75

Fetched: March 18, 2025, 9:06 a.m., Published: March 12, 2025, 5:07 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: ipad air
vendor: apple model: webkit
vendor: apple model: ipad
vendor: apple model: macos
vendor: apple model: software update
vendor: apple model: iphone
vendor: apple model: safari
db: NVD ids: CVE-2025-24201

Siemens SINAMICS S200 Bootloader Vulnerability Allows Attackers to Compromise the Device - Rewterz

Trust: 3.75

Fetched: March 18, 2025, 9:04 a.m., Published: March 16, 2025, 11:10 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: sinamics
db: NVD ids: CVE-2024-56336

Marco Ortisi - Vulnerability Research and Exploitation on Edge Devices | defcontrainings

Trust: 3.25

Fetched: March 18, 2025, 9:04 a.m., Published: March 18, 2025, midnight
 Vulnerabilities: command injection, sql injection
Affected productsExternal IDs
vendor: citrix model: netscaler
vendor: sophos model: mobile
vendor: sophos model: firewall

Weekly Threat Landscape Digest - Week 9 - HawkEye

Related entries in the VARIoT vulnerabilities database: VAR-202304-1067

Trust: 4.25

Fetched: March 16, 2025, 9:36 a.m., Published: Feb. 28, 2025, 6:59 p.m.
 Vulnerabilities: privilege escalation, improper access control, information disclosure...
Affected productsExternal IDs
vendor: synology model: drive
vendor: apple model: macos
vendor: apple model: watch
vendor: asus model: routers
vendor: asus model: asus
vendor: rockwell automation model: automation powerflex
vendor: moxa model: pt-7828 series
vendor: moxa model: pt-7728
vendor: google model: android
vendor: google model: nexus
vendor: cisco model: nexus 3000
vendor: cisco model: cisco small business
vendor: cisco model: series
vendor: cisco model: routers
vendor: cisco model: nx-os
vendor: cisco model: meeting
vendor: cisco model: meeting app
vendor: cisco model: nexus
vendor: cisco model: series switches
vendor: cisco model: small business
vendor: rockwell model: automation powerflex
vendor: huawei model: huawei
db: NVD ids: CVE-2024-9404, CVE-2024-51505, CVE-2023-20118, CVE-2025-25279, CVE-2025-20111, CVE-2024-12510, CVE-2024-39327, CVE-2024-39328, CVE-2025-24989, CVE-2025-24928, CVE-2024-0148, CVE-2025-1128, CVE-2025-27113, CVE-2025-27364, CVE-2025-24490, CVE-2024-4464, CVE-2024-12511, CVE-2024-56171, CVE-2025-0631, CVE-2025-20051

CVE-2025-27840: Vulnerability Exploitation in Espressif ESP32 Bluetooth Chips Can Lead to Unauthorized Access to Devices - Source: socprime.com - CISO2CISO.COM & CYBER SECURITY GROUP

Trust: 3.5

Fetched: March 16, 2025, 9:36 a.m., Published: March 12, 2025, 6:04 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: motorola model: droid
vendor: motorola model: motorola
vendor: motorola model: razr hd
db: NVD ids: CVE-2025-27840

A vulnerability in the SecureROM of some Apple devices... · CVE-2019-8900 · GitHub Advisory Database · GitHub

Trust: 3.0

Fetched: March 16, 2025, 9:35 a.m., Published: Feb. 22, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2019-8900

Update Canonical Ubuntu Desktop: USN-7345-1: .NET vulnerability

Trust: 3.25

Fetched: March 16, 2025, 9:34 a.m., Published: Jan. 16, 7345, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu

Critical Vulnerabilities in Keysight Ixia Vision: Essential Insights for Windows Admins | Windows Forum

Trust: 4.5

Fetched: March 16, 2025, 9:34 a.m., Published: May 16, 2025, midnight
 Vulnerabilities: privilege escalation, path traversal, buffer overflow...
Affected productsExternal IDs
db: NVD ids: CVE-2025-21095, CVE-2025-23416, CVE-2025-24521, CVE-2025-24494

CVE-2025-26312 : CAPTCHA Bypass Vulnerability in SendQuick Entera Devices | SecurityVulnerability.io

Trust: 3.25

Fetched: March 16, 2025, 9:33 a.m., Published: March 14, 2025, 6:15 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-26312

Edimax Camera RCE Vulnerability Exploited to Spread Mirai Malware

Related entries in the VARIoT vulnerabilities database: VAR-202407-2448

Trust: 4.75

Fetched: March 16, 2025, 9:33 a.m., Published: March 14, 2025, 12:35 p.m.
 Vulnerabilities: default credentials, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-7214, CVE-2025-1316

Tenda AC7 Routers Vulnerability Let Attackers Gain Root Shell With Malicious Payload

Trust: 4.25

Fetched: March 16, 2025, 9:33 a.m., Published: March 13, 2025, 10:24 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: tenda model: router

Apache Tomcat Vulnerability Exposes Servers to RCE Attacks

Trust: 4.0

Fetched: March 16, 2025, 9:32 a.m., Published: March 11, 2025, 9:18 a.m.
 Vulnerabilities: privilege escalation, path traversal, information disclosure...
Affected productsExternal IDs
db: NVD ids: CVE-2024-56337, CVE-2024-50379, CVE-2025-24813

Apache Pinot Vulnerability Let Attackers Bypass Authentication

Trust: 5.5

Fetched: March 16, 2025, 9:32 a.m., Published: March 12, 2025, 12:24 a.m.
 Vulnerabilities: privilege escalation, script execution, authentication bypass...
Affected productsExternal IDs
vendor: trend model: security
vendor: trend micro model: security
db: NVD ids: CVE-2024-56325, CVE-2024-48721, CVE-2024-35253