Sign-up

VARIoT news about IoT security

CISA Warns of Critical Vulnerabilities in NUUO and Reolink Devices | Windows Forum

Related entries in the VARIoT vulnerabilities database: VAR-201808-0424, VAR-202201-0642, VAR-202201-2026, VAR-201904-1024

Trust: 5.25

Fetched: Dec. 24, 2024, 9:21 a.m., Published: May 24, 2024, midnight
 Vulnerabilities: command injection, os command injection
Affected productsExternal IDs
vendor: reolink model: rlc-410w
vendor: nuuo model: crystal
vendor: nuuo model: nvrmini
vendor: nuuo model: nvrmini 2
db: NVD ids: CVE-2018-14933, CVE-2021-40407, CVE-2022-23227, CVE-2019-11001

DigiEver IoT Devices Exploited for Mirai Malware Attack

Related entries in the VARIoT vulnerabilities database: VAR-202303-1268, VAR-201810-0455

Trust: 5.5

Fetched: Dec. 24, 2024, 9:20 a.m., Published: Dec. 20, 2024, 8:12 a.m.
 Vulnerabilities: command injection, default credentials, code execution
Affected productsExternal IDs
vendor: huawei model: huawei
vendor: tp-link model: routers
db: NVD ids: CVE-2023-1389, CVE-2018-17532

"Vulnerability Assessment for Smart Home Devices | Professional Certificate"

Trust: 3.0

Fetched: Dec. 24, 2024, 9:17 a.m., Published: Dec. 24, 2024, 9:17 a.m.
 Vulnerabilities: -
Affected productsExternal IDs

Understanding and Mitigating CVE-2024-47864: A Buffer Overflow Vulnerability in Sharp Devices

Trust: 5.0

Fetched: Dec. 24, 2024, 9:15 a.m., Published: -
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2024-47864

MediaTek Bluetooth Chipset Vulnerabilities Affected of 1.5 Billion Android Users

Related entries in the VARIoT vulnerabilities database: VAR-202412-0091, VAR-202412-0282, VAR-202412-0245

Trust: 3.75

Fetched: Dec. 24, 2024, 9:14 a.m., Published: Dec. 2, 2024, 5:38 a.m.
 Vulnerabilities: information disclosure, denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2024-20132, CVE-2024-20133, CVE-2024-20134, CVE-2024-20136, CVE-2024-20135, CVE-2024-20137, CVE-2024-20128, CVE-2024-20130, CVE-2024-20138, CVE-2024-20139, CVE-2024-20129, CVE-2024-20125, CVE-2024-20131, CVE-2024-20127

Cyble Sensors Detect Attacks On Ivanti, PHP, SAML, Network Devices, And More

Related entries in the VARIoT vulnerabilities database: VAR-202303-1268

Trust: 5.5

Fetched: Dec. 24, 2024, 9:13 a.m., Published: Dec. 24, 2024, 7:58 a.m.
 Vulnerabilities: information disclosure, authentication bypass, brute force attack...
Affected productsExternal IDs
vendor: tp-link model: gateway
vendor: cisco model: cisco ios
vendor: cisco model: ios xe
vendor: cisco model: cisco ios xe
vendor: citrix model: netscaler adc
vendor: citrix model: netscaler
vendor: citrix model: gateway
db: NVD ids: CVE-2023-20198, CVE-2023-46747, CVE-2023-20273, CVE-2017-0147, CVE-2023-4966, CVE-2024-4577, CVE-2023-47643, CVE-2024-7593, CVE-2023-1389, CVE-2024-45409

New Androxgh0st botnet targets vulnerabilities in IoT devices and web applications via Mozi integration | TechRadar

Related entries in the VARIoT vulnerabilities database: VAR-202303-1268

Trust: 4.5

Fetched: Dec. 24, 2024, 9:12 a.m., Published: Dec. 22, 2024, 9:03 p.m.
 Vulnerabilities: code execution, file inclusion, command injection...
Affected productsExternal IDs
vendor: tp-link model: routers
vendor: cisco model: routers
db: NVD ids: CVE-2021-26086, CVE-2024-36401, CVE-2018-15133, CVE-2017-9841, CVE-2023-1389

SHARP Routers Vulnerabilities Lets Attacker Trigger RCE to Gain Root Acces

Trust: 4.75

Fetched: Dec. 24, 2024, 9:11 a.m., Published: Dec. 23, 2024, 5:23 a.m.
 Vulnerabilities: privilege escalation, os command injection, buffer overflow...
Affected productsExternal IDs
db: NVD ids: CVE-2024-46873, CVE-2024-54082, CVE-2024-45721, CVE-2024-47864, CVE-2024-52321

Hidden threats of IoT devices and side-channel attacks - Namecheap Blog

Trust: 3.5

Fetched: Dec. 24, 2024, 9:10 a.m., Published: Dec. 23, 2024, 9:32 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: tesla model: model

Mitigating CVE-2024-56010: Addressing the WordPress Device Detector Plugin Vulnerability

Trust: 5.0

Fetched: Dec. 24, 2024, 9:10 a.m., Published: April 2, 2000, midnight
 Vulnerabilities: script execution, cross-site scripting
Affected productsExternal IDs
db: NVD ids: CVE-2024-56010

TrueNAS device vulnerabilities exposed during hacking…

Trust: 4.0

Fetched: Dec. 24, 2024, 9:10 a.m., Published: Dec. 24, 2024, midnight
 Vulnerabilities: command injection, authentication bypass, sql injection
Affected productsExternal IDs

IT Vulnerability Report: Cleo, Windows Flaws Under Attack

Related entries in the VARIoT vulnerabilities database: VAR-202411-0293

Trust: 5.5

Fetched: Dec. 24, 2024, 9:08 a.m., Published: Dec. 16, 2024, 10:13 a.m.
 Vulnerabilities: code execution, command injection, authentication vulnerability...
Affected productsExternal IDs
vendor: palo model: networks
vendor: zabbix model: zabbix
vendor: palo alto networks model: networks
db: NVD ids: CVE-2023-6553, CVE-2024-35286, CVE-2024-51378, CVE-2024-50483, CVE-2024-49138, CVE-2024-11205, CVE-2024-50623, CVE-2024-41713, CVE-2024-11680, CVE-2024-10914, CVE-2024-42327, CVE-2024-38193, CVE-2024-49041, CVE-2024-11639, CVE-2024-38144

TrueNAS device vulnerabilities exposed during hacking competition | TechRadar

Trust: 3.0

Fetched: Dec. 24, 2024, 9:08 a.m., Published: Dec. 22, 2024, 7:38 p.m.
 Vulnerabilities: command injection, authentication bypass, sql injection
Affected productsExternal IDs

WD My Cloud Users Should Update to Avoid a Dangerous Vulnerability - UMA Technology

Related entries in the VARIoT vulnerabilities database: VAR-201809-0306

Trust: 4.25

Fetched: Dec. 22, 2024, 9:48 a.m., Published: Dec. 21, 2024, 1:32 p.m.
 Vulnerabilities: command injection, injection attack
Affected productsExternal IDs
db: NVD ids: CVE-2018-17153

How SonicWall Put MSPs ‘In A Good Position’ Amid Critical Vulnerability Threat

Trust: 5.75

Fetched: Dec. 22, 2024, 9:47 a.m., Published: Dec. 18, 2024, 11:13 a.m.
 Vulnerabilities: access control flaw
Affected productsExternal IDs
vendor: sonicwall model: sonicos
db: NVD ids: CVE-2024-40766

CVE-2024-48843 | Vulnerability Database | Aqua Security

Trust: 3.75

Fetched: Dec. 22, 2024, 9:41 a.m., Published: Dec. 5, 2024, midnight
 Vulnerabilities: denial of service, resource exhaustion
Affected productsExternal IDs
db: NVD ids: CVE-2024-48843

IT-ISAC: Vulnerability and Exploitation Action Report - Week of December 9, 2024

Trust: 4.75

Fetched: Dec. 22, 2024, 9:40 a.m., Published: Dec. 9, 2024, midnight
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: ipswitch model: whatsup gold
vendor: ipswitch model: whatsup
db: NVD ids: CVE-2024-49138, CVE-2024-10905, CVE-2024-52335, CVE-2024-8785

Update Canonical Ubuntu Desktop: USN-7178-1: DPDK vulnerability

Trust: 4.0

Fetched: Dec. 22, 2024, 9:40 a.m., Published: Jan. 22, 7178, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu

Internet of Things (IoT) Vulnerability - A Surge to 50 billion Connected Devices

Trust: 3.75

Fetched: Dec. 22, 2024, 9:39 a.m., Published: Dec. 3, 2024, midnight
 Vulnerabilities: default credentials
Affected productsExternal IDs

Breaking Down Salt Typhoon | Armis

Related entries in the VARIoT vulnerabilities database: VAR-202403-2416, VAR-202209-1931

Trust: 5.25

Fetched: Dec. 22, 2024, 9:37 a.m., Published: Dec. 18, 2024, 1:04 p.m.
 Vulnerabilities: request forgery, authentication bypass, code execution...
Affected productsExternal IDs
vendor: sophos model: firewall
vendor: sophos model: mobile
db: NVD ids: CVE-2023-46805, CVE-2024-21887, CVE-2023-48788, CVE-2021-26855, CVE-2022-3236, CVE-2021-27065