Sign-up

VARIoT news about IoT security

Zero-Day Alert: Mirai Botnet Exploiting Unpatched Zyxel CPE Vulnerability (CVE-2024-40891)

Trust: 5.0

Fetched: Jan. 31, 2025, 9:13 a.m., Published: Jan. 31, 2025, 2:29 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-40890, CVE-2024-40891

TP-Link Vulnerability: PoC Exploit for CVE-2024-54887 Reveals Remote Code Execution Risks

Related entries in the VARIoT vulnerabilities database: VAR-202501-0795

Trust: 5.5

Fetched: Jan. 31, 2025, 9:12 a.m., Published: Jan. 21, 2025, 2:17 a.m.
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
vendor: tp-link model: wr940n
vendor: tp-link model: routers
vendor: tp-link model: tl-wr940n
db: NVD ids: CVE-2024-54887

Attackers exploit zero-day vulnerability in Zyxel CPE devices | Cybersecurity Dive

Trust: 3.75

Fetched: Jan. 31, 2025, 9:12 a.m., Published: Jan. 29, 2025, midnight
 Vulnerabilities: directory traversal, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-40890, CVE-2024-40891, CVE-2024-11667

Zyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 Vulnerability - CyberSRC

Trust: 3.0

Fetched: Jan. 31, 2025, 9:12 a.m., Published: Jan. 29, 2025, 11:37 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-40891

What Is Application Security? The Comprehensive Guide | Pathlock

Trust: 5.5

Fetched: Jan. 29, 2025, 9:43 a.m., Published: Jan. 6, 2025, 10:22 p.m.
 Vulnerabilities: request forgery, session hijacking, cross-site scripting...
Affected productsExternal IDs
vendor: zoho model: manageengine adselfservice plus
db: NVD ids: CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-26855, CVE-2021-26084, CVE-2021-21972

Google Chrome high-risk alert issued: CERT-In issues warning for Windows, Mac, and Linux users - India TV

Trust: 3.5

Fetched: Jan. 29, 2025, 9:42 a.m., Published: Jan. 28, 2025, 1:44 p.m.
 Vulnerabilities: buffer overflow, integer overflow
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: samsung model: galaxy
vendor: google model: google chrome
vendor: google model: home
vendor: google model: chrome
vendor: google model: android

Easily vulnerable Sonicwall gap: Thousands of devices still unpatched | heise online

Trust: 3.75

Fetched: Jan. 29, 2025, 9:42 a.m., Published: Jan. 28, 2025, 9:13 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: sonicwall model: sma1000
vendor: sonicwall model: ssl vpn
db: NVD ids: CVE-2025-23006

Major new online tunneling vulnerability could put…

Trust: 3.0

Fetched: Jan. 29, 2025, 9:42 a.m., Published: June 4, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-23018, CVE-2024-7596, CVE-2024-7595, CVE-2025-23019

DDoS Definition, Types, and Prevention Best Practices

Trust: 3.75

Fetched: Jan. 29, 2025, 9:40 a.m., Published: Jan. 7, 2025, 8:57 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs

What is Penetration Testing: Unveiling the Art of Cybersecurity

Trust: 3.5

Fetched: Jan. 29, 2025, 9:38 a.m., Published: Jan. 21, 2025, midnight
 Vulnerabilities: cross-site scripting, sql injection
Affected productsExternal IDs
vendor: essential model: phone

SEPE - Zyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 Vulnerability

Trust: 3.25

Fetched: Jan. 29, 2025, 9:34 a.m., Published: Jan. 29, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-40891

Apple Resolves Critical Zero-Day Flaw Impacting All Devices | Tubetorial

Trust: 3.5

Fetched: Jan. 29, 2025, 9:34 a.m., Published: Jan. 28, 2025, 9:17 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: software update
vendor: apple model: watchos

Urgent Alert for Apple Users! Protect Your Devices Now! - Hashtags Room

Related entries in the VARIoT vulnerabilities database: VAR-202501-3666

Trust: 3.75

Fetched: Jan. 29, 2025, 9:33 a.m., Published: Jan. 21, 2025, 2:12 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security
vendor: apple model: watch
vendor: apple model: ipad
vendor: apple model: apple tv
vendor: apple model: tvos
vendor: apple model: iphone
vendor: apple model: macos
vendor: apple model: watchos
db: NVD ids: CVE-2025-24085

Apple Patches 2025’s First Zero-Day Vulnerability Exploited in iPhone Attacks | Black Hat Ethical Hacking

Related entries in the VARIoT vulnerabilities database: VAR-202501-3666

Trust: 6.0

Fetched: Jan. 29, 2025, 9:33 a.m., Published: Jan. 28, 2025, 9:58 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: apple model: apple tv
vendor: apple model: macos
vendor: apple model: watch
vendor: apple model: ipad
vendor: apple model: ipad air
vendor: apple model: iphone
db: NVD ids: CVE-2025-24085

Update Your IPhone, IPad, And Mac Immediately To Address These Security Vulnerabilities | Digital Market News

Related entries in the VARIoT vulnerabilities database: VAR-202501-3666

Trust: 5.25

Fetched: Jan. 29, 2025, 9:31 a.m., Published: Jan. 27, 2025, 7:32 p.m.
 Vulnerabilities: pointer dereference issue, command injection, buffer overflow...
Affected productsExternal IDs
vendor: trend micro model: security
vendor: apple model: watch
vendor: apple model: ipad
vendor: apple model: icloud
vendor: apple model: safari
vendor: apple model: tvos
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: ipad air
vendor: apple model: macos
vendor: trend model: security
db: NVD ids: CVE-2025-24116, CVE-2025-24154, CVE-2025-24096, CVE-2025-24149, CVE-2025-24145, CVE-2025-24108, CVE-2025-24113, CVE-2025-24121, CVE-2025-24146, CVE-2025-24100, CVE-2025-24102, CVE-2025-24128, CVE-2025-24085, CVE-2025-24150, CVE-2025-24143, CVE-2025-24158, CVE-2025-24177, CVE-2025-24112, CVE-2025-24101, CVE-2025-24139, CVE-2025-24106, CVE-2025-24117, CVE-2025-24136, CVE-2025-24086, CVE-2025-24140, CVE-2025-24129, CVE-2025-24159, CVE-2025-24114, CVE-2025-24162, CVE-2025-24131, CVE-2025-24151, CVE-2025-24141, CVE-2025-24104, CVE-2025-24137, CVE-2025-24087, CVE-2025-24118, CVE-2025-24109, CVE-2025-24138, CVE-2025-24130, CVE-2025-24160, CVE-2025-24115, CVE-2025-24152, CVE-2025-24163, CVE-2025-24161, CVE-2025-24169, CVE-2025-24092, CVE-2025-24127, CVE-2025-24153, CVE-2025-24134, CVE-2025-24166, CVE-2025-24124, CVE-2025-24103, CVE-2025-24123, CVE-2025-24176, CVE-2025-24122, CVE-2025-24094, CVE-2025-24174, CVE-2025-24126, CVE-2025-24135, CVE-2024-9956, CVE-2025-24107

Cybersecurity Threat Advisory: Apple iOS zero-day vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-202501-3666

Trust: 4.75

Fetched: Jan. 29, 2025, 9:30 a.m., Published: Jan. 28, 2025, 8:59 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: barracuda model: barracuda
vendor: apple model: macos
db: NVD ids: CVE-2025-24085

Update Canonical Ubuntu Desktop: USN-7223-1: OpenJPEG vulnerabilities

Trust: 6.25

Fetched: Jan. 29, 2025, 9:30 a.m., Published: Jan. 29, 7223, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2024-56827, CVE-2024-56826

Critical MediaTek Processor Vulnerability Exposes Millions of Devices

Related entries in the VARIoT vulnerabilities database: VAR-202501-0596

Trust: 6.0

Fetched: Jan. 29, 2025, 9:29 a.m., Published: Jan. 3, 2025, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: home
db: NVD ids: CVE-2024-20154

Fortinet Authentication Vulnerability Exploited to Gain Super-Admin Access

Trust: 4.5

Fetched: Jan. 29, 2025, 9:29 a.m., Published: Jan. 28, 2025, 10:04 a.m.
 Vulnerabilities: authentication bypass, authentication vulnerability, privilege escalation
Affected productsExternal IDs
vendor: fortigate model: fortios
vendor: node.js model: node.js
db: NVD ids: CVE-2024-55591

Apple zero-day vulnerability under attack on iOS devices | TechTarget

Related entries in the VARIoT vulnerabilities database: VAR-202501-3666

Trust: 3.75

Fetched: Jan. 29, 2025, 9:28 a.m., Published: Jan. 28, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: tvos
vendor: apple model: watchos
db: NVD ids: CVE-2024-44309, CVE-2025-24085, CVE-2024-44308