Sign-up

VARIoT news about IoT security

Researchers Hacked Industrial Remote Access Gateway Tool to Gain Root Access

Trust: 5.75

Fetched: Aug. 14, 2024, 9:23 a.m., Published: Aug. 12, 2024, 9:03 a.m.
 Vulnerabilities: os command injection, command execution, arbitrary command execution...
Affected productsExternal IDs
vendor: hms networks model: ewon cosy
db: NVD ids: CVE-2024-33896, CVE-2024-33897, CVE-2024-33894

Chained for attack: OpenVPN vulnerabilities discovered leading to RCE and LPE | Microsoft Security Blog

Trust: 3.5

Fetched: Aug. 14, 2024, 9:21 a.m., Published: Aug. 8, 2024, 6 p.m.
 Vulnerabilities: code execution, privilege escalation, integer overflow...
Affected productsExternal IDs
db: NVD ids: CVE-2024-24974, CVE-2024-1305, CVE-2024-27459, CVE-2024-27903

[BRLY-DVA-2023-026] SMM memory corruption vulnerability in combined DXE/SMM driver on Fujitsu device (SMRAM write)

Trust: 3.75

Fetched: Aug. 14, 2024, 9:19 a.m., Published: July 2, 2024, midnight
 Vulnerabilities: memory corruption
Affected productsExternal IDs
db: NVD ids: CVE-2024-25079

[AL-102] Critical Vulnerability in Sonos Smart Speakers

Trust: 4.25

Fetched: Aug. 14, 2024, 9:19 a.m., Published: Aug. 14, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: sonos model: sonos
db: NVD ids: CVE-2023-50809

Critical Juniper Networks, D-Link, and GitLab Alerts - Spiceworks

Related entries in the VARIoT vulnerabilities database: VAR-202401-0919

Trust: 3.75

Fetched: Aug. 14, 2024, 9:18 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: d-link model: router
vendor: d-link model: dir-859
db: NVD ids: CVE-2024-4901, CVE-2024-2973, CVE-2024-5655, CVE-2024-0769, CVE-2024-6323, CVE-2024-4994, CVE-2024-2177

CERT-EU - Critical Vulnerabilities in Cisco Products

Trust: 5.0

Fetched: Aug. 14, 2024, 9:17 a.m., Published: -
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: cisco asyncos
vendor: cisco model: advanced malware protection
vendor: cisco model: asyncos
db: NVD ids: CVE-2024-20419, CVE-2024-20401

Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain Attack

Trust: 3.75

Fetched: Aug. 14, 2024, 9:09 a.m., Published: June 26, 2024, 4:24 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-2961, CVE-2024-34102

CISA and FBI Release Secure by Design Alert on Eliminating OS Command Injection Vulnerabilities | CISA

Trust: 4.0

Fetched: Aug. 14, 2024, 9:08 a.m., Published: Aug. 14, 2023, midnight
 Vulnerabilities: os command injection, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-21887, CVE-2024-3400, CVE-2024-20399

CVE-2024-37037 - Apache Device Path Traversal Vulnerability

Trust: 5.0

Fetched: Aug. 14, 2024, 9:07 a.m., Published: June 12, 2024, 5:15 p.m.
 Vulnerabilities: path traversal
Affected productsExternal IDs
db: NVD ids: CVE-2024-37037

VLC Media Player Vulnerabilities Allow Remote Code Execution

Trust: 3.0

Fetched: Aug. 14, 2024, 9:06 a.m., Published: June 12, 2024, 9:47 a.m.
 Vulnerabilities: path traversal, integer overflow, code execution
Affected productsExternal IDs

CLFS Vulnerability Let Hackers Trigger BSOD Error On All Versions Of Windows 10 & 11 - Cyber Security News

Trust: 3.0

Fetched: Aug. 13, 2024, 9:27 a.m., Published: Aug. 13, 2024, 6:25 a.m.
 Vulnerabilities: system crash, denial of service, improper validation
Affected productsExternal IDs
db: NVD ids: CVE-2024-6768

Govt issues high risk warning for Qualcomm and MediaTek chipset-based Android smartphones - India Today

Trust: 4.0

Fetched: Aug. 13, 2024, 9:24 a.m., Published: Aug. 8, 2024, 6:48 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: google model: android

D-Link DAP-1650 EOL Device Directory Traversal Vulnerability... - vulnerability database | Vulners.com

Trust: 5.75

Fetched: Aug. 13, 2024, 9:24 a.m., Published: July 19, 2024, midnight
 Vulnerabilities: directory traversal
Affected productsExternal IDs
vendor: d-link model: dap-1650 firmware
vendor: d-link model: dap-1650_firmware
vendor: d-link model: dap-1650
vendor: dlink model: dap-1650 firmware
vendor: dlink model: dap-1650_firmware
vendor: dlink model: dap-1650
db: NVD ids: CVE-2024-40505

DIVD-2024-00011 - Six vulnerabilities in Enphase IQ Gateway devices | DIVD CSIRT

Trust: 4.75

Fetched: Aug. 13, 2024, 9:24 a.m., Published: Aug. 2, 2024, midnight
 Vulnerabilities: command execution
Affected productsExternal IDs
vendor: enphase model: envoy
db: NVD ids: CVE-2024-21878, CVE-2020-25754

Google fixes Android kernel RCE bug under active exploit • The Register

Trust: 5.75

Fetched: Aug. 13, 2024, 9:18 a.m., Published: -
 Vulnerabilities: code execution, denial of service
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2024-36971, CVE-2024-23350

Bunch of IoT CVEs

Related entries in the VARIoT vulnerabilities database: VAR-202407-2600, VAR-202104-0017, VAR-202107-0029, VAR-202104-0019, VAR-202102-0064, VAR-202104-0039, VAR-202407-2661, VAR-202104-0040, VAR-202104-0018, VAR-202407-2682, VAR-202102-0140, VAR-202407-2571, VAR-202102-0065, VAR-202407-2554, VAR-202407-2538, VAR-202407-2625, VAR-202104-0016, VAR-202407-2626, VAR-202104-0042, VAR-202102-0139, VAR-202104-0041, VAR-202407-2555, VAR-202407-2514, VAR-202102-0138, VAR-202407-2539, VAR-202407-2513, VAR-202102-0137, VAR-202407-2660, VAR-202407-2627

Trust: 5.25

Fetched: Aug. 13, 2024, 9:16 a.m., Published: July 30, 2024, 7:17 a.m.
 Vulnerabilities: request forgery, information disclosure, command injection...
Affected productsExternal IDs
vendor: epson model: connect
vendor: zoom model: client
db: NVD ids: CVE-2019-20460, CVE-2020-11923, CVE-2019-20467, CVE-2020-11925, CVE-2020-11915, CVE-2019-20463, CVE-2020-11916, CVE-2019-20464, CVE-2020-11924, CVE-2019-20472, CVE-2019-20473, CVE-2019-20462, CVE-2020-11920, CVE-2019-20458, CVE-2019-20461, CVE-2019-20469, CVE-2020-11922, CVE-2019-20459, CVE-2019-20466, CVE-2019-20471, CVE-2019-20465, CVE-2020-11918, CVE-2020-11917, CVE-2019-20470, CVE-2020-11921, CVE-2019-20457, CVE-2019-20468, CVE-2020-11926, CVE-2020-11919

Cisco Identity Services Engine Stored XSS Vulnerabilities (cis... | Tenable®

Trust: 3.0

Fetched: Aug. 13, 2024, 9:16 a.m., Published: Aug. 9, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: cisco identity services engine
vendor: cisco model: identity services engine

QuickShell Security Flaw Exposes Google Quick Share Users to Remote Attacks

Trust: 5.75

Fetched: Aug. 13, 2024, 9:15 a.m., Published: Aug. 12, 2024, 8:48 a.m.
 Vulnerabilities: directory traversal
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: google model: android
vendor: google model: chrome os
vendor: google model: chrome
db: NVD ids: CVE-2024-38271, CVE-2024-38272

Microsoft Security SC-200 Exam Dumps, SC-200 Practice Test Questions - PrepAway

Trust: 4.75

Fetched: Aug. 13, 2024, 9:14 a.m., Published: -
 Vulnerabilities: script execution
Affected productsExternal IDs
vendor: ring model: ring

Qualcomm's Adreno GPU Vulnerabilities Affect Billions of Android Devices

Related entries in the VARIoT vulnerabilities database: VAR-202408-2138

Trust: 5.5

Fetched: Aug. 13, 2024, 9:13 a.m., Published: Aug. 12, 2024, 9:51 a.m.
 Vulnerabilities: code execution, improper memory management, denial of service...
Affected productsExternal IDs
vendor: oneplus model: oneplus
vendor: oneplus model: one
vendor: google model: android
vendor: samsung model: mobile
vendor: samsung model: samsung
db: NVD ids: CVE-2024-21481, CVE-2024-21479, CVE-2024-23350, CVE-2024-23352, CVE-2024-23353