Sign-up

VARIoT news about IoT security

How Do Hackers Target IoT Devices?

Trust: 3.25

Fetched: June 30, 2024, 9:40 a.m., Published: June 23, 2024, 5:09 p.m.
 Vulnerabilities: weak password, default password
Affected productsExternal IDs

Decoding Router Vulnerabilities Exploited by Mirai: Insights from Honeypot Data - Cybernoz

Related entries in the VARIoT vulnerabilities database: VAR-202303-1268, VAR-201502-0201, VAR-202205-0957

Trust: 6.25

Fetched: June 30, 2024, 9:39 a.m., Published: June 4, 2024, 2:59 p.m.
 Vulnerabilities: default credentials, code execution, command execution...
Affected productsExternal IDs
vendor: netgear model: router
vendor: d-link model: dir-645
vendor: d-link model: router
vendor: sonicwall model: remote access
vendor: tp-link model: routers
db: NVD ids: CVE-2023-1389, CVE-2015-2051, CVE-2022-30525

IOT SECURITY: PROTECTING THE INTERNET OF THINGS ECOSYSTEM

Trust: 3.5

Fetched: June 30, 2024, 9:39 a.m., Published: June 3, 2024, midnight
 Vulnerabilities: default credentials, denial of service
Affected productsExternal IDs

Critical Wi-Fi Vulnerability CVE-2024-30078 Threatens All Windows Devices: Patch Now - Pablosec

Trust: 4.0

Fetched: June 30, 2024, 9:38 a.m., Published: June 14, 2024, 6:14 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-30078

“vulnerabilities” Archive · Frontend Dogma

Trust: 3.5

Fetched: June 30, 2024, 9:37 a.m., Published: June 15, 2024, midnight
 Vulnerabilities: command injection, code injection
Affected productsExternal IDs
vendor: nodejs model: node.js
vendor: node.js model: node.js

New Vulnerability Discovered in Android Devices Raises Security Concerns - Time Machine

Trust: 3.5

Fetched: June 30, 2024, 9:37 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
vendor: google model: pixel
db: NVD ids: CVE-2024-32896, CVE-2024-54321

Zyxel fixes Critical Vulnerability in its NAS devices -CVE-2024-29973

Trust: 5.75

Fetched: June 30, 2024, 9:36 a.m., Published: June 24, 2024, 2:53 p.m.
 Vulnerabilities: command injection, code execution
Affected productsExternal IDs
vendor: zyxel model: nas542
vendor: zyxel model: nas326
db: NVD ids: CVE-2024-36522, CVE-2024-29973, CVE-2023-27992, CVE-2024-29972

PoC Exploit Released for Linux Kernel Privilege Escalation Flaw

Trust: 3.75

Fetched: June 30, 2024, 9:34 a.m., Published: June 5, 2024, 4:23 a.m.
 Vulnerabilities: integer overflow, privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2023-3390

Network security - Microsoft Service Assurance | Microsoft Learn

Trust: 3.0

Fetched: June 30, 2024, 9:32 a.m., Published: June 20, 2024, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs

ZKTeco Biometric System Found Vulnerable to 24 Critical Security Flaws

Trust: 3.5

Fetched: June 30, 2024, 9:29 a.m., Published: June 14, 2024, 8:09 a.m.
 Vulnerabilities: sql injection, buffer overflow, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2023-3940, CVE-2023-3938, CVE-2023-3942, CVE-2023-3941, CVE-2023-3939, CVE-2023-3943

Critical Cybersecurity Vulnerabilities in Smart Home Devices Uncovered in New Research - CEPRO

Trust: 3.25

Fetched: June 30, 2024, 9:27 a.m., Published: June 28, 2024, 1:52 p.m.
 Vulnerabilities: buffer overflow, code execution, memory corruption...
Affected productsExternal IDs

What Is CVE? Common Vulnerabilities and Exposures | NinjaOne

Related entries in the VARIoT vulnerabilities database: VAR-202008-0248, VAR-201404-0592, VAR-202107-1010, VAR-201703-0755

Trust: 3.75

Fetched: June 30, 2024, 9:25 a.m., Published: June 5, 2024, 11:07 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2020-1472, CVE-2014-0160, CVE-2019-0708, CVE-2024-20666, CVE-2021-34527, CVE-2023-5129, CVE-2022-1234, CVE-2017-0144, CVE-2017-5638

Electronics | Free Full-Text | Security Analysis of Low-Budget IoT Smart Home Appliances Embedded Software and Connectivity

Trust: 5.0

Fetched: June 30, 2024, 9:22 a.m., Published: Jan. 30, 2024, midnight
 Vulnerabilities: buffer overflow, command injection, denial of service
Affected productsExternal IDs
vendor: philips model: hue bridge 2.0
vendor: philips model: hue bridge
vendor: philips hue model: hue bridge 2.0
vendor: philips hue model: hue bridge
vendor: samsung model: mobile
vendor: samsung smartthings model: mobile
vendor: home assistant model: home assistant
vendor: wireshark model: wireshark
vendor: tp-link model: gateway
vendor: wemo model: mini smart plug
vendor: phillips model: hue bridge 2.0
vendor: phillips model: hue bridge
db: NVD ids: CVE-2023-4346, CVE-2023-27217

Vulnerability to Cyberattacks and Sociotechnical Solutions for Health Care Systems: Systematic Review - PMC

Trust: 3.75

Fetched: June 30, 2024, 9:18 a.m., Published: June 30, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security

Zero-day vulnerabilities in temperature monitors could leak patient data | SC Media

Trust: 4.25

Fetched: June 30, 2024, 9:17 a.m., Published: June 28, 2024, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2024-31202

Critical MOVEit vulnerability puts huge swaths of the Internet at severe risk | Ars Technica

Trust: 3.0

Fetched: June 30, 2024, 9:17 a.m., Published: June 26, 2024, 11:31 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-5806

Mitigating Medical Device Vulnerabilities in Critical - Ordr

Trust: 3.0

Fetched: June 30, 2024, 9:16 a.m., Published: March 28, 2022, 6:56 p.m.
 Vulnerabilities: -
Affected productsExternal IDs

CVE-2024-2424 Rockwell Automation Input/Output Device Vulner... - vulnerability database | Vulners.com

Trust: 5.25

Fetched: June 30, 2024, 9:15 a.m., Published: April 15, 2024, 9:26 p.m.
 Vulnerabilities: input validation vulnerability
Affected productsExternal IDs
db: NVD ids: CVE-2024-2424

TP-Link Omada Vulnerabilities - Attackers Execute Remote Code

Trust: 4.5

Fetched: June 30, 2024, 9:15 a.m., Published: June 27, 2024, 7:32 a.m.
 Vulnerabilities: buffer overflow, code execution, command execution...
Affected productsExternal IDs
vendor: cisco model: wireless access point
vendor: cisco model: access points
vendor: cisco model: routers
vendor: cisco model: router
vendor: tp-link model: routers

Fix Possible Memory Leak in bnxt_rdma_aux_device_init() (CVE-2024-35972) | SecurityVulnerability.io - SecuirtyVulnerability.io

Trust: 3.25

Fetched: June 30, 2024, 9:14 a.m., Published: June 30, 2024, midnight
 Vulnerabilities: memory leak
Affected productsExternal IDs
db: NVD ids: CVE-2024-35972