Sign-up

VARIoT news about IoT security

IT Vulnerability Weekly Report: Cyble Urges Fixes For Fortinet, Palo Alto & More

Trust: 5.5

Fetched: Oct. 18, 2024, 9:26 a.m., Published: Oct. 18, 2024, 8:37 a.m.
 Vulnerabilities: privilege escalation, format string vulnerability, os command injection...
Affected productsExternal IDs
vendor: google model: android
vendor: google model: google chrome
vendor: google model: chrome
vendor: palo model: networks
vendor: palo model: firewall
vendor: palo model: pan-os
vendor: cisco model: firepower
vendor: cisco model: adaptive security appliance
vendor: cisco model: firepower threat defense
vendor: cisco model: cisco finesse
vendor: cisco model: finesse
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: palo alto networks model: pan-os
db: NVD ids: CVE-2024-20404, CVE-2024-9465, CVE-2024-9464, CVE-2024-20353, CVE-2024-23113, CVE-2024-9164, CVE-2024-38816, CVE-2024-9466, CVE-2024-7479, CVE-2024-40711, CVE-2024-30088, CVE-2024-38178, CVE-2024-30052, CVE-2024-42640, CVE-2024-0044, CVE-2024-45200, CVE-2024-7481, CVE-2024-9463, CVE-2024-45519, CVE-2024-5830, CVE-2024-9379, CVE-2024-45409, CVE-2024-9467, CVE-2024-6769, CVE-2024-9486

High-Risk Vulnerability Found in MediaTek Wi-Fi Chips

Trust: 4.75

Fetched: Oct. 18, 2024, 9:25 a.m., Published: Sept. 5, 2024, 1:53 p.m.
 Vulnerabilities: address corruption, code execution, buffer overflow...
Affected productsExternal IDs
db: NVD ids: CVE-2024-20017

Camera Vulnerability: Tutorial, Sample CVEs, and Best Practices - SecuriThings

Related entries in the VARIoT vulnerabilities database: VAR-201804-0561, VAR-202001-0856, VAR-201705-3742, VAR-201807-0267, VAR-201806-0699, VAR-201806-0696, VAR-202004-2030, VAR-201806-0698, VAR-201803-2290, VAR-201705-3762, VAR-201011-0101, VAR-201812-0472

Trust: 6.0

Fetched: Oct. 18, 2024, 9:22 a.m., Published: -
 Vulnerabilities: buffer overflow, directory traversal, code execution...
Affected productsExternal IDs
vendor: d-link model: dcs-2103
vendor: genie access model: wip3bvaf
vendor: axis model: axis
vendor: axis model: ip cameras
vendor: foscam model: ip camera
vendor: foscam model: system
vendor: foscam model: c1 indoor hd cameras
vendor: foscam model: foscam
vendor: bosch model: ip cameras
vendor: bosch model: bosch ip cameras
vendor: hikvision model: ip cameras
vendor: hikvision model: hikvision
vendor: dahua model: camera
vendor: dahua model: ip camera
vendor: dahua model: camera firmware
db: NVD ids: CVE-2017-2871, CVE-2013-2574, CVE-2017-7923, CVE-2017-3223, CVE-2018-10661, CVE-2022-2471, CVE-2018-10664, CVE-2020-6852, CVE-2022-30563, CVE-2018-10662, CVE-2018-7698, CVE-2017-7921, CVE-2021-23849, CVE-2020-25748, CVE-2010-4231, CVE-2018-19036

Security Advisory | Rockwell Automation

Trust: 3.75

Fetched: Oct. 18, 2024, 9:21 a.m., Published: May 16, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: rockwell model: guardlogix
vendor: rockwell model: controllogix
vendor: rockwell automation model: guardlogix
vendor: rockwell automation model: controllogix
db: NVD ids: CVE-2024-6242

Helmholz REX100 Industrial Routers Found Vulnerable to Critical Security Exploits

Related entries in the VARIoT vulnerabilities database: VAR-202410-0405

Trust: 4.25

Fetched: Oct. 16, 2024, 9:52 a.m., Published: Oct. 15, 2024, 8:50 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-45274, CVE-2024-45275, CVE-2024-45271, CVE-2024-45273, CVE-2024-45276

ALAS-2024-737

Trust: 5.75

Fetched: Oct. 16, 2024, 9:46 a.m., Published: Oct. 16, 2024, 1 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: clam model: clamav
vendor: clamav model: clamav
db: NVD ids: CVE-2024-20506, CVE-2024-20505

Forescout Finds 14 Vulnerabilities in Popular DrayTek Routers Affecting Hundreds of Thousands of Exposed Devices Globally - Forescout

Trust: 3.25

Fetched: Oct. 16, 2024, 9:43 a.m., Published: Oct. 3, 2024, 12:37 p.m.
 Vulnerabilities: command injection, code execution, os command injection
Affected productsExternal IDs
vendor: draytek model: draytek routers
vendor: draytek model: routers

Tens of thousands of IPs vulnerable to Fortinet flaw dubbed 'must patch' by feds | CyberScoop

Trust: 3.0

Fetched: Oct. 16, 2024, 9:43 a.m., Published: Oct. 14, 2024, 4:22 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs

87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113) - Help Net Security

Trust: 5.75

Fetched: Oct. 16, 2024, 9:42 a.m., Published: Oct. 15, 2024, 11:41 a.m.
 Vulnerabilities: command execution, format string vulnerability
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2024-23113

FortiClient EMS Exploited: Inside the Attack Chain and Post-Exploitation Tactics | Darktrace Blog

Related entries in the VARIoT vulnerabilities database: VAR-202403-2416

Trust: 4.25

Fetched: Oct. 16, 2024, 9:40 a.m., Published: Sept. 18, 2024, midnight
 Vulnerabilities: code execution, injection attack, sql injection...
Affected productsExternal IDs
vendor: palo model: firewall
vendor: palo model: networks
db: NVD ids: CVE-2023-48788, CVE-2023-42793

DDoS attacks possible with exploitation of CUPS vulnerabilities | SC Media

Trust: 4.0

Fetched: Oct. 16, 2024, 9:39 a.m., Published: June 11, 2024, 5 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cups model: cups
db: NVD ids: CVE-2024-47076, CVE-2024-47176, CVE-2024-47177, CVE-2024-47175

Firmware Vulnerabilities Run Rampant in Cellular Routers - Forescout

Related entries in the VARIoT vulnerabilities database: VAR-202303-1268

Trust: 3.75

Fetched: Oct. 16, 2024, 9:38 a.m., Published: Aug. 6, 2024, 3 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-1389

Resource Detail

Trust: 3.25

Fetched: Oct. 16, 2024, 9:38 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-100182

Unveiling Mobile App Vulnerabilities: How Popular Apps Leak Sensitive Data | Symantec Enterprise Blogs

Trust: 3.0

Fetched: Oct. 16, 2024, 9:36 a.m., Published: Oct. 1, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android

Critical vulnerabilities in Microchip ASF, MediaTek expose RCE risks | SC Media

Trust: 5.0

Fetched: Oct. 16, 2024, 9:35 a.m., Published: Feb. 13, 2024, 7 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-7490, CVE-2024-20017

CVE-2024-7120 - Exploits & Severity - Feedly

Trust: 4.75

Fetched: Oct. 16, 2024, 9:27 a.m., Published: July 26, 2024, midnight
 Vulnerabilities: command injection, os command injection, service disruption
Affected productsExternal IDs
vendor: trend model: security
db: NVD ids: CVE-2024-7120

OEMs Are Urged to Address Vulnerabilities in Device Communication

Trust: 4.5

Fetched: Oct. 16, 2024, 9:22 a.m., Published: Oct. 9, 2024, 10:16 p.m.
 Vulnerabilities: memory corruption, information disclosure, denial of service...
Affected productsExternal IDs
vendor: trend micro model: security
vendor: trend model: security
db: NVD ids: CVE-2024-38425, CVE-2024-23375, CVE-2024-38399, CVE-2024-33066, CVE-2024-21455, CVE-2024-33064, CVE-2024-43047, CVE-2024-33069

CVE-2024-45274 - F5 Networks TCP/IP Stacks Command Injection Vulnerability

Trust: 5.0

Fetched: Oct. 16, 2024, 9:22 a.m., Published: Oct. 15, 2024, 11:15 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-45274

CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches

Trust: 5.5

Fetched: Oct. 16, 2024, 9:18 a.m., Published: Oct. 10, 2024, 5:44 a.m.
 Vulnerabilities: command injection, injection attack, os command injection...
Affected productsExternal IDs
vendor: cisco model: nexus
vendor: palo model: firewall
vendor: palo model: networks
vendor: palo model: pan-os
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks
vendor: palo alto networks model: pan-os
db: NVD ids: CVE-2024-9466, CVE-2024-9463, CVE-2024-9465, CVE-2024-9464, CVE-2024-9467, CVE-2024-23113, CVE-2024-20432

Introduction to Android Vulnerability Research - TeamT5

Related entries in the VARIoT vulnerabilities database: VAR-202203-0043

Trust: 5.5

Fetched: Oct. 16, 2024, 9:17 a.m., Published: Oct. 13, 2024, midnight
 Vulnerabilities: path traversal, code execution, privilege escalation
Affected productsExternal IDs
vendor: samsung model: exynos
vendor: samsung model: galaxy
vendor: samsung model: samsung galaxy
vendor: samsung model: samsung
vendor: google model: pixel
vendor: google model: android
db: NVD ids: CVE-2022-0847, CVE-2021-40724