Sign-up

VARIoT news about IoT security

OxygenOS 12+ devices affected by major SMS vulnerability

Trust: 4.5

Fetched: Oct. 14, 2025, 9:19 a.m., Published: Oct. 5, 2025, 2:57 a.m.
 Vulnerabilities: sql injection
Affected productsExternal IDs
vendor: google model: android
vendor: oneplus model: one
vendor: oneplus model: oneplus
vendor: oneplus model: oxygenos
db: NVD ids: CVE-2025-10184

TALOS-2025-2227 || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence

Trust: 4.25

Fetched: Oct. 14, 2025, 9:19 a.m., Published: -
 Vulnerabilities: command injection, command execution, os command injection...
Affected productsExternal IDs
vendor: cisco model: router
vendor: cisco model: industrial router
db: NVD ids: CVE-2025-54403, CVE-2025-54404

Keysight Ixia Vision Product Family (Update A) | CISA

Trust: 3.75

Fetched: Oct. 14, 2025, 9:17 a.m., Published: Sept. 30, 2025, midnight
 Vulnerabilities: entity injection, path traversal, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-24525, CVE-2025-21095, CVE-2025-24494, CVE-2025-23416, CVE-2025-24521

Cisco IOS and IOS XE Software CLI Denial of Service Vulnerability

Trust: 4.0

Fetched: Oct. 14, 2025, 9:17 a.m., Published: Sept. 24, 2025, 4:06 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: ios xe software
vendor: cisco model: cisco ios
vendor: cisco model: ios xe

Cisco Secure Firewall Adaptive Security Appliance Software and Secure Firewall Threat Defense Software VPN Web Server Remote Code Execution Vulnerability

Trust: 4.0

Fetched: Oct. 14, 2025, 9:16 a.m., Published: Sept. 25, 2025, 4:10 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: cisco model: device manager
vendor: cisco model: adaptive security appliance software
vendor: cisco model: adaptive security appliance
vendor: cisco model: asa software

CVE-2025-58301 - Cisco Device Management Module Buffer Overflow Vulnerability

Trust: 6.0

Fetched: Oct. 14, 2025, 9:16 a.m., Published: Oct. 11, 2025, 10:15 a.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: huawei model: huawei
db: NVD ids: CVE-2025-58301

CVE-2025-58300 : Buffer Overflow Vulnerability in Huawei Device Management Module

Trust: 5.25

Fetched: Oct. 14, 2025, 9:15 a.m., Published: Oct. 11, 2025, 9:09 a.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: huawei model: huawei
db: NVD ids: CVE-2025-58300

CVE-2025-10653: Unauthenticated Debug Port Vulnerability Leading to Potential System Compromise - Cybersecurity Exploit Tracker by Ameeba

Trust: 3.0

Fetched: Oct. 14, 2025, 9:15 a.m., Published: Nov. 30, 0001, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-10653

Hackers Exploit Microsoft Edge’s Internet Explorer Mode to Compromise User Devices

Trust: 4.0

Fetched: Oct. 14, 2025, 9:15 a.m., Published: Oct. 13, 2025, 11:11 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: chrome

This dangerous new botnet is shooting off attacks across the world faster than can be tracked - here's what we know about RondoDox | TechRadar

Trust: 4.75

Fetched: Oct. 14, 2025, 9:09 a.m., Published: Oct. 10, 2025, 3:08 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: google model: home
vendor: trend model: security
vendor: tp-link model: routers
vendor: trend micro model: security

RondoDox: From Targeting Pwn2Own Vulnerabilities to Shotgunning Exploits | Trend Micro (US)

Related entries in the VARIoT vulnerabilities database: VAR-202102-0338, VAR-202110-1691, VAR-202506-0021, VAR-201902-0427, VAR-202303-1268, VAR-202501-1344, VAR-202503-0082, VAR-201905-0652, VAR-201411-0143, VAR-202208-2260, VAR-201409-1156, VAR-201806-0941, VAR-202411-0293, VAR-201502-0201, VAR-201805-0262, VAR-202507-0531, VAR-201905-0651, VAR-201612-0015, VAR-202102-0290, VAR-202110-1690, VAR-201402-0700, VAR-202007-0064, VAR-201909-0903

Trust: 6.25

Fetched: Oct. 14, 2025, 9:07 a.m., Published: Oct. 9, 2025, midnight
 Vulnerabilities: command injection, authentication bypass, buffer overflow...
Affected productsExternal IDs
vendor: avtech model: ip camera
vendor: billion model: 5200w-t
vendor: trendnet model: ip camera
vendor: belkin model: router
vendor: belkin model: n750
vendor: d-link model: router
vendor: d-link model: dir-645
vendor: d-link model: dir-815
vendor: d-link model: dir-816
vendor: d-link model: dns-320
vendor: d-link model: multiple routers
vendor: zyxel model: billion 5200w-t
vendor: tenda model: router
vendor: tenda model: tenda router
vendor: trend model: security
vendor: netgear model: router
vendor: netgear model: r7000
vendor: netgear model: dgn1000
vendor: netgear model: r6400
vendor: netgear model: multiple routers
vendor: trend micro model: security
vendor: brickcom model: brickcom
vendor: cisco model: routers
vendor: cisco model: router
vendor: cisco model: series
vendor: cisco model: soho
vendor: cisco model: linksys
vendor: fiberhome model: routers
vendor: fiberhome model: router
vendor: tp-link model: routers
vendor: tp-link model: tl-wr840n
vendor: tp-link model: wr840n
vendor: four-faith model: four-faith
db: NVD ids: CVE-2020-27867, CVE-2024-3721, CVE-2023-52163, CVE-2023-51833, CVE-2021-41773, CVE-2025-5504, CVE-2019-1663, CVE-2024-7029, CVE-2023-25280, CVE-2023-1389, CVE-2024-12847, CVE-2025-1829, CVE-2017-18369, CVE-2025-22905, CVE-2014-1635, CVE-2022-37129, CVE-2014-6271, CVE-2018-11714, CVE-2024-10914, CVE-2015-2051, CVE-2023-47565, CVE-2023-26801, CVE-2025-4008, CVE-2018-10561, CVE-2025-7414, CVE-2017-18368, CVE-2016-6277, CVE-2020-25506, CVE-2024-12856, CVE-2021-42013, CVE-2025-34037, CVE-2022-36553, CVE-2020-10987, CVE-2022-44149, CVE-2019-16920, CVE-2024-1781

Unity Fixes Vulnerability Targeting Mobile Gamers and Crypto Wallets

Trust: 5.0

Fetched: Oct. 12, 2025, 11:17 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: android

DrayOS Routers Vulnerability Let Attackers Execute Malicious Code Remotely

Trust: 4.5

Fetched: Oct. 12, 2025, 11:16 a.m., Published: Oct. 3, 2025, 11:36 a.m.
 Vulnerabilities: memory corruption, system crash, code execution
Affected productsExternal IDs
vendor: draytek model: vigor
vendor: draytek model: routers
vendor: draytek model: draytek routers
db: NVD ids: CVE-2025-10547

RondoDox Botnet Exploits 50+ Vulnerabilities to Attack Routers, CCTV Systems and Web Servers

Related entries in the VARIoT vulnerabilities database: VAR-202411-0293, VAR-201909-0903, VAR-202007-0064, VAR-202110-1691, VAR-202208-2260, VAR-201502-0201, VAR-202110-1690, VAR-202102-0290, VAR-201806-0941, VAR-202503-0082, VAR-201411-0143, VAR-202303-1268, VAR-202506-0021, VAR-201902-0427, VAR-202501-1344, VAR-201612-0015, VAR-201402-0700, VAR-202507-0531, VAR-201905-0651, VAR-201905-0652, VAR-202102-0338, VAR-202104-0768, VAR-201409-1156, VAR-201805-0262

Trust: 5.75

Fetched: Oct. 12, 2025, 11:15 a.m., Published: Oct. 10, 2025, 1:16 p.m.
 Vulnerabilities: command injection, buffer overflow, memory corruption...
Affected productsExternal IDs
vendor: google model: home
db: NVD ids: CVE-2023-52163, CVE-2024-7029, CVE-2024-10914, CVE-2019-16920, CVE-2020-10987, CVE-2021-41773, CVE-2023-47565, CVE-2022-37129, CVE-2015-2051, CVE-2021-42013, CVE-2022-36553, CVE-2020-25506, CVE-2018-11714, CVE-2025-1829, CVE-2014-1635, CVE-2024-1781, CVE-2025-22905, CVE-2023-1389, CVE-2024-12856, CVE-2022-44149, CVE-2025-5504, CVE-2023-51833, CVE-2019-1663, CVE-2024-12847, CVE-2016-6277, CVE-2025-34037, CVE-2025-7414, CVE-2017-18368, CVE-2023-25280, CVE-2024-3721, CVE-2023-26801, CVE-2017-18369, CVE-2025-4008, CVE-2020-27867, CVE-2021-20090, CVE-2014-6271, CVE-2018-10561

RondoDox Botnet Discovered: Thousands of Devices at Risk

Related entries in the VARIoT vulnerabilities database: VAR-202303-1268

Trust: 5.5

Fetched: Oct. 12, 2025, 11:14 a.m., Published: Oct. 11, 2025, 6:15 a.m.
 Vulnerabilities: default credentials, command injection
Affected productsExternal IDs
vendor: tp-link model: routers
vendor: brickcom model: brickcom
vendor: d-link model: router
vendor: fiberhome model: routers
vendor: fiberhome model: router
db: NVD ids: CVE-2023-1389

Citrix Workspace app for Windows Security Bulletin CVE-2024-6286

Trust: 5.0

Fetched: Oct. 12, 2025, 11:14 a.m., Published: Oct. 12, 2402, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2024-6286

Smart devices: 178 countries ranked by smart device security requirements & number of vulnerable devices - Comparitech

Trust: 3.25

Fetched: Oct. 12, 2025, 11:12 a.m., Published: Sept. 26, 2025, 1:28 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: note
vendor: samsung model: printers
vendor: samsung model: samsung
vendor: samsung model: printer
vendor: roku model: roku
vendor: apple model: tvos

Threat Actors Exploiting SonicWall SSL VPN Devices in Wild to Deploy Akira

Trust: 5.25

Fetched: Oct. 12, 2025, 11:11 a.m., Published: Oct. 11, 2025, midnight
 Vulnerabilities: access control vulnerability, access control flaw
Affected productsExternal IDs
vendor: sonicwall model: ssl vpn
vendor: sonicwall model: analyzer
vendor: sonicwall model: sonicos
vendor: trend model: security
vendor: wireshark model: wireshark
db: NVD ids: CVE-2024-40766

Inside Akira's SonicWall Campaign - Cyber Risk Leaders

Trust: 4.25

Fetched: Oct. 12, 2025, 11:11 a.m., Published: Oct. 10, 2025, 10:53 p.m.
 Vulnerabilities: access control vulnerability, improper access control, privilege escalation
Affected productsExternal IDs
vendor: filezilla model: server
vendor: sonicwall model: ssl vpn
vendor: sonicwall model: sonicos
vendor: sonicwall model: remote access
vendor: winscp model: winscp
db: NVD ids: CVE-2024-40766

Update Canonical Ubuntu Desktop: USN-7816-1: DPDK vulnerability

Trust: 3.0

Fetched: Oct. 12, 2025, 11:09 a.m., Published: Jan. 12, 7816, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu