Sign-up

VARIoT news about IoT security

Memory Integrity Enforcement: A complete vision for memory safety in Apple devices - Apple Security Research

Trust: 3.25

Fetched: Sept. 14, 2025, 9:16 a.m., Published: Sept. 9, 2025, midnight
 Vulnerabilities: memory corruption, system crash
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: iphone
vendor: google model: google chrome
vendor: google model: android
vendor: google model: chrome
vendor: google model: pixel

Microsoft Patch Tuesday - September 2025 - TheCyberThrone

Trust: 5.0

Fetched: Sept. 14, 2025, 9:15 a.m., Published: Sept. 10, 2025, 1:05 a.m.
 Vulnerabilities: security feature bypass, privilege escalation, information disclosure...
Affected productsExternal IDs
db: NVD ids: CVE-2025-54092, CVE-2025-55224, CVE-2025-54098, CVE-2025-54910, CVE-2025-54115, CVE-2025-54897, CVE-2025-54091, CVE-2024-21907, CVE-2025-54916, CVE-2025-55234, CVE-2025-54918

Samsung patches Android 0-day exploited in the wild • The Register

Trust: 4.25

Fetched: Sept. 14, 2025, 9:14 a.m., Published: -
 Vulnerabilities: code execution, memory corruption
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: apple model: iphone
db: NVD ids: CVE-2025-55177, CVE-2025-21043, CVE-2025-43300

Backdoor wide open: critical vulnerabilities uncovered in GeoVision

Related entries in the VARIoT vulnerabilities database: VAR-202006-1298, VAR-202006-1299, VAR-202006-1300

Trust: 4.25

Fetched: Sept. 12, 2025, 11:34 a.m., Published: -
 Vulnerabilities: default password, information disclosure, buffer overflow
Affected productsExternal IDs
vendor: geovision model: gv-gf192x
vendor: dropbear model: dropbear ssh
vendor: dropbear model: ssh server
db: NVD ids: CVE-2020-3928, CVE-2020-3929, CVE-2020-3930

TP-Link and WhatsApp Vulnerabilities - Review | Security Curated

Related entries in the VARIoT vulnerabilities database: VAR-202008-0768

Trust: 3.5

Fetched: Sept. 12, 2025, 11:32 a.m., Published: Sept. 4, 2025, 3:26 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: tp-link model: gateway
vendor: tp-link model: tl-wa855re
db: NVD ids: CVE-2025-55177, CVE-2020-24363, CVE-2025-43300

Cisco Secure Firewall Management Center Software RADIUS Remote Code Execution Vulnerability (CVE-2025-20265) - Qualys ThreatPROTECT

Trust: 4.25

Fetched: Sept. 12, 2025, 11:32 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-20265

Security Bulletins for HUAWEI Phones/Tablets, September 2025

Trust: 3.75

Fetched: Sept. 12, 2025, 11:31 a.m., Published: Sept. 5, 2025, 4:18 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: huawei model: huawei
vendor: huawei model: emui
db: NVD ids: CVE-2025-38222, CVE-2025-58281, CVE-2025-38424, CVE-2025-37923, CVE-2025-22008, CVE-2025-38103, CVE-2025-21959, CVE-2025-38337, CVE-2025-21910, CVE-2025-37995, CVE-2025-58276, CVE-2025-37836, CVE-2025-58313, CVE-2025-38346, CVE-2025-21765, CVE-2025-38079, CVE-2023-21342, CVE-2025-38058, CVE-2025-26474, CVE-2025-58280, CVE-2025-38111, CVE-2022-49728, CVE-2025-38214, CVE-2025-38147, CVE-2025-58296, CVE-2025-38312, CVE-2025-21922, CVE-2025-22441

CVE-2025-56752: Critical Authentication Bypass Vulnerability in Ruijie RG-ES Series Switch Firmware - Cybersecurity Exploit Tracker by Ameeba

Trust: 5.0

Fetched: Sept. 12, 2025, 11:31 a.m., Published: Sept. 10, 2025, 9:33 a.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: ruijie model: switch
db: NVD ids: CVE-2025-56752

CVE-2025-36904: Critical Privilege Escalation Vulnerability in WLAN of Google Pixel Devices - Cybersecurity Exploit Tracker by Ameeba

Trust: 5.75

Fetched: Sept. 12, 2025, 11:30 a.m., Published: Sept. 10, 2025, 2:35 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: google model: android
vendor: google model: pixel
db: NVD ids: CVE-2025-36904

CVE-2025-9214 : Missing Authentication Vulnerability in Lenovo Printers

Trust: 5.75

Fetched: Sept. 12, 2025, 11:30 a.m., Published: Sept. 11, 2025, 6:33 p.m.
 Vulnerabilities: authentication vulnerability
Affected productsExternal IDs
vendor: lenovo model: system
vendor: cups model: cups
db: NVD ids: CVE-2025-9214

Apple releases fix for a zero-day threat in iOS, iPadOS and macOS - gHacks Tech News

Trust: 5.0

Fetched: Sept. 12, 2025, 11:29 a.m., Published: Aug. 21, 2025, 2 p.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: watchos
vendor: apple model: watch
vendor: apple model: ipad
vendor: apple model: macos
vendor: apple model: ipad air
db: NVD ids: CVE-2025-43300

NetScaler warns hackers are exploiting zero-day vulnerability | Cybersecurity Dive

Trust: 4.0

Fetched: Sept. 12, 2025, 11:29 a.m., Published: Aug. 27, 2025, midnight
 Vulnerabilities: denial of service, code execution, service disruption
Affected productsExternal IDs
db: NVD ids: CVE-2025-7776, CVE-2025-7775, CVE-2025-8424

CVE-2025-20159 - Cisco IOS XR Software Management Interface ACL Bypass Vulnerability - SecAlerts

Trust: 3.75

Fetched: Sept. 12, 2025, 11:28 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: ios xr software
vendor: cisco model: cisco ios xr
vendor: cisco model: ios xr
vendor: cisco model: cisco ios
db: NVD ids: CVE-2025-20159

CISA Warns of Critical SunPower Flaw Allowing Full Device Takeover

Trust: 3.0

Fetched: Sept. 12, 2025, 11:28 a.m., Published: Sept. 3, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-9696

Critical Vulnerability Found in Industrial Device Protocol | Luis Oria Seidel posted on the topic | LinkedIn

Trust: 3.0

Fetched: Sept. 12, 2025, 11:27 a.m., Published: -
 Vulnerabilities: denial of service
Affected productsExternal IDs

[2509.09158] IoTFuzzSentry: A Protocol Guided Mutation Based Fuzzer for Automatic Vulnerability Testing in Commercial IoT Devices

Trust: 5.0

Fetched: Sept. 12, 2025, 11:26 a.m., Published: Sept. 11, 2025, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-41623, CVE-2024-42531

Siemens SINAMICS Drives | CISA

Trust: 3.5

Fetched: Sept. 12, 2025, 11:26 a.m., Published: Jan. 10, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: sinamics
vendor: siemens model: sinamics s210
db: NVD ids: CVE-2025-40594

Cisco Secure Firewall Management Center Software RADIUS Remote Code Execution Vulnerability - Cisco

Trust: 4.0

Fetched: Sept. 12, 2025, 11:23 a.m., Published: Aug. 28, 2025, 7:45 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: cisco model: asa software

Siemens Apogee PXC and Talon TC Devices - IT Security News

Trust: 4.75

Fetched: Sept. 12, 2025, 11:23 a.m., Published: Sept. 11, 2025, 5:35 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: talon tc
vendor: siemens model: apogee pxc
db: NVD ids: CVE-2025-40757

What's New In iPadOS 18.6.2: Security and Update Details - SimplyMac

Trust: 5.5

Fetched: Sept. 12, 2025, 11:22 a.m., Published: Aug. 21, 2025, 6:40 a.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: apple model: watch
vendor: apple model: macos
vendor: apple model: software update
vendor: apple model: iphone
vendor: apple model: ipad
vendor: apple model: ipad air
db: NVD ids: CVE-2025-43300