Sign-up

VARIoT news about IoT security

DIVD-2024-00035 - 17 vulnerabilities in Iocharger devices | DIVD CSIRT

Trust: 3.75

Fetched: Jan. 14, 2025, 9:53 a.m., Published: March 14, 2024, midnight
 Vulnerabilities: default credentials, buffer overflow, code execution...
Affected productsExternal IDs
db: NVD ids: CVE-2024-43653, CVE-2024-43662, CVE-2024-43648, CVE-2024-43655, CVE-2024-43660, CVE-2024-43659, CVE-2024-43661, CVE-2024-43663, CVE-2024-43649, CVE-2024-43652, CVE-2024-43654, CVE-2024-43650, CVE-2024-43656, CVE-2024-43651, CVE-2024-43657, CVE-2024-43658

Dell Update Package Framework Vulnerability Let Attackers Escalate Privileges

Trust: 6.0

Fetched: Jan. 14, 2025, 9:52 a.m., Published: Jan. 8, 2025, 2:49 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: dell model: bios
db: NVD ids: CVE-2025-22395

01/13/25: Zero-Click High Vulnerability in Samsung Devices | UCSF IT

Trust: 5.25

Fetched: Jan. 14, 2025, 9:52 a.m., Published: Jan. 13, 2025, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: samsung model: samsung
db: NVD ids: CVE-2024-49415

CVE-2024-55515 : File Upload Vulnerability in Raisecom Network Devices | SecurityVulnerability.io

Trust: 4.25

Fetched: Jan. 14, 2025, 9:51 a.m., Published: Dec. 17, 2024, 8:15 p.m.
 Vulnerabilities: file upload vulnerability
Affected productsExternal IDs
db: NVD ids: CVE-2024-55515

Most Exploited Vulnerabilities in 2024 Top 20 Analysis

Related entries in the VARIoT vulnerabilities database: VAR-202403-2416

Trust: 5.25

Fetched: Jan. 14, 2025, 9:49 a.m., Published: Dec. 22, 2024, 9:43 a.m.
 Vulnerabilities: buffer overflow, feature bypass, command execution...
Affected productsExternal IDs
vendor: palo alto networks model: pan-os
vendor: palo alto networks model: firewall
vendor: palo alto networks model: ssl vpn
vendor: palo alto networks model: networks
vendor: palo model: pan-os
vendor: palo model: firewall
vendor: palo model: ssl vpn
vendor: palo model: networks
vendor: google model: google chrome
vendor: google model: chrome
vendor: google model: nexus
vendor: check point model: management server
vendor: check point model: check point
vendor: checkpoint model: management server
vendor: checkpoint model: check point
vendor: cisco model: series switches
vendor: cisco model: cisco nx-os
vendor: cisco model: nx-os
vendor: cisco model: spark
vendor: cisco model: nexus 3000
vendor: cisco model: series
vendor: cisco model: nx-os software
vendor: cisco model: nexus
db: NVD ids: CVE-2024-21887, CVE-2024-23897, CVE-2023-22527, CVE-2024-38112, CVE-2024-21762, CVE-2024-3400, CVE-2024-9474, CVE-2024-24919, CVE-2024-0012, CVE-2024-5274, CVE-2024-21412, CVE-2024-21893, CVE-2024-1709, CVE-2024-42448, CVE-2024-49138, CVE-2024-37085, CVE-2023-46805, CVE-2024-20399, CVE-2024-11667, CVE-2024-9264, CVE-2024-36991, CVE-2023-48788

Zyxel security advisory for improper privilege management vulnerability in APs and security router devices | Zyxel Networks

Trust: 4.0

Fetched: Jan. 14, 2025, 9:48 a.m., Published: Jan. 7, 2025, midnight
 Vulnerabilities: privilege management vulnerability
Affected productsExternal IDs

Singapore’s CSA issues urgent advisory on Mirai botnet threat to industrial routers, smart home devices - Industrial Cyber

Trust: 6.5

Fetched: Jan. 14, 2025, 9:47 a.m., Published: Jan. 13, 2025, 8:36 a.m.
 Vulnerabilities: default credentials, authentication vulnerability, command injection...
Affected productsExternal IDs
vendor: huawei model: huawei
vendor: four-faith model: f3x24
vendor: four-faith model: four-faith
vendor: four-faith model: four-faith router
vendor: asus model: asus
vendor: asus model: router
vendor: asus model: routers
vendor: kguard model: kguard dvr
db: NVD ids: CVE-2024-12856

CERT-EU - Critical Vulnerabilities in Sophos Firewall

Trust: 5.75

Fetched: Jan. 14, 2025, 9:46 a.m., Published: -
 Vulnerabilities: sql injection, code injection, code execution
Affected productsExternal IDs
vendor: sophos model: firewall
db: NVD ids: CVE-2024-12729, CVE-2024-12728, CVE-2024-12727

Robot Vacuums Hacked To Spy On Their Owners

Trust: 3.75

Fetched: Jan. 14, 2025, 9:46 a.m., Published: Jan. 10, 2025, 8:48 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: ecovacs model: deebot 900

Analyzing CVE-2024-44243, a macOS System Integrity Protection bypass through kernel extensions | Microsoft Security Blog

Related entries in the VARIoT vulnerabilities database: VAR-202201-0378, VAR-202108-2056, VAR-202205-1325, VAR-201912-0499

Trust: 4.5

Fetched: Jan. 14, 2025, 9:45 a.m., Published: Jan. 13, 2025, 5 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: installer
vendor: apple model: macos
vendor: trend model: security
vendor: trend micro model: security
db: NVD ids: CVE-2024-44243, CVE-2022-22583, CVE-2021-30892, CVE-2022-26712, CVE-2019-8561, CVE-2023-32369

Console Chaos: A Campaign Targeting Publicly Exposed Management Interfaces on Fortinet FortiGate Firewalls - Arctic Wolf

Related entries in the VARIoT vulnerabilities database: VAR-202207-0070

Trust: 3.75

Fetched: Jan. 14, 2025, 9:44 a.m., Published: Jan. 10, 2025, 4:26 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2022-26118

javascript - Snyk is flagging Angular's navigateByUrl() as a potential open redirect vulnerability despite sanitizing the URL - Stack Overflow

Trust: 3.0

Fetched: Jan. 14, 2025, 9:43 a.m., Published: Jan. 23, 2025, midnight
 Vulnerabilities: open redirect vulnerability
Affected productsExternal IDs

Wiz Research Identifies Exploitation in the Wild of Aviatrix Controller RCE (CVE-2024-50603) | Wiz Blog

Trust: 5.5

Fetched: Jan. 14, 2025, 9:42 a.m., Published: Jan. 11, 2025, 5:23 p.m.
 Vulnerabilities: command injection, code execution, privilege escalation
Affected productsExternal IDs
vendor: aviatrix model: controller
db: NVD ids: CVE-2021-40870, CVE-2024-50603

Zyxel Urges Patch Application for Privilege Escalation Vulnerability (CVE-2024-12398)

Trust: 4.75

Fetched: Jan. 14, 2025, 9:41 a.m., Published: Jan. 14, 2025, 2:45 a.m.
 Vulnerabilities: privilege management flaw, privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2024-12398

USB-C vulnerability could result in new iPhone jailbreaks

Trust: 3.0

Fetched: Jan. 14, 2025, 9:39 a.m., Published: Jan. 13, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone

iPhone 16, iPhone 15 models’ USB-C ports can be hacked, security researcher claims - Hindustan Times

Trust: 3.0

Fetched: Jan. 14, 2025, 9:37 a.m., Published: Jan. 14, 2025, 8:07 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone

Ivanti zero-day has researchers scrambling | Cybersecurity Dive

Trust: 4.75

Fetched: Jan. 14, 2025, 9:36 a.m., Published: Jan. 13, 2025, midnight
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2023-46805, CVE-2025-0282, CVE-2024-21887, CVE-2025-0283

Access Denied

Trust: 3.25

Fetched: Jan. 14, 2025, 9:34 a.m., Published: Jan. 14, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung

Sign in | Samsung account

Trust: 3.25

Fetched: Jan. 14, 2025, 9:33 a.m., Published: April 1, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung

Nest Security Bulletin-December 2024 - Help

Related entries in the VARIoT vulnerabilities database: VAR-202203-1690

Trust: 5.5

Fetched: Jan. 14, 2025, 9:29 a.m., Published: Dec. 14, 2024, midnight
 Vulnerabilities: information disclosure, denial of service, code execution
Affected productsExternal IDs
vendor: google model: wifi
vendor: google model: home
vendor: google model: wifi router
db: NVD ids: CVE-2018-25032, CVE-2024-26923, CVE-2023-45853