VARIoT latest news about IoT security

Sign in \| Samsung account Trust: 3.25 Fetched: Jan. 14, 2025, 9:33 a.m., Published: April 1, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

samsung

model:

samsung

Nest Security Bulletin-December 2024 - Help Related entries in the VARIoT vulnerabilities database: VAR-202203-1690 Trust: 5.5 Fetched: Jan. 14, 2025, 9:29 a.m., Published: Dec. 14, 2024, midnight	Vulnerabilities: information disclosure, denial of service, code execution

Affected products

External IDs

vendor:	google	model:	wifi
vendor:	google	model:	home
vendor:	google	model:	wifi router

db:

NVD

ids:

CVE-2018-25032, CVE-2024-26923, CVE-2023-45853

7 New Flaws In Android & Google Pixel Devices Let Attackers Elevate Privileges Trust: 5.5 Fetched: Jan. 14, 2025, 9:29 a.m., Published: Nov. 26, 2024, 6:33 a.m.	Vulnerabilities: configuration flaw

Affected products

External IDs

vendor:	google	model:	android
vendor:	google	model:	chrome
vendor:	google	model:	google chrome
vendor:	google	model:	pixel

db:

NVD

ids:

CVE-2024-34719, CVE-2023-20963, CVE-2023-21292, CVE-2024-0017, CVE-2021-0600, CVE-2023-21383

0-Click Vulnerability in Samsung S24 Devices: PoC Releases for CVE-2024-49415 Trust: 3.75 Fetched: Jan. 14, 2025, 9:28 a.m., Published: Jan. 13, 2025, 2:09 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	samsung	model:	notes
vendor:	samsung	model:	samsung

db:

NVD

ids:

CVE-2024-49415

Hacking Your Own IoT: A White Hat’s Guide to Securing Smart Devices Trust: 4.25 Fetched: Jan. 14, 2025, 9:27 a.m., Published: Jan. 14, 2025, 2 p.m.	Vulnerabilities: sql injection, default credentials, cross-site scripting

Affected products

External IDs

vendor:

wireshark

model:

wireshark

Zero-Click Exploit Uncovered on Samsung Devices: What You Need to Know - theafricalogistics.com Trust: 3.75 Fetched: Jan. 14, 2025, 9:27 a.m., Published: Jan. 12, 2025, 12:43 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	samsung	model:	galaxy
vendor:	samsung	model:	mobile
vendor:	samsung	model:	samsung
vendor:	google	model:	android

db:

NVD

ids:

CVE-2024-49415

CISA reports security vulnerabilities in ICS equipment from Schneider Electric, Delta Electronics, Rockwell Automation - Industrial Cyber Related entries in the VARIoT vulnerabilities database: VAR-202412-2386 Trust: 6.5 Fetched: Jan. 14, 2025, 9:22 a.m., Published: Jan. 13, 2025, 8:39 a.m.	Vulnerabilities: authentication vulnerability, code execution, use after free

Affected products

External IDs

vendor:	schneider	model:	powerchute
vendor:	rockwell automation	model:	arena
vendor:	trend	model:	security
vendor:	schneider electric	model:	powerchute
vendor:	rockwell	model:	arena
vendor:	trend micro	model:	security

db:

NVD

ids:

CVE-2024-12834, CVE-2024-12835, CVE-2024-10511, CVE-2024-12836, CVE-2024-11999

Emerson AMS Device Manager \| CISA Related entries in the VARIoT vulnerabilities database: VAR-201810-0393, VAR-201810-0390 Trust: 5.5 Fetched: Jan. 14, 2025, 9:20 a.m., Published: Jan. 14, 2024, midnight	Vulnerabilities: improper access control, code execution

Affected products

External IDs

vendor:	emerson	model:	ams device manager
vendor:	emerson	model:	deltav

db:

NVD

ids:

CVE-2018-14808, CVE-2018-14804

CyberMDX Discusses Axeda Medical Device Vulnerabilities Trust: 4.75 Fetched: Jan. 14, 2025, 9:18 a.m., Published: March 11, 2022, 4:40 p.m.	Vulnerabilities: code execution

Affected products	External IDs

Security Researcher Hacks iPhone 15's USB-C Controller, Exposing New Vulnerabilities Trust: 4.25 Fetched: Jan. 14, 2025, 9:18 a.m., Published: Jan. 12, 2025, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:

apple

model:

iphone

Top BLE Cybersecurity Vulnerabilities - Blue Goat Cyber Trust: 3.5 Fetched: Jan. 14, 2025, 9:15 a.m., Published: March 31, 2024, 3:09 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

trend

model:

security

Worldwide Device Vulnerability Management Market Research Report 2025, Forecast to 2031 - PW Consulting Trust: 3.75 Fetched: Jan. 14, 2025, 9:14 a.m., Published: Jan. 14, 2025, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

trend

model:

security

Update Canonical Ubuntu Server: USN-7197-1: Go Networking vulnerability Trust: 4.25 Fetched: Jan. 12, 2025, 9:49 a.m., Published: Jan. 12, 7197, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:

canonical

model:

ubuntu

CVE-2024-3080 - Securin Trust: 5.25 Fetched: Jan. 12, 2025, 9:49 a.m., Published: Dec. 29, 2024, 10:04 a.m.	Vulnerabilities: authentication bypass, default credentials

Affected products

External IDs

vendor:	asus	model:	routers
vendor:	asus	model:	dsl-ac51
vendor:	asus	model:	asus
vendor:	asus	model:	router
vendor:	asus	model:	dsl-ac52u

db:

NVD

ids:

CVE-2024-3080

GitHub - ThemeHackers/CVE-2024-10914: CVE-2024-10914 is a critical command injection vulnerability affecting several legacy D-Link Network Attached Storage (NAS) devices. Related entries in the VARIoT vulnerabilities database: VAR-202411-0293 Trust: 4.25 Fetched: Jan. 12, 2025, 9:48 a.m., Published: Jan. 1, 2025, midnight	Vulnerabilities: command injection

Affected products

External IDs

db:

NVD

ids:

CVE-2024-10914

PoC Exploit Released For Apache Struts Remote Code Execution Vulnerability Trust: 5.0 Fetched: Jan. 12, 2025, 9:46 a.m., Published: Jan. 9, 2025, 9:22 a.m.	Vulnerabilities: code execution, path traversal

Affected products

External IDs

db:

NVD

ids:

CVE-2024-53677

PAN-SA-2025-0001 Expedition: Multiple Vulnerabilities in Expedition Migration Tool Lead to Exposure of Firewall Credentials Trust: 5.25 Fetched: Jan. 12, 2025, 9:45 a.m., Published: Jan. 8, 2025, 5 p.m.	Vulnerabilities: command injection, sql injection, cross-site scripting...

Affected products

External IDs

vendor:	palo	model:	networks
vendor:	palo	model:	firewall
vendor:	palo	model:	pan-os
vendor:	palo alto networks	model:	networks
vendor:	palo alto networks	model:	firewall
vendor:	palo alto networks	model:	pan-os

db:

NVD

ids:

CVE-2025-0103, CVE-2025-0104, CVE-2025-01044, CVE-2025-01072, CVE-2025-01037, CVE-2025-0105, CVE-2025-01062, CVE-2025-0107, CVE-2025-01052, CVE-2025-0106

Update Canonical Ubuntu Server: USN-7167-1: Linux kernel vulnerabilities Trust: 4.0 Fetched: Jan. 12, 2025, 9:45 a.m., Published: Jan. 12, 7167, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

canonical

model:

ubuntu

db:

NVD

ids:

CVE-2024-50264, CVE-2024-53057, CVE-2024-49967

Update Canonical Ubuntu Desktop: USN-7192-1: xfpt vulnerability Trust: 3.25 Fetched: Jan. 12, 2025, 9:44 a.m., Published: Jan. 12, 7192, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

canonical

model:

ubuntu

Update Canonical Ubuntu Server: USN-7161-1: Docker vulnerabilities Trust: 4.25 Fetched: Jan. 12, 2025, 9:43 a.m., Published: Jan. 12, 7161, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

canonical

model:

ubuntu

db:

NVD

ids:

CVE-2024-29018, CVE-2024-41110

VARIoT news about IoT security