Sign-up

VARIoT news about IoT security

CVE-2026-0855 - Merit LILIN|IP Camera - OS Command Injection

Trust: 6.0

Fetched: Jan. 13, 2026, 9:41 a.m., Published: Jan. 12, 2026, 7:16 a.m.
 Vulnerabilities: command injection, os command injection
Affected productsExternal IDs
db: NVD ids: CVE-2026-0855

CVE-2025-32470: Remote Unauthenticated IP Address Change Vulnerability - Ameeba Exploit Tracker

Trust: 5.25

Fetched: Jan. 13, 2026, 9:41 a.m., Published: Nov. 30, 0001, midnight
 Vulnerabilities: address change vulnerability
Affected productsExternal IDs
db: NVD ids: CVE-2025-32470

What Is Industrial Internet of Things (IIoT) Security? - Palo Alto Networks

Trust: 4.25

Fetched: Jan. 13, 2026, 9:40 a.m., Published: Jan. 6, 2026, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: palo alto networks model: networks
vendor: palo model: networks

Cisco identifies vulnerability in ISE network access control devices

Trust: 4.75

Fetched: Jan. 13, 2026, 9:39 a.m., Published: Jan. 8, 2026, midnight
 Vulnerabilities: default credentials
Affected productsExternal IDs
vendor: cisco model: identity services engine
vendor: cisco model: network access control
vendor: cisco systems model: identity services engine
vendor: cisco systems model: network access control
db: NVD ids: CVE-2026-20029

CVE-2025-3646 - Petlibro Smart Pet Feeder Platform through 1.7.31 Authorization Bypass via Device Share API

Trust: 4.0

Fetched: Jan. 13, 2026, 9:38 a.m., Published: Jan. 4, 2026, 12:15 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-3646

RondoDox Botnet Exploits Critical React2Shell Flaw to Hijack IoT Devices and Web Servers

Related entries in the VARIoT vulnerabilities database: VAR-202303-1268

Trust: 3.75

Fetched: Jan. 13, 2026, 9:34 a.m., Published: Jan. 1, 2026, 9:19 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-55182, CVE-2023-1389, CVE-2025-24893

CVE-2026-0853 A-Plus Video Technologies AP-RM864P, AP-RM86... CVETodo

Trust: 3.75

Fetched: Jan. 13, 2026, 9:34 a.m., Published: Jan. 12, 2026, 4:15 a.m.
 Vulnerabilities: default credentials, information disclosure
Affected productsExternal IDs
db: NVD ids: CVE-2026-08531, CVE-2026-0853

CVE-2025-68657 - espressif/usb_host_hid Double-Free Race Condition in USB Host HID Device Close Path - SecAlerts

Trust: 3.0

Fetched: Jan. 13, 2026, 9:33 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-68657

Patchday: Dolby Digital security vulnerability in Android closed | heise online

Trust: 3.5

Fetched: Jan. 13, 2026, 9:31 a.m., Published: Jan. 6, 2026, 12:20 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: google model: android
db: NVD ids: CVE-2025-54957

TOTOLINK EX200 Vulnerability Allows Full Device Takeover via Unauthenticated Telnet

Trust: 3.0

Fetched: Jan. 13, 2026, 9:31 a.m., Published: Jan. 7, 2026, 1:55 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-65606

CVE vulnerability via command injection in D-Link

Trust: 3.25

Fetched: Jan. 13, 2026, 9:30 a.m., Published: Jan. 10, 2026, 9:30 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs

CVE-2025-66176 - Hikvision Access Control Stack Overflow Vulnerability

Trust: 4.0

Fetched: Jan. 13, 2026, 9:29 a.m., Published: Jan. 13, 2026, 3:16 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: hikvision model: hikvision
db: NVD ids: CVE-2025-66176

IoT vulnerabilities and security in connected devices

Trust: 4.0

Fetched: Jan. 13, 2026, 9:28 a.m., Published: Dec. 20, 2025, 2:43 p.m.
 Vulnerabilities: privilege escalation, default credentials, code execution
Affected productsExternal IDs
vendor: google model: home
vendor: google model: wifi

CVE-2025-64093 - Unauthenticated Remote Code Execution via the device hostname

Trust: 5.0

Fetched: Jan. 13, 2026, 9:27 a.m., Published: Jan. 9, 2026, 10:15 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-64093

CVE-2026-0625 - D-Link DSL/DIR/DNS Command Injection via DNS Configuration Endpoint

Trust: 5.5

Fetched: Jan. 13, 2026, 9:27 a.m., Published: Jan. 5, 2026, 10:15 p.m.
 Vulnerabilities: command injection, code execution, access control vulnerability...
Affected productsExternal IDs
vendor: d-link model: dsl-2740r
vendor: d-link model: dsl-2640b
vendor: dlink model: dsl-2740r
vendor: dlink model: dsl-2640b
db: NVD ids: CVE-2026-0625

CVE-2025-66176 Hikvision DS-K1T331, DS-K1T341A/K1T341B, DS... CVETodo

Trust: 4.5

Fetched: Jan. 13, 2026, 9:26 a.m., Published: Jan. 13, 2026, 3:16 a.m.
 Vulnerabilities: improper validation, buffer overflow, code execution
Affected productsExternal IDs
vendor: hikvision model: hikvision
db: NVD ids: CVE-2025-66176, CVE-2025-661761

Fortinet Under Fire: Network Edge Attacks Start Strong in 2026 - Eclypsium | Supply Chain Security for the Modern Enterprise

Related entries in the VARIoT vulnerabilities database: VAR-202007-0079

Trust: 5.25

Fetched: Jan. 13, 2026, 9:23 a.m., Published: Jan. 8, 2026, 4:56 p.m.
 Vulnerabilities: authentication bypass, authentication flaw
Affected productsExternal IDs
vendor: cisco model: nx-os
vendor: cisco model: routers
vendor: cisco model: cisco nx-os
vendor: cisco model: guard
vendor: trend model: security
vendor: fortigate model: fortios
vendor: sophos model: firewall
vendor: sophos model: endpoint protection
db: NVD ids: CVE-2025-59719, CVE-2024-20399, CVE-2025-59718, CVE-2020-12812

Apple fixes zero-day vulnerabilities in emergency security update | Fox News

Trust: 5.25

Fetched: Jan. 13, 2026, 9:18 a.m., Published: Jan. 13, 2025, midnight
 Vulnerabilities: memory corruption, code execution
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: tvos
vendor: apple model: webkit
vendor: apple model: safari
vendor: apple model: iphone
vendor: apple model: ipad air
vendor: apple model: watchos
vendor: apple model: ipad
vendor: google model: chrome
vendor: google model: android
db: NVD ids: CVE-2025-43529, CVE-2025-14174

CISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code Execution

Trust: 5.0

Fetched: Jan. 13, 2026, 9:17 a.m., Published: Dec. 25, 2025, 8:07 a.m.
 Vulnerabilities: command injection, authorization vulnerability, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-52164, CVE-2023-52163

Android Security Bulletin-January 2026 | Android Open Source Project

Trust: 4.5

Fetched: Jan. 13, 2026, 9:17 a.m., Published: Jan. 13, 2026, midnight
 Vulnerabilities: denial of service, information disclosure, code execution
Affected productsExternal IDs
vendor: google model: android
vendor: google model: pixel
vendor: motorola model: android
vendor: motorola model: motorola
vendor: samsung model: mobile
vendor: samsung model: notes
vendor: samsung model: samsung
vendor: huawei model: huawei
db: NVD ids: CVE-2025-54957