Sign-up

VARIoT news about IoT security

U.S. CISA adds ASUS RT-AX55 devices, Craft CMS, and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalog

Related entries in the VARIoT vulnerabilities database: VAR-202309-0729, VAR-202105-1346

Trust: 5.75

Fetched: June 4, 2025, 9:19 a.m., Published: June 3, 2025, 7:34 p.m.
 Vulnerabilities: code injection, os command injection, command injection...
Affected productsExternal IDs
vendor: asus model: routers
vendor: asus model: asus
db: NVD ids: CVE-2023-39780, CVE-2025-3935, CVE-2024-56145, CVE-2025-35939, CVE-2021-32030

Increased Exploitation Risk for Critical Cisco Vulnerability: What You Need to Know - UNDERCODE NEWS

Trust: 4.5

Fetched: June 4, 2025, 9:18 a.m., Published: June 4, 2025, 1:43 a.m.
 Vulnerabilities: file upload vulnerability, path traversal
Affected productsExternal IDs
vendor: cisco model: wireless controller
vendor: cisco model: cisco ios xe
vendor: cisco model: ios xe
vendor: cisco model: cisco ios
vendor: cisco model: ios xe software
vendor: cisco systems model: wireless controller
vendor: cisco systems model: cisco ios xe
vendor: cisco systems model: ios xe
vendor: cisco systems model: cisco ios
vendor: cisco systems model: ios xe software
db: NVD ids: CVE-2025-20188

Android Security Update - Patch for Vulnerabilities that Allows Privilege Escalation

Trust: 4.5

Fetched: June 4, 2025, 9:16 a.m., Published: June 3, 2025, 3:42 p.m.
 Vulnerabilities: privilege escalation, code execution
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2024-53026, CVE-2025-0835, CVE-2025-0073, CVE-2024-53010, CVE-2025-0819, CVE-2024-53021, CVE-2024-53020, CVE-2024-53019, CVE-2025-27029, CVE-2024-47893, CVE-2024-12837, CVE-2024-12576, CVE-2025-21486, CVE-2025-21485, CVE-2025-0478, CVE-2025-25178, CVE-2025-21424, CVE-2025-0468

Update Microsoft SharePoint Server 2016: KB5002722: resolves a Microsoft SharePoint Server remote code execution vulnerability

Trust: 4.25

Fetched: June 4, 2025, 9:15 a.m., Published: June 4, 2016, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-30384, CVE-2025-30382, CVE-2025-30378, CVE-2025-29976

ASUS router backdoors affect 9K devices, persist after firmware updates | SC Media

Related entries in the VARIoT vulnerabilities database: VAR-202105-1346, VAR-202309-0729

Trust: 4.75

Fetched: June 4, 2025, 9:15 a.m., Published: Oct. 15, 2024, 6 p.m.
 Vulnerabilities: authentication bypass, command injection
Affected productsExternal IDs
vendor: asus model: routers
vendor: asus model: router
vendor: asus model: rt-ac3200
vendor: asus model: rt-ac3100
vendor: asus model: rt-ac3100 firmware
vendor: asus model: asus
vendor: asus model: gt-ac2900
db: NVD ids: CVE-2021-32030, CVE-2023-39780

Cisco Clears VPN Vulnerabilities - ISSSource

Trust: 4.5

Fetched: June 4, 2025, 9:14 a.m., Published: June 3, 2025, 7:14 p.m.
 Vulnerabilities: resource management vulnerability
Affected productsExternal IDs
vendor: cisco model: meraki mx
vendor: cisco model: series
vendor: cisco model: meraki mx firmware
db: NVD ids: CVE-2024-20502, CVE-2024-20501, CVE-2024-20500, CVE-2024-20513, CVE-2024-20498, CVE-2024-20499

ABB M2M Gateway Improper Privilege Management in embedded De... - vulnerability database | Vulners.com

Trust: 4.25

Fetched: June 4, 2025, 9:13 a.m., Published: May 27, 2025, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2022-41973, CVE-2022-41974

Cisco Meraki MX and Z Series Teleworker Gateway AnyConnect VPN Denial of Service Vulnerabilities

Trust: 4.75

Fetched: June 4, 2025, 9:13 a.m., Published: June 2, 2025, 2:22 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: meraki mx
vendor: cisco model: series
db: NVD ids: CVE-2024-20502, CVE-2024-20501, CVE-2024-20500, CVE-2024-20513, CVE-2024-20498, CVE-2024-20499

Asus Router Vulnerability: Thousands of Devices Hacked in Stealthy Cyberattack - What You Need to Know- Fing

Related entries in the VARIoT vulnerabilities database: VAR-202309-0729

Trust: 3.75

Fetched: June 4, 2025, 9:11 a.m., Published: June 3, 2025, 1:42 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: asus model: routers
vendor: asus model: router
vendor: asus model: asus
db: NVD ids: CVE-2023-39780

Schneider Electric IoT Devices Vulnerable to High-Severity Buffer Overflow Attack | Windows Forum

Trust: 6.0

Fetched: June 4, 2025, 9:10 a.m., Published: May 4, 2025, midnight
 Vulnerabilities: code injection, buffer overflow, authentication bypass...
Affected productsExternal IDs
vendor: schneider electric model: monitor
vendor: schneider model: monitor
db: NVD ids: CVE-2023-4041

device vulnerability | Windows Forum

Trust: 3.25

Fetched: June 4, 2025, 9:10 a.m., Published: May 4, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs

Qualcomm Adreno GPU 0-Day Vulnerabilities Exploited to Attack Android Users

Trust: 5.5

Fetched: June 4, 2025, 9:09 a.m., Published: June 2, 2025, 4:24 p.m.
 Vulnerabilities: memory corruption, command execution
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: android
vendor: oneplus model: oneplus
vendor: samsung model: samsung
vendor: samsung model: note
vendor: samsung model: mobile
vendor: xiaomi model: browser
db: NVD ids: CVE-2025-21480, CVE-2025-27038, CVE-2025-21479

Phone chipmaker Qualcomm fixes three zero-days exploited by hackers | TechCrunch

Trust: 3.75

Fetched: June 4, 2025, 9:04 a.m., Published: June 3, 2025, 6:59 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
vendor: google model: pixel
db: NVD ids: CVE-2025-21480, CVE-2025-27038, CVE-2025-21479

New Alarming Messaging App Vulnerabilities Could Let Hackers Take Over Your Device - UNDERCODE NEWS

Related entries in the VARIoT vulnerabilities database: VAR-201912-0574

Trust: 4.75

Fetched: June 3, 2025, 9:39 a.m., Published: May 30, 2025, 3:18 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: trend model: security
db: NVD ids: CVE-2023-41064, CVE-2023-4863, CVE-2019-8641

Technical Details Published for Critical Cisco IOS XE Vulnerability

Trust: 4.75

Fetched: June 3, 2025, 9:38 a.m., Published: June 2, 2025, 11:57 a.m.
 Vulnerabilities: path traversal, code execution, command execution
Affected productsExternal IDs
vendor: cisco model: ios xe
vendor: cisco model: cisco ios xe
vendor: cisco model: cisco ios
vendor: cisco model: catalyst

CVE-2025-49162 - Arris VIP1113 TFTP File Overwrite Vulnerability - مدیریت منیج سرور ثبت دامنه

Trust: 4.25

Fetched: June 3, 2025, 9:37 a.m., Published: June 3, 2025, 3:02 a.m.
 Vulnerabilities: file overwrite vulnerability
Affected productsExternal IDs
db: NVD ids: CVE-2025-49162

CVE-2021-32030 - ASUS Routers Improper Authentication Vulnerability | ScyScan

Related entries in the VARIoT vulnerabilities database: VAR-202105-1346

Trust: 6.0

Fetched: June 3, 2025, 9:35 a.m., Published: June 2, 2025, midnight
 Vulnerabilities: authentication vulnerability
Affected productsExternal IDs
vendor: asus model: gt-ac2900
vendor: asus model: asus
vendor: asus model: routers
db: NVD ids: CVE-2021-32030

Update Canonical Ubuntu Desktop: USN-7479-1: MySQL vulnerabilities

Trust: 3.25

Fetched: June 3, 2025, 9:33 a.m., Published: Jan. 3, 7479, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu

Critical Vulnerability in Asus Routers: Hidden Backdoor Discovered

Trust: 3.0

Fetched: June 3, 2025, 9:33 a.m., Published: May 30, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: asus model: asus
vendor: asus model: routers
vendor: asus model: router

CVE-2025-27523 - Hitachi JP1/IT Desktop Management 2 - Smart Device Manager XXE Injection Vulnerability

Trust: 4.0

Fetched: June 3, 2025, 9:33 a.m., Published: May 15, 2025, 7:15 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: hitachi model: jp1/it desktop management
vendor: hitachi model: device manager
db: NVD ids: CVE-2025-27523