VARIoT latest news about IoT security

Smart home vulnerabilities and how to protect against them \| Kaspersky official blog Trust: 3.25 Fetched: June 4, 2024, 9:33 a.m., Published: Jan. 4, 2050, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	home
vendor:	fibaro	model:	button

91,000 Smart LG TV Devices Vulnerable to Remote Takeover - The Cloud Consultancy Trust: 5.0 Fetched: June 4, 2024, 9:31 a.m., Published: April 9, 2024, 7:40 p.m.	Vulnerabilities: command injection

Affected products

External IDs

db:

NVD

ids:

CVE-2023-6317, CVE-2023-6320, CVE-2023-6319, CVE-2023-6318

D-Link tells customers to sunset actively exploited storage devices \| Cybersecurity Dive Related entries in the VARIoT vulnerabilities database: VAR-202404-0070 Trust: 5.5 Fetched: June 4, 2024, 9:31 a.m., Published: April 8, 2024, midnight	Vulnerabilities: arbitrary command execution, command injection, command execution...

Affected products

External IDs

vendor:	d-link	model:	dns-325
vendor:	d-link	model:	dns-340l
vendor:	d-link	model:	dns-327l
vendor:	d-link	model:	dns-320l
vendor:	barracuda	model:	barracuda

db:

NVD

ids:

CVE-2024-3273

Detect Security Vulnerability \| NetApp Documentation Trust: 3.0 Fetched: June 4, 2024, 9:31 a.m., Published: March 14, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	netapp	model:	santricity os controller
vendor:	netapp	model:	storagegrid
vendor:	netapp	model:	solidfire
vendor:	netapp	model:	element software
vendor:	netapp	model:	active iq unified manager

Five new vulnerabilities found in Zyxel NAS devices (including code execution and privilege escalation) Trust: 6.25 Fetched: June 4, 2024, 9:29 a.m., Published: June 3, 2024, 1:36 p.m.	Vulnerabilities: privilege escalation, authentication bypass, code injection...

Affected products

External IDs

vendor:	zyxel	model:	nsa310
vendor:	zyxel	model:	nas326

db:

NVD

ids:

CVE-2024-29972, CVE-2024-29974, CVE-2024-29976, CVE-2024-29975, CVE-2024-29973, CVE-2023-27992, CVE-2011-5325

Zero Day Remote Code Execution Vulnerability Exploited to Attack PAN-OS Trust: 4.5 Fetched: June 4, 2024, 9:28 a.m., Published: April 23, 2024, midnight	Vulnerabilities: code execution, path traversal, command injection

Affected products

External IDs

vendor:

palo

model:

pan-os

db:

NVD

ids:

CVE-2024-3400

Protect Your System: Understanding CVE-2024-3400 Zero-Day Vulnerability Trust: 4.5 Fetched: June 4, 2024, 9:28 a.m., Published: April 12, 2024, 10:10 a.m.	Vulnerabilities: command injection

Affected products

External IDs

vendor:	palo	model:	pan-os
vendor:	palo	model:	firewall
vendor:	palo	model:	networks
vendor:	palo alto networks	model:	pan-os
vendor:	palo alto networks	model:	firewall
vendor:	palo alto networks	model:	networks

db:

NVD

ids:

CVE-2024-3400

Flaws in legacy D-Link NAS devices under attack \| TechTarget Related entries in the VARIoT vulnerabilities database: VAR-202404-0070 Trust: 6.0 Fetched: June 4, 2024, 9:28 a.m., Published: April 8, 2024, midnight	Vulnerabilities: command injection

Affected products

External IDs

vendor:	d-link	model:	dns-325
vendor:	d-link	model:	router
vendor:	d-link	model:	dns-340l
vendor:	d-link	model:	dns-327l
vendor:	d-link	model:	dns-320l

db:

NVD

ids:

CVE-2024-3273

Cisco IOS Software for Catalyst 6000 Series Switches Denial of Service Vulnerability Trust: 5.0 Fetched: June 4, 2024, 9:27 a.m., Published: April 4, 2024, 3:31 p.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	cisco	model:	series
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	catalyst 4000
vendor:	cisco	model:	catalyst
vendor:	cisco	model:	catalyst 6500
vendor:	cisco	model:	series switches
vendor:	cisco	model:	router
vendor:	cisco	model:	ios software
vendor:	cisco	model:	nx-os software
vendor:	cisco	model:	ios xr
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	catalyst 6000 series
vendor:	cisco	model:	ios xr software
vendor:	cisco	model:	catalyst 3000
vendor:	cisco	model:	catalyst 4000 series
vendor:	cisco	model:	supervisor engine
vendor:	cisco	model:	catalyst 6000
vendor:	cisco	model:	nx-os
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	catalyst 6500 series

Securing Git: Addressing 5 new vulnerabilities - The GitHub Blog Trust: 5.75 Fetched: June 4, 2024, 9:25 a.m., Published: May 14, 2024, 5:07 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:

apple

model:

macos

db:

NVD

ids:

CVE-2024-32020, CVE-2024-32465, CVE-2024-32002, CVE-2024-32004, CVE-2024-32021

Check Point CVE-2024-24919: Find potentially impacted devices Trust: 4.0 Fetched: June 2, 2024, 9:42 a.m., Published: May 31, 2024, 4:36 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	check point	model:	security gateway
vendor:	check point	model:	check point

db:

NVD

ids:

CVE-2024-24919

Microsoft’s May 2024 Patch Tuesday Addresses 59 CVEs (CVE-2024-30051, CVE-2024-30040) - Blog \| Tenable® Trust: 4.75 Fetched: June 2, 2024, 9:42 a.m., Published: May 14, 2024, 5:37 p.m.	Vulnerabilities: information disclosure, denial of service, code execution...

Affected products

External IDs

db:

NVD

ids:

CVE-2024-30008, CVE-2024-30040, CVE-2023-36033, CVE-2023-36436, CVE-2023-21805, CVE-2024-32004, CVE-2023-32046, CVE-2023-35308, CVE-2023-29324, CVE-2024-30035, CVE-2024-30051, CVE-2023-35336, CVE-2024-30044, CVE-2023-35628, CVE-2024-30046, CVE-2024-32002, CVE-2023-36805, CVE-2024-32046, CVE-2024-30032

Apple TV < 17.5 Multiple Vulnerabilities (HT214102) \| Tenable® Trust: 3.25 Fetched: June 2, 2024, 9:41 a.m., Published: June 17, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

apple tv

Report: 11 Vulnerabilities Found in GE Ultrasound Devices Trust: 3.5 Fetched: June 2, 2024, 9:36 a.m., Published: June 11, 2024, midnight	Vulnerabilities: command injection, path traversal

Affected products

External IDs

db:

NVD

ids:

CVE-2024-27106, CVE-2024-27107

CVE-2024-36022 - vulnerability database \| Vulners.com Trust: 4.25 Fetched: June 2, 2024, 9:36 a.m., Published: May 31, 2024, midnight	Vulnerabilities: kernel panic

Affected products

External IDs

db:

NVD

ids:

CVE-2024-36022

TP-Link Gaming Router Vulnerability Exposes Users to Remote Code Attacks \| MrHacker Trust: 5.75 Fetched: June 2, 2024, 9:35 a.m., Published: May 28, 2024, midnight	Vulnerabilities: arbitrary command execution, code execution, command execution

Affected products

External IDs

vendor:

tp-link

model:

routers

db:

NVD

ids:

CVE-2024-5035, CVE-2024-4999, CVE-2024-3871

Researchers find 11 security vulnerabilities in GE HealthCare ultrasound machines - Tech Empire Solutions Related entries in the VARIoT vulnerabilities database: VAR-202204-0324 Trust: 5.5 Fetched: June 2, 2024, 9:34 a.m., Published: May 18, 2024, 1:42 p.m.	Vulnerabilities: command injection, path traversal, code execution...

Affected products

External IDs

vendor:	siemens	model:	simatic
vendor:	roku	model:	roku

db:

NVD

ids:

CVE-2022-23450, CVE-2024-27110, CVE-2023-6324, CVE-2024-23912, CVE-2023-6321, CVE-2024-1628, CVE-2020-6977, CVE-2024-23913, CVE-2024-27107, CVE-2024-1629, CVE-2024-23914, CVE-2024-1630

Vulnerability Summary for the Week of May 6, 2024 \| CISA Related entries in the VARIoT vulnerabilities database: VAR-202405-1111, VAR-202308-3104, VAR-202405-0699, VAR-202303-0418, VAR-202109-1948, VAR-202405-1410, VAR-202405-0739, VAR-202308-3319, VAR-202308-4331 Trust: 5.25 Fetched: June 2, 2024, 9:31 a.m., Published: May 6, 2024, midnight	Vulnerabilities: cross-site request forgery, authentication vulnerability, path traversal...

Affected products

External IDs

vendor:	trendmicro	model:	security
vendor:	node.js	model:	node.js
vendor:	d-link	model:	multiple routers
vendor:	d-link	model:	router
vendor:	d-link	model:	dir-845l
vendor:	netgear	model:	r7800
vendor:	netgear	model:	multiple routers
vendor:	netgear	model:	router
vendor:	netgear	model:	netgear r7800
vendor:	triangle	model:	scada data gateway
vendor:	triangle	model:	microworks scada data gateway
vendor:	asus	model:	router
vendor:	asus	model:	asus
vendor:	asus	model:	routers
vendor:	asus	model:	rt-ac51u
vendor:	asus	model:	rt-ac51u firmware
vendor:	google	model:	google chrome
vendor:	google	model:	chrome
vendor:	google	model:	android
vendor:	triangle microworks	model:	scada data gateway
vendor:	triangle microworks	model:	microworks scada data gateway

db:

NVD

ids:

CVE-2024-0027, CVE-2024-26312, CVE-2024-0026, CVE-2024-336003, CVE-2024-25514, CVE-2021-35001, CVE-2024-20060, CVE-2024-34250, CVE-2021-34958, CVE-2024-25525, CVE-2021-34948, CVE-2024-33155, CVE-2024-29149, CVE-2024-25521, CVE-2021-34983, CVE-2024-34534, CVE-2021-34971, CVE-2024-33858, CVE-2024-335993, CVE-2024-25529, CVE-2021-34957, CVE-2024-29150, CVE-2024-25520, CVE-2024-33111, CVE-2024-33113, CVE-2021-34974, CVE-2024-34314, CVE-2024-25522, CVE-2024-33411, CVE-2023-35748, CVE-2024-34523, CVE-2024-26579, CVE-2021-34966, CVE-2024-33110, CVE-2024-25507, CVE-2024-34527, CVE-2024-33406, CVE-2024-23705, CVE-2024-34533, CVE-2024-34257, CVE-2024-25532, CVE-2024-33748, CVE-2024-34524, CVE-2021-34951, CVE-2021-34975, CVE-2024-33857, CVE-2024-34529, CVE-2021-34968, CVE-2024-34252, CVE-2024-25531, CVE-2024-25508, CVE-2021-34967, CVE-2021-34961, CVE-2021-34953, CVE-2024-33382, CVE-2024-4558, CVE-2024-3755, CVE-2024-4030, CVE-2024-34525, CVE-2024-29207, CVE-2024-0025, CVE-2021-34981, CVE-2024-32370, CVE-2024-34249, CVE-2024-0024, CVE-2024-34532, CVE-2024-33121, CVE-2024-33830, CVE-2024-33408, CVE-2024-29209, CVE-2021-34956, CVE-2021-34970, CVE-2024-33112, CVE-2024-33149, CVE-2023-32873, CVE-2024-33782, CVE-2024-25511, CVE-2024-25512, CVE-2024-30973, CVE-2022-43654, CVE-2021-34999, CVE-2024-25533, CVE-2024-23710, CVE-2024-33753, CVE-2024-29210, CVE-2024-34472, CVE-2024-4559, CVE-2024-25526, CVE-2021-34973, CVE-2024-25510, CVE-2024-33410, CVE-2021-34963, CVE-2021-34950, CVE-2021-34954, CVE-2024-29206, CVE-2024-25518, CVE-2024-32371, CVE-2021-34965, CVE-2021-35000, CVE-2024-34315, CVE-2022-0369, CVE-2021-34960, CVE-2024-32674, CVE-2021-34952, CVE-2024-33117, CVE-2024-33139, CVE-2024-25513, CVE-2024-32369, CVE-2024-33859, CVE-2024-2913, CVE-2024-25515, CVE-2023-40490, CVE-2024-34092, CVE-2024-23712, CVE-2021-34982, CVE-2024-33148, CVE-2024-34244, CVE-2022-43653, CVE-2024-336013, CVE-2024-24788, CVE-2024-34251, CVE-2024-0043, CVE-2024-20064, CVE-2021-34947, CVE-2024-33120, CVE-2024-33788, CVE-2024-3756, CVE-2024-34470, CVE-2024-0042, CVE-2021-34962, CVE-2024-34471, CVE-2022-43651, CVE-2024-20057, CVE-2024-33783, CVE-2024-23704, CVE-2024-33161, CVE-2021-34964, CVE-2024-336023, CVE-2024-23709, CVE-2024-33146, CVE-2024-1695, CVE-2024-33860, CVE-2024-23713, CVE-2024-34528, CVE-2024-2994156, CVE-2022-43655, CVE-2024-34517, CVE-2024-33124, CVE-2024-33752, CVE-2023-46012, CVE-2024-25523, CVE-2023-32871, CVE-2021-35002, CVE-2024-33403, CVE-2024-20058, CVE-2021-34955, CVE-2024-33153, CVE-2024-33404, CVE-2023-37325, CVE-2021-34972, CVE-2024-25509, CVE-2022-43652, CVE-2024-27982, CVE-2024-24787, CVE-2022-43656, CVE-2024-25517, CVE-2024-33164, CVE-2024-34538, CVE-2024-25524, CVE-2024-28725, CVE-2024-33407, CVE-2024-25527, CVE-2024-33122, CVE-2024-20056, CVE-2021-34969, CVE-2024-0904, CVE-2024-33409, CVE-2024-23706, CVE-2021-34949, CVE-2024-33856, CVE-2023-33548, CVE-2024-33144, CVE-2024-3752, CVE-2024-0022, CVE-2024-20059, CVE-2024-23707, CVE-2024-33294, CVE-2024-25528, CVE-2024-25519, CVE-2024-29208, CVE-2024-33147, CVE-2023-35757, CVE-2023-35749, CVE-2024-20021, CVE-2024-33829, CVE-2021-34976, CVE-2024-33118, CVE-2024-34246, CVE-2024-33749, CVE-2024-33781, CVE-2024-25530, CVE-2024-31961, CVE-2024-33780, CVE-2024-34397, CVE-2024-33434, CVE-2024-32113, CVE-2024-33405, CVE-2021-34959, CVE-2024-23708, CVE-2024-3628, CVE-2024-34255

Cinterion Modem Vulnerabilities Pose Risks To IoT Devices - Cybernoz Trust: 4.75 Fetched: June 2, 2024, 9:30 a.m., Published: May 14, 2024, 7:47 a.m.	Vulnerabilities: privilege escalation, code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2023-47616, CVE-2023-47610, CVE-2023-47611

Flaw in Wi-Fi-Standard Can Enable SSID Confusion Attacks Trust: 3.0 Fetched: June 2, 2024, 9:30 a.m., Published: June 5, 2024, midnight	Vulnerabilities: traffic interception

Affected products

External IDs

db:

NVD

ids:

CVE-2023-52424

VARIoT news about IoT security