Sign-up

VARIoT news about IoT security

No Fix for Critical Command Injection Vulnerability in Legacy D-Link NAS Devices - Source:cyble.com - CISO2CISO.COM & CYBER SECURITY GROUP

Related entries in the VARIoT vulnerabilities database: VAR-202411-0293

Trust: 5.5

Fetched: Dec. 4, 2024, 9:53 a.m., Published: Nov. 11, 2024, 8:03 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: dlink model: dns-320
vendor: dlink model: dns-320lw
vendor: dlink model: dns-340l
vendor: dlink model: dns-325
vendor: d-link model: dns-320
vendor: d-link model: dns-320lw
vendor: d-link model: dns-340l
vendor: d-link model: dns-325
db: NVD ids: CVE-2024-10914

Update Canonical Ubuntu Desktop: USN-7083-1: OpenJPEG vulnerabilities

Trust: 5.75

Fetched: Dec. 4, 2024, 9:52 a.m., Published: Jan. 4, 7083, midnight
 Vulnerabilities: integer overflow, denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2021-29338, CVE-2021-3575, CVE-2022-1122

Lorex 2K Indoor Wi-Fi Security Camera: Multiple Vulns (FIXED) | Rapid7 Blog

Trust: 4.5

Fetched: Dec. 4, 2024, 9:51 a.m., Published: Dec. 3, 2024, 8 p.m.
 Vulnerabilities: buffer overflow, code execution, authentication bypass...
Affected productsExternal IDs
db: NVD ids: CVE-2024-52548, CVE-2024-52545, CVE-2024-52547, CVE-2024-52546, CVE-2024-52544

PoC Confirms Root Privilege Exploit in TP-Link Archer AXE75 Vulnerability (CVE-2024-53375)

Trust: 4.25

Fetched: Dec. 4, 2024, 9:43 a.m., Published: Dec. 4, 2024, 2:06 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-53375

CVE-2024-9404: Denial-of-Service Vulnerability Identified in the VPort 07-3 Series

Trust: 3.25

Fetched: Dec. 4, 2024, 9:42 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-9404

Lorex 2K Indoor Wi-Fi Security Camera: Multiple Vulnerabilities (FIXED) | Noise

Trust: 4.5

Fetched: Dec. 4, 2024, 9:36 a.m., Published: Dec. 3, 2024, midnight
 Vulnerabilities: buffer overflow, code execution, authentication bypass...
Affected productsExternal IDs
db: NVD ids: CVE-2024-52548, CVE-2024-52545, CVE-2024-52547, CVE-2024-52546, CVE-2024-52544

Hacking Your Own IoT: A White Hat’s Guide to Securing Smart Devices

Trust: 4.25

Fetched: Dec. 4, 2024, 9:34 a.m., Published: Dec. 4, 2024, 2 p.m.
 Vulnerabilities: cross-site scripting, sql injection, default credentials
Affected productsExternal IDs
vendor: wireshark model: wireshark

Researchers find 20 vulnerabilities in Advantech Wi-Fi access point - Cyber Daily

Trust: 3.0

Fetched: Dec. 4, 2024, 9:34 a.m., Published: Nov. 28, 2024, 11:23 p.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs

Are you protecting your smart devices from cyber hackers?

Trust: 3.0

Fetched: Dec. 4, 2024, 9:33 a.m., Published: Oct. 14, 2024, 10:09 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security

IoT Vulnerabilities and Security Concerns | CSA

Trust: 5.0

Fetched: Dec. 4, 2024, 9:30 a.m., Published: Dec. 1, 2024, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs

A Comprehensive Review of Cyber Security Vulnerabilities, Threats, Attacks, and Solutions

Trust: 4.25

Fetched: Dec. 4, 2024, 9:26 a.m., Published: Jan. 4, 2023, midnight
 Vulnerabilities: code execution, cross-site scripting, buffer overflow...
Affected productsExternal IDs
vendor: essential model: phone
vendor: apple model: macos
vendor: google model: home
vendor: google model: android
vendor: century model: router
vendor: trend model: antivirus
vendor: trend model: security
vendor: symantec model: antivirus
vendor: symantec model: web security
vendor: symantec model: scan engine
vendor: rising model: antivirus
vendor: wireshark model: wireshark
vendor: orange model: web server
vendor: rapid model: scada

Huawei lists EMUI and HarmonyOS November 2024 security patch details - Huawei Central

Related entries in the VARIoT vulnerabilities database: VAR-202409-0013

Trust: 3.75

Fetched: Dec. 4, 2024, 9:23 a.m., Published: Nov. 5, 2024, noon
 Vulnerabilities: -
Affected productsExternal IDs
vendor: huawei model: emui
vendor: huawei model: huawei
db: NVD ids: CVE-2024-33049, CVE-2024-51510, CVE-2024-51512, CVE-2024-51511, CVE-2024-51516, CVE-2024-43892, CVE-2024-51514, CVE-2024-42283, CVE-2024-51529, CVE-2024-33069, CVE-2024-46798, CVE-2024-42305, CVE-2024-40673, CVE-2024-51526, CVE-2024-51515, CVE-2024-51530, CVE-2024-51525, CVE-2024-44987, CVE-2024-6119, CVE-2024-51522, CVE-2024-51582, CVE-2024-51523, CVE-2024-42312, CVE-2024-51518, CVE-2024-34737, CVE-2024-43882, CVE-2024-33060, CVE-2024-38399, CVE-2024-51524, CVE-2024-42292, CVE-2024-51520, CVE-2024-45448, CVE-2024-51521, CVE-2024-51513, CVE-2024-51527, CVE-2024-51517

Fortinet の RCE 脆弱性 CVE-2024-23113:日本におけるインターネット露出は 5,100台 - IoT OT Security News

Trust: 4.25

Fetched: Dec. 4, 2024, 9:21 a.m., Published: Oct. 12, 2024, 10:14 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2024-23113

Several QNAP vulnerabilities addressed | SC Media

Trust: 4.75

Fetched: Dec. 3, 2024, 10:13 a.m., Published: June 11, 2024, 5 p.m.
 Vulnerabilities: request forgery, os command injection, command execution...
Affected productsExternal IDs
db: NVD ids: CVE-2024-38644, CVE-2024-38643, CVE-2024-38645, CVE-2024-38646, CVE-2024-48861, CVE-2024-48860

Axis Devices Detection (SNMP) - vulnerability database | Vulners.com

Trust: 3.25

Fetched: Dec. 3, 2024, 10:12 a.m., Published: Nov. 27, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: axis model: axis

CVE-2021-30731 - "Apple macOS USB Device Capture Vulnerability"

Related entries in the VARIoT vulnerabilities database: VAR-202109-1345

Trust: 3.5

Fetched: Dec. 3, 2024, 10:12 a.m., Published: Sept. 8, 2021, 2:15 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: mac_os_x
vendor: apple model: macos
vendor: apple model: mac_os
db: NVD ids: CVE-2021-30731

D-Link says replace vulnerable routers or risk pwnage • The Register

Trust: 3.5

Fetched: Dec. 3, 2024, 10:12 a.m., Published: -
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
vendor: d-link model: router

CVE-2024-50359 - Exploits & Severity - Feedly

Trust: 4.25

Fetched: Dec. 3, 2024, 10:11 a.m., Published: Nov. 26, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-50359

ZDI-24-1457: Delta Electronics InfraSuite Device Master _gExtraInfo Deserialization Of Untrusted Data Remote Code Execution Vulnerability - CYBERSECURITY THREATS

Trust: 4.25

Fetched: Dec. 3, 2024, 10:10 a.m., Published: Nov. 7, 2024, 11:48 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-10456

Hackers Exploiting ProjectSend Authentication Vulnerability In The Wild

Trust: 3.0

Fetched: Dec. 3, 2024, 10:09 a.m., Published: Nov. 27, 2024, 12:05 p.m.
 Vulnerabilities: authentication vulnerability
Affected productsExternal IDs
db: NVD ids: CVE-2024-11680