Sign-up

VARIoT news about IoT security

GitHub - ebrasha/CVE-2024-7029: A PoC tool for exploiting CVE-2024-7029 in AvTech devices, enabling RCE, vulnerability scanning, and an interactive shell.

Trust: 3.0

Fetched: Sept. 22, 2024, 10:16 a.m., Published: Sept. 3, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-7029

NSA, FBI warn of PRC-linked cyber hackers compromising routers, IoT devices for botnet operations - Industrial Cyber

Trust: 3.75

Fetched: Sept. 22, 2024, 10:15 a.m., Published: Sept. 19, 2024, 12:14 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs

Advanced Vulnerability Management Approach | EC-Council

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 3.5

Fetched: Sept. 22, 2024, 10:14 a.m., Published: Aug. 30, 2024, 6:44 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security
vendor: trend micro model: security
db: NVD ids: CVE-2021-44228, CVE-2017-8283, CVE-2017-0145

Zyxel security advisory for OS command injection vulnerability in APs and security router devices - Zyxel Community

Trust: 3.75

Fetched: Sept. 22, 2024, 10:07 a.m., Published: Sept. 3, 2024, midnight
 Vulnerabilities: command injection, os command injection
Affected productsExternal IDs

Google Chrome Switches to ML-KEM for Post-Quantum Cryptography Defense

Related entries in the VARIoT vulnerabilities database: VAR-202409-0398

Trust: 3.75

Fetched: Sept. 22, 2024, 10:01 a.m., Published: Sept. 17, 2024, 12:22 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: google chrome
vendor: google model: chrome
vendor: yubico model: yubihsm 2
vendor: yubico model: yubikey
db: NVD ids: CVE-2024-45678

Siemens SIMATIC S7-200 SMART Devices - vulnerability database | Vulners.com

Related entries in the VARIoT vulnerabilities database: VAR-202409-0292

Trust: 4.75

Fetched: Sept. 22, 2024, 10 a.m., Published: Sept. 17, 2024, noon
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: siemens model: simatic s7-200 smart cpu st40
vendor: siemens model: simatic s7-200 smart cpu
vendor: siemens model: simatic
vendor: siemens model: simatic s7-200 smart cpu sr40
vendor: siemens model: simatic s7-200 smart cpu st60
vendor: siemens model: simatic s7-200 smart cpu sr60
vendor: siemens model: simatic s7-200
vendor: siemens model: simatic s7-200 smart cpu cr40
vendor: siemens model: simatic s7-200 smart cpu st30
vendor: siemens model: s7-200 smart
vendor: siemens model: simatic s7-200 smart cpu sr30
vendor: siemens model: simatic s7-200 smart
vendor: siemens model: simatic s7-200 smart cpu sr20
vendor: siemens model: simatic s7-200 smart cpu cr60
vendor: siemens model: simatic s7-200 smart cpu st20
db: NVD ids: CVE-2024-43647

Harden IOS Devices - Cisco

Trust: 4.25

Fetched: Sept. 22, 2024, 9:55 a.m., Published: Sept. 12, 2024, noon
 Vulnerabilities: memory leak, buffer overflow, denial of service...
Affected productsExternal IDs
vendor: cisco model: ios xe software
vendor: cisco model: cisco catalyst 6500 series
vendor: cisco model: ios xe
vendor: cisco model: catalyst
vendor: cisco model: catalyst 6500 series
vendor: cisco model: series
vendor: cisco model: series switches
vendor: cisco model: catalyst 4500
vendor: cisco model: link layer discovery protocol
vendor: cisco model: cisco ios xe
vendor: cisco model: cisco ios
vendor: cisco model: catalyst 6500
vendor: cisco model: routers
vendor: cisco model: guard
vendor: cisco model: ios software
vendor: cisco model: ios 12.4
vendor: cisco model: supervisor engine
vendor: cisco model: series routers
vendor: cisco model: eigrp
vendor: cisco model: hsrp
vendor: cisco model: router
vendor: cisco model: series supervisor engine

China-Linked Attack Hits 260,000 Devices, FBI Confirms

Trust: 3.5

Fetched: Sept. 22, 2024, 9:53 a.m., Published: Sept. 19, 2024, 8:57 p.m.
 Vulnerabilities: denial of service, default credentials
Affected productsExternal IDs
vendor: axis model: axis
vendor: axis model: ip cameras
vendor: hikvision model: hikvision
vendor: hikvision model: ip cameras
vendor: tp-link model: routers
vendor: asus model: routers
vendor: asus model: asus
vendor: trend model: security
vendor: trend micro model: security

XSS Vulnerability 101: Identify and Stop Cross-Site Scripting | Okta

Trust: 3.75

Fetched: Sept. 22, 2024, 9:53 a.m., Published: -
 Vulnerabilities: request forgery, cross-site request forgery, cross-site scripting
Affected productsExternal IDs

About the security content of macOS Sequoia 15 - Apple Support

Trust: 4.25

Fetched: Sept. 22, 2024, 9:52 a.m., Published: Sept. 15, 2024, midnight
 Vulnerabilities: buffer overflow, memory initialization issue, bounds access issue...
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: imac
vendor: apple model: macbook pro
vendor: apple model: macbook
vendor: apple model: macbook air
vendor: trend model: security
vendor: trend micro model: security
db: NVD ids: CVE-2024-44165, CVE-2024-44170, CVE-2024-44183, CVE-2024-44125, CVE-2024-44182, CVE-2024-44146, CVE-2024-40837, CVE-2024-40844, CVE-2024-44152, CVE-2024-40859, CVE-2024-44178, CVE-2024-40860, CVE-2023-4504, CVE-2024-44161, CVE-2024-44167, CVE-2024-40857, CVE-2024-40848, CVE-2024-44181, CVE-2024-40826, CVE-2024-44176, CVE-2024-44130, CVE-2024-44184, CVE-2024-27875, CVE-2024-40770, CVE-2024-27861, CVE-2024-44191, CVE-2024-44186, CVE-2023-5841, CVE-2024-44131, CVE-2024-40845, CVE-2024-40797, CVE-2024-44148, CVE-2024-44164, CVE-2024-40801, CVE-2024-44169, CVE-2024-27858, CVE-2024-44187, CVE-2024-44153, CVE-2024-44188, CVE-2024-44166, CVE-2024-44135, CVE-2024-40838, CVE-2024-27876, CVE-2024-27869, CVE-2024-44133, CVE-2024-44158, CVE-2024-44129, CVE-2024-40866, CVE-2024-40846, CVE-2024-44154, CVE-2024-40842, CVE-2024-44163, CVE-2024-44149, CVE-2024-23237, CVE-2024-44151, CVE-2024-40825, CVE-2024-44132, CVE-2024-40843, CVE-2024-44190, CVE-2024-40831, CVE-2024-27795, CVE-2024-39894, CVE-2024-44160, CVE-2024-40850, CVE-2024-27880, CVE-2024-40847, CVE-2024-27860, CVE-2024-40841, CVE-2024-44189, CVE-2024-44128, CVE-2024-44134, CVE-2024-40856, CVE-2024-40861, CVE-2024-44198, CVE-2024-41957, CVE-2024-44168, CVE-2024-40791, CVE-2024-44177

Android Security Bulletin-September 2024 | Android Open Source Project

Related entries in the VARIoT vulnerabilities database: VAR-202409-0017

Trust: 4.25

Fetched: Sept. 22, 2024, 9:43 a.m., Published: Sept. 22, 2024, midnight
 Vulnerabilities: denial of service, code execution, information disclosure
Affected productsExternal IDs
vendor: huawei model: huawei
vendor: motorola model: motorola
vendor: motorola model: android
vendor: google model: android
vendor: google model: pixel
vendor: samsung model: notes
vendor: samsung model: mobile
vendor: samsung model: samsung
vendor: samsung model: note
db: NVD ids: CVE-2024-23362, CVE-2024-23365, CVE-2024-40652, CVE-2024-40650, CVE-2024-39431, CVE-2024-33016, CVE-2024-3655, CVE-2024-23364, CVE-2024-36972, CVE-2024-40658, CVE-2024-40654, CVE-2024-23716, CVE-2024-33051, CVE-2024-40656, CVE-2024-40662, CVE-2024-31336, CVE-2024-32896, CVE-2024-40659, CVE-2024-40657, CVE-2024-23358, CVE-2024-23359, CVE-2024-40655, CVE-2024-39432

Common Network Vulnerabilities and Threats Explained | Fidelis Security

Trust: 3.25

Fetched: Sept. 22, 2024, 9:41 a.m., Published: Aug. 28, 2024, 6:55 a.m.
 Vulnerabilities: sql injection
Affected productsExternal IDs

Security and Vulnerability Management Market is Likely

Trust: 3.0

Fetched: Sept. 22, 2024, 9:41 a.m., Published: Sept. 21, 2024, 9:27 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: wireshark model: wireshark

FBI, NSA Say Chinese Botnet Compromised 260,000 Devices

Trust: 5.75

Fetched: Sept. 22, 2024, 9:39 a.m., Published: Sept. 18, 2024, 7:36 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: routers
vendor: cisco model: soho
db: NVD ids: CVE-2024-4577

Cisco Patches Identity Services Engine (ISE) Vulnerability with Public Exploit Code (CVE-2024-20469) - Qualys ThreatPROTECT

Trust: 6.0

Fetched: Sept. 22, 2024, 9:35 a.m., Published: -
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: cisco model: identity services engine
vendor: cisco model: cisco identity services engine
db: NVD ids: CVE-2024-20469

Cisco CVE - OpenCVE

Related entries in the VARIoT vulnerabilities database: VAR-200810-0010

Trust: 5.5

Fetched: Sept. 22, 2024, 9:34 a.m., Published: April 6, 2024, midnight
 Vulnerabilities: cross-site scripting, command injection, improper validation...
Affected productsExternal IDs
vendor: cisco model: nx-os 4.0
vendor: cisco model: nx-os
vendor: cisco model: catalyst 9800
vendor: cisco model: cisco small business switches
vendor: cisco model: identity services engine
vendor: cisco model: ios xr
vendor: cisco model: nexus 7000
vendor: cisco model: ios xe software
vendor: cisco model: telepresence multipoint switch
vendor: cisco model: cisco identity services engine
vendor: cisco model: sd-wan solution
vendor: cisco model: small business switches
vendor: cisco model: cisco nx-os
vendor: cisco model: ios xe
vendor: cisco model: rv130w
vendor: cisco model: telepresence
vendor: cisco model: nexus 9000
vendor: cisco model: catalyst
vendor: cisco model: series wireless controllers
vendor: cisco model: ios xr software
vendor: cisco model: nx-os software
vendor: cisco model: series
vendor: cisco model: series switches
vendor: cisco model: cisco telepresence recording server
vendor: cisco model: wide area application services
vendor: cisco model: cisco telepresence manager
vendor: cisco model: telepresence manager
vendor: cisco model: telepresence recording server
vendor: cisco model: nexus 9000 series
vendor: cisco model: link layer discovery protocol
vendor: cisco model: cisco ucs director
vendor: cisco model: sd-wan
vendor: cisco model: cisco ios xe
vendor: cisco model: rv130
vendor: cisco model: rv110w
vendor: cisco model: nexus 3000
vendor: cisco model: cisco ios
vendor: cisco model: anyconnect secure mobility client
vendor: cisco model: routers
vendor: cisco model: ios software
vendor: cisco model: ucs director
vendor: cisco model: cisco anyconnect secure mobility client
vendor: cisco model: access points
vendor: cisco model: cisco small business
vendor: cisco model: virtual wide area application services
vendor: cisco model: nexus 5000
vendor: cisco model: arrowpoint
vendor: cisco model: rv215w
vendor: cisco model: cisco telepresence
vendor: cisco model: telepresence immersive endpoint
vendor: cisco model: nexus
vendor: cisco model: cisco sd-wan
vendor: cisco model: small business
vendor: cisco model: cisco telepresence multipoint switch
vendor: cisco model: cisco ios xr
db: NVD ids: CVE-2008-4609

Uncovering IoT Vulnerabilities: Highlights from the Bitdefender - Netgear 2024 Threat Report

Trust: 3.0

Fetched: Sept. 22, 2024, 9:33 a.m., Published: Sept. 22, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs

Uncovering IoT Vulnerabilities: Highlights from the Bitdefender - Netgear 2024 Threat Report

Trust: 3.0

Fetched: Sept. 22, 2024, 9:33 a.m., Published: Sept. 22, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs

Racing round and round: The little bug that could

Trust: 4.5

Fetched: Sept. 22, 2024, 9:31 a.m., Published: July 29, 2024, midnight
 Vulnerabilities: privilege escalation, memory leak, memory corruption...
Affected productsExternal IDs
db: NVD ids: CVE-2024-30089, CVE-2023-36802

Major Cisco security vulnerability gave hackers password access - Techerati

Trust: 3.0

Fetched: Sept. 22, 2024, 9:31 a.m., Published: July 25, 2024, 10:59 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-20419, CVE-2024-20401