Sign-up

VARIoT news about IoT security

How to Perform a Pentest on IoT Devices

Trust: 4.25

Fetched: Sept. 22, 2024, 9:30 a.m., Published: Sept. 3, 2024, midnight
 Vulnerabilities: sql injection, cross-site scripting, privilege escalation...
Affected productsExternal IDs
vendor: wireshark model: wireshark

SolarWinds patches actively exploited hardcoded credentials vulnerability

Trust: 3.75

Fetched: Sept. 22, 2024, 9:29 a.m., Published: Aug. 22, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: solarwinds model: serv-u
db: NVD ids: CVE-2024-28978, CVE-2024-28986, CVE-2024-28987

CVE-2024-7120 Vulnerability in RAISECOM Gateway Devices Exposes 25,000 Devices

Trust: 5.0

Fetched: Sept. 22, 2024, 9:29 a.m., Published: Aug. 1, 2024, 2:58 a.m.
 Vulnerabilities: command injection, code injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-7120

From Pwn2Own Automotive: A Stack-Based Buffer Overflow Vulnerability in JuiceBox 40 Smart EV Charging Station - VicOne

Trust: 4.5

Fetched: Sept. 22, 2024, 9:28 a.m., Published: Sept. 22, 2040, midnight
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-23938

IoT Security: A Call to Action for Improved Vulnerability Disclosure

Trust: 4.5

Fetched: Sept. 22, 2024, 9:26 a.m., Published: Sept. 11, 2024, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: huawei model: huawei

Microsoft Windows Critical Vulnerability with CVE-2024-38063

Trust: 5.0

Fetched: Sept. 22, 2024, 9:26 a.m., Published: Aug. 16, 2024, 12:06 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-38063

IoT Security: A Call to Action for Improved Vulnerability Disclosure

Trust: 4.5

Fetched: Sept. 22, 2024, 9:25 a.m., Published: Sept. 11, 2024, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: huawei model: huawei

IoT Security: A Call to Action for Improved Vulnerability Disclosure

Trust: 4.5

Fetched: Sept. 22, 2024, 9:25 a.m., Published: Sept. 11, 2024, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: huawei model: huawei

IoT Security: A Call to Action for Improved Vulnerability Disclosure

Trust: 4.5

Fetched: Sept. 22, 2024, 9:24 a.m., Published: Sept. 11, 2024, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: huawei model: huawei

IoT Security: A Call to Action for Improved Vulnerability Disclosure

Trust: 4.5

Fetched: Sept. 22, 2024, 9:23 a.m., Published: Sept. 11, 2024, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: huawei model: huawei

Raptor Train Botnet Infects 260,000 Devices Globally

Trust: 4.75

Fetched: Sept. 20, 2024, 10:03 a.m., Published: -
 Vulnerabilities: command execution
Affected productsExternal IDs
vendor: asus model: routers
vendor: asus model: asus
vendor: tp-link model: routers
vendor: hikvision model: ip cameras
vendor: hikvision model: hikvision
vendor: draytek model: routers

Raptor Train Botnet Infects 260,000 Devices Globally

Trust: 4.75

Fetched: Sept. 20, 2024, 10:02 a.m., Published: -
 Vulnerabilities: command execution
Affected productsExternal IDs
vendor: asus model: routers
vendor: asus model: asus
vendor: tp-link model: routers
vendor: hikvision model: ip cameras
vendor: hikvision model: hikvision
vendor: draytek model: routers

High-risk vulnerabilities in common enterprise technologies | Rapid7 Blog

Trust: 4.5

Fetched: Sept. 20, 2024, 9:59 a.m., Published: Sept. 19, 2024, 8:45 p.m.
 Vulnerabilities: code execution, privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2024-41874, CVE-2024-38813, CVE-2024-38812, CVE-2024-29847, CVE-2024-28812

U.S. CISA adds new Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog

Trust: 3.75

Fetched: Sept. 20, 2024, 9:59 a.m., Published: Sept. 20, 2024, 7:09 a.m.
 Vulnerabilities: command injection, path traversal, os command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-8963, CVE-2024-8190

Vulnerabilities in Cellular Packet Cores Part IV Authentication | Trend Micro (FI)

Trust: 3.0

Fetched: Sept. 20, 2024, 9:56 a.m., Published: Sept. 18, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-20685

NCSC and partners issue advice to counter campaign targeting devices - ADS Advance

Trust: 3.0

Fetched: Sept. 20, 2024, 9:55 a.m., Published: Sept. 20, 2024, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs

NCSC exposes Chinese company running malicious Mirai botnet | Computer Weekly

Trust: 3.0

Fetched: Sept. 20, 2024, 9:55 a.m., Published: Sept. 18, 2024, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs

NCSC and partners issue advice to counter China-linked... - NCSC.GOV.UK

Trust: 3.0

Fetched: Sept. 20, 2024, 9:55 a.m., Published: -
 Vulnerabilities: denial of service
Affected productsExternal IDs

Microsoft Entra ID Vulnerability Allows Unauthorized Access

Trust: 3.75

Fetched: Sept. 20, 2024, 9:54 a.m., Published: Aug. 8, 2024, 9:19 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: trend model: security

Zyxel Vulnerabilities - Critical Command Injection

Trust: 4.0

Fetched: Sept. 20, 2024, 9:53 a.m., Published: Sept. 3, 2024, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-42057, CVE-2024-7261