VARIoT latest news about IoT security

Nest Security Bulletin-September 2024 - Help Trust: 5.5 Fetched: Sept. 20, 2024, 9:52 a.m., Published: Sept. 20, 2024, midnight	Vulnerabilities: denial of service, information disclosure, code execution

Affected products

External IDs

vendor:	google	model:	wifi router
vendor:	google	model:	home
vendor:	google	model:	wifi

db:

NVD

ids:

CVE-2024-22013

Dutch hackers report flaws in Enphase IQ Gateway devices - pv magazine International Trust: 3.0 Fetched: Sept. 20, 2024, 9:51 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:

enphase

model:

envoy

Vulnerabilities in Cellular Packet Cores Part IV Authentication \| Trend Micro (UAE) Trust: 3.0 Fetched: Sept. 20, 2024, 9:51 a.m., Published: Sept. 18, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2024-20685

ERROR: The request could not be satisfied Trust: 3.25 Fetched: Sept. 20, 2024, 9:51 a.m., Published: -	Vulnerabilities: configuration error

Affected products	External IDs

IoT Security: A Call to Action for Improved Vulnerability Disclosure Trust: 4.5 Fetched: Sept. 20, 2024, 9:50 a.m., Published: Sept. 11, 2024, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:

huawei

model:

huawei

Cisco warns about actively exploited vulnerability in switches Trust: 3.75 Fetched: Sept. 20, 2024, 9:50 a.m., Published: July 3, 2024, 8:12 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	nexus
vendor:	cisco	model:	mds 9000
vendor:	cisco	model:	cisco nx-os
vendor:	cisco	model:	nexus 9000
vendor:	cisco	model:	series switches
vendor:	cisco	model:	nx-os
vendor:	cisco	model:	routers
vendor:	cisco	model:	nexus 7000
vendor:	cisco	model:	series
vendor:	cisco	model:	nexus series
vendor:	cisco	model:	mds 9000 series
vendor:	cisco	model:	nexus series switches
vendor:	cisco	model:	nexus 9000 series
vendor:	cisco	model:	nexus 3000
vendor:	cisco	model:	nx-os software

db:

NVD

ids:

CVE-2024-20399

IoT Security: A Call to Action for Improved Vulnerability Disclosure Trust: 4.5 Fetched: Sept. 20, 2024, 9:49 a.m., Published: Sept. 11, 2024, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:

huawei

model:

huawei

IoT Sensor Vulnerabilities Are Putting Us at Risk in 2024 Trust: 3.5 Fetched: Sept. 20, 2024, 9:49 a.m., Published: June 27, 2024, 8:42 p.m.	Vulnerabilities: denial of service

Affected products	External IDs

Mirai Botnet Variant Targeting Unpatchable AVTECH CCTV Camera Command Injection Vulnerability [CVE-2024-7029] \| Censys Trust: 7.0 Fetched: Sept. 20, 2024, 9:48 a.m., Published: Sept. 5, 2024, 4:22 p.m.	Vulnerabilities: command injection

Affected products

External IDs

vendor:

avtech

model:

ip camera

db:

NVD

ids:

CVE-2024-7029

Zyxel security advisory for multiple vulnerabilities in firewalls \| Zyxel Networks Trust: 4.75 Fetched: Sept. 20, 2024, 9:37 a.m., Published: Sept. 7, 2024, midnight	Vulnerabilities: command injection, cross-site scripting, denial of service...

Affected products

External IDs

db:

NVD

ids:

CVE-2024-7203, CVE-2024-42060, CVE-2024-42061, CVE-2024-6343, CVE-2024-42058, CVE-2024-42057, CVE-2024-42059

Attack Surface Management vs Vulnerability Management \| @Bugcrowd Related entries in the VARIoT vulnerabilities database: VAR-202112-0566, VAR-202203-1506, VAR-202205-0394, VAR-202206-0004, VAR-202205-1958, VAR-202205-0957 Trust: 4.5 Fetched: Sept. 20, 2024, 9:31 a.m., Published: Aug. 13, 2024, noon	Vulnerabilities: use after free

Affected products

External IDs

vendor:	google	model:	chrome
vendor:	google	model:	google chrome

db:

NVD

ids:

CVE-2021-44228, CVE-2022-22965, CVE-2022-1388, CVE-2022-0609, CVE-2022-27925, CVE-2022-41040, CVE-2022-26134, CVE-2022-41352, CVE-2022-30190, CVE-2022-30525, CVE-2022-41082

Update Helmholz REX 100: critical security vulnerability closed in this firmware version Trust: 3.75 Fetched: Sept. 20, 2024, 9:30 a.m., Published: -	Vulnerabilities: command injection, os command injection

Affected products

External IDs

db:

NVD

ids:

CVE-2024-5672

Proroute H685 4G router vulnerabilities \| Pen Test Partners Trust: 3.75 Fetched: Sept. 20, 2024, 9:29 a.m., Published: -	Vulnerabilities: command injection, cross-site scripting

Affected products	External IDs

PKFail puts hundreds of computers and laptops at risk and renders Secure Boot useless on them Related entries in the VARIoT vulnerabilities database: VAR-201609-0149 Trust: 3.75 Fetched: Sept. 20, 2024, 9:29 a.m., Published: July 26, 2024, 2:46 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

dell

model:

bios

db:

NVD

ids:

CVE-2016-5247

CVE-2024-38112: Void Banshee Targets Windows Users Through Zombie Internet Explorer in Zero-Day Attacks \| Trend Micro (US) Trust: 4.5 Fetched: Sept. 20, 2024, 9:20 a.m., Published: July 15, 2024, midnight	Vulnerabilities: script execution, code execution, file execution...

Affected products

External IDs

vendor:	trend micro	model:	security
vendor:	trend micro	model:	deep security
vendor:	trend	model:	security
vendor:	trend	model:	deep security

db:

NVD

ids:

CVE-2024-38112

How the FBI Dismantled Raptor Train, a Major China State-Sponsored Botnet - SOCRadar® Cyber Intelligence Inc. Trust: 5.25 Fetched: Sept. 20, 2024, 9:20 a.m., Published: Sept. 19, 2024, 1:48 p.m.	Vulnerabilities: command execution, command injection, os command injection

Affected products

External IDs

vendor:	asus	model:	routers
vendor:	asus	model:	asus
vendor:	zyxel	model:	nas542
vendor:	tp-link	model:	routers
vendor:	node.js	model:	node.js

db:

NVD

ids:

CVE-2024-21762, CVE-2024-4577, CVE-2024-29973, CVE-2024-21887, CVE-2024-5217

CERT-EU - RADIUS Vulnerability Impacts Cisco Products Trust: 3.0 Fetched: Sept. 20, 2024, 9:18 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2024-3596

A vulnerability in the CLI of Cisco NX-OS Software could... · CVE-2024-20399 · GitHub Advisory Database · GitHub Trust: 4.0 Fetched: Sept. 20, 2024, 9:18 a.m., Published: July 1, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	nx-os software
vendor:	cisco	model:	cisco nx-os
vendor:	cisco	model:	nx-os

db:

NVD

ids:

CVE-2024-20399

Cisco Smart Software Manager Flaw let Attackers Change Any User Passwords Trust: 3.0 Fetched: Sept. 20, 2024, 9:17 a.m., Published: July 18, 2024, 3:45 a.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2024-20419

A vulnerability in the authentication system of Cisco... · CVE-2024-20419 · GitHub Advisory Database · GitHub Trust: 3.25 Fetched: Sept. 20, 2024, 9:16 a.m., Published: July 17, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2024-20419

VARIoT news about IoT security