VARIoT latest news about IoT security

CISA Alerts On Critical SunPower Vulnerability Allowing Full Device Takeover - Cybernoz - Cybersecurity News Trust: 3.0 Fetched: Sept. 9, 2025, 9:21 a.m., Published: Sept. 3, 2025, 10:18 a.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2025-9696

UAE Cyber Security Council warns of smart home device vulnerabilities \| News Minimalist Trust: 3.25 Fetched: Sept. 9, 2025, 9:20 a.m., Published: Sept. 7, 2025, 11:01 a.m.	Vulnerabilities: -

Affected products	External IDs

SinoTrack GPS Devices Exposed: Default Passwords Allow Remote Vehicle Control June 11, 2025 IoT Security / Vulnerability Recent security vulnerabilities in SinoTrack GPS devices could enable unauthorized remote control of specific functions in connected vehicles, including location tracking. According to an advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), "Successful exploitation of these vulnerabilities could allow an attacker to access device profiles without authorization through the common web management interface." This access may enable attackers to execute functions such as tracking vehicle location and, where applicable, disconnecting the fuel pump. The vulnerabilities impact all versions of the SinoTrack IoT PC Platform. Below is a brief overview of the identified flaws: CVE-2025-5484 (CVSS score: 8.3) - Weak authentication in the central SinoTrack device management interface due to the reliance on a default password and a username that serves as an identifier. - Breach Spot Trust: 4.0 Fetched: Sept. 9, 2025, 9:20 a.m., Published: Aug. 21, 2025, 6:45 p.m.	Vulnerabilities: default password

Affected products

External IDs

db:

NVD

ids:

CVE-2025-5484

CVE-2025-39721 \| Armis Vulnerability Intelligence Database Trust: 5.25 Fetched: Sept. 9, 2025, 9:19 a.m., Published: Sept. 5, 2025, 6:15 p.m.	Vulnerabilities: kernel crash

Affected products

External IDs

db:

NVD

ids:

CVE-2025-39721

FirmVulLinker: Leveraging Multi-Dimensional Firmware Profiling for Identifying Homologous Vulnerabilities in Internet of Things Devices Trust: 3.25 Fetched: Sept. 9, 2025, 9:15 a.m., Published: Jan. 9, 2025, midnight	Vulnerabilities: memory corruption, information leakage, command execution...

Affected products

External IDs

vendor:	axis	model:	axis
vendor:	canonical	model:	ubuntu

CISA Warns of Android 0-Day Use-After-Free Vulnerability Exploited in Trust: 5.0 Fetched: Sept. 9, 2025, 9:14 a.m., Published: Sept. 8, 2025, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:

google

model:

android

db:

NVD

ids:

CVE-2025-48543

Microsoft Patch Tuesday August 2025 Released - 107 Vulnerabilities Fixed, Including 35 RCE Trust: 3.75 Fetched: Sept. 9, 2025, 9:13 a.m., Published: Aug. 12, 2025, 5:32 p.m.	Vulnerabilities: denial of service, information disclosure, cross-site scripting...

Affected products

External IDs

db:

NVD

ids:

CVE-2025-53136, CVE-2025-53732, CVE-2025-49736, CVE-2025-53786, CVE-2025-53769, CVE-2025-49755, CVE-2025-50161, CVE-2025-50156, CVE-2025-53734, CVE-2025-50160, CVE-2025-53138, CVE-2025-53772, CVE-2025-50158, CVE-2025-49745, CVE-2025-53723, CVE-2025-49759, CVE-2025-53728, CVE-2025-53737, CVE-2025-49761, CVE-2025-53766, CVE-2025-25005, CVE-2025-50176, CVE-2025-53722, CVE-2025-53155, CVE-2025-53153, CVE-2025-53778, CVE-2025-25007, CVE-2025-33051, CVE-2025-50157, CVE-2025-53133, CVE-2025-53735, CVE-2025-50163, CVE-2025-53151, CVE-2025-53144, CVE-2025-53142, CVE-2025-53140, CVE-2025-50162, CVE-2025-53733, CVE-2025-50171, CVE-2025-49758, CVE-2025-53738, CVE-2025-53716, CVE-2025-53783, CVE-2025-53721, CVE-2025-49751, CVE-2025-53724, CVE-2025-50154, CVE-2025-50153, CVE-2025-50170, CVE-2025-25006, CVE-2025-53781, CVE-2025-49743, CVE-2025-53741, CVE-2025-53759, CVE-2025-50159, CVE-2025-53145, CVE-2025-53789, CVE-2025-49707, CVE-2025-53719, CVE-2025-53131, CVE-2025-53739, CVE-2025-50166, CVE-2025-53148, CVE-2025-53141, CVE-2025-50155, CVE-2025-50168, CVE-2025-50177, CVE-2025-53143, CVE-2025-53726, CVE-2025-53137, CVE-2025-48807, CVE-2025-49757, CVE-2025-53736, CVE-2025-50164, CVE-2025-53761, CVE-2025-24999, CVE-2025-50169, CVE-2025-53727, CVE-2025-53793, CVE-2025-47954, CVE-2025-53152, CVE-2025-53779, CVE-2025-53731, CVE-2025-53132, CVE-2025-53765, CVE-2025-53788, CVE-2025-53740, CVE-2025-53135, CVE-2025-53147, CVE-2025-53156, CVE-2025-50172, CVE-2025-53729, CVE-2025-53784, CVE-2025-53725, CVE-2025-53134, CVE-2025-53773, CVE-2025-53149, CVE-2025-50167, CVE-2025-53730, CVE-2025-50165, CVE-2025-53760, CVE-2025-53154, CVE-2025-49762, CVE-2025-53720, CVE-2025-53718, CVE-2025-49712, CVE-2025-50173

CVE-2025-10093 - D-Link DIR-852 Device Configuration getcfg.php phpcgi_main information disclosure - SecAlerts Related entries in the VARIoT vulnerabilities database: VAR-202509-0249 Trust: 5.0 Fetched: Sept. 9, 2025, 9:12 a.m., Published: -	Vulnerabilities: information disclosure

Affected products

External IDs

vendor:

d-link

model:

dir-852

db:

NVD

ids:

CVE-2025-10093

WhatsApp Zero-Click Vulnerability - Review \| Security Curated Trust: 4.75 Fetched: Sept. 9, 2025, 9:11 a.m., Published: Sept. 2, 2025, 3:10 a.m.	Vulnerabilities: memory corruption

Affected products

External IDs

vendor:

trend

model:

security

db:

NVD

ids:

CVE-2025-55177, CVE-2025-43300

Apple Confirms Critical 0-Day Under Active Attack - Immediate Update Urged Trust: 4.75 Fetched: Sept. 9, 2025, 9:11 a.m., Published: Aug. 21, 2025, 6:06 a.m.	Vulnerabilities: memory corruption

Affected products

External IDs

vendor:	apple	model:	iphone
vendor:	apple	model:	ipad air
vendor:	apple	model:	ipad
vendor:	apple	model:	software update

db:

NVD

ids:

CVE-2025-43300

Honeywell OneWireless Wireless Device Manager (WDM) \| CISA Trust: 3.75 Fetched: Sept. 9, 2025, 9:10 a.m., Published: Sept. 1, 2025, midnight	Vulnerabilities: buffer overread, denial of service, information exposure...

Affected products

External IDs

db:

NVD

ids:

CVE-2025-2522, CVE-2025-2521, CVE-2025-3946, CVE-2025-2523

Android's September Security Nightmare: Critical Vulnerabilities Leave Millions Exposed \| Technobezz Trust: 5.75 Fetched: Sept. 9, 2025, 9:10 a.m., Published: Sept. 6, 2025, 7:36 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	google	model:	pixel
vendor:	google	model:	android
vendor:	google	model:	wifi

db:

NVD

ids:

CVE-2025-38352, CVE-2025-48539

Apple rushes out fix for active zero-day in iOS and macOS • The Register Trust: 4.75 Fetched: Sept. 9, 2025, 9:08 a.m., Published: -	Vulnerabilities: memory corruption

Affected products

External IDs

vendor:	apple	model:	icloud
vendor:	apple	model:	macos

db:

NVD

ids:

CVE-2025-43300

CISA Warns of Critical SunPower Device Vulnerability Let Attackers Gain Full Device Access Trust: 3.0 Fetched: Sept. 9, 2025, 9:08 a.m., Published: Sept. 3, 2025, 7:43 p.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2025-9696

Security Vulnerability Exposes Medtronic MyCareLink Patient Monitors to Attacks Trust: 4.75 Fetched: Sept. 9, 2025, 9:07 a.m., Published: Sept. 2, 2025, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

medtronic

model:

mycarelink patient monitor

db:

NVD

ids:

CVE-2025-4395

Reset your Android device to factory settings - Android Help Trust: 3.0 Fetched: Sept. 9, 2025, 9:06 a.m., Published: Sept. 9, 2025, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

android

CISA Warns of WhatsApp 0-Day Vulnerability Exploited in Attacks Trust: 3.0 Fetched: Sept. 5, 2025, 10 a.m., Published: Sept. 4, 2025, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2025-55177

Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center: Software Vulnerability Information: Software: Hitachi Trust: 3.75 Fetched: Sept. 5, 2025, 10 a.m., Published: Oct. 9, 2002, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	hitachi	model:	hitachi compute systems manager
vendor:	hitachi	model:	tuning manager
vendor:	hitachi	model:	hitachi global link manager
vendor:	hitachi	model:	ops center analyzer viewpoint
vendor:	hitachi	model:	hitachi tuning manager
vendor:	hitachi	model:	hitachi ops center common services
vendor:	hitachi	model:	ops center common services
vendor:	hitachi	model:	hitachi ops center analyzer viewpoint
vendor:	hitachi	model:	device manager
vendor:	hitachi	model:	compute systems manager
vendor:	hitachi	model:	hitachi replication manager
vendor:	hitachi	model:	hitachi tiered storage manager
vendor:	hitachi	model:	global link manager
vendor:	hitachi	model:	tiered storage manager
vendor:	hitachi	model:	hitachi device manager
vendor:	hitachi	model:	replication manager
vendor:	hitachi	model:	hitachi infrastructure analytics advisor

db:

NVD

ids:

CVE-2025-30749, CVE-2025-50106, CVE-2025-30754, CVE-2025-50059, CVE-2025-30761

Endpoint Protection Services: Types & Key Features Trust: 3.5 Fetched: Sept. 5, 2025, 9:57 a.m., Published: Sept. 2, 2025, 6:44 a.m.	Vulnerabilities: cross-site scripting, denial of service, sql injection

Affected products	External IDs

MediaTek Security Update - Patch for Multiple Vulnerabilities Across Trust: 3.5 Fetched: Sept. 5, 2025, 9:56 a.m., Published: Sept. 3, 2025, midnight	Vulnerabilities: code execution, privilege escalation

Affected products

External IDs

vendor:

snort

model:

snort

VARIoT news about IoT security