Sign-up

VARIoT news about IoT security

NCSC and partners issue advice to counter campaign targeting devices - ADS Advance

Trust: 3.0

Fetched: Sept. 20, 2024, 9:55 a.m., Published: Sept. 20, 2024, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs

NCSC exposes Chinese company running malicious Mirai botnet | Computer Weekly

Trust: 3.0

Fetched: Sept. 20, 2024, 9:55 a.m., Published: Sept. 18, 2024, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs

NCSC and partners issue advice to counter China-linked... - NCSC.GOV.UK

Trust: 3.0

Fetched: Sept. 20, 2024, 9:55 a.m., Published: -
 Vulnerabilities: denial of service
Affected productsExternal IDs

Microsoft Entra ID Vulnerability Allows Unauthorized Access

Trust: 3.75

Fetched: Sept. 20, 2024, 9:54 a.m., Published: Aug. 8, 2024, 9:19 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: trend model: security

Zyxel Vulnerabilities - Critical Command Injection

Trust: 4.0

Fetched: Sept. 20, 2024, 9:53 a.m., Published: Sept. 3, 2024, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-42057, CVE-2024-7261

Nest Security Bulletin-September 2024 - Help

Trust: 5.5

Fetched: Sept. 20, 2024, 9:52 a.m., Published: Sept. 20, 2024, midnight
 Vulnerabilities: denial of service, information disclosure, code execution
Affected productsExternal IDs
vendor: google model: wifi router
vendor: google model: home
vendor: google model: wifi
db: NVD ids: CVE-2024-22013

Dutch hackers report flaws in Enphase IQ Gateway devices - pv magazine International

Trust: 3.0

Fetched: Sept. 20, 2024, 9:51 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: enphase model: envoy

Vulnerabilities in Cellular Packet Cores Part IV Authentication | Trend Micro (UAE)

Trust: 3.0

Fetched: Sept. 20, 2024, 9:51 a.m., Published: Sept. 18, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-20685

ERROR: The request could not be satisfied

Trust: 3.25

Fetched: Sept. 20, 2024, 9:51 a.m., Published: -
 Vulnerabilities: configuration error
Affected productsExternal IDs

IoT Security: A Call to Action for Improved Vulnerability Disclosure

Trust: 4.5

Fetched: Sept. 20, 2024, 9:50 a.m., Published: Sept. 11, 2024, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: huawei model: huawei

Cisco warns about actively exploited vulnerability in switches

Trust: 3.75

Fetched: Sept. 20, 2024, 9:50 a.m., Published: July 3, 2024, 8:12 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: nexus
vendor: cisco model: mds 9000
vendor: cisco model: cisco nx-os
vendor: cisco model: nexus 9000
vendor: cisco model: series switches
vendor: cisco model: nx-os
vendor: cisco model: routers
vendor: cisco model: nexus 7000
vendor: cisco model: series
vendor: cisco model: nexus series
vendor: cisco model: mds 9000 series
vendor: cisco model: nexus series switches
vendor: cisco model: nexus 9000 series
vendor: cisco model: nexus 3000
vendor: cisco model: nx-os software
db: NVD ids: CVE-2024-20399

IoT Security: A Call to Action for Improved Vulnerability Disclosure

Trust: 4.5

Fetched: Sept. 20, 2024, 9:49 a.m., Published: Sept. 11, 2024, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: huawei model: huawei

IoT Sensor Vulnerabilities Are Putting Us at Risk in 2024

Trust: 3.5

Fetched: Sept. 20, 2024, 9:49 a.m., Published: June 27, 2024, 8:42 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs

Mirai Botnet Variant Targeting Unpatchable AVTECH CCTV Camera Command Injection Vulnerability [CVE-2024-7029] | Censys

Trust: 7.0

Fetched: Sept. 20, 2024, 9:48 a.m., Published: Sept. 5, 2024, 4:22 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: avtech model: ip camera
db: NVD ids: CVE-2024-7029

Zyxel security advisory for multiple vulnerabilities in firewalls | Zyxel Networks

Trust: 4.75

Fetched: Sept. 20, 2024, 9:37 a.m., Published: Sept. 7, 2024, midnight
 Vulnerabilities: command injection, cross-site scripting, denial of service...
Affected productsExternal IDs
db: NVD ids: CVE-2024-7203, CVE-2024-42060, CVE-2024-42061, CVE-2024-6343, CVE-2024-42058, CVE-2024-42057, CVE-2024-42059

Attack Surface Management vs Vulnerability Management | @Bugcrowd

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566, VAR-202203-1506, VAR-202205-0394, VAR-202206-0004, VAR-202205-1958, VAR-202205-0957

Trust: 4.5

Fetched: Sept. 20, 2024, 9:31 a.m., Published: Aug. 13, 2024, noon
 Vulnerabilities: use after free
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: google chrome
db: NVD ids: CVE-2021-44228, CVE-2022-22965, CVE-2022-1388, CVE-2022-0609, CVE-2022-27925, CVE-2022-41040, CVE-2022-26134, CVE-2022-41352, CVE-2022-30190, CVE-2022-30525, CVE-2022-41082

Update Helmholz REX 100: critical security vulnerability closed in this firmware version

Trust: 3.75

Fetched: Sept. 20, 2024, 9:30 a.m., Published: -
 Vulnerabilities: command injection, os command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-5672

Proroute H685 4G router vulnerabilities | Pen Test Partners

Trust: 3.75

Fetched: Sept. 20, 2024, 9:29 a.m., Published: -
 Vulnerabilities: command injection, cross-site scripting
Affected productsExternal IDs

PKFail puts hundreds of computers and laptops at risk and renders Secure Boot useless on them

Related entries in the VARIoT vulnerabilities database: VAR-201609-0149

Trust: 3.75

Fetched: Sept. 20, 2024, 9:29 a.m., Published: July 26, 2024, 2:46 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell model: bios
db: NVD ids: CVE-2016-5247

CVE-2024-38112: Void Banshee Targets Windows Users Through Zombie Internet Explorer in Zero-Day Attacks | Trend Micro (US)

Trust: 4.5

Fetched: Sept. 20, 2024, 9:20 a.m., Published: July 15, 2024, midnight
 Vulnerabilities: script execution, code execution, file execution...
Affected productsExternal IDs
vendor: trend micro model: security
vendor: trend micro model: deep security
vendor: trend model: security
vendor: trend model: deep security
db: NVD ids: CVE-2024-38112