VARIoT latest news about IoT security

Hackers Scan Cisco ASA Devices for Known Vulnerabilities Related entries in the VARIoT vulnerabilities database: VAR-202007-1057, VAR-202005-0696 Trust: 4.5 Fetched: Sept. 5, 2025, 9:56 a.m., Published: Sept. 5, 2025, 8:47 a.m.	Vulnerabilities: default credentials, session hijacking, information disclosure

Affected products

External IDs

vendor:	cisco	model:	cisco adaptive security appliance
vendor:	cisco	model:	asa software
vendor:	cisco	model:	adaptive security appliance
vendor:	google	model:	chrome

db:

NVD

ids:

CVE-2020-3452, CVE-2020-3259

CISA Alerts - Critical SunPower Vulnerability Could Grant Attackers Full Device Control Trust: 3.0 Fetched: Sept. 5, 2025, 9:55 a.m., Published: Sept. 3, 2025, 11:09 a.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2025-9696

CVE-2025-38683 - hv_netvsc: Fix panic during namespace deletion with VF - SecAlerts Trust: 3.0 Fetched: Sept. 5, 2025, 9:55 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2025-38683

CVE-2025-36900 : Out-of-Bounds Write Vulnerability in Android Pixel Devices Trust: 3.0 Fetched: Sept. 5, 2025, 9:54 a.m., Published: Sept. 4, 2025, 4:56 a.m.	Vulnerabilities: integer overflow, privilege escalation

Affected products

External IDs

db:

NVD

ids:

CVE-2025-36900

CVE-2025-9483: Critical Buffer Overflow Vulnerability in Linksys Devices - Cybersecurity Exploit Tracker by Ameeba Related entries in the VARIoT vulnerabilities database: VAR-202508-2330 Trust: 5.5 Fetched: Sept. 5, 2025, 9:54 a.m., Published: Sept. 3, 2025, 4:34 a.m.	Vulnerabilities: buffer overflow, code execution

Affected products

External IDs

vendor:	linksys	model:	re6500
vendor:	linksys	model:	re6300

db:

NVD

ids:

CVE-2025-9483

Critical Qualcomm Vulnerabilities Allow Attackers to Execute Arbitrary Code Trust: 5.75 Fetched: Sept. 5, 2025, 9:53 a.m., Published: Sept. 3, 2025, midnight	Vulnerabilities: denial of service, code execution

Affected products

External IDs

vendor:

snort

model:

snort

db:

NVD

ids:

CVE-2025-27034, CVE-2025-21483

CVE-2025-36901 : Android Security Vulnerability in Pixel Devices by Google Trust: 4.0 Fetched: Sept. 5, 2025, 9:52 a.m., Published: Sept. 4, 2025, 4:56 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	android
vendor:	google	model:	pixel

db:

NVD

ids:

CVE-2025-36901

CVE-2025-36892 : Denial of Service Vulnerability in Android Pixel Devices Trust: 3.25 Fetched: Sept. 5, 2025, 9:52 a.m., Published: Sept. 4, 2025, 4:50 a.m.	Vulnerabilities: denial of service

Affected products

External IDs

db:

NVD

ids:

CVE-2025-36892

Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller Unauthorized REST API Vulnerabilities Trust: 3.25 Fetched: Sept. 5, 2025, 9:51 a.m., Published: Aug. 27, 2025, 3:57 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

cisco

model:

nexus

CVE-2025-8067: Udisks Daemon Vulnerability Leading to Potential System Compromise or Data Leakage - Cybersecurity Exploit Tracker by Ameeba Trust: 4.0 Fetched: Sept. 5, 2025, 9:51 a.m., Published: Nov. 30, 0001, midnight	Vulnerabilities: privilege escalation

Affected products

External IDs

db:

NVD

ids:

CVE-2025-8067

H1 2025 Malware and Vulnerability Trends Related entries in the VARIoT vulnerabilities database: VAR-202504-1178 Trust: 4.25 Fetched: Sept. 5, 2025, 9:49 a.m., Published: Aug. 28, 2025, midnight	Vulnerabilities: cross-site scripting, command execution, privilege escalation...

Affected products

External IDs

vendor:	putty	model:	putty
vendor:	palo	model:	networks
vendor:	palo	model:	firewall
vendor:	citrix	model:	gateway
vendor:	apple	model:	installer
vendor:	sonicwall	model:	remote access
vendor:	sophos	model:	firewall
vendor:	sophos	model:	mobile
vendor:	trend micro	model:	security
vendor:	google	model:	android
vendor:	mitel	model:	micollab
vendor:	symantec	model:	gateway security
vendor:	symantec	model:	web security
vendor:	trend	model:	security

db:

NVD

ids:

CVE-2024-41713, CVE-2024-56145, CVE-2024-34102, CVE-2025-24813, CVE-2025-0282, CVE-2025-32433, CVE-2024-55550, CVE-2025-4428, CVE-2025-22457

CVE-2025-20326 - Cisco Unified Communications Manager Cross-Site Request Forgery Vulnerability - SecAlerts Trust: 4.5 Fetched: Sept. 5, 2025, 9:43 a.m., Published: -	Vulnerabilities: request forgery, cross-site request forgery

Affected products

External IDs

vendor:	cisco	model:	unified communications
vendor:	cisco	model:	unified communications manager
vendor:	cisco	model:	cisco unified communications manager

db:

NVD

ids:

CVE-2025-20326

Zero-day vulnerability discovered in TP-Link routers - Techzine Global Trust: 3.75 Fetched: Sept. 5, 2025, 9:43 a.m., Published: Sept. 5, 2025, 8:54 a.m.	Vulnerabilities: buffer overflow, code execution

Affected products

External IDs

vendor:

tp-link

model:

routers

Update Microsoft SQL Server 2022: KB5063756: Fixes a vulnerability that lets users who have access to certain stored procedures Trust: 3.0 Fetched: Sept. 5, 2025, 9:43 a.m., Published: Sept. 5, 2022, midnight	Vulnerabilities: sql injection

Affected products

External IDs

db:

NVD

ids:

CVE-2025-47954, CVE-2025-49759, CVE-2025-49758, CVE-2025-24999, CVE-2025-53727

EOL Devices: Exploits Will Continue Until Security Improves- Eclypsium \| Supply Chain Security for the Modern Enterprise Related entries in the VARIoT vulnerabilities database: VAR-201803-1387 Trust: 5.5 Fetched: Sept. 5, 2025, 9:42 a.m., Published: Sept. 3, 2025, 4 p.m.	Vulnerabilities: command execution

Affected products

External IDs

vendor:	cisco	model:	ios xe
vendor:	cisco	model:	small business
vendor:	cisco	model:	small business rv
vendor:	cisco	model:	routers
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	router
vendor:	cisco	model:	small business rv series routers
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	series
vendor:	cisco	model:	cisco small business
vendor:	cisco	model:	linksys
vendor:	cisco	model:	series routers

db:

NVD

ids:

CVE-2018-0171

CyberArk and HashiCorp Flaws Enable Remote Vault Takeover Without Credentials Trust: 3.75 Fetched: Sept. 5, 2025, 9:41 a.m., Published: Aug. 9, 2025, 5:15 a.m.	Vulnerabilities: authentication bypass, code execution, privilege escalation...

Affected products

External IDs

db:

NVD

ids:

CVE-2025-49831, CVE-2025-49828, CVE-2025-6037, CVE-2025-5999, CVE-2025-6000, CVE-2025-49827

CVE-2025-56752: Remote Attackers Can Gain Full Administrative Access to Affected Ruijie Networks Devices Without Authentication Trust: 3.25 Fetched: Sept. 5, 2025, 9:41 a.m., Published: Sept. 5, 2025, 2:09 a.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2025-56752

Critical WhatsApp Zero-Day Vulnerability Allows Remote Code Execution - Intrucept Trust: 4.75 Fetched: Sept. 5, 2025, 9:38 a.m., Published: Sept. 5, 2025, 6:07 a.m.	Vulnerabilities: authorization vulnerability, code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2025-55177, CVE-2025-43300

Axis Camera Server Vulnerabilities Exposes Thousands of Organizations to Attack Trust: 5.5 Fetched: Sept. 5, 2025, 9:33 a.m., Published: Aug. 8, 2025, 8:46 p.m.	Vulnerabilities: authentication bypass, code execution, privilege escalation

Affected products

External IDs

vendor:	axis communications	model:	axis
vendor:	axis communications	model:	communications
vendor:	axis	model:	axis
vendor:	axis	model:	communications

db:

NVD

ids:

CVE-2025-30023, CVE-2025-30024, CVE-2025-30026, CVE-2025-30025

Critical Wi-Fi Extender Vulnerability Actively Exploited: What It Means for Your Security Related entries in the VARIoT vulnerabilities database: VAR-202008-0768 Trust: 5.5 Fetched: Sept. 5, 2025, 9:33 a.m., Published: Sept. 2, 2025, midnight	Vulnerabilities: authentication issue

Affected products

External IDs

vendor:	palo alto networks	model:	networks
vendor:	palo	model:	networks
vendor:	trend	model:	security
vendor:	tp-link	model:	gateway
vendor:	tp-link	model:	tl-wa855re

db:

NVD

ids:

CVE-2025-55177, CVE-2020-24363

VARIoT news about IoT security