Sign-up

VARIoT news about IoT security

IoT Security: A Call to Action for Improved Vulnerability Disclosure

Trust: 4.5

Fetched: Sept. 17, 2024, 9:29 a.m., Published: Sept. 11, 2024, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: huawei model: huawei

Why My Log Cabin Home Rejects Smart Tech: Lessons from Sonos Vulnerabilities and the Need for SBOMs in AV - rAVe [PUBS]

Trust: 4.75

Fetched: Sept. 17, 2024, 9:28 a.m., Published: Sept. 16, 2024, 3:50 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: sonos model: sonos
db: NVD ids: CVE-2023-50809

Ivanti Vulnerability Again Forces Emergency Patches

Trust: 4.0

Fetched: Sept. 17, 2024, 9:28 a.m., Published: Sept. 19, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-8190

That’s A Nice IoT Device You’ve Got There ... It'd Be A Shame If Mirai Used It For Its Botnet

Trust: 3.0

Fetched: Sept. 17, 2024, 9:28 a.m., Published: Sept. 16, 2024, 7:05 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos

Ivanti Vulnerability Again Forces Emergency Patches

Trust: 4.0

Fetched: Sept. 17, 2024, 9:27 a.m., Published: Sept. 19, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-8190

[AL-118] Multiple Vulnerabilities in D-Link Wireless Routers

Related entries in the VARIoT vulnerabilities database: VAR-202409-1099, VAR-202409-1026, VAR-202409-0703

Trust: 5.0

Fetched: Sept. 17, 2024, 9:26 a.m., Published: Sept. 17, 2024, midnight
 Vulnerabilities: code execution, input validation vulnerability
Affected productsExternal IDs
db: NVD ids: CVE-2024-45697, CVE-2024-45698, CVE-2024-45694, CVE-2024-45696, CVE-2024-45695

CVE-2024-6387 (RegreSSHion) SSH Vu… | Apple Developer Forums

Trust: 4.0

Fetched: Sept. 17, 2024, 9:25 a.m., Published: Sept. 5, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos
db: NVD ids: CVE-2024-6387

Top IoT Security Challenges and Best Practices | Balbix

Trust: 3.25

Fetched: Sept. 17, 2024, 9:25 a.m., Published: Sept. 10, 2024, 4:15 p.m.
 Vulnerabilities: sql injection, default credentials, denial of service
Affected productsExternal IDs

Microsoft and Adobe Patch Tuesday, August 2024 Security Update Review | Qualys Security Blog

Trust: 4.5

Fetched: Sept. 17, 2024, 9:23 a.m., Published: Aug. 13, 2024, 8:31 p.m.
 Vulnerabilities: request forgery, denial of service, code execution...
Affected productsExternal IDs
db: NVD ids: CVE-2024-38140, CVE-2024-38147, CVE-2024-38202, CVE-2024-38199, CVE-2024-38178, CVE-2024-21302, CVE-2024-38160, CVE-2024-38133, CVE-2024-38159, CVE-2024-38141, CVE-2024-38163, CVE-2024-38193, CVE-2024-38144, CVE-2024-38125, CVE-2024-38148, CVE-2024-38107, CVE-2024-38150, CVE-2024-38198, CVE-2024-38200, CVE-2024-38106, CVE-2024-38063, CVE-2024-38213, CVE-2024-38189, CVE-2024-38196

Vulnerabilities in PanelView Plus devices could lead to remote code execution - ThreatsHub Cybersecurity News

Related entries in the VARIoT vulnerabilities database: VAR-202309-2171

Trust: 5.5

Fetched: Sept. 17, 2024, 9:22 a.m., Published: July 2, 2024, 4 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: rockwell automation model: factorytalk view
vendor: rockwell automation model: automation panelview plus
vendor: rockwell automation model: automation panelview
vendor: rockwell automation model: rslogix
vendor: rockwell automation model: factorytalk
vendor: rockwell model: factorytalk view
vendor: rockwell model: automation panelview plus
vendor: rockwell model: automation panelview
vendor: rockwell model: rslogix
vendor: rockwell model: factorytalk
db: NVD ids: CVE-2023-2071

Showcase.apk Vulnerability on Pixel Devices: Security Risk

Trust: 4.5

Fetched: Sept. 17, 2024, 9:21 a.m., Published: Aug. 16, 2024, 12:53 p.m.
 Vulnerabilities: code execution, code injection
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android
vendor: essential model: phone

Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption | Microsoft Security Blog

Trust: 3.0

Fetched: Sept. 17, 2024, 9:18 a.m., Published: July 29, 2024, 4 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-28252, CVE-2024-37085

Samsung says August 2024 security patch is critical for its devices - SamMobile

Trust: 3.75

Fetched: Sept. 17, 2024, 9:17 a.m., Published: July 19, 2024, 5:21 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: samsung model: galaxy
vendor: google model: pixel
vendor: google model: android
db: NVD ids: CVE-2024-29745, CVE-2024-32896

WARNING: MULTIPLE CRITICAL, HIGH AND MEDIUM VULNERABILITIES IN ZYXEL NAS DEVICES CAN BE EXPLOITED TO EXECUTE CODE AND STEAL INFORMATION. DECOMMISION OR PATCH IMMEDIATELY! | Cert

Trust: 5.5

Fetched: Sept. 17, 2024, 9:16 a.m., Published: June 24, 2024, 2:33 p.m.
 Vulnerabilities: code execution, privilege management vulnerability, command injection
Affected productsExternal IDs
vendor: zyxel model: nas542
vendor: zyxel model: nas326
db: NVD ids: CVE-2024-29973, CVE-2024-27793, CVE-2024-29972, CVE-2024-27794, CVE-2024-29974, CVE-2024-19976, CVE-2024-29975, CVE-2024-29976

Secure Boot-neutering PKfail debacle is more prevalent than anyone knew | Ars Technica

Trust: 3.75

Fetched: Sept. 17, 2024, 9:15 a.m., Published: Sept. 16, 2024, 10:13 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: lenovo model: system
db: NVD ids: CVE-2024-8105

CVE-2024-45029 i2c: tegra: Do not mark ACPI devices as irq s... - vulnerability database | Vulners.com

Trust: 3.25

Fetched: Sept. 16, 2024, 8:53 p.m., Published: Sept. 11, 2024, 3:14 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-45029

Beware: New Vo1d Malware Infects 1.3 Million Android-based TV Boxes Worldwide

Trust: 3.0

Fetched: Sept. 16, 2024, 8:51 p.m., Published: Sept. 12, 2024, 1:46 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android

CVE-2024-43044: A Critical RCE Vulnerability in Jenkins With 80,000 Exposed Devices Found | CIP Blog

Trust: 3.0

Fetched: Sept. 16, 2024, 8:50 p.m., Published: Aug. 21, 2024, 8:45 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-43044, CVE-2024-43045

Protecting Against RCE Attacks Abusing WhatsUp Gold Vulnerabilities | Trend Micro (SE)

Trust: 4.25

Fetched: Sept. 16, 2024, 8:49 p.m., Published: Sept. 12, 2024, midnight
 Vulnerabilities: weak password, code execution
Affected productsExternal IDs
vendor: ipswitch model: whatsup gold
vendor: ipswitch model: whatsup
vendor: trend micro model: security
vendor: trend model: security
db: NVD ids: CVE-2024-6670, CVE-2024-4885

DSA-2024-354: Security Update for a Dell Client Platform BIOS for a Use of Default Cryptographic Key Vulnerability | Dell US

Trust: 4.0

Fetched: Sept. 16, 2024, 8:48 p.m., Published: Sept. 8, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell model: bios
db: NVD ids: CVE-2024-39584