Sign-up

VARIoT news about IoT security

North Korean Hacker, Critical Software Flaws, Secure Boot At Risk

Trust: 4.0

Fetched: July 27, 2024, 7:12 p.m., Published: July 26, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-6327

China’s ‘Velvet Ant’ hackers caught exploiting new zero-day in Cisco devices

Trust: 4.0

Fetched: July 27, 2024, 7:12 p.m., Published: July 1, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: nx-os software
vendor: cisco model: nx-os
vendor: cisco model: nexus
vendor: cisco model: series switches
vendor: cisco model: series
vendor: cisco model: cisco nx-os
db: NVD ids: CVE-2024-20399

D-Link DAP-1650 EOL Device Multiple Command Injection Vulner... - vulnerability database | Vulners.com

Trust: 5.75

Fetched: July 27, 2024, 7:11 p.m., Published: July 19, 2024, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: dlink model: dap-1650_firmware
vendor: dlink model: dap-1650
vendor: d-link model: dap-1650_firmware
vendor: d-link model: dap-1650
db: NVD ids: CVE-2024-23625, CVE-2024-23624

RADIUS Protocol Spoofing Vulnerability (Blast-RADIUS): July 2024

Trust: 3.0

Fetched: July 27, 2024, 7:11 p.m., Published: July 24, 2024, 7:33 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: aironet 3800 series
vendor: cisco model: aironet 1560
vendor: cisco model: nexus
vendor: cisco model: umbrella
vendor: cisco model: aironet 1810w series access points
vendor: cisco model: catalyst iw6300
vendor: cisco model: firepower
vendor: cisco model: catalyst 9100
vendor: cisco model: wireless lan controllers
vendor: cisco model: series
vendor: cisco model: aironet 1850
vendor: cisco model: catalyst
vendor: cisco model: fxos
vendor: cisco model: aironet 1540
vendor: cisco model: catalyst 9100 series
vendor: cisco model: evolved programmable network manager
vendor: cisco model: aironet 1810
vendor: cisco model: aironet 1830 series
vendor: cisco model: aironet
vendor: cisco model: policy suite
vendor: cisco model: aironet 1540 series
vendor: cisco model: aireos
vendor: cisco model: aironet 2800 series
vendor: cisco model: aironet 3800
vendor: cisco model: aironet 1560 series
vendor: cisco model: aironet 2800
vendor: cisco model: ucs b-series blade servers
vendor: cisco model: access points
vendor: cisco model: aironet 1810 series
vendor: cisco model: aironet 1830
vendor: cisco model: aironet 4800
vendor: cisco model: aironet 1850 series
vendor: cisco model: cisco evolved programmable network manager

Siemens vulnerability (CVE-2024-35292) - Find affected devices

Related entries in the VARIoT vulnerabilities database: VAR-202406-0059

Trust: 4.5

Fetched: July 27, 2024, 7:09 p.m., Published: July 16, 2024, 9 p.m.
 Vulnerabilities: code execution, denial of service, privilege escalation...
Affected productsExternal IDs
vendor: siemens model: s7-200 smart
vendor: siemens model: scalance
vendor: siemens model: simatic s7-200
vendor: siemens model: simatic s7-200 smart
vendor: siemens model: simatic
vendor: siemens model: ruggedcom
db: NVD ids: CVE-2024-35292

CVE-2024-6422 - TelnetD Remote Unauthenticated Command Execution Vulnerability in Cisco Device

Trust: 5.0

Fetched: July 27, 2024, 7:08 p.m., Published: July 10, 2024, 8:15 a.m.
 Vulnerabilities: command execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-6422

Product Security | Baxter

Trust: 4.5

Fetched: July 27, 2024, 7:02 p.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: baxter model: sigma spectrum infusion system
vendor: baxter model: spectrum infusion system
vendor: baxter model: prismaflex
vendor: baxter model: prismax
vendor: treck model: tcp/ip stack
db: NVD ids: CVE-2019-0708

CVE-2023-41921 - Apache Device Firmware Remote Code Execution Vulnerability

Trust: 5.25

Fetched: July 27, 2024, 7:02 p.m., Published: July 2, 2024, 8:15 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-41921

Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware

Related entries in the VARIoT vulnerabilities database: VAR-202401-0919

Trust: 5.5

Fetched: July 27, 2024, 7:02 p.m., Published: July 2, 2024, 4:48 a.m.
 Vulnerabilities: path traversal, code execution, command injection...
Affected productsExternal IDs
vendor: cisco model: nx-os software
vendor: cisco model: nx-os
vendor: cisco model: nexus
vendor: cisco model: series switches
vendor: cisco model: mds 9000 series
vendor: cisco model: nexus 9000 series
vendor: cisco model: nexus devices
vendor: cisco model: series
vendor: cisco model: mds 9000
vendor: cisco model: nexus 3000
vendor: cisco model: routers
vendor: cisco model: nexus 7000
vendor: cisco model: nexus 9000
vendor: cisco model: cisco nx-os
vendor: d-link model: dir-859
db: NVD ids: CVE-2024-20399, CVE-2024-0769

Vulnerabilities in PanelView Plus devices could lead to remote code execution - RedPacket Security

Related entries in the VARIoT vulnerabilities database: VAR-202309-2171

Trust: 5.5

Fetched: July 27, 2024, 7:01 p.m., Published: July 3, 2024, 10:01 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: rockwell model: automation panelview plus
vendor: rockwell model: factorytalk view
vendor: rockwell model: factorytalk
vendor: rockwell model: automation panelview
vendor: rockwell model: rslogix
vendor: rockwell automation model: automation panelview plus
vendor: rockwell automation model: factorytalk view
vendor: rockwell automation model: factorytalk
vendor: rockwell automation model: automation panelview
vendor: rockwell automation model: rslogix
db: NVD ids: CVE-2023-2071

Samsung says a critical security patch is making its way to Galaxy devices soon

Trust: 3.5

Fetched: July 27, 2024, 7:01 p.m., Published: July 19, 2024, 2:54 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android
vendor: samsung model: galaxy
vendor: samsung model: samsung galaxy
db: NVD ids: CVE-2024-29745, CVE-2024-32896

CVE-2024-4786 - Lenovo Tab K10 Denial of Sleep (DoS) Vulnerability

Trust: 5.25

Fetched: July 27, 2024, 6:58 p.m., Published: July 26, 2024, 8:15 p.m.
 Vulnerabilities: improper validation
Affected productsExternal IDs
db: NVD ids: CVE-2024-4786

Cisco Identity Services Engine Arbitrary File Upload Vulnerability

Trust: 3.75

Fetched: July 27, 2024, 6:50 p.m., Published: July 17, 2024, 4 p.m.
 Vulnerabilities: file upload vulnerability
Affected productsExternal IDs
vendor: cisco model: identity services engine
vendor: cisco model: cisco identity services engine

IoT device security: The role of penetration testing | Synopsys Blog

Trust: 3.0

Fetched: July 27, 2024, 6:44 p.m., Published: July 16, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs

Millions of Devices Vulnerable to 'PKFail' Secure Boot Bypass Issue

Related entries in the VARIoT vulnerabilities database: VAR-201609-0149

Trust: 3.5

Fetched: July 27, 2024, 6:38 p.m., Published: July 5, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: asus model: asus
vendor: lenovo model: updates
db: NVD ids: CVE-2016-5247

RADIUS Protocol Vulnerability Exposes Network Device Authentication - InfoQ

Trust: 3.0

Fetched: July 27, 2024, 6:38 p.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-3596

OWASP Mobile Top 10 2024 update: Essential changes for security experts

Trust: 3.5

Fetched: July 27, 2024, 6:31 p.m., Published: Oct. 27, 2024, midnight
 Vulnerabilities: cross-site scripting, sql injection, command injection...
Affected productsExternal IDs

Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability · Issue #308 · dotnet/announcements · GitHub

Trust: 3.5

Fetched: July 27, 2024, 6:30 p.m., Published: July 27, 2044, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2024-30046

Samsung Galaxy Users Can Expect a Critical Update in August | Black Hat News

Trust: 3.75

Fetched: July 27, 2024, 6:27 p.m., Published: July 21, 2024, 12:21 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android
vendor: samsung model: galaxy
vendor: samsung model: samsung galaxy
db: NVD ids: CVE-2024-29745, CVE-2024-32896

Samsung is rushing a critical patch to all Galaxy devices amid active exploitation | TechSpot

Trust: 3.75

Fetched: July 27, 2024, 6:25 p.m., Published: July 6, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android
vendor: samsung model: galaxy
db: NVD ids: CVE-2024-29745, CVE-2024-32896