Sign-up

VARIoT news about IoT security

Thousands of LG TVs are vulnerable to takeover-here’s how to ensure yours isn’t one | Ars Technica

Trust: 3.0

Fetched: April 23, 2024, 9:11 a.m., Published: April 9, 2024, 7:12 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-6317, CVE-2023-6318, CVE-2023-6320, CVE-2023-6319

Tips for Protecting IoT Devices and Connected Appliances

Trust: 3.75

Fetched: April 23, 2024, 9:10 a.m., Published: April 23, 2024, 7:26 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs

Unauthenticated Attacker Could Bypass Cisco Secure Boot Validation and Load Tampered Image on Affected Device (CVE-2024-20265) | SecurityVulnerability.io - SecuirtyVulnerability.io

Trust: 3.25

Fetched: April 23, 2024, 9:10 a.m., Published: April 23, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-20265

D-Link NAS device vulnerabilities exploited - no patch available | SC Media

Related entries in the VARIoT vulnerabilities database: VAR-202404-0070

Trust: 5.75

Fetched: April 23, 2024, 9:09 a.m., Published: Feb. 13, 2024, 7 p.m.
 Vulnerabilities: command injection, code execution
Affected productsExternal IDs
vendor: d-link model: dns-320l
vendor: d-link model: dns-327l
vendor: d-link model: dns-340l
vendor: d-link model: dns-325
db: NVD ids: CVE-2024-3274, CVE-2024-3273

CVE-2024-3400 PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect

Trust: 5.25

Fetched: April 23, 2024, 9:08 a.m., Published: April 12, 2024, 6:55 a.m.
 Vulnerabilities: command injection, os command injection, file creation vulnerability
Affected productsExternal IDs
vendor: palo alto networks model: pan-os
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks
vendor: palo model: pan-os
vendor: palo model: firewall
vendor: palo model: networks
vendor: paloaltonetworks model: pan-os
vendor: paloaltonetworks model: firewall
vendor: paloaltonetworks model: networks
db: NVD ids: CVE-2024-3400, CVE-2024-34002024

Hikvision faxociety DVR/NVR Hack Fix 2023

Trust: 3.75

Fetched: April 23, 2024, 9:08 a.m., Published: April 6, 2024, 12:08 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2021-36260

Using Wazuh for Windows vulnerability detection | Wazuh

Trust: 3.75

Fetched: April 23, 2024, 9:07 a.m., Published: May 7, 2020, 3:07 p.m.
 Vulnerabilities: configuration vulnerability
Affected productsExternal IDs
db: NVD ids: CVE-2016-7182

How to Fix the Top 10 Windows 10 Vulnerabilities [Infographic] | UpGuard

Trust: 4.0

Fetched: April 21, 2024, 9:33 a.m., Published: April 10, 2024, midnight
 Vulnerabilities: privilege escalation, code execution, feature bypass...
Affected productsExternal IDs
db: NVD ids: CVE-2015-0057, CVE-2015-1769, CVE-2015-5143

ESP32 IoT Devices Vulnerable to Forever-Hack - InfoQ

Trust: 3.75

Fetched: April 21, 2024, 9:31 a.m., Published: April 2, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: routers
vendor: cisco model: cisco routers
db: NVD ids: CVE-2019-17391

Pixel Update Bulletin-April 2024 | Android Open Source Project

Related entries in the VARIoT vulnerabilities database: VAR-202404-3101, VAR-202404-2956

Trust: 4.25

Fetched: April 21, 2024, 9:30 a.m., Published: April 21, 2024, midnight
 Vulnerabilities: information disclosure, code execution, denial of service
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android
db: NVD ids: CVE-2024-29749, CVE-2024-29755, CVE-2024-29743, CVE-2024-29752, CVE-2024-29750, CVE-2024-29753, CVE-2024-29757, CVE-2023-43515, CVE-2024-29782, CVE-2024-29756, CVE-2024-29738, CVE-2024-29747, CVE-2024-29754, CVE-2024-27232, CVE-2024-29745, CVE-2024-29739, CVE-2024-29740, CVE-2024-29742, CVE-2024-27231, CVE-2024-29741, CVE-2024-29783, CVE-2024-29751, CVE-2024-29746, CVE-2024-29744, CVE-2024-29748

Low-Privileged User Can Execute Arbitrary Code Remotely on Device with High Privileges (CVE-2024-2162) | SecurityVulnerability.io - SecuirtyVulnerability.io

Trust: 3.0

Fetched: April 21, 2024, 9:30 a.m., Published: April 21, 2024, midnight
 Vulnerabilities: command injection, os command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-2162

CVE-2024-0027: Permanent device denial of service due to bypassing snoozed notifications limit number

Trust: 4.0

Fetched: April 21, 2024, 9:27 a.m., Published: Feb. 4, 2024, midnight
 Vulnerabilities: resource exhaustion, denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2024-0027

Ransomware leak site reports rose by 49% in 2023, but there is good news | ZDNET

Trust: 5.5

Fetched: April 21, 2024, 9:26 a.m., Published: April 21, 2023, midnight
 Vulnerabilities: sql injection
Affected productsExternal IDs
vendor: palo alto networks model: networks
vendor: palo model: networks
db: NVD ids: CVE-2021-21974, CVE-2023-34362, CVE-2023-0669, CVE-2023-35708, CVE-2023-35036

Z-Wave End Devices Vulnerable to Stack Buffer Overflow (CVE-2023-51395) | SecurityVulnerability.io - SecuirtyVulnerability.io

Trust: 3.25

Fetched: April 21, 2024, 9:25 a.m., Published: April 21, 2024, midnight
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2023-51395

Robust IoT Security Service Scanning Features

Trust: 3.0

Fetched: April 21, 2024, 9:23 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: check point model: check point

Apple Patches Critical Zero-Day - Spiceworks

Trust: 4.75

Fetched: April 21, 2024, 9:22 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: trend model: security
vendor: apple model: webkit
vendor: apple model: tvos
vendor: apple model: macos
db: NVD ids: CVE-2024-23222

Apple Patches WebKit Zero Day, Adds Stolen Device Protection in iOS | Decipher

Trust: 4.75

Fetched: April 21, 2024, 9:22 a.m., Published: Jan. 23, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: safari
vendor: apple model: macos
vendor: apple model: iphone
db: NVD ids: CVE-2024-23222

5G Security Threat Landscape, AI and Blockchain | Wireless Personal Communications

Trust: 4.75

Fetched: April 21, 2024, 9:21 a.m., Published: Dec. 1, 2023, midnight
 Vulnerabilities: denial of service

OT and IoT Network Anomalies Raise Red Flags as Threats to Critical Infrastructure Becomes More Sophisticated

Trust: 4.5

Fetched: April 21, 2024, 9:20 a.m., Published: April 4, 2024, midnight
 Vulnerabilities: brute force attack, buffer overflow, code execution...
Affected productsExternal IDs
vendor: trend model: security

Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400) | Volexity

Trust: 4.25

Fetched: April 21, 2024, 9:17 a.m., Published: April 12, 2024, 5:02 p.m.
 Vulnerabilities: command injection, code execution, os command injection
Affected productsExternal IDs
vendor: palo model: palo alto networks globalprotect
vendor: palo model: pan-os
vendor: palo model: firewall
vendor: palo model: networks globalprotect
vendor: palo model: networks
vendor: palo alto networks model: palo alto networks globalprotect
vendor: palo alto networks model: pan-os
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks globalprotect
vendor: palo alto networks model: networks
vendor: google model: chrome
vendor: google model: google chrome
vendor: asus model: routers
vendor: asus model: asus
db: NVD ids: CVE-2024-3400