VARIoT latest news about IoT security

Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution. Trust: 3.5 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 7, 2022, 7:33 p.m.	Vulnerabilities: code execution

Affected products	External IDs

BrakTooth Vulnerabilities Affect Billions of Devices (CVE-2021-28139) Trust: 6.75 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 6, 2021, 11:09 a.m.	Vulnerabilities: denial of service, code execution

Affected products

External IDs

vendor:

mesh

model:

mesh

db:

NVD

ids:

CVE-2021-28139

Apple issues emergency updates to fix major 'zero-click vulnerability' in all of its operating systems \| TechSpot Related entries in the VARIoT vulnerabilities database: VAR-202108-1057 Trust: 3.75 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 11, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	watchos
vendor:	apple	model:	macos
vendor:	apple	model:	iphone

db:

NVD

ids:

CVE-2021-30860

PTES Technical Guidelines - pentest-standard 1.1 documentation Trust: 4.0 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 1, 2022, midnight	Vulnerabilities: authentication attack, account lockout, buffer overflow...

Affected products

External IDs

vendor:	cisco	model:	meeting
vendor:	cisco	model:	network access control
vendor:	cisco	model:	guard
vendor:	cisco	model:	cisco systems
vendor:	cisco	model:	catalyst
vendor:	cisco	model:	routers
vendor:	cisco	model:	hsrp
vendor:	cisco	model:	wireless access point
vendor:	cisco	model:	eigrp
vendor:	cisco	model:	series
vendor:	cisco	model:	access points
vendor:	cisco	model:	router
vendor:	cisco	model:	leap
vendor:	cisco	model:	cisco ios
vendor:	sonicwall	model:	web application firewall
vendor:	sonicwall	model:	switch
vendor:	sonicwall	model:	analyzer
vendor:	barracuda	model:	web application firewall
vendor:	barracuda	model:	barracuda
vendor:	barracuda	model:	running
vendor:	essential	model:	phone
vendor:	mesh	model:	mesh
vendor:	citrix	model:	gateway
vendor:	rapid	model:	scada
vendor:	wireshark	model:	wireshark
vendor:	canary	model:	canary
vendor:	google	model:	wifi
vendor:	google	model:	home
vendor:	palo	model:	networks
vendor:	palo	model:	firewall
vendor:	aircrack-ng	model:	aircrack-ng
vendor:	serve	model:	serve
vendor:	cisco systems	model:	meeting
vendor:	cisco systems	model:	network access control
vendor:	cisco systems	model:	guard
vendor:	cisco systems	model:	cisco systems
vendor:	cisco systems	model:	catalyst
vendor:	cisco systems	model:	routers
vendor:	cisco systems	model:	hsrp
vendor:	cisco systems	model:	wireless access point
vendor:	cisco systems	model:	eigrp
vendor:	cisco systems	model:	series
vendor:	cisco systems	model:	access points
vendor:	cisco systems	model:	router
vendor:	cisco systems	model:	leap
vendor:	cisco systems	model:	cisco ios
vendor:	hewlett packard	model:	hp-ux
vendor:	hewlett packard	model:	switches
vendor:	hewlett packard	model:	hewlett packard
vendor:	hewlett packard	model:	integrity
vendor:	novell	model:	netware
vendor:	novell	model:	client

Interesting Privilege Escalation Vulnerability - Schneier on Security Trust: 4.25 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 10, 2022, midnight	Vulnerabilities: privilege escalation

Affected products	External IDs

Latest Malware Attacks You Need to Know Trust: 3.75 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 6, 2021, 11:52 a.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:

google

model:

android

Mirai’s Variant Mukashi Malware Exploits Zyxel NAS Device Vulnerabilities Related entries in the VARIoT vulnerabilities database: VAR-202003-1707 Trust: 5.5 Fetched: Nov. 4, 2021, 1:02 p.m., Published: -	Vulnerabilities: command injection, default credentials, code execution

Affected products

External IDs

vendor:	zyxel	model:	nsa210
vendor:	zyxel	model:	nas540
vendor:	zyxel	model:	nas326
vendor:	zyxel	model:	nsa325
vendor:	zyxel	model:	nsa320s
vendor:	zyxel	model:	nsa220
vendor:	zyxel	model:	nas542
vendor:	zyxel	model:	nas520
vendor:	zyxel	model:	nsa310s
vendor:	zyxel	model:	nsa320
vendor:	zyxel	model:	nsa325v2
vendor:	zyxel	model:	nsa310
vendor:	zyxel	model:	nsa221
vendor:	palo	model:	palo alto networks
vendor:	palo	model:	networks
vendor:	palo alto networks	model:	palo alto networks
vendor:	palo alto networks	model:	networks

db:

NVD

ids:

CVE-2020-9054

BadAlloc Vulnerability Affecting BlackBerry QNX RTOS \| CISA Trust: 4.5 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 23, 2021, midnight	Vulnerabilities: code execution, integer overflow

Affected products

External IDs

vendor:	blackberry	model:	blackberry
vendor:	blackberry	model:	link

db:

NVD

ids:

CVE-2021-22156

iOS 11 - Wikipedia Trust: 3.25 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 11, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	pixel
vendor:	google	model:	wifi
vendor:	google	model:	home
vendor:	apple	model:	ipad
vendor:	apple	model:	icloud
vendor:	apple	model:	apple tv
vendor:	apple	model:	macos
vendor:	apple	model:	itunes
vendor:	apple	model:	safari
vendor:	apple	model:	iphone
vendor:	apple	model:	watch
vendor:	apple	model:	ipod touch
vendor:	apple	model:	watchos

GovCERT.HK - Security Alert (A21-09-03): Multiple Vulnerabilities in Bluetooth devices Trust: 3.25 Fetched: Nov. 4, 2021, 1:02 p.m., Published: -	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2021-31717, CVE-2021-28139, CVE-2021-28155, CVE-2021-28136, CVE-2021-31785, CVE-2021-31786, CVE-2021-34150, CVE-2021-28135, CVE-2021-31609, CVE-2021-34143, CVE-2021-31613

The real dangers of vulnerable IoT devices - duckduck WHO ? Trust: 3.0 Fetched: Nov. 4, 2021, 1:02 p.m., Published: -	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2021-31251

Full Disclosure: SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices Related entries in the VARIoT vulnerabilities database: VAR-201602-0004, VAR-201501-0737 Trust: 4.25 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 1, 2021, midnight	Vulnerabilities: buffer overflow, command injection, cross-site scripting

Affected products

External IDs

vendor:	moxa	model:	moxa
vendor:	moxa	model:	oncell g3470a-lte-eu
vendor:	moxa	model:	wac-1001
vendor:	moxa	model:	wac-2004
vendor:	moxa	model:	oncell g3470a-lte-eu-t

db:

NVD

ids:

CVE-2013-1914, CVE-2016-1234, CVE-2015-7547, CVE-2021-39279, CVE-2013-7423, CVE-2021-39278, CVE-2015-0235

The Security Vulnerabilities that Exist on Some of our Favorite IoT Devices - Firedome Trust: 3.0 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 27, 2021, 11:11 a.m.	Vulnerabilities: denial of service

Affected products	External IDs

Week in review: Realtek chips vulnerabilities, NAS devices under attack, security teams burnout - Help Net Security Trust: 3.5 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 20, 2021, 11:14 a.m.	Vulnerabilities: os command injection, command injection

Affected products

External IDs

db:

NVD

ids:

CVE-2021-28372

NVD - CVE-2021-40114 Related entries in the VARIoT vulnerabilities database: VAR-202110-1353 Trust: 5.5 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 3, 2022, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	cisco systems	model:	firepower_threat_defense
vendor:	cisco systems	model:	cisco systems
vendor:	cisco systems	model:	series
vendor:	cisco systems	model:	firepower_management_center
vendor:	cisco	model:	firepower_threat_defense
vendor:	cisco	model:	cisco systems
vendor:	cisco	model:	series
vendor:	cisco	model:	firepower_management_center
vendor:	snort	model:	snort

db:

NVD

ids:

CVE-2021-40114

CVE-2021-40118 - CVE.report Related entries in the VARIoT vulnerabilities database: VAR-202110-1350 Trust: 6.0 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 7, 2022, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	cisco	model:	adaptive security appliance
vendor:	cisco	model:	cisco adaptive security appliance
vendor:	cisco	model:	firepower
vendor:	cisco	model:	firepower threat defense

db:

NVD

ids:

CVE-2021-40118

Update your Apple device now: emergency security update released : TechWeb : Blog Archive : Boston University Trust: 3.0 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 29, 2021, 1:37 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

iphone

CVE-2021-40114 - CVE.report Related entries in the VARIoT vulnerabilities database: VAR-202110-1353 Trust: 5.75 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 7, 2022, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	cisco	model:	series
vendor:	cisco	model:	firepower management center
vendor:	cisco	model:	firepower
vendor:	snort	model:	snort

db:

NVD

ids:

CVE-2021-40114

CVE - CVE-2021-1451 Trust: 4.5 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 3, 2022, midnight	Vulnerabilities: denial of service, buffer overflow

Affected products

External IDs

vendor:	cisco systems	model:	catalyst
vendor:	cisco systems	model:	cisco catalyst 4500 series
vendor:	cisco systems	model:	catalyst 4500 series
vendor:	cisco systems	model:	catalyst 4500
vendor:	cisco systems	model:	cisco systems
vendor:	cisco systems	model:	ios xe software
vendor:	cisco systems	model:	ios xe
vendor:	cisco systems	model:	series switches
vendor:	cisco systems	model:	cisco ios xe
vendor:	cisco systems	model:	series
vendor:	cisco systems	model:	cisco ios
vendor:	cisco	model:	catalyst
vendor:	cisco	model:	cisco catalyst 4500 series
vendor:	cisco	model:	catalyst 4500 series
vendor:	cisco	model:	catalyst 4500
vendor:	cisco	model:	cisco systems
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	series switches
vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	series
vendor:	cisco	model:	cisco ios

db:

NVD

ids:

CVE-2021-1451

CVE-2021-34787 : A vulnerability in the identity-based firewall (IDFW) rule processing feature of Cisco Adaptive Security Appliance (ASA) Related entries in the VARIoT vulnerabilities database: VAR-202110-1354 Trust: 4.0 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 27, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	firepower
vendor:	cisco	model:	cisco adaptive security appliance
vendor:	cisco	model:	firepower threat defense
vendor:	cisco	model:	adaptive security appliance

db:

NVD

ids:

CVE-2009-1234, CVE-2021-34787

VARIoT news about IoT security