Sign-up

VARIoT news about IoT security

Critical Wi-Fi Extender Vulnerability Actively Exploited: What It Means for Your Security

Related entries in the VARIoT vulnerabilities database: VAR-202008-0768

Trust: 5.5

Fetched: Sept. 3, 2025, 9:27 a.m., Published: Sept. 2, 2025, midnight
 Vulnerabilities: authentication issue
Affected productsExternal IDs
vendor: tp-link model: gateway
vendor: tp-link model: tl-wa855re
vendor: palo model: networks
vendor: trend model: security
vendor: palo alto networks model: networks
db: NVD ids: CVE-2025-55177, CVE-2020-24363

ESPHome Web Server Authentication Bypass Vulnerability Exposes Smart Devices

Trust: 5.25

Fetched: Sept. 3, 2025, 9:27 a.m., Published: Sept. 2, 2025, 8:35 p.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2025-57808

ESPHome Web Server Authentication Bypass Vulnerability Exposes Smart

Trust: 7.0

Fetched: Sept. 3, 2025, 9:26 a.m., Published: Sept. 3, 2025, midnight
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: wireshark model: wireshark
db: NVD ids: CVE-2025-57808

ESPHome Vulnerability Allows Unauthorized Access to Smart Devices

Trust: 6.25

Fetched: Sept. 3, 2025, 9:26 a.m., Published: Sept. 2, 2025, 2:14 p.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2025-57808

WhatsApp fixes vulnerability used in zero-click attacks | Malwarebytes

Trust: 4.5

Fetched: Sept. 3, 2025, 9:25 a.m., Published: Sept. 1, 2025, 1:55 p.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: macos
vendor: google model: android
db: NVD ids: CVE-2025-43300, CVE-2025-55177

CVE-2025-57808: ESPHome Web Server Authentication Bypass Exposes Smart Devices

Trust: 4.25

Fetched: Sept. 3, 2025, 9:19 a.m., Published: Sept. 2, 2025, 2:54 a.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2025-57808

Android Security Bulletin-September 2025 | Android Open Source Project

Related entries in the VARIoT vulnerabilities database: VAR-202507-1286, VAR-202509-0101, VAR-202509-0115

Trust: 4.25

Fetched: Sept. 3, 2025, 9:18 a.m., Published: Sept. 3, 2025, midnight
 Vulnerabilities: information disclosure, denial of service, code execution
Affected productsExternal IDs
vendor: motorola model: motorola
vendor: motorola model: android
vendor: huawei model: huawei
vendor: samsung model: notes
vendor: samsung model: mobile
vendor: samsung model: note
vendor: samsung model: samsung
vendor: google model: pixel
vendor: google model: android
vendor: google model: wifi
db: NVD ids: CVE-2025-27073, CVE-2025-48544, CVE-2025-48523, CVE-2025-48539, CVE-2025-0467, CVE-2025-48581, CVE-2025-32349, CVE-2025-25180, CVE-2025-21488, CVE-2025-48524, CVE-2025-0076, CVE-2025-48551, CVE-2025-21446, CVE-2024-47898, CVE-2025-0089, CVE-2025-32321, CVE-2025-48535, CVE-2025-1246, CVE-2025-21449, CVE-2025-48547, CVE-2024-47899, CVE-2025-21427, CVE-2025-48527, CVE-2025-27034, CVE-2025-20703, CVE-2025-21482, CVE-2025-47326, CVE-2025-32345, CVE-2025-21464, CVE-2025-20708, CVE-2025-48526, CVE-2025-48563, CVE-2025-48554, CVE-2025-26464, CVE-2025-27032, CVE-2025-48558, CVE-2025-48540, CVE-2025-47328, CVE-2025-48534, CVE-2025-48562, CVE-2025-48550, CVE-2025-48559, CVE-2025-48556, CVE-2025-47329, CVE-2025-8109, CVE-2025-48548, CVE-2025-21477, CVE-2025-32326, CVE-2025-48532, CVE-2025-48541, CVE-2025-21483, CVE-2025-48561, CVE-2025-48537, CVE-2025-1706, CVE-2025-27065, CVE-2025-32346, CVE-2025-21433, CVE-2023-24023, CVE-2025-21487, CVE-2025-46707, CVE-2025-32327, CVE-2025-27066, CVE-2025-48529, CVE-2025-21481, CVE-2025-47317, CVE-2025-48560, CVE-2025-21450, CVE-2025-48553, CVE-2025-48531, CVE-2025-21465, CVE-2025-48543, CVE-2025-21432, CVE-2025-47318, CVE-2025-48545, CVE-2025-46708, CVE-2025-32333, CVE-2025-32332, CVE-2025-48552, CVE-2025-48522, CVE-2025-25179, CVE-2025-48528, CVE-2025-21454, CVE-2025-48546, CVE-2025-46710, CVE-2021-39810, CVE-2024-49714, CVE-2025-48549, CVE-2025-20696, CVE-2025-32350, CVE-2025-48538, CVE-2025-32331, CVE-2025-27052, CVE-2025-32323, CVE-2024-7881, CVE-2025-32324, CVE-2025-32330, CVE-2025-3212, CVE-2025-32325, CVE-2025-38352, CVE-2025-48542, CVE-2025-26454, CVE-2025-21484, CVE-2025-20704, CVE-2025-32347

Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks

Related entries in the VARIoT vulnerabilities database: VAR-202501-3666

Trust: 4.75

Fetched: Sept. 3, 2025, 9:18 a.m., Published: Aug. 21, 2025, 4:47 a.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: apple model: ipad
vendor: apple model: safari
vendor: apple model: ipad air
vendor: apple model: iphone
vendor: apple model: macos
vendor: google model: chrome
db: NVD ids: CVE-2025-43200, CVE-2025-24200, CVE-2025-43300, CVE-2025-31201, CVE-2025-24085, CVE-2025-6558, CVE-2025-24201, CVE-2025-31200

Can't locate Pixel Buds Pro 2 in Find My Device - Google Pixel Buds Community

Trust: 3.0

Fetched: Sept. 3, 2025, 9:07 a.m., Published: Sept. 2, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: pixel

Quarterly Security Notification (August 2025)

Trust: 3.25

Fetched: Aug. 31, 2025, 11:32 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-545005

Johnson Controls iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR Ultra G2 SE, iSTAR Edge G2 | CISA

Trust: 5.5

Fetched: Aug. 31, 2025, 11:31 a.m., Published: Aug. 1, 2025, midnight
 Vulnerabilities: os command injection, command injection, default credentials
Affected productsExternal IDs
vendor: tyco model: istar ultra
db: NVD ids: CVE-2025-53695, CVE-2025-53696, CVE-2025-53700, CVE-2025-53698, CVE-2025-53697, CVE-2025-53699

zero day vulnerability

Trust: 5.25

Fetched: Aug. 31, 2025, 11:28 a.m., Published: Aug. 25, 2025, 3:29 a.m.
 Vulnerabilities: memory corruption, code execution
Affected productsExternal IDs
vendor: apple model: macos
vendor: trend model: security
db: NVD ids: CVE-2025-43300

ERROR: The request could not be satisfied

Trust: 3.25

Fetched: Aug. 31, 2025, 11:28 a.m., Published: -
 Vulnerabilities: configuration error
Affected productsExternal IDs

WhatsApp Fixes Bug That Secretly Hacked Data from Apple Devices

Trust: 4.75

Fetched: Aug. 31, 2025, 11:28 a.m., Published: Aug. 30, 2025, 11:02 a.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: apple model: iphone
db: NVD ids: CVE-2025-55177, CVE-2025-43300

Siemens RUGGEDCOM ROX II | CISA

Trust: 4.5

Fetched: Aug. 31, 2025, 11:22 a.m., Published: Jan. 10, 2023, midnight
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: siemens model: ruggedcom rox rx1500
vendor: siemens model: ruggedcom
vendor: siemens model: rox ii
vendor: siemens model: ruggedcom rox rx1510
vendor: siemens model: ruggedcom rox rx1536
vendor: siemens model: ruggedcom rox rx1511
vendor: siemens model: ruggedcom rox mx5000
vendor: siemens model: ruggedcom rox rx1512
vendor: siemens model: ruggedcom rox rx1501
vendor: siemens model: ruggedcom rox rx1400
vendor: siemens model: ruggedcom rox rx5000
vendor: siemens model: ruggedcom rox rx1524
db: NVD ids: CVE-2025-40761

Embedded Security: Protecting Your Device from Tampering and Exploits - Developers Heaven

Trust: 3.25

Fetched: Aug. 31, 2025, 11:21 a.m., Published: Aug. 12, 2025, 12:29 p.m.
 Vulnerabilities: code execution, cross-site scripting, sql injection
Affected productsExternal IDs

What Are the Different Types of Vulnerability Scans?

Trust: 3.5

Fetched: Aug. 31, 2025, 11:20 a.m., Published: Aug. 14, 2025, midnight
 Vulnerabilities: cross-site scripting, sql injection
Affected productsExternal IDs

Microsoft Patch Tuesday August 2025: 107 Vulnerabilities Patched, Including 35 RCE Flaws

Trust: 5.25

Fetched: Aug. 31, 2025, 11:19 a.m., Published: Aug. 12, 2025, 5:53 p.m.
 Vulnerabilities: path traversal, denial of service, information disclosure...
Affected productsExternal IDs
vendor: google model: home
vendor: google model: android
db: NVD ids: CVE-2025-50169, CVE-2025-50161, CVE-2025-53134, CVE-2025-53779, CVE-2025-53789, CVE-2025-53138, CVE-2025-50164, CVE-2025-53737, CVE-2025-53728, CVE-2025-49736, CVE-2025-53149, CVE-2025-53154, CVE-2025-49759, CVE-2025-53142, CVE-2025-50153, CVE-2025-53772, CVE-2025-25005, CVE-2025-53736, CVE-2025-53735, CVE-2025-50176, CVE-2025-48807, CVE-2025-53723, CVE-2025-53148, CVE-2025-53759, CVE-2025-53783, CVE-2025-53730, CVE-2025-50172, CVE-2025-49745, CVE-2025-53155, CVE-2025-53720, CVE-2025-49762, CVE-2025-53740, CVE-2025-50155, CVE-2025-50156, CVE-2025-53766, CVE-2025-53725, CVE-2025-53786, CVE-2025-53143, CVE-2025-53769, CVE-2025-53727, CVE-2025-33051, CVE-2025-49751, CVE-2025-53734, CVE-2025-53153, CVE-2025-53738, CVE-2025-53773, CVE-2025-50158, CVE-2025-53137, CVE-2025-53788, CVE-2025-53781, CVE-2025-49755, CVE-2025-53133, CVE-2025-50173, CVE-2025-49707, CVE-2025-50166, CVE-2025-53724, CVE-2025-53778, CVE-2025-50160, CVE-2025-50165, CVE-2025-24999, CVE-2025-25006, CVE-2025-53716, CVE-2025-53718, CVE-2025-49712, CVE-2025-49743, CVE-2025-53141, CVE-2025-47954, CVE-2025-50168, CVE-2025-50157, CVE-2025-53732, CVE-2025-25007, CVE-2025-53147, CVE-2025-53729, CVE-2025-53741, CVE-2025-50170, CVE-2025-53131, CVE-2025-53719, CVE-2025-50163, CVE-2025-50167, CVE-2025-53760, CVE-2025-49758, CVE-2025-49761, CVE-2025-53793, CVE-2025-53140, CVE-2025-50154, CVE-2025-53733, CVE-2025-53136, CVE-2025-53765, CVE-2025-53135, CVE-2025-53761, CVE-2025-53156, CVE-2025-53722, CVE-2025-49757, CVE-2025-50171, CVE-2025-53151, CVE-2025-53721, CVE-2025-53726, CVE-2025-53145, CVE-2025-53144, CVE-2025-50159, CVE-2025-53784, CVE-2025-50177, CVE-2025-53739, CVE-2025-53731, CVE-2025-53132, CVE-2025-53152, CVE-2025-50162

Fortinet Warns About FortiSIEM Vulnerability (CVE-2025-25256) With In-the-Wild Exploit Code

Trust: 3.75

Fetched: Aug. 31, 2025, 11:18 a.m., Published: Aug. 13, 2025, 11:37 a.m.
 Vulnerabilities: os command injection, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2025-25256

New Sni5Gect Attack Crashes Phones and Downgrades 5G to 4G without Rogue Base Station

Trust: 3.75

Fetched: Aug. 31, 2025, 11:18 a.m., Published: Aug. 26, 2025, 5:23 p.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: oneplus model: oneplus
vendor: google model: pixel
vendor: samsung model: galaxy
vendor: samsung model: mobile
vendor: samsung model: samsung
vendor: samsung model: samsung galaxy
vendor: huawei model: huawei