VARIoT latest news about IoT security

What is a Security Vulnerability? - SentinelOne Trust: 5.5 Fetched: Jan. 10, 2024, 9:46 a.m., Published: Dec. 28, 2022, 9:53 p.m.	Vulnerabilities: buffer overflow, privilege escalation, cross-site scripting...

Affected products

External IDs

vendor:

trend

model:

security

db:

NVD

ids:

CVE-2017-0199

Threat Actors Exploiting F5 BIG-IP CVE-2022-1388 \| CISA Related entries in the VARIoT vulnerabilities database: VAR-202205-0394 Trust: 3.75 Fetched: Jan. 10, 2024, 9:45 a.m., Published: Oct. 12, 2022, midnight	Vulnerabilities: authentication bypass

Affected products

External IDs

db:

NVD

ids:

CVE-2022-1388

CVE-2022-23968: Xerox vulnerability allows unauthenticated users to remotely brick network printers (UPDATED) \| The NeoSmart Files Trust: 3.75 Fetched: Jan. 10, 2024, 9:44 a.m., Published: Jan. 24, 2022, 10:31 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	xerox	model:	phaser
vendor:	xerox	model:	workcentre

db:

NVD

ids:

CVE-2022-23968

Uncovering the Vulnerabilities of IoT: How to Secure Your Devices - Device Authority Ltd Trust: 4.25 Fetched: Jan. 10, 2024, 9:42 a.m., Published: Sept. 18, 2023, 5:34 p.m.	Vulnerabilities: privilege escalation, default credentials, denial of service

Affected products

External IDs

vendor:	google	model:	wifi
vendor:	google	model:	home
vendor:	palo	model:	networks
vendor:	cisco	model:	guard
vendor:	cisco	model:	routers
vendor:	palo alto networks	model:	networks
vendor:	sonos	model:	sonos

What is IoT Security? Definition and Challenges of IoT Security Trust: 4.5 Fetched: Jan. 10, 2024, 9:41 a.m., Published: Jan. 10, 2023, midnight	Vulnerabilities: command injection, code execution

Affected products

External IDs

vendor:

essential

model:

phone

A Survey on IoT Vulnerability Discovery \| SpringerLink Trust: 3.5 Fetched: Jan. 10, 2024, 9:40 a.m., Published: Jan. 10, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

home

Top IoT Device Vulnerabilities: How To Secure IoT Devices \| Fortinet Trust: 3.0 Fetched: Jan. 10, 2024, 9:40 a.m., Published: Jan. 10, 2023, midnight	Vulnerabilities: -

Affected products	External IDs

Multiple RTOS (Update E) \| CISA Related entries in the VARIoT vulnerabilities database: VAR-202104-1963, VAR-202104-1960 Trust: 5.25 Fetched: Jan. 10, 2024, 9:37 a.m., Published: April 19, 2022, midnight	Vulnerabilities: memory corruption, buffer overflow, integer overflow...

Affected products

External IDs

vendor:	cesanta	model:	mongoose os
vendor:	cesanta	model:	mongoose
vendor:	riot	model:	riot
vendor:	windriver	model:	river vxworks
vendor:	windriver	model:	vxworks
vendor:	blackberry	model:	link
vendor:	blackberry	model:	blackberry

db:

NVD

ids:

CVE-2021-27427, CVE-2021-27433, CVE-2021-31572, CVE-2021-27502, CVE-2021-27425, CVE-2021-31571, CVE-2021-27439, CVE-2020-13603, CVE-2021-27431, CVE-2021-27417, CVE-2021-22680, CVE-2021-22156, CVE-2021-3420, CVE-2021-26706, CVE-2021-27411, CVE-2021-27504, CVE-2021-27435, CVE-2020-35198, CVE-2021-22684, CVE-2021-27429, CVE-2020-28895, CVE-2021-22636, CVE-2021-27421, CVE-2021-30636, CVE-2021-27419, CVE-2021-26461

CVE-2023-38545 - Security Update Guide - Microsoft - Hackerone: CVE-2023-38545 SOCKS5 heap buffer overflow Trust: 4.0 Fetched: Jan. 10, 2024, 9:26 a.m., Published: -	Vulnerabilities: buffer overflow

Affected products

External IDs

db:

NVD

ids:

CVE-2023-38545

Cisco TAC Technical FAQs for Cisco IOS XE Software Web UI Privilege Escalation Vulnerability - CVE-2023-20198 - Cisco Trust: 4.75 Fetched: Jan. 10, 2024, 9:20 a.m., Published: Oct. 27, 2023, 6 a.m.	Vulnerabilities: privilege escalation

Affected products

External IDs

vendor:	snort	model:	snort
vendor:	cisco systems	model:	cisco ios xe
vendor:	cisco systems	model:	ios software
vendor:	cisco systems	model:	cisco ios
vendor:	cisco systems	model:	ios xe software
vendor:	cisco systems	model:	ip phone
vendor:	cisco systems	model:	unified communications manager express
vendor:	cisco systems	model:	cisco unified border element
vendor:	cisco systems	model:	ios xe
vendor:	cisco systems	model:	catalyst 9800
vendor:	cisco systems	model:	unified communications
vendor:	cisco systems	model:	cisco unified communications manager
vendor:	cisco systems	model:	identity services engine
vendor:	cisco systems	model:	ios xr
vendor:	cisco systems	model:	unified border element
vendor:	cisco systems	model:	wireless lan controller
vendor:	cisco systems	model:	nexus
vendor:	cisco systems	model:	nx-os
vendor:	cisco systems	model:	dna center
vendor:	cisco systems	model:	ios-xe software
vendor:	cisco systems	model:	ip phones
vendor:	cisco systems	model:	aireos
vendor:	cisco systems	model:	catalyst
vendor:	cisco systems	model:	technical support
vendor:	cisco systems	model:	unified communications manager
vendor:	cisco systems	model:	router
vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	ios software
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	ip phone
vendor:	cisco	model:	unified communications manager express
vendor:	cisco	model:	cisco unified border element
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	catalyst 9800
vendor:	cisco	model:	unified communications
vendor:	cisco	model:	cisco unified communications manager
vendor:	cisco	model:	identity services engine
vendor:	cisco	model:	ios xr
vendor:	cisco	model:	unified border element
vendor:	cisco	model:	wireless lan controller
vendor:	cisco	model:	nexus
vendor:	cisco	model:	nx-os
vendor:	cisco	model:	dna center
vendor:	cisco	model:	ios-xe software
vendor:	cisco	model:	ip phones
vendor:	cisco	model:	aireos
vendor:	cisco	model:	catalyst
vendor:	cisco	model:	technical support
vendor:	cisco	model:	unified communications manager
vendor:	cisco	model:	router

db:

NVD

ids:

CVE-2023-20198

CVE - Search Results Related entries in the VARIoT vulnerabilities database: VAR-200801-0305, VAR-200703-0606, VAR-200210-0279, VAR-201106-0112, VAR-202105-0632, VAR-200209-0032, VAR-200210-0248, VAR-201304-0285, VAR-201301-0040, VAR-200210-0276, VAR-200811-0235, VAR-200305-0026, VAR-201804-1009, VAR-201106-0111, VAR-200210-0278, VAR-201510-0036, VAR-201304-0284, VAR-201209-0242, VAR-200708-0373, VAR-202204-1906, VAR-201206-0085, VAR-200401-0045, VAR-201804-1011, VAR-202102-0544, VAR-200611-0223, VAR-201010-0012, VAR-201206-0086, VAR-201310-0202, VAR-201206-0088, VAR-200912-0074, VAR-202106-0634, VAR-200209-0033, VAR-201509-0004, VAR-201208-0707, VAR-200809-0316, VAR-200305-0025, VAR-200304-0127, VAR-200305-0024, VAR-200210-0275, VAR-200205-0150, VAR-201506-0299, VAR-200605-0454, VAR-201311-0299, VAR-201106-0113, VAR-202204-1722, VAR-200210-0277, VAR-201910-0976, VAR-200210-0245, VAR-200708-0372, VAR-201205-0388, VAR-201209-0229, VAR-202008-0803, VAR-201310-0546, VAR-201107-0210, VAR-202204-0277, VAR-200304-0128, VAR-202106-0635 Trust: 5.25 Fetched: Jan. 10, 2024, 9:19 a.m., Published: Jan. 3, 2024, midnight	Vulnerabilities: brute force attack, memory corruption, service crash...

Affected products

External IDs

vendor:	citrix	model:	deterministic network enhancer
vendor:	citrix	model:	gateway
vendor:	cisco systems	model:	anyconnect ssl vpn
vendor:	cisco systems	model:	security device manager
vendor:	cisco systems	model:	cisco ios xr
vendor:	cisco systems	model:	asa 5500 series
vendor:	cisco systems	model:	unified meetingplace
vendor:	cisco systems	model:	asa 5500
vendor:	cisco systems	model:	asa software
vendor:	cisco systems	model:	meetingplace
vendor:	cisco systems	model:	firepower 2100
vendor:	cisco systems	model:	anyconnect secure mobility client
vendor:	cisco systems	model:	pix firewall
vendor:	cisco systems	model:	vpn 5000 client
vendor:	cisco systems	model:	cisco secure access control server
vendor:	cisco systems	model:	firepower
vendor:	cisco systems	model:	vpn 3002 hardware client
vendor:	cisco systems	model:	ip communicator
vendor:	cisco systems	model:	anyconnect secure mobility client software
vendor:	cisco systems	model:	unified videoconferencing manager
vendor:	cisco systems	model:	firepower 4110
vendor:	cisco systems	model:	secure desktop
vendor:	cisco systems	model:	vpn 3000 concentrator
vendor:	cisco systems	model:	catalyst 6500
vendor:	cisco systems	model:	secure access control server
vendor:	cisco systems	model:	vpn 3000 series
vendor:	cisco systems	model:	vpn concentrator
vendor:	cisco systems	model:	cisco catalyst 6500 series
vendor:	cisco systems	model:	cisco pix firewall
vendor:	cisco systems	model:	unified videoconferencing
vendor:	cisco systems	model:	adaptive security appliance
vendor:	cisco systems	model:	aironet
vendor:	cisco systems	model:	cisco 7600 series
vendor:	cisco systems	model:	cisco secure desktop
vendor:	cisco systems	model:	wireless control system
vendor:	cisco systems	model:	wireless lan solution engine
vendor:	cisco systems	model:	series switches
vendor:	cisco systems	model:	cisco ios
vendor:	cisco systems	model:	ios xr software
vendor:	cisco systems	model:	routers
vendor:	cisco systems	model:	wireless lan controllers
vendor:	cisco systems	model:	cisco anyconnect secure mobility client
vendor:	cisco systems	model:	series industrial security appliances
vendor:	cisco systems	model:	anyconnect vpn client
vendor:	cisco systems	model:	firepower threat defense
vendor:	cisco systems	model:	catalyst 6500 series
vendor:	cisco systems	model:	device manager
vendor:	cisco systems	model:	network analysis module
vendor:	cisco systems	model:	unified meetingplace express
vendor:	cisco systems	model:	cisco vpn 3000 series
vendor:	cisco systems	model:	vpn client
vendor:	cisco systems	model:	clientless ssl vpn
vendor:	cisco systems	model:	unified video advantage
vendor:	cisco systems	model:	meraki mx
vendor:	cisco systems	model:	7600 series
vendor:	cisco systems	model:	access control server
vendor:	cisco systems	model:	ciscoworks
vendor:	cisco systems	model:	wan manager
vendor:	cisco systems	model:	cisco adaptive security appliance
vendor:	cisco systems	model:	adaptive security virtual appliance
vendor:	cisco systems	model:	access points
vendor:	cisco systems	model:	firepower 9300
vendor:	cisco systems	model:	ios xr
vendor:	cisco systems	model:	series routers
vendor:	cisco systems	model:	aironet access points
vendor:	cisco systems	model:	series
vendor:	cisco systems	model:	cisco vpn client
vendor:	cisco systems	model:	unified personal communicator
vendor:	cisco systems	model:	ftd virtual
vendor:	cisco systems	model:	catalyst
vendor:	cisco	model:	anyconnect ssl vpn
vendor:	cisco	model:	security device manager
vendor:	cisco	model:	cisco ios xr
vendor:	cisco	model:	asa 5500 series
vendor:	cisco	model:	unified meetingplace
vendor:	cisco	model:	asa 5500
vendor:	cisco	model:	asa software
vendor:	cisco	model:	meetingplace
vendor:	cisco	model:	firepower 2100
vendor:	cisco	model:	anyconnect secure mobility client
vendor:	cisco	model:	pix firewall
vendor:	cisco	model:	vpn 5000 client
vendor:	cisco	model:	cisco secure access control server
vendor:	cisco	model:	firepower
vendor:	cisco	model:	vpn 3002 hardware client
vendor:	cisco	model:	ip communicator
vendor:	cisco	model:	anyconnect secure mobility client software
vendor:	cisco	model:	unified videoconferencing manager
vendor:	cisco	model:	firepower 4110
vendor:	cisco	model:	secure desktop
vendor:	cisco	model:	vpn 3000 concentrator
vendor:	cisco	model:	catalyst 6500
vendor:	cisco	model:	secure access control server
vendor:	cisco	model:	vpn 3000 series
vendor:	cisco	model:	vpn concentrator
vendor:	cisco	model:	cisco catalyst 6500 series
vendor:	cisco	model:	cisco pix firewall
vendor:	cisco	model:	unified videoconferencing
vendor:	cisco	model:	adaptive security appliance
vendor:	cisco	model:	aironet
vendor:	cisco	model:	cisco 7600 series
vendor:	cisco	model:	cisco secure desktop
vendor:	cisco	model:	wireless control system
vendor:	cisco	model:	wireless lan solution engine
vendor:	cisco	model:	series switches
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	ios xr software
vendor:	cisco	model:	routers
vendor:	cisco	model:	wireless lan controllers
vendor:	cisco	model:	cisco anyconnect secure mobility client
vendor:	cisco	model:	series industrial security appliances
vendor:	cisco	model:	anyconnect vpn client
vendor:	cisco	model:	firepower threat defense
vendor:	cisco	model:	catalyst 6500 series
vendor:	cisco	model:	device manager
vendor:	cisco	model:	network analysis module
vendor:	cisco	model:	unified meetingplace express
vendor:	cisco	model:	cisco vpn 3000 series
vendor:	cisco	model:	vpn client
vendor:	cisco	model:	clientless ssl vpn
vendor:	cisco	model:	unified video advantage
vendor:	cisco	model:	meraki mx
vendor:	cisco	model:	7600 series
vendor:	cisco	model:	access control server
vendor:	cisco	model:	ciscoworks
vendor:	cisco	model:	wan manager
vendor:	cisco	model:	cisco adaptive security appliance
vendor:	cisco	model:	adaptive security virtual appliance
vendor:	cisco	model:	access points
vendor:	cisco	model:	firepower 9300
vendor:	cisco	model:	ios xr
vendor:	cisco	model:	series routers
vendor:	cisco	model:	aironet access points
vendor:	cisco	model:	series
vendor:	cisco	model:	cisco vpn client
vendor:	cisco	model:	unified personal communicator
vendor:	cisco	model:	ftd virtual
vendor:	cisco	model:	catalyst
vendor:	safenet	model:	highassurance remote

db:

NVD

ids:

CVE-2021-34788, CVE-2011-2054, CVE-2008-0324, CVE-2007-1467, CVE-2002-1108, CVE-2011-2040, CVE-2021-1519, CVE-2002-0852, CVE-2002-1095, CVE-2013-1173, CVE-2012-5429, CVE-2002-1105, CVE-2008-5121, CVE-2003-0260, CVE-2018-0227, CVE-2011-2039, CVE-2002-1107, CVE-2015-7600, CVE-2013-1172, CVE-2023-20241, CVE-2012-3052, CVE-2007-4415, CVE-2022-20715, CVE-2012-2493, CVE-2003-1004, CVE-2018-0229, CVE-2023-20269, CVE-2021-1366, CVE-2006-5806, CVE-2009-5007, CVE-2012-2494, CVE-2022-20933, CVE-2013-3415, CVE-2012-2496, CVE-2009-4118, CVE-2021-1567, CVE-2002-0853, CVE-2023-20178, CVE-2015-6305, CVE-2012-1370, CVE-2008-2733, CVE-2003-0259, CVE-2002-1491, CVE-2003-0258, CVE-2002-1104, CVE-2002-1447, CVE-2015-4211, CVE-2006-2679, CVE-2013-5559, CVE-2011-2041, CVE-2022-20713, CVE-2002-1106, CVE-2019-15261, CVE-2002-1092, CVE-2007-4414, CVE-2011-3309, CVE-2012-3094, CVE-2020-3435, CVE-2013-5509, CVE-2023-20240, CVE-2011-2678, CVE-2022-20758, CVE-2002-1492, CVE-2021-1568

CVE - Search Results Related entries in the VARIoT vulnerabilities database: VAR-201912-1497, VAR-201808-0903, VAR-201602-0124, VAR-201704-0130, VAR-201912-1499, VAR-201912-1501, VAR-201704-0134, VAR-201912-1502, VAR-201202-0344, VAR-202002-0331, VAR-201912-1500, VAR-202103-0231, VAR-202005-0734, VAR-201912-1498 Trust: 6.25 Fetched: Jan. 10, 2024, 9:18 a.m., Published: Jan. 3, 2024, midnight	Vulnerabilities: untrusted search path, denial of service, application crash...

Affected products

External IDs

vendor:	samsung smartthings	model:	smartthings hub
vendor:	samsung smartthings	model:	smartthings hub sth-eth-250
vendor:	samsung smartthings	model:	samsung smartthings hub
vendor:	samsung smartthings	model:	sth-eth-250
vendor:	samsung smartthings	model:	samsung smartthings hub sth-eth-250
vendor:	comcast	model:	comcast xfinity
vendor:	comcast	model:	xfinity home security
vendor:	comcast	model:	xfinity
vendor:	comcast	model:	xfinity home security system
vendor:	samsung	model:	smartthings hub
vendor:	samsung	model:	smartthings hub sth-eth-250
vendor:	samsung	model:	samsung smartthings hub
vendor:	samsung	model:	sth-eth-250
vendor:	samsung	model:	samsung smartthings hub sth-eth-250
vendor:	xiaomi	model:	rtcgq01lm
vendor:	xiaomi	model:	wsdcgq01lm
vendor:	xiaomi	model:	zncz03lm
vendor:	xiaomi	model:	mccgq01lm
vendor:	xiaomi	model:	dgnwg03lm
vendor:	wireshark	model:	wireshark
vendor:	osram	model:	sylvania osram lightify home
vendor:	osram	model:	lightify home
vendor:	osram	model:	lightify pro
vendor:	asus	model:	ts-101
vendor:	asus	model:	ms-101
vendor:	asus	model:	dl-101
vendor:	asus	model:	as-101
vendor:	asus	model:	mw100
vendor:	asus	model:	hg100
vendor:	asus	model:	ws-101
vendor:	asus	model:	asus
vendor:	utc fire & security	model:	ge-mc100-ntp/gps-zb
vendor:	utc fire & security	model:	clock
vendor:	utc fire & security	model:	fire & security ge-mc100-ntp/gps-zb
vendor:	xfinity	model:	gateway
vendor:	smartthings	model:	smartthings hub

db:

NVD

ids:

CVE-2019-15910, CVE-2018-3926, CVE-2024-0210, CVE-2016-2398, CVE-2015-8732, CVE-2020-7476, CVE-2023-24678, CVE-2016-5054, CVE-2022-39064, CVE-2019-15912, CVE-2019-20480, CVE-2010-4301, CVE-2015-6244, CVE-2020-27891, CVE-2019-15914, CVE-2016-5058, CVE-2019-15915, CVE-2012-1288, CVE-2023-29780, CVE-2020-27890, CVE-2016-1562, CVE-2023-29779, CVE-2022-39065, CVE-2019-20481, CVE-2018-19628, CVE-2019-15913, CVE-2020-28952, CVE-2020-27892, CVE-2017-18868, CVE-2019-15911

Multiple vulnerabilities in Nexo cordless nutrunner \| Bosch PSIRT Trust: 5.75 Fetched: Jan. 10, 2024, 9:12 a.m., Published: Jan. 3, 2024, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:

bosch

model:

nexo

db:

NVD

ids:

CVE-2023-48258, CVE-2023-48248, CVE-2023-48254, CVE-2023-48251, CVE-2023-48253, CVE-2023-48252, CVE-2023-48265, CVE-2023-48262, CVE-2023-48244, CVE-2023-48247, CVE-2023-48266, CVE-2023-48246, CVE-2023-48263, CVE-2023-48245, CVE-2023-48260, CVE-2023-48261, CVE-2023-48257, CVE-2023-48249, CVE-2023-48264, CVE-2023-48255, CVE-2023-48243, CVE-2023-48259, CVE-2023-48256, CVE-2023-48250, CVE-2023-48242

Alert: New Vulnerabilities Discovered in QNAP and Kyocera Device Manager Trust: 4.75 Fetched: Jan. 10, 2024, 9:07 a.m., Published: Jan. 9, 2024, 9:52 a.m.	Vulnerabilities: path traversal, cross-site scripting, sql injection...

Affected products

External IDs

vendor:

netatalk

model:

netatalk

db:

NVD

ids:

CVE-2022-43634, CVE-2023-47560, CVE-2023-50916, CVE-2023-41287, CVE-2023-47559, CVE-2023-39296, CVE-2023-41288

CVE - CVE-2023-20198 Trust: 3.75 Fetched: Jan. 9, 2024, 10:23 a.m., Published: Jan. 3, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	ios xe software
vendor:	cisco systems	model:	cisco ios xe
vendor:	cisco systems	model:	cisco ios
vendor:	cisco systems	model:	ios xe
vendor:	cisco systems	model:	ios xe software

db:

NVD

ids:

CVE-2023-20198, CVE-2023-20273

Ivanti fixes critical security flaw that could let hackers hijack work devices, so patch now \| TechRadar Trust: 4.0 Fetched: Jan. 9, 2024, 10:19 a.m., Published: Jan. 5, 2024, 3:08 p.m.	Vulnerabilities: sql injection, code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2023-39336

Samsung acts on CERT-In’s high-risk warning: update your devices now \| Technology News - News9live Trust: 3.5 Fetched: Jan. 9, 2024, 10:19 a.m., Published: Dec. 14, 2023, 7:45 a.m.	Vulnerabilities: code execution, security bypass

Affected products

External IDs

vendor:	samsung	model:	galaxy
vendor:	samsung	model:	samsung mobile
vendor:	samsung	model:	knox
vendor:	samsung	model:	mobile phones
vendor:	samsung	model:	mobile

CVE-2023-35629 - Security Update Guide - Microsoft - Microsoft USBHUB 3.0 Device Driver Remote Code Execution Vulnerability Trust: 3.25 Fetched: Jan. 9, 2024, 10:17 a.m., Published: -	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2023-35629

A Spotlight on Vulnerability Addressing Smart Bulb Security Trust: 4.25 Fetched: Jan. 9, 2024, 10:16 a.m., Published: Dec. 18, 2023, midnight	Vulnerabilities: information leakage, default credentials

Affected products

External IDs

vendor:

google

model:

home

CVE-2023-7209 - vulnerability database \| Vulners.com Trust: 4.25 Fetched: Jan. 9, 2024, 10:16 a.m., Published: Jan. 7, 2024, 9:15 a.m.	Vulnerabilities: denial of service

Affected products

External IDs

db:

NVD

ids:

CVE-2023-7209

VARIoT news about IoT security