VARIoT latest news about IoT security

D-Link critical vulnerabilities CVE-2024-3272 & CVE-2024-3273 Related entries in the VARIoT vulnerabilities database: VAR-202404-0070, VAR-202404-0069 Trust: 4.75 Fetched: May 31, 2024, 9:28 a.m., Published: April 10, 2024, 2:53 p.m.	Vulnerabilities: command injection

Affected products

External IDs

vendor:	d-link	model:	dns-320l
vendor:	d-link	model:	dns-327l
vendor:	d-link	model:	dns-325
vendor:	d-link	model:	dns-340l
vendor:	dlink	model:	dns-320l
vendor:	dlink	model:	dns-327l
vendor:	dlink	model:	dns-325
vendor:	dlink	model:	dns-340l

db:

NVD

ids:

CVE-2024-3273, CVE-2024-3272

Critical Vulnerability in D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L Up to 2024-04-03 (CVE-2024-3272) \| SecurityVulnerability.io - SecuirtyVulnerability.io Related entries in the VARIoT vulnerabilities database: VAR-202404-0069 Trust: 6.0 Fetched: May 31, 2024, 9:16 a.m., Published: -	Vulnerabilities: command execution

Affected products

External IDs

vendor:	d-link	model:	dns-320l
vendor:	d-link	model:	dns-327l
vendor:	d-link	model:	dns-325
vendor:	d-link	model:	dns-340l

db:

NVD

ids:

CVE-2024-3272

CVE-2024-24919: Check Point Security Gateways Vulnerability Explained Trust: 5.25 Fetched: May 31, 2024, 9:08 a.m., Published: May 30, 2024, midnight	Vulnerabilities: directory traversal, file inclusion, information disclosure

Affected products

External IDs

vendor:	check point	model:	check point
vendor:	trend	model:	security

db:

NVD

ids:

CVE-2024-24919

CVE-2024-24919: Check Point Security Gateway Information Disclosure Zero-Day Exploited in the Wild - Blog \| Tenable® Trust: 5.75 Fetched: May 31, 2024, 9:08 a.m., Published: May 29, 2024, 4:25 p.m.	Vulnerabilities: information disclosure

Affected products

External IDs

vendor:	check point	model:	check point
vendor:	check point	model:	security gateway
vendor:	check point	model:	quantum security gateway

db:

NVD

ids:

CVE-2024-24919

Cybersecurity Firm Identifies Vulnerabilities in Popular IoT Cameras - CEPRO Trust: 5.75 Fetched: May 29, 2024, 9:59 a.m., Published: May 24, 2024, 1:17 p.m.	Vulnerabilities: command execution, buffer overflow, code execution

Affected products

External IDs

vendor:

roku

model:

roku

db:

NVD

ids:

CVE-2023-6323, CVE-2023-6324, CVE-2023-6322, CVE-2023-6321

System BIOS komputera Dell Precision 5520 \| Szczegóły sterownika \| Dell Polska Trust: 3.0 Fetched: May 29, 2024, 9:58 a.m., Published: May 29, 5520, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	dell	model:	precision 5520
vendor:	dell	model:	bios

Controlling user access to the features of Android devices Trust: 3.0 Fetched: May 29, 2024, 9:57 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

android

Newly identified botnet targets decade-old flaw in unpatched D-Link devices Related entries in the VARIoT vulnerabilities database: VAR-201502-0201, VAR-202404-0070, VAR-202404-0069 Trust: 4.0 Fetched: May 29, 2024, 9:52 a.m., Published: May 2, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

tp-link

model:

routers

db:

NVD

ids:

CVE-2015-2051, CVE-2024-3273, CVE-2024-3272

CVE-2024-4810 - NULL pointer deference in register_device in ppdev in Linux kernel - SecAlerts Trust: 3.0 Fetched: May 29, 2024, 9:50 a.m., Published: May 5, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2024-4810

27 Best Free Network IP Scanning Tools for 2024 - PrivacySavvy Trust: 4.25 Fetched: May 29, 2024, 9:46 a.m., Published: May 25, 2024, 8:02 a.m.	Vulnerabilities: sql injection

Affected products

External IDs

vendor:	essential	model:	phone
vendor:	wireshark	model:	wireshark
vendor:	snort	model:	snort
vendor:	cisco	model:	routers

Govt warns of a vulnerability in Wi-Fi routers that could allow a hacker to access your connected devices - India Today Trust: 3.75 Fetched: May 29, 2024, 9:43 a.m., Published: May 29, 2024, 5:59 a.m.	Vulnerabilities: command injection

Affected products

External IDs

vendor:	google	model:	wifi
vendor:	google	model:	chrome
vendor:	google	model:	google chrome
vendor:	google	model:	wi-fi router
vendor:	google	model:	home
vendor:	tp-link	model:	routers

Real Life Examples of Web Vulnerabilities (OWASP Top 10) (2024) Trust: 3.25 Fetched: May 29, 2024, 9:42 a.m., Published: May 29, 2024, 9:41 a.m.	Vulnerabilities: default password, code execution, privilege escalation...

Affected products

External IDs

vendor:	essential	model:	phone
vendor:	check point	model:	check point
vendor:	check point	model:	express
vendor:	google	model:	android

[AL-040] Active Exploitation of Critical Vulnerability in Palo Alto Networks PAN-OS Software Trust: 4.75 Fetched: May 29, 2024, 9:38 a.m., Published: May 29, 2024, midnight	Vulnerabilities: command injection

Affected products

External IDs

vendor:	palo	model:	networks
vendor:	palo	model:	pan-os
vendor:	palo	model:	firewall
vendor:	palo alto networks	model:	networks
vendor:	palo alto networks	model:	pan-os
vendor:	palo alto networks	model:	firewall
vendor:	paloaltonetworks	model:	networks
vendor:	paloaltonetworks	model:	pan-os
vendor:	paloaltonetworks	model:	firewall

db:

NVD

ids:

CVE-2024-3400

[AL-043] Active Exploitation of Vulnerabilities in Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) Products Trust: 5.0 Fetched: May 29, 2024, 9:36 a.m., Published: May 29, 2024, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	cisco	model:	adaptive security appliance
vendor:	cisco	model:	firepower threat defense
vendor:	cisco	model:	firepower
vendor:	cisco	model:	cisco adaptive security appliance

db:

NVD

ids:

CVE-2024-20358, CVE-2024-20353, CVE-2024-20359

PAN-OS: Arbitrary File Creation Leads to OS Command Injectio... - vulnerability database \| Vulners.com Trust: 5.5 Fetched: May 29, 2024, 9:36 a.m., Published: April 12, 2024, 6:55 a.m.	Vulnerabilities: file creation vulnerability, command injection

Affected products

External IDs

vendor:	palo	model:	networks
vendor:	palo	model:	pan-os
vendor:	palo	model:	firewall
vendor:	palo alto networks	model:	networks
vendor:	palo alto networks	model:	pan-os
vendor:	palo alto networks	model:	firewall
vendor:	paloaltonetworks	model:	networks
vendor:	paloaltonetworks	model:	pan-os
vendor:	paloaltonetworks	model:	firewall

db:

NVD

ids:

CVE-2024-3400

CVE-2024-3400: Palo Alto PAN-OS Command Injection Vulnerability Explained Trust: 5.5 Fetched: May 29, 2024, 9:36 a.m., Published: May 29, 2024, midnight	Vulnerabilities: command execution, code execution, directory traversal...

Affected products

External IDs

vendor:	palo	model:	networks globalprotect
vendor:	palo	model:	pan-os
vendor:	palo	model:	firewall
vendor:	palo	model:	networks
vendor:	palo	model:	palo alto networks globalprotect
vendor:	palo alto networks	model:	networks globalprotect
vendor:	palo alto networks	model:	pan-os
vendor:	palo alto networks	model:	firewall
vendor:	palo alto networks	model:	networks
vendor:	palo alto networks	model:	palo alto networks globalprotect
vendor:	check point	model:	check point
vendor:	paloaltonetworks	model:	networks globalprotect
vendor:	paloaltonetworks	model:	pan-os
vendor:	paloaltonetworks	model:	firewall
vendor:	paloaltonetworks	model:	networks
vendor:	paloaltonetworks	model:	palo alto networks globalprotect
vendor:	snort	model:	snort

db:

NVD

ids:

CVE-2024-3400

Google's Response to Pixel Zero-Days: CVE-2024-29745, CVE-2024-29748; Chrome V8 Zero-Day, CVE-2024-3159 - SOCRadar® Cyber Intelligence Inc. Trust: 4.5 Fetched: May 29, 2024, 9:35 a.m., Published: April 4, 2024, 11:56 a.m.	Vulnerabilities: heap corruption, code execution, information disclosure...

Affected products

External IDs

vendor:	google	model:	chrome
vendor:	google	model:	android
vendor:	google	model:	pixel

db:

NVD

ids:

CVE-2024-29745, CVE-2023-28582, CVE-2024-29748, CVE-2024-29740, CVE-2024-3159

Clear Trust: 5.25 Fetched: May 29, 2024, 9:35 a.m., Published: May 29, 2024, midnight	Vulnerabilities: os command injection, command injection

Affected products

External IDs

vendor:	palo	model:	pan-os
vendor:	palo	model:	firewall
vendor:	palo	model:	networks
vendor:	palo alto networks	model:	pan-os
vendor:	palo alto networks	model:	firewall
vendor:	palo alto networks	model:	networks
vendor:	paloaltonetworks	model:	pan-os
vendor:	paloaltonetworks	model:	firewall
vendor:	paloaltonetworks	model:	networks

db:

NVD

ids:

CVE-2024-3400

Automation-Direct C-MORE EA9 HMI \| CISA Trust: 4.25 Fetched: May 29, 2024, 9:34 a.m., Published: May 29, 2023, midnight	Vulnerabilities: buffer overflow, path traversal

Affected products

External IDs

vendor:	c-more	model:	hmi ea9
vendor:	automationdirect	model:	c-more

db:

NVD

ids:

CVE-2024-25136, CVE-2024-25138, CVE-2024-25137

Critical Command Injection Vulnerability in D-Link Devices (VDB-259284) (CVE-2024-3273) \| SecurityVulnerability.io - SecuirtyVulnerability.io Related entries in the VARIoT vulnerabilities database: VAR-202404-0070 Trust: 4.0 Fetched: May 29, 2024, 9:32 a.m., Published: May 29, 2024, midnight	Vulnerabilities: command execution, command injection

Affected products

External IDs

db:

NVD

ids:

CVE-2024-3273

VARIoT news about IoT security