Sign-up

VARIoT news about IoT security

Alert: Over 700,000 DrayTek Routers Exposed to Hacking via 14 New Vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-202410-0075, VAR-202410-0281, VAR-202410-3509, VAR-202410-3635, VAR-202410-3388, VAR-202410-0179, VAR-202410-0186, VAR-202410-0861

Trust: 4.5

Fetched: Oct. 4, 2024, 9:25 a.m., Published: Oct. 2, 2024, 1 p.m.
 Vulnerabilities: buffer overflow, cross-site scripting, information disclosure...
Affected productsExternal IDs
vendor: draytek model: routers
vendor: draytek model: draytek routers
db: NVD ids: CVE-2024-41587, CVE-2024-41595, CVE-2024-41593, CVE-2024-41588, CVE-2024-41592, CVE-2024-41589, CVE-2024-41596, CVE-2024-41594, CVE-2024-41585, CVE-2024-41583, CVE-2024-41584, CVE-2024-41591, CVE-2024-41590, CVE-2024-41586

Bosch Security Advisories - PSIRT (Product Security Incident Response Team)

Trust: 4.25

Fetched: Oct. 4, 2024, 9:24 a.m., Published: Aug. 21, 2023, 10:29 a.m.
 Vulnerabilities: authentication vulnerability, information leak, information disclosure...
Affected productsExternal IDs
vendor: bosch model: video management system
vendor: bosch model: video recording manager
vendor: bosch model: building integration system
vendor: bosch model: ip cameras
vendor: bosch model: video streaming gateway
vendor: bosch model: configuration manager
vendor: bosch model: bvms
vendor: bosch model: bvms viewer
vendor: bosch model: divar ip 7000
vendor: bosch model: bosch divar ip
vendor: bosch model: bosch bvms viewer
vendor: bosch model: divar ip all-in-one 5000
vendor: bosch model: divar ip all-in-one
vendor: bosch model: divar ip
vendor: bosch model: cpp13
vendor: bosch model: bosch ip cameras
vendor: bosch model: divar ip 3000

Google Online Security Blog: Pixel's Proactive Approach to Security: Addressing Vulnerabilities in Cellular Modems

Trust: 3.25

Fetched: Oct. 4, 2024, 9:24 a.m., Published: Oct. 3, 2024, midnight
 Vulnerabilities: memory corruption, integer overflow, code execution
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android
vendor: canary model: canary

Camera Vulnerability: Tutorial, Sample CVEs, and Best Practices - SecuriThings

Related entries in the VARIoT vulnerabilities database: VAR-202108-1018, VAR-202009-0800, VAR-202001-0856, VAR-201011-0101, VAR-201812-0472, VAR-201705-3742, VAR-201803-2290, VAR-201806-0696

Trust: 5.5

Fetched: Oct. 4, 2024, 9:23 a.m., Published: -
 Vulnerabilities: default password, request forgery, memory corruption...
Affected productsExternal IDs
vendor: axis model: axis
vendor: axis model: ip cameras
vendor: dahua model: ip camera
vendor: dahua model: camera
vendor: genie access model: wip3bvaf
vendor: foscam model: system
vendor: foscam model: ip camera
vendor: foscam model: foscam
vendor: hikvision model: ip cameras
vendor: hikvision model: hikvision
vendor: d-link model: dcs-2103
vendor: bosch model: ip cameras
vendor: bosch model: bosch ip cameras
db: NVD ids: CVE-2021-23849, CVE-2020-25748, CVE-2013-2574, CVE-2022-30563, CVE-2010-4231, CVE-2018-19036, CVE-2017-7923, CVE-2018-7698, CVE-2018-10664

14 Bugs in DrayTek Vigor Routers Disclosed: Admin Interfaces Widely Exposed Across Major ISPs [CVE-2024-41592] | Censys

Related entries in the VARIoT vulnerabilities database: VAR-202410-3635

Trust: 5.5

Fetched: Oct. 4, 2024, 9:22 a.m., Published: Oct. 3, 2024, 8:24 p.m.
 Vulnerabilities: command injection, buffer overflow, denial of service...
Affected productsExternal IDs
vendor: draytek model: vigor2925
vendor: draytek model: routers
vendor: draytek model: vigor
vendor: draytek model: draytek routers
db: NVD ids: CVE-2024-41592, CVE-2024-41585

CVE-2024-46851 - AMD Display Device Race Condition Vulnerability

Trust: 3.0

Fetched: Oct. 2, 2024, 12:06 p.m., Published: Sept. 27, 2024, 1:15 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-46851

How To Identify A Device On My Network: 6 Clever Tricks For Digital Detectives

Trust: 3.75

Fetched: Oct. 2, 2024, 12:06 p.m., Published: Aug. 29, 2023, 4:15 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: paessler model: prtg network monitor

NVIDIA AI Container Toolkit Vulnerability Fix | Trend Micro (CA)

Trust: 4.5

Fetched: Oct. 2, 2024, 12:05 p.m., Published: Sept. 27, 2024, midnight
 Vulnerabilities: code execution, information disclosure, denial of service
Affected productsExternal IDs
vendor: trend model: security
vendor: trend micro model: security
db: NVD ids: CVE-2024-0132

Cyber Security News Letter(Weekly) - Data Breaches, Vulnerability

Trust: 3.5

Fetched: Oct. 2, 2024, 12:04 p.m., Published: Sept. 8, 2024, 3:46 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: cisco model: series
vendor: cisco systems model: series

Veeam Patches Multiple Vulnerabilities Impacting Backup and Replication - Qualys ThreatPROTECT

Trust: 3.75

Fetched: Oct. 2, 2024, 12:03 p.m., Published: -
 Vulnerabilities: privilege escalation, path traversal, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-39718, CVE-2024-40710, CVE-2024-40712, CVE-2024-40714, CVE-2024-40713, CVE-2024-40711

From the Trenches: Top 10 Cybersecurity Lessons Learned in 2024 H1 - SOCRadar® Cyber Intelligence Inc.

Trust: 3.5

Fetched: Oct. 2, 2024, 12:01 p.m., Published: Oct. 1, 2024, 10:14 a.m.
 Vulnerabilities: default credentials, denial of service
Affected productsExternal IDs
vendor: trend model: security

Breaking news blocked.

Trust: 4.25

Fetched: Oct. 2, 2024, 11:56 a.m., Published: Oct. 1, 2024, midnight
 Vulnerabilities: cross-site scripting, session hijacking, code execution
Affected productsExternal IDs
vendor: pulp model: pulp
vendor: sony model: playstation
db: NVD ids: CVE-2024-22170

Anviz unveiled the M7 Palm Access Control Device

Trust: 3.0

Fetched: Oct. 2, 2024, 11:54 a.m., Published: Oct. 1, 2024, 12:54 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: anviz model: anviz

CVE-2024-46743 of/irq: Prevent device address out-of-bounds ... - vulnerability database | Vulners.com

Trust: 3.0

Fetched: Oct. 2, 2024, 11:53 a.m., Published: Sept. 18, 2024, 7:12 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-46743

CUPS open source printing system can be hacked to hijack your devices, experts warn | TechRadar

Trust: 3.75

Fetched: Oct. 2, 2024, 11:46 a.m., Published: Sept. 27, 2024, 3:19 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cups model: cups
vendor: apple model: macos
vendor: apple model: cups
db: NVD ids: CVE-2024-47177, CVE-2024-47176, CVE-2024-47175

Surface Pro 7 gets new (September 26, 2024) firmware updates - SurfaceTip

Trust: 3.0

Fetched: Oct. 2, 2024, 11:46 a.m., Published: Sept. 26, 2024, 4 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-29871

CVE-2024-8612 Qemu-kvm: information leak in virtio devices - vulnerability database | Vulners.com

Trust: 5.25

Fetched: Oct. 2, 2024, 11:45 a.m., Published: Sept. 20, 2024, 5:50 p.m.
 Vulnerabilities: information leak
Affected productsExternal IDs
db: NVD ids: CVE-2024-8612

CVE-2024-47524 - Exploits & Severity - Feedly

Trust: 3.0

Fetched: Oct. 2, 2024, 11:45 a.m., Published: Oct. 1, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-47524

Mobile Security Threats in 2025: How to Protect Your Devices

Trust: 4.0

Fetched: Oct. 2, 2024, 11:44 a.m., Published: Oct. 2, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: essential model: phone

Unlock Advanced IoT Visibility for Cyber-Physical Systems

Trust: 3.5

Fetched: Oct. 2, 2024, 11:44 a.m., Published: Oct. 1, 2024, 1 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: mesh model: mesh