Sign-up

VARIoT news about IoT security

Zyxel security advisory for buffer overflow vulnerability in some 5G NR CPE, DSL/Ethernet CPE, fiber ONT, WiFi extender, and security router devices | Zyxel Networks

Trust: 3.0

Fetched: Sept. 16, 2024, 6:59 p.m., Published: Sept. 7, 2024, midnight
 Vulnerabilities: buffer overflow
Affected productsExternal IDs

Critical Improper Access Control Vuln Affecting SonicWall Devices | Rapid7 Blog

Trust: 4.75

Fetched: Sept. 16, 2024, 6:58 p.m., Published: Sept. 9, 2024, 6:38 p.m.
 Vulnerabilities: improper access control, access control vulnerability
Affected productsExternal IDs
vendor: sonicwall model: soho
vendor: sonicwall model: sonicos
db: NVD ids: CVE-2024-40766

Protecting Against RCE Attacks Abusing WhatsUp Gold Vulnerabilities | Trend Micro (US)

Trust: 4.25

Fetched: Sept. 16, 2024, 6:54 p.m., Published: Sept. 12, 2024, midnight
 Vulnerabilities: weak password, code execution
Affected productsExternal IDs
vendor: ipswitch model: whatsup gold
vendor: ipswitch model: whatsup
vendor: trend micro model: security
vendor: trend model: security
db: NVD ids: CVE-2024-6670, CVE-2024-4885

D-Link Technical Support

Related entries in the VARIoT vulnerabilities database: VAR-202409-1026, VAR-202409-1099, VAR-202409-0703

Trust: 6.0

Fetched: Sept. 16, 2024, 6:54 p.m., Published: June 8, 2021, midnight
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: d-link model: router
db: NVD ids: CVE-2024-45698, CVE-2024-45696, CVE-2024-45697, CVE-2024-45694, CVE-2024-45695

Does the Blast-RADIUS vulnerability affect Portnox Cloud users?

Trust: 3.0

Fetched: Sept. 16, 2024, 6:54 p.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-3596

Active Exploitation of Zero-Day Vulnerability in Android Devices

Trust: 5.75

Fetched: Sept. 16, 2024, 6:53 p.m., Published: Sept. 16, 2024, midnight
 Vulnerabilities: use after free, code execution
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2024-36971

Firmware Vulnerability in Poly Clariti Manager Devices (CVE-2024-41913) | SecurityVulnerability.io - SecuirtyVulnerability.io

Trust: 3.25

Fetched: Sept. 16, 2024, 6:50 p.m., Published: Aug. 6, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-41913

CVE-2024-45038 - Meshtastic Device Firmware MQTT Denial of Service Vulnerability

Trust: 6.25

Fetched: Sept. 16, 2024, 6:44 p.m., Published: Aug. 27, 2024, 9:15 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: mesh model: mesh
db: NVD ids: CVE-2024-45038

Windows MSHTML Zero-Day Vulnerability Exploited In The Wild

Trust: 3.0

Fetched: Sept. 16, 2024, 6:43 p.m., Published: Sept. 16, 2024, 1:50 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-43461, CVE-2024-38112

CVE-2024-33896 - Cosy+ Devices Code Injection Vulnerability

Trust: 5.0

Fetched: Sept. 16, 2024, 6:43 p.m., Published: Aug. 2, 2024, 6:16 p.m.
 Vulnerabilities: code injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-33896

CVE-2024-7581 - Tenda A301 Stack-Based Buffer Overflow Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-202408-0167

Trust: 4.75

Fetched: Sept. 16, 2024, 6:42 p.m., Published: Aug. 7, 2024, 3:15 p.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2024-7581

CVE-2024-45032 - Industrial Edge Management Device Token Impersonation Vulnerability

Trust: 3.0

Fetched: Sept. 16, 2024, 6:41 p.m., Published: Sept. 10, 2024, 10:15 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-45032

Cisco IOS XR Software Network Convergence System Denial of Service Vulnerability

Trust: 3.75

Fetched: Sept. 16, 2024, 6:40 p.m., Published: Sept. 11, 2024, 3:46 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: ios xr
vendor: cisco model: ios xr software
vendor: cisco model: network convergence system
vendor: cisco model: cisco ios xr
vendor: cisco model: cisco ios

Modules 13 - 17: Threats and Attacks Group Exam (Answers)

Trust: 5.25

Fetched: Sept. 16, 2024, 6:39 p.m., Published: Aug. 31, 2024, 3:55 a.m.
 Vulnerabilities: buffer overflow, session hijacking, resource exhaustion...
Affected productsExternal IDs
vendor: cisco model: router
vendor: cisco model: cisco ios

Cisco IOS XR Software Segment Routing for Intermediate System-to-Intermediate System Denial of Service Vulnerability - Cisco

Trust: 3.75

Fetched: Sept. 16, 2024, 6:30 p.m., Published: Sept. 11, 2024, 11:36 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: ios xe software
vendor: cisco model: ios xe
vendor: cisco model: ios software
vendor: cisco model: ios xr
vendor: cisco model: ios xr software
vendor: cisco model: nx-os
vendor: cisco model: nx-os software
vendor: cisco model: router
vendor: cisco model: cisco ios xr
vendor: cisco model: cisco ios

Unquoted Executable Path Vulnerability Affects Hitachi Device Manager on Windows (CVE-2024-5963) | SecurityVulnerability.io - SecuirtyVulnerability.io

Trust: 4.0

Fetched: Sept. 16, 2024, 6:30 p.m., Published: Aug. 6, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: hitachi model: hitachi device manager
vendor: hitachi model: device manager
db: NVD ids: CVE-2024-5963

Microsoft Copilot Fixes ASCII Smuggling Vulnerability

Trust: 3.0

Fetched: Aug. 30, 2024, 9:25 a.m., Published: Aug. 19, 2024, midnight
 Vulnerabilities: injection attack
Affected productsExternal IDs

State-backed attackers and commercial surveillance vendors repeatedly use the same exploits

Related entries in the VARIoT vulnerabilities database: VAR-202104-0753

Trust: 3.5

Fetched: Aug. 30, 2024, 9:23 a.m., Published: Aug. 29, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
vendor: google model: chrome
vendor: google model: google chrome
db: NVD ids: CVE-2021-1879

Unpatched security cameras fuel 'Corona Mirai' botnet surge

Related entries in the VARIoT vulnerabilities database: VAR-201803-1048, VAR-201505-0274

Trust: 3.75

Fetched: Aug. 30, 2024, 9:23 a.m., Published: Aug. 29, 2024, 2:17 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security
vendor: huawei model: huawei
db: NVD ids: CVE-2017-17215, CVE-2014-8361, CVE-2024-7029

What is Malware? Prevention, Detection and How Attacks Work

Trust: 3.5

Fetched: Aug. 30, 2024, 9:21 a.m., Published: Aug. 30, 2023, midnight
 Vulnerabilities: service disruption
Affected productsExternal IDs
vendor: google model: home
vendor: google model: android
vendor: google model: chrome
vendor: trend micro model: internet security
vendor: trend micro model: security
vendor: trend micro model: antivirus
vendor: trend model: internet security
vendor: trend model: security
vendor: trend model: antivirus
vendor: sophos model: mobile
vendor: sophos model: endpoint protection
vendor: sophos model: firewall
vendor: apple model: macos
vendor: cisco model: router
vendor: symantec model: endpoint protection
vendor: symantec model: antivirus