Sign-up

VARIoT news about IoT security

Cisco Unified Contact Center Enterprise Cloud Connect Insufficient Access Control Vulnerability - Cisco

Trust: 5.0

Fetched: May 25, 2025, 9:27 a.m., Published: May 21, 2025, 11:40 a.m.
 Vulnerabilities: access control vulnerability
Affected productsExternal IDs
vendor: cisco model: cisco unified contact center enterprise
vendor: cisco model: unified contact center enterprise

CVE-2025-31238 : Memory Corruption Vulnerability in Apple Devices

Trust: 5.75

Fetched: May 25, 2025, 9:26 a.m., Published: May 12, 2025, 9:42 p.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: apple model: safari
vendor: apple model: macos
vendor: apple model: tvos
vendor: apple model: watchos
db: NVD ids: CVE-2025-31238

SECURITY BULLETIN: February 2023 Security Bulletin for Trend Micro Apex One

Trust: 4.25

Fetched: May 25, 2025, 9:25 a.m., Published: Feb. 25, 2023, midnight
 Vulnerabilities: privilege escalation, code execution, uncontrolled search path...
Affected productsExternal IDs
vendor: trend model: security
vendor: trend micro model: security
db: NVD ids: CVE-2023-0587, CVE-2023-25143, CVE-2023-25148, CVE-2023-25144, CVE-2023-25146, CVE-2023-25145, CVE-2023-25147

U.S. CISA adds SonicWall SMA100 and Apache HTTP Server flaws to its Known Exploited Vulnerabilities catalog

Related entries in the VARIoT vulnerabilities database: VAR-202312-2070

Trust: 5.5

Fetched: May 25, 2025, 9:25 a.m., Published: May 2, 2025, 7:49 a.m.
 Vulnerabilities: session hijacking, os command injection, command injection
Affected productsExternal IDs
vendor: sonicwall model: sma100
vendor: sonicwall model: secure mobile access
vendor: sonicwall model: ssl-vpn
vendor: sonicwall model: sma 100
vendor: brocade model: brocade fabric os
vendor: brocade model: fabric os
vendor: broadcom model: brocade fabric os
db: NVD ids: CVE-2024-38475, CVE-2023-44221

Understanding and Mitigating CVE-2025-27671: Critical Device Impersonation Vulnerability in Vasion Print

Trust: 4.0

Fetched: May 25, 2025, 9:25 a.m., Published: May 26, 2025, midnight
 Vulnerabilities: device impersonation, authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2025-27671

Network Enumeration: Step-by-Step Breakdown - PenteScope

Trust: 3.5

Fetched: May 25, 2025, 9:23 a.m., Published: May 8, 2025, 5:27 a.m.
 Vulnerabilities: default credentials, password guessing
Affected productsExternal IDs
vendor: wireshark model: wireshark

IoT Device Vulnerabilities Exploited for Mirai Botnet Attacks | B2Bdaily.com

Trust: 4.5

Fetched: May 25, 2025, 9:23 a.m., Published: May 8, 2025, 5:14 a.m.
 Vulnerabilities: path traversal, code execution
Affected productsExternal IDs
vendor: samsung model: samsung
db: NVD ids: CVE-2024-6047, CVE-2024-11120

Medical Device Cybersecurity Risks Explained | Open Medscience

Trust: 3.0

Fetched: May 25, 2025, 9:22 a.m., Published: May 23, 2025, 10:07 p.m.
 Vulnerabilities: default password
Affected productsExternal IDs

SonicBoom, From Stolen Tokens to Remote Shells - SonicWall SMA (CVE-2023-44221, CVE-2024-38475)

Related entries in the VARIoT vulnerabilities database: VAR-202312-2070

Trust: 4.25

Fetched: May 25, 2025, 9:21 a.m., Published: May 1, 2025, 10:31 p.m.
 Vulnerabilities: command execution, command injection
Affected productsExternal IDs
vendor: orange model: web server
vendor: canary model: canary
vendor: sonicwall model: sma100
vendor: sonicwall model: secure mobile access
vendor: sonicwall model: ssl-vpn
vendor: sonicwall model: ssl-vpn web server
vendor: sonicwall model: sonicwall ssl-vpn
db: NVD ids: CVE-2024-38475, CVE-2023-44221

Critical Siemens IPC Vulnerability (CVE-2024-54085): Protecting Industrial Systems from Authentication Bypass | Windows Forum

Trust: 4.75

Fetched: May 25, 2025, 9:14 a.m., Published: May 25, 2025, midnight
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: siemens model: simatic
db: NVD ids: CVE-2024-54085

Fortinet vulnerability CVE-2025-32756: Find affected assets

Related entries in the VARIoT vulnerabilities database: VAR-202210-0198, VAR-202505-1884, VAR-202403-2416, VAR-202412-2453

Trust: 4.5

Fetched: May 25, 2025, 9:13 a.m., Published: May 13, 2025, 4 p.m.
 Vulnerabilities: sql injection, buffer overflow, code execution...
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2023-36554, CVE-2024-23666, CVE-2023-42789, CVE-2024-23112, CVE-2023-50176, CVE-2024-21762, CVE-2022-40684, CVE-2023-37936, CVE-2025-32756, CVE-2024-55591, CVE-2023-48788, CVE-2023-34990, CVE-2023-42790, CVE-2023-47534

Cybersecurity Risk Management for Medical Device and Health Software

Trust: 4.5

Fetched: May 25, 2025, 9:11 a.m., Published: May 3, 2025, midnight
 Vulnerabilities: denial of service, sql injection, buffer overflow...
Affected productsExternal IDs
db: NVD ids: CVE-2025-22457, CVE-2024-6796

Critical Security Flaw in Lantronix Device Installer Leaves Legacy Devices Vulnerable | Windows Forum

Trust: 3.5

Fetched: May 25, 2025, 9:10 a.m., Published: May 25, 2025, midnight
 Vulnerabilities: denial of service, privilege escalation, default credentials
Affected productsExternal IDs
db: NVD ids: CVE-2025-4338

Cybercrime Escalates in 2025 as Hackers Target Everyday Devices with Sophisticated Attacks

Related entries in the VARIoT vulnerabilities database: VAR-202303-1268

Trust: 4.75

Fetched: May 25, 2025, 9:10 a.m., Published: May 12, 2025, 9:54 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: home
vendor: tp-link model: routers
db: NVD ids: CVE-2023-1389

A Comprehensive Analysis of IoT Device Security: Architectures, Threats, Mitigation, and Future Directions - MedTechNews

Trust: 3.75

Fetched: May 25, 2025, 9:04 a.m., Published: May 21, 2025, 1:12 a.m.
 Vulnerabilities: default credentials
Affected productsExternal IDs

How Cybersecurity Can Remove Vulnerabilities in Routers • DataFeature

Trust: 3.5

Fetched: May 23, 2025, 9:24 a.m., Published: Oct. 18, 2024, 4:58 p.m.
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs

SonicWall Devices Under Attack: Understanding the Recent Vulnerabilities - hide.me

Related entries in the VARIoT vulnerabilities database: VAR-202312-2070

Trust: 5.0

Fetched: May 23, 2025, 9:24 a.m., Published: May 5, 2025, 8:08 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: sonicwall model: sma 100
vendor: sonicwall model: secure mobile access
vendor: sonicwall model: remote access
db: NVD ids: CVE-2024-38475, CVE-2023-44221

Apple's AirPlay system may have major security flaws that can allow hackers to hijack devices, researchers claim - The Times of India

Trust: 3.75

Fetched: May 23, 2025, 9:23 a.m., Published: May 23, 2025, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: macos

U.S. CISA adds GoVision device flaws to its Known Exploited Vulnerabilities catalog

Trust: 5.5

Fetched: May 23, 2025, 9:22 a.m., Published: May 8, 2025, 8:04 a.m.
 Vulnerabilities: command injection, os command injection
Affected productsExternal IDs
vendor: brocade model: brocade fabric os
vendor: brocade model: fabric os
vendor: broadcom model: brocade fabric os
db: NVD ids: CVE-2024-11120, CVE-2024-6047

Cisco Secure Network Analytics Manager Privilege Escalation Vulnerability

Trust: 4.25

Fetched: May 23, 2025, 9:22 a.m., Published: May 21, 2025, 3:52 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs