Sign-up

VARIoT news about IoT security

Critical F5 Vulnerabilities: Hackers Could Take Over Devices

Trust: 3.25

Fetched: May 10, 2024, 9:14 a.m., Published: May 10, 2024, 8:30 a.m.
 Vulnerabilities: sql injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-26026, CVE-2024-21793

Big Vulnerabilities in Next-Gen BIG-IP - Eclypsium | Supply Chain Security for the Modern Enterprise

Trust: 5.75

Fetched: May 10, 2024, 9:13 a.m., Published: May 8, 2024, 4 p.m.
 Vulnerabilities: sql injection
Affected productsExternal IDs
vendor: cisco model: series
db: NVD ids: CVE-2024-26026, CVE-2024-21793

Botnets Continue Exploiting CVE-2023-1389 for Wide-Scale Spread | FortiGuard Labs

Related entries in the VARIoT vulnerabilities database: VAR-202303-1268

Trust: 4.5

Fetched: May 10, 2024, 9:11 a.m., Published: April 16, 2024, 3 p.m.
 Vulnerabilities: denial of service, command injection, brute force attack
Affected productsExternal IDs
db: NVD ids: CVE-2023-1389

20 Security Issues Found in Xiaomi Devices | Oversecured Blog

Trust: 4.25

Fetched: May 10, 2024, 9:09 a.m., Published: May 20, 2024, midnight
 Vulnerabilities: memory corruption, traversal attack, path traversal...
Affected productsExternal IDs
vendor: xiaomi model: miui
vendor: google model: android
vendor: google model: wifi
vendor: delegate model: delegate

Delta Electronics InfraSuite Device Master | CISA

Trust: 4.75

Fetched: May 10, 2024, 9:09 a.m., Published: May 10, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: trend model: security
vendor: trend micro model: security
db: NVD ids: CVE-2023-46604

Multiple Xiaomi Android Devices Flaw : Attackers Hijack Phones

Trust: 3.75

Fetched: May 10, 2024, 9:08 a.m., Published: May 6, 2024, 11:29 a.m.
 Vulnerabilities: memory corruption, command injection
Affected productsExternal IDs
vendor: xiaomi model: miui

Vulnerability Assessment/Scanning

Trust: 3.5

Fetched: May 10, 2024, 9:06 a.m., Published: May 10, 2024, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: citrix model: netscaler
vendor: palo alto networks model: pan-os
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: palo model: pan-os
vendor: palo model: networks
vendor: palo model: firewall

Cisco IOS XE Software for Wireless LAN Controllers Multicast DNS Denial of Service Vulnerability

Trust: 4.0

Fetched: May 8, 2024, 9:22 a.m., Published: March 27, 2024, 3:55 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: wireless lan controllers
vendor: cisco model: cisco ios xe
vendor: cisco model: ios xe software
vendor: cisco model: cisco ios
vendor: cisco model: ios xe

Vulnerability Summary for the Week of April 22, 2024 | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202404-1912, VAR-202404-1373, VAR-202404-2629, VAR-202404-1559, VAR-202404-1374, VAR-202404-2082, VAR-202404-1726, VAR-202404-2694

Trust: 5.25

Fetched: May 8, 2024, 9:18 a.m., Published: April 22, 2024, midnight
 Vulnerabilities: certificate validation vulnerability, request forgery, privilege escalation...
Affected productsExternal IDs
vendor: cisco model: routers
vendor: cisco model: router
vendor: cisco model: telepresence management suite
vendor: cisco model: cisco telepresence
vendor: cisco model: cisco telepresence management suite
vendor: cisco model: telepresence
vendor: apple model: itunes
vendor: apple model: tvos
vendor: apple model: macos
vendor: apple model: safari
vendor: apple model: watchos
vendor: lenovo model: system
vendor: lenovo model: yoga
vendor: ruijie model: router
vendor: samsung model: notes
vendor: samsung model: samsung galaxy
vendor: samsung model: galaxy
vendor: samsung model: note
vendor: samsung model: mobile
vendor: d-link model: dap-2695
vendor: d-link model: dir-822
vendor: d-link model: dap-2360
vendor: d-link model: dap-2690
vendor: d-link model: dap-2310
vendor: d-link model: dap-2230
vendor: d-link model: router
vendor: d-link model: dap-2553
vendor: d-link model: dap-2330
vendor: d-link model: dap-3662
vendor: nokia model: impact
vendor: asus model: routers
vendor: asus model: router
vendor: asus model: asus
vendor: asus model: rt-n12
vendor: google model: android
vendor: tenda model: router
vendor: motorola model: android
vendor: motorola model: motorola
db: NVD ids: CVE-2024-33665, CVE-2023-38301, CVE-2024-33217, CVE-2024-3261, CVE-2024-23228, CVE-2022-48611, CVE-2024-32418, CVE-2024-32051, CVE-2023-38300, CVE-2024-28325, CVE-2024-33213, CVE-2024-31609, CVE-2024-2972, CVE-2023-52646416, CVE-2024-27574, CVE-2024-33247, CVE-2024-33667, CVE-2024-31828, CVE-2023-38296, CVE-2024-23527, CVE-2024-3075, CVE-2022-46897, CVE-2023-20248, CVE-2024-26923416, CVE-2024-31741, CVE-2024-33663, CVE-2023-38295, CVE-2024-29661, CVE-2024-3265, CVE-2023-48184, CVE-2024-32358, CVE-2024-29205, CVE-2024-31077, CVE-2024-27349, CVE-2023-51794, CVE-2024-28699, CVE-2024-28436, CVE-2024-22813, CVE-2024-31545, CVE-2024-22632, CVE-2022-34561, CVE-2023-38290, CVE-2024-21319, CVE-2024-33851, CVE-2024-32238, CVE-2024-28722, CVE-2024-32405, CVE-2024-29368, CVE-2023-38291, CVE-2024-3048, CVE-2024-33260, CVE-2024-28613, CVE-2024-28890, CVE-2022-35503, CVE-2024-32324, CVE-2024-30886, CVE-2024-28326, CVE-2023-38294, CVE-2024-32406, CVE-2024-33344, CVE-2024-2310, CVE-2024-29217, CVE-2024-31502, CVE-2024-28328, CVE-2024-31406, CVE-2024-2159, CVE-2024-32236, CVE-2024-33661, CVE-2024-2429, CVE-2024-32399, CVE-2022-29217, CVE-2024-33214, CVE-2024-31601, CVE-2024-0905, CVE-2024-33342, CVE-2024-28717, CVE-2024-31615, CVE-2024-32368, CVE-2024-2402, CVE-2024-2908, CVE-2023-38299, CVE-2024-23271, CVE-2024-0151, CVE-2023-48183, CVE-2024-28327, CVE-2024-30799, CVE-2024-31857, CVE-2024-33668, CVE-2024-29733, CVE-2023-26603, CVE-2024-30890, CVE-2024-32394, CVE-2023-47252, CVE-2023-7252, CVE-2024-22808, CVE-2024-31804, CVE-2024-30800, CVE-2024-31036, CVE-2024-2907, CVE-2024-31551, CVE-2024-33255, CVE-2024-3058, CVE-2024-31616, CVE-2024-33666, CVE-2024-26925416, CVE-2024-22811, CVE-2024-33259, CVE-2024-2837, CVE-2024-2404, CVE-2024-3059, CVE-2023-38297, CVE-2024-33211, CVE-2024-1743, CVE-2023-38302, CVE-2022-34562, CVE-2024-31574, CVE-2024-33215, CVE-2024-33531, CVE-2023-38292, CVE-2024-31610, CVE-2023-38298, CVE-2024-28322, CVE-2024-22809, CVE-2024-33664, CVE-2023-6237, CVE-2024-29660, CVE-2024-32407, CVE-2024-32404, CVE-2024-1756, CVE-2024-22807, CVE-2023-38293, CVE-2024-2439, CVE-2024-3076, CVE-2024-31755, CVE-2024-3188, CVE-2024-32258, CVE-2024-33258, CVE-2024-27347, CVE-2023-7253, CVE-2024-2603, CVE-2024-31666, CVE-2024-22633, CVE-2024-33212, CVE-2022-34560, CVE-2024-27791, CVE-2024-26924416, CVE-2024-3060, CVE-2024-26922416, CVE-2024-33343, CVE-2024-30939, CVE-2024-22856, CVE-2024-29376, CVE-2024-28627, CVE-2024-27348, CVE-2024-25343, CVE-2024-26926416, CVE-2024-30804, CVE-2024-22815

“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps | Microsoft Security Blog

Trust: 3.25

Fetched: May 8, 2024, 9:07 a.m., Published: May 1, 2024, midnight
 Vulnerabilities: code execution, path traversal
Affected productsExternal IDs
vendor: google model: android
vendor: google model: home
vendor: xiaomi model: browser

Phosphorus Launches the “15-30-60 xIoT Challenge” at RSAC 2024, Setting a New Industry Standard for Preventing xIoT Threats Faster - TradingView News

Trust: 3.75

Fetched: May 7, 2024, 9:40 a.m., Published: May 7, 2024, midnight
 Vulnerabilities: default credentials
Affected productsExternal IDs

Hackers Hit Germany and Czechia Using Outlook Flaw - Spiceworks

Trust: 4.0

Fetched: May 7, 2024, 9:39 a.m., Published: -
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2022-38028, CVE-2023-23397

Multiple Vulnerabilities in Google Android OS Could Allow for Privilege Escalation | allinfosecnews.com

Trust: 5.25

Fetched: May 7, 2024, 9:39 a.m., Published: May 6, 2024, 11:47 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: google model: android

Critical takeover vulnerabilities in 92,000 D-Link devices under active exploitation - Kowatek

Related entries in the VARIoT vulnerabilities database: VAR-202404-0069, VAR-202404-0070

Trust: 4.75

Fetched: May 7, 2024, 9:37 a.m., Published: April 9, 2024, 7:27 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: d-link model: dns-327l
vendor: d-link model: dns-320l
vendor: d-link model: dns-325
vendor: d-link model: dns-340l
db: NVD ids: CVE-2024-3272, CVE-2024-3273

Microsoft Finds Major Security Flaw ‘Dirty Stream’ in Android Apps Totalling Billions of Downloads | Technology News

Trust: 4.75

Fetched: May 7, 2024, 9:36 a.m., Published: May 6, 2024, 7:54 a.m.
 Vulnerabilities: path traversal
Affected productsExternal IDs
vendor: google model: home
vendor: google model: android

Deep Sentinel Review 2024 | Security.org

Trust: 3.0

Fetched: May 7, 2024, 9:36 a.m., Published: April 22, 2024, 7:23 p.m.
 Vulnerabilities: -
Affected productsExternal IDs

CISO Daily Update - April 15, 2024

Related entries in the VARIoT vulnerabilities database: VAR-202404-0069, VAR-202404-0070

Trust: 4.25

Fetched: May 7, 2024, 9:30 a.m., Published: April 15, 2024, midnight
 Vulnerabilities: privilege elevation, script execution
Affected productsExternal IDs
vendor: palo model: networks globalprotect
vendor: palo model: pan-os
vendor: palo model: networks
vendor: palo model: firewall
vendor: palo model: palo alto networks globalprotect
vendor: palo alto networks model: networks globalprotect
vendor: palo alto networks model: pan-os
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: palo alto networks model: palo alto networks globalprotect
db: NVD ids: CVE-2024-3272, CVE-2024-3273

The Vulnerabilities of Wireless Local Area Network " EssayGroom

Trust: 4.5

Fetched: May 7, 2024, 9:29 a.m., Published: April 22, 2024, 8:42 a.m.
 Vulnerabilities: denial of service, session hijacking
Affected productsExternal IDs
vendor: wireshark model: wireshark

6 Most Common Web Security Vulnerabilities (And How To Tackle Them)

Trust: 3.5

Fetched: May 7, 2024, 9:29 a.m., Published: April 24, 2024, 11:32 p.m.
 Vulnerabilities: cross-site request forgery, cross-site scripting, code injection...
Affected productsExternal IDs

Xiaomi Android Devices Affected by Multiple Vulnerabilities Across Applications and System Components - Owlysec - Cyber Security News

Trust: 4.75

Fetched: May 7, 2024, 9:28 a.m., Published: May 6, 2024, 8:28 p.m.
 Vulnerabilities: memory corruption, command injection
Affected productsExternal IDs
vendor: xiaomi model: miui