Sign-up

VARIoT news about IoT security

Global smartphone brand exposed to dangerous security vulnerabilities

Trust: 3.0

Fetched: May 7, 2024, 9:26 a.m., Published: May 7, 2024, 7:01 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android

Microsoft’s April 2024 Patch Tuesday includes two actively exploited zero-day vulnerabilities | Malwarebytes

Trust: 5.5

Fetched: May 7, 2024, 9:26 a.m., Published: April 11, 2024, 8:23 a.m.
 Vulnerabilities: security feature bypass, feature bypass
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: android
db: NVD ids: CVE-2024-29988, CVE-2024-26234

Credential stuffing, Cisco, ICICI and Wordpress - by Royans

Trust: 5.0

Fetched: May 7, 2024, 9:25 a.m., Published: April 28, 2024, midnight
 Vulnerabilities: sql injection
Affected productsExternal IDs
vendor: cisco model: firepower
vendor: cisco model: cisco adaptive security appliance
vendor: cisco model: adaptive security appliance
vendor: cisco model: firepower threat defense
db: NVD ids: CVE-2024-27956

Multiple Fortinet Vulnerabilities Let Attackers Execute Code

Trust: 4.5

Fetched: May 7, 2024, 9:23 a.m., Published: April 10, 2024, 8:34 a.m.
 Vulnerabilities: command execution, information exposure, arbitrary command execution...
Affected productsExternal IDs
db: NVD ids: CVE-2024-23662, CVE-2023-48784, CVE-2023-41677

Critical RCE Vulnerability in 92,000 D-Link NAS Devices

Related entries in the VARIoT vulnerabilities database: VAR-202404-0069, VAR-202404-0070

Trust: 4.25

Fetched: May 7, 2024, 9:21 a.m., Published: April 16, 2024, 12:53 p.m.
 Vulnerabilities: injection attack, command injection, code execution
Affected productsExternal IDs
vendor: d-link model: dns-327l
vendor: d-link model: dns-320l
vendor: d-link model: dns-325
vendor: d-link model: dns-340l
db: NVD ids: CVE-2024-3272, CVE-2024-3273

Palo Alto Updates Remediation for Max-Critical Firewall Bug

Trust: 5.5

Fetched: May 7, 2024, 9:19 a.m., Published: May 5, 2024, midnight
 Vulnerabilities: command execution
Affected productsExternal IDs
vendor: palo model: pan-os
vendor: palo model: firewall
vendor: palo model: networks
vendor: palo alto networks model: pan-os
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks
db: NVD ids: CVE-2024-3400

vulnerabilities

Trust: 3.25

Fetched: May 7, 2024, 9:19 a.m., Published: April 25, 2024, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs

CERT-In: Govt's cyber agency finds multiple bugs and serious vulnerabilities in Cisco products, ET Government

Trust: 3.75

Fetched: May 7, 2024, 9:17 a.m., Published: April 28, 2024, 3:35 a.m.
 Vulnerabilities: improper validation, command injection, denial of service...
Affected productsExternal IDs
vendor: cisco model: cisco adaptive security appliance
vendor: cisco model: firepower
vendor: cisco model: adaptive security appliance
vendor: cisco model: firepower threat defense

The LogoFAIL vulnerability allows image file attacks on your device

Trust: 4.75

Fetched: May 7, 2024, 9:16 a.m., Published: April 10, 2024, 1:51 p.m.
 Vulnerabilities: calculation error
Affected productsExternal IDs
vendor: asus model: asus
vendor: lenovo model: updates
vendor: lenovo model: system
db: NVD ids: CVE-2023-40238

Critical RCE Vulnerability in 92,000 D-Link NAS Devices - Source: securityboulevard.com - CISO2CISO.COM & CYBER SECURITY GROUP

Related entries in the VARIoT vulnerabilities database: VAR-202404-0069, VAR-202404-0070

Trust: 4.25

Fetched: May 7, 2024, 9:14 a.m., Published: April 16, 2024, 9 a.m.
 Vulnerabilities: injection attack, command injection, code execution
Affected productsExternal IDs
vendor: d-link model: dns-327l
vendor: d-link model: dns-320l
vendor: d-link model: dns-325
vendor: d-link model: dns-340l
db: NVD ids: CVE-2024-3272, CVE-2024-3273

New “Goldoon” Botnet Targeting D-Link Devices | FortiGuard Labs

Related entries in the VARIoT vulnerabilities database: VAR-201502-0201

Trust: 4.25

Fetched: May 7, 2024, 9:13 a.m., Published: May 1, 2024, 3 p.m.
 Vulnerabilities: command execution, code execution
Affected productsExternal IDs
vendor: d-link model: dir-645
vendor: d-link model: router
db: NVD ids: CVE-2015-2051

Samsung reveals May 2024 security update fixes 45 vulnerabilities - Sammy Fans

Related entries in the VARIoT vulnerabilities database: VAR-202404-1690, VAR-202404-1315

Trust: 4.5

Fetched: May 7, 2024, 9:12 a.m., Published: May 7, 2024, 6:15 a.m.
 Vulnerabilities: authentication vulnerability, access control vulnerability, authentication bypass...
Affected productsExternal IDs
vendor: google model: android
vendor: samsung model: samsung galaxy
vendor: samsung model: galaxy
db: NVD ids: CVE-2024-21463, CVE-2024-23702, CVE-2023-33115, CVE-2024-20858, CVE-2024-20039, CVE-2024-21468, CVE-2024-20866, CVE-2023-33096, CVE-2024-0025, CVE-2024-20864, CVE-2024-20859, CVE-2024-23706, CVE-2023-33084, CVE-2024-20040, CVE-2023-33101, CVE-2024-20857, CVE-2024-20860, CVE-2024-0042, CVE-2024-21472, CVE-2024-23701, CVE-2024-20865, CVE-2024-20863, CVE-2023-33103, CVE-2024-20856, CVE-2024-23705, CVE-2024-23707, CVE-2024-23708, CVE-2024-0024, CVE-2023-33100, CVE-2023-33104, CVE-2024-20861, CVE-2024-23700, CVE-2024-20862, CVE-2024-23703, CVE-2024-20855, CVE-2023-33099, CVE-2024-20021, CVE-2023-28582, CVE-2024-0043, CVE-2023-33086, CVE-2024-23709, CVE-2023-33095

Microsoft Finds Major Security Flaw ‘Dirty Stream’ in Android Apps Totalling Billions of Downloads | Technology News

Trust: 4.75

Fetched: May 7, 2024, 9:12 a.m., Published: May 6, 2024, 7:54 a.m.
 Vulnerabilities: path traversal
Affected productsExternal IDs
vendor: google model: home
vendor: google model: android

Every Wi-Fi Device Since 1997 Vulnerable to FragAttack - Spiceworks

Related entries in the VARIoT vulnerabilities database: VAR-202105-1477, VAR-202105-1432, VAR-202105-1428, VAR-202105-1430, VAR-202105-0257, VAR-202105-1431, VAR-202105-1475, VAR-202105-1476, VAR-202105-1429, VAR-202105-1493

Trust: 3.75

Fetched: May 7, 2024, 9:11 a.m., Published: April 16, 2024, 10:18 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2020-26146, CVE-2020-24587, CVE-2020-26141, CVE-2020-26139, CVE-2020-26142, CVE-2020-26145, CVE-2020-24586, CVE-2020-24588, CVE-2020-26147, CVE-2020-26144, CVE-2020-26140, CVE-2020-26143

Critical RCE Vulnerability in 92,000 D-Link NAS Devices

Related entries in the VARIoT vulnerabilities database: VAR-202404-0069, VAR-202404-0070

Trust: 4.25

Fetched: May 7, 2024, 9:10 a.m., Published: April 16, 2024, 12:53 p.m.
 Vulnerabilities: injection attack, command injection, code execution
Affected productsExternal IDs
vendor: d-link model: dns-327l
vendor: d-link model: dns-320l
vendor: d-link model: dns-325
vendor: d-link model: dns-340l
db: NVD ids: CVE-2024-3272, CVE-2024-3273

Export software vulnerabilities assessment per device - Microsoft Defender for Endpoint | Microsoft Learn

Trust: 3.5

Fetched: May 7, 2024, 9:07 a.m., Published: June 4, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: google chrome
db: NVD ids: CVE-2020-26971, CVE-2020-15992, CVE-2020-16011

Cisco Releases Security Advisory for Cisco IP Phones - NHS England Digital

Trust: 3.0

Fetched: May 7, 2024, 9:06 a.m., Published: May 7, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: ip phones

Top IoT Device Vulnerabilities: How To Secure IoT Devices | Fortinet

Trust: 3.0

Fetched: May 7, 2024, 9:05 a.m., Published: May 13, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs

The Peril of Badly Secured Network Edge Devices

Related entries in the VARIoT vulnerabilities database: VAR-202005-0696

Trust: 3.75

Fetched: May 3, 2024, 10:42 a.m., Published: May 19, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: firepower
vendor: cisco model: cisco adaptive security appliance
vendor: cisco model: network access control
vendor: cisco model: asa software
vendor: cisco model: firepower threat defense
vendor: cisco model: adaptive security appliance
db: NVD ids: CVE-2024-20359, CVE-2020-3259, CVE-2024-20353

Critical takeover vulnerabilities in 92,000 D-Link devices under active exploitation - Stella Maris Press

Related entries in the VARIoT vulnerabilities database: VAR-202404-0069, VAR-202404-0070

Trust: 4.75

Fetched: May 3, 2024, 10:38 a.m., Published: April 8, 2024, 6:56 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: d-link model: dns-325
vendor: d-link model: dns-320l
vendor: d-link model: dns-340l
vendor: d-link model: dns-327l
db: NVD ids: CVE-2024-3272, CVE-2024-3273