VARIoT latest news about IoT security

Six Vulnerabilities in a Popular GPS Device Threaten Millions of Users - Spiceworks Trust: 4.75 Fetched: Dec. 12, 2023, 9:13 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:

tesla

model:

model

db:

NVD

ids:

CVE-2022-34150, CVE-2022-2199, CVE-2022-2141, CVE-2022-33944, CVE-2022-2107

ERROR: The request could not be satisfied Trust: 3.25 Fetched: Dec. 12, 2023, 9:13 a.m., Published: -	Vulnerabilities: configuration error

Affected products	External IDs

How to Use the Best Security for Your Embedded System Trust: 3.5 Fetched: Dec. 12, 2023, 9:12 a.m., Published: Dec. 23, 2021, midnight	Vulnerabilities: system crash, default password, buffer overflow

Affected products	External IDs

LIVEcommunity - Protect Your IoT Devices from Log4j 2 Vulnerability - LIVEcommunity - 453381 Related entries in the VARIoT vulnerabilities database: VAR-202112-0562, VAR-202112-1782, VAR-202112-0566 Trust: 4.5 Fetched: Dec. 12, 2023, 9:11 a.m., Published: Dec. 15, 2021, 8:35 p.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	palo alto networks	model:	firewall
vendor:	palo alto networks	model:	networks
vendor:	palo	model:	firewall
vendor:	palo	model:	networks

db:

NVD

ids:

CVE-2021-45046, CVE-2021-45105, CVE-2021-44228

People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices \| CISA Related entries in the VARIoT vulnerabilities database: VAR-201909-0903, VAR-202012-0977, VAR-201901-0350, VAR-201911-1117, VAR-202002-1447, VAR-201803-1387, VAR-201906-0818, VAR-201808-0384, VAR-201705-3972 Trust: 4.25 Fetched: Dec. 12, 2023, 9:10 a.m., Published: June 10, 2022, midnight	Vulnerabilities: file reading vulnerability, authorization vulnerability, directory traversal...

Affected products

External IDs

vendor:	pulsesecure	model:	pulse connect secure
vendor:	pulsesecure	model:	connect secure
vendor:	pulse secure	model:	pulse connect secure
vendor:	pulse secure	model:	connect secure
vendor:	pulse	model:	secure pulse connect secure
vendor:	citrix	model:	netscaler adc
vendor:	citrix	model:	gateway
vendor:	citrix	model:	netscaler
vendor:	citrix	model:	application delivery controller
vendor:	citrix	model:	sd-wan
vendor:	citrix	model:	netscaler gateway
vendor:	citrix	model:	sd-wan wanop
vendor:	netgear	model:	router
vendor:	mikrotik	model:	routeros
vendor:	mikrotik	model:	routers
vendor:	mikrotik	model:	router
vendor:	mikrotik	model:	winbox
vendor:	draytek	model:	routers
vendor:	cisco	model:	small business
vendor:	cisco	model:	rv042
vendor:	cisco	model:	rv082 dual wan vpn
vendor:	cisco	model:	rv016 multi-wan vpn router
vendor:	cisco	model:	rv016 multi-wan vpn
vendor:	cisco	model:	rv082 dual wan vpn router
vendor:	cisco	model:	routers
vendor:	cisco	model:	rv042 dual wan vpn
vendor:	cisco	model:	small business rv series routers
vendor:	cisco	model:	router
vendor:	cisco	model:	series
vendor:	cisco	model:	access points
vendor:	cisco	model:	rv042g
vendor:	cisco	model:	cisco small business
vendor:	cisco	model:	rv042 dual wan vpn router
vendor:	cisco	model:	small business rv
vendor:	cisco	model:	rv016
vendor:	cisco	model:	soho
vendor:	cisco	model:	rv082
vendor:	cisco	model:	series routers
vendor:	cisco	model:	rv042g dual gigabit wan vpn
vendor:	cisco	model:	sd-wan
vendor:	cisco	model:	netscaler gateway
vendor:	cisco	model:	rv042g dual gigabit wan vpn router
vendor:	d-link	model:	dhp-1565
vendor:	d-link	model:	dir-835
vendor:	d-link	model:	dir-652
vendor:	d-link	model:	dir-655c
vendor:	d-link	model:	router
vendor:	d-link	model:	dir-866l
vendor:	d-link	model:	dir-855l
vendor:	d-link	model:	dir-615
vendor:	d-link	model:	dir-825

db:	NVD	ids:	CVE-2019-16920, CVE-2020-29583, CVE-2019-1652, CVE-2019-15271, CVE-2019-11510, CVE-2019-7194, CVE-2020-8515, CVE-2019-7193, CVE-2021-22893, CVE-2019-19781, CVE-2019-7192, CVE-2018-0171, CVE-2019-7195, CVE-2018-13382, CVE-2018-14847, CVE-2017-6862
db:	CISCO	ids:	CISCO-SA-20191106-SBRV

Siemens PROFINET Devices (Update D) \| CISA Related entries in the VARIoT vulnerabilities database: VAR-202107-1608 Trust: 3.75 Fetched: Dec. 12, 2023, 9:08 a.m., Published: April 14, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	siemens	model:	scalance x204-2ld ts
vendor:	siemens	model:	profinet io
vendor:	siemens	model:	scalance xr324-12m ts
vendor:	siemens	model:	scalance x310
vendor:	siemens	model:	scalance xm400
vendor:	siemens	model:	ek-ertec
vendor:	siemens	model:	cp1616
vendor:	siemens	model:	scalance x320-1fe
vendor:	siemens	model:	scalance xf204-2ba irt
vendor:	siemens	model:	scalance xf204 irt
vendor:	siemens	model:	scalance x308-2m
vendor:	siemens	model:	s7-1200 cpu
vendor:	siemens	model:	ek-ertec 200
vendor:	siemens	model:	simatic s7-1200 cpu family
vendor:	siemens	model:	scalance x202-2p irt
vendor:	siemens	model:	scalance xr500
vendor:	siemens	model:	scalance x212-2
vendor:	siemens	model:	scalance w700 ieee 802.11n
vendor:	siemens	model:	simatic s7-1200 cpu
vendor:	siemens	model:	simocode
vendor:	siemens	model:	scalance x204-2
vendor:	siemens	model:	ruggedcom
vendor:	siemens	model:	scalance x307-3
vendor:	siemens	model:	scalance x204-2fm
vendor:	siemens	model:	scalance x224
vendor:	siemens	model:	ruggedcom rm1224
vendor:	siemens	model:	scalance xf208
vendor:	siemens	model:	scalance xc-200
vendor:	siemens	model:	ek-ertec 200p
vendor:	siemens	model:	scalance xb-200
vendor:	siemens	model:	simatic mv500
vendor:	siemens	model:	scalance x308-2lh
vendor:	siemens	model:	simatic
vendor:	siemens	model:	scalance x307-3ld
vendor:	siemens	model:	scalance xr324-4m poe
vendor:	siemens	model:	scalance x216
vendor:	siemens	model:	scalance x204 irt
vendor:	siemens	model:	scalance x206-1
vendor:	siemens	model:	scalance xr-300wg
vendor:	siemens	model:	scalance x206-1ld
vendor:	siemens	model:	ie/pb-link
vendor:	siemens	model:	scalance x212-2ld
vendor:	siemens	model:	scalance xf201-3p irt
vendor:	siemens	model:	scalance x204-2ld
vendor:	siemens	model:	scalance xf206-1
vendor:	siemens	model:	dk standard ethernet controller
vendor:	siemens	model:	scalance x204 irt pro
vendor:	siemens	model:	scalance x308-2
vendor:	siemens	model:	scalance xp-200
vendor:	siemens	model:	scalance x208pro
vendor:	siemens	model:	scalance x201-3p irt
vendor:	siemens	model:	scalance xf202-2p irt
vendor:	siemens	model:	simatic net
vendor:	siemens	model:	scalance xr324-12m
vendor:	siemens	model:	scalance x408
vendor:	siemens	model:	scalance x408-2
vendor:	siemens	model:	simatic cfu pa
vendor:	siemens	model:	scalance w700
vendor:	siemens	model:	scalance xr324-4m poe ts
vendor:	siemens	model:	scalance xf204
vendor:	siemens	model:	profinet driver
vendor:	siemens	model:	scalance x208
vendor:	siemens	model:	simatic s7-1200
vendor:	siemens	model:	scalance x201-3p irt pro
vendor:	siemens	model:	scalance xr324-4m eec
vendor:	siemens	model:	scalance x202-2 irt
vendor:	siemens	model:	scalance
vendor:	siemens	model:	scalance x310fe
vendor:	siemens	model:	scalance x308-2ld
vendor:	siemens	model:	scalance m-800
vendor:	siemens	model:	scalance xf204-2
vendor:	siemens	model:	cp1604
vendor:	siemens	model:	scalance x200
vendor:	siemens	model:	scalance x308-2m ts
vendor:	siemens	model:	scalance s615
vendor:	siemens	model:	simatic profinet driver
vendor:	siemens	model:	scalance xf-200ba
vendor:	siemens	model:	scalance x320-3ldfe
vendor:	siemens	model:	scalance x202-2p irt pro

db:

NVD

ids:

CVE-2020-28400

The 2022-2023 IoT Botnet Report - Vulnerabilities Targeted - CUJO AI Related entries in the VARIoT vulnerabilities database: VAR-202203-0700, VAR-201612-0015, VAR-202110-1691, VAR-201810-0936, VAR-201905-0651, VAR-202205-0957, VAR-201805-0262, VAR-201505-0274, VAR-202003-1707, VAR-202003-0363, VAR-202210-1176, VAR-202002-1447, VAR-202104-0768, VAR-202001-0633, VAR-202007-0064, VAR-201803-1048, VAR-201710-0139, VAR-202102-0290, VAR-201805-0263, VAR-202112-0566, VAR-201906-0716, VAR-202208-1439, VAR-202203-0233, VAR-201403-0306, VAR-202203-1506, VAR-201812-1038, VAR-201906-0703, VAR-201502-0201, VAR-201802-0135, VAR-201705-1398, VAR-202110-1690, VAR-202202-0832, VAR-201712-0829, VAR-201703-0755, VAR-202203-0505, VAR-202205-0394 Trust: 5.0 Fetched: Dec. 12, 2023, 9:05 a.m., Published: April 27, 2023, 12:34 p.m.	Vulnerabilities: memory corruption, privilege escalation, command injection...

Affected products

External IDs

vendor:	dasan	model:	znid gpon 2426a
vendor:	dasan	model:	gpon routers
vendor:	comtrend	model:	vr-3033
vendor:	hikvision	model:	ip cameras
vendor:	orange	model:	web server
vendor:	telesquare	model:	sdt-cw3b1
vendor:	goahead	model:	webserver
vendor:	huawei	model:	hg532
vendor:	huawei	model:	huawei
vendor:	vacron	model:	vacron nvr
vendor:	zhone	model:	znid gpon 2426a
vendor:	zhone	model:	znid gpon
vendor:	netgear	model:	dgn2000
vendor:	netgear	model:	dgn1000
vendor:	netgear	model:	router
vendor:	draytek	model:	routers
vendor:	draytek	model:	vigor
vendor:	draytek	model:	vigor2960
vendor:	tenda	model:	ac15
vendor:	tenda	model:	router
vendor:	avtech	model:	ip camera
vendor:	realtek	model:	realtek sdk
vendor:	google	model:	chrome
vendor:	google	model:	home
vendor:	d-link	model:	dns-320
vendor:	d-link	model:	dir-845
vendor:	d-link	model:	dsl-2750b
vendor:	d-link	model:	dir-300
vendor:	d-link	model:	dir-619l
vendor:	d-link	model:	dir-645
vendor:	d-link	model:	router
vendor:	d-link	model:	dir-600
vendor:	d-link	model:	dir-605l
vendor:	d-link	model:	dir-865

db:

NVD

ids:

CVE-2022-26210, CVE-2016-6277, CVE-2021-4039, CVE-2021-41773, CVE-2018-10823, CVE-2020-17456, CVE-2017-18368, CVE-2016-20016, CVE-2022-30525, CVE-2018-10561, CVE-2014-8361, CVE-2020-9054, CVE-2020-10173, CVE-2016-20017, CVE-2020-8515, CVE-2021-20090, CVE-2019-19824, CVE-2020-10987, CVE-2017-17215, CVE-2021-4034, CVE-2014-9118, CVE-2020-8958, CVE-2020-25506, CVE-2018-10562, CVE-2021-44228, CVE-2017-17125, CVE-2020-7209, CVE-2018-12613, CVE-2021-36260, CVE-2022-34538, CVE-2017-18377, CVE-2022-37061, CVE-2022-22947, CVE-2014-2321, CVE-2021-35395, CVE-2021-46422, CVE-2018-20062, CVE-2022-22965, CVE-2018-20057, CVE-2013-7471, CVE-2022-29013, CVE-2018-17173, CVE-2015-2051, CVE-2014-3206, CVE-2016-10372, CVE-2021-35394, CVE-2021-42013, CVE-2022-25075, CVE-2017-17106, CVE-2017-5638, CVE-2022-26186, CVE-2007-3010, CVE-2022-1388

Google Chrome 119 Vulnerability Audit - Lansweeper Trust: 5.5 Fetched: Dec. 10, 2023, 9:41 a.m., Published: -	Vulnerabilities: integer overflow

Affected products

External IDs

vendor:	google	model:	chrome
vendor:	google	model:	google chrome

db:

NVD

ids:

CVE-2023-6345

CompTIA Security+ SY0-601 Exam Questions and Answers - Page 1 - Page 3 of 10 - PUPUWEB Trust: 4.25 Fetched: Dec. 10, 2023, 9:37 a.m., Published: Nov. 17, 2023, 3:51 a.m.	Vulnerabilities: buffer overflow, injection attack, resource exhaustion...

Affected products

External IDs

vendor:	cisco	model:	router
vendor:	cisco	model:	technical support

Is macOS as secure as its users think? \| Kaspersky official blog Trust: 3.5 Fetched: Dec. 10, 2023, 9:34 a.m., Published: Jan. 10, 2050, midnight	Vulnerabilities: traffic interception

Affected products

External IDs

vendor:	apple	model:	safari
vendor:	apple	model:	iphone
vendor:	apple	model:	macos
vendor:	google	model:	chrome

Bluetooth Vulnerability Raises Concerns for Android, iOS, Linux, and macOS Devices Trust: 5.75 Fetched: Dec. 10, 2023, 9:34 a.m., Published: Dec. 8, 2023, 10:22 a.m.	Vulnerabilities: authentication bypass

Affected products

External IDs

vendor:	apple	model:	macos
vendor:	google	model:	android

db:

NVD

ids:

CVE-2023-45866

Marc Newlin's Keyboard Spoofing Attack Sends Arbitrary Commands to Android, iOS, macOS, and Linux - Hackster.io Trust: 3.75 Fetched: Dec. 10, 2023, 9:31 a.m., Published: Dec. 10, 2016, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	macos
vendor:	google	model:	pixel
vendor:	google	model:	android

db:

NVD

ids:

CVE-2023-45866

Apple, Linux Devices Found Vulnerable to Bluetooth Hack • iPhone in Canada Blog Trust: 4.75 Fetched: Dec. 10, 2023, 9:31 a.m., Published: Dec. 8, 2023, 6:50 p.m.	Vulnerabilities: authentication bypass

Affected products

External IDs

vendor:	apple	model:	iphone
vendor:	google	model:	android
vendor:	google	model:	pixel
vendor:	canonical	model:	ubuntu

db:

NVD

ids:

CVE-2023-45866

Bluetooth Flaw Exposes Apple and Linux Devices - Spiceworks Trust: 5.5 Fetched: Dec. 10, 2023, 9:30 a.m., Published: -	Vulnerabilities: authentication bypass, privilege escalation

Affected products

External IDs

vendor:	apple	model:	macos
vendor:	google	model:	android
vendor:	google	model:	pixel

db:

NVD

ids:

CVE-2023-45866

Aviva cyberattack warning, anti-aircraft data theft, car fleets vuln Related entries in the VARIoT vulnerabilities database: VAR-202312-0888 Trust: 4.75 Fetched: Dec. 10, 2023, 9:30 a.m., Published: Dec. 7, 2023, 8:46 p.m.	Vulnerabilities: code execution, authentication bypass, integer overflow

Affected products

External IDs

vendor:

google

model:

android

db:

NVD

ids:

CVE-2022-22071, CVE-2023-45866, CVE-2023-33106, CVE-2023-33107, CVE-2023-33063, CVE-2023-6248

Critical Bluetooth security flaw discovered in Google, Apple and Linux devices - SiliconANGLE Trust: 5.5 Fetched: Dec. 10, 2023, 9:29 a.m., Published: Dec. 8, 2023, 12:10 a.m.	Vulnerabilities: code execution, authentication bypass

Affected products

External IDs

vendor:	apple	model:	iphone
vendor:	apple	model:	macos
vendor:	google	model:	pixel
vendor:	google	model:	android
vendor:	canonical	model:	ubuntu

db:

NVD

ids:

CVE-2023-45866

12 Best IP Scanner Tools for Network Management Trust: 3.75 Fetched: Dec. 10, 2023, 9:29 a.m., Published: March 1, 2018, 11:23 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

delegate

model:

delegate

Critical Bluetooth flaw could take over Android, Apple, Linux devices \| SC Media Trust: 5.0 Fetched: Dec. 10, 2023, 9:26 a.m., Published: Dec. 7, 2023, 7:57 p.m.	Vulnerabilities: code execution, authentication bypass

Affected products

External IDs

vendor:

apple

model:

macos

db:

NVD

ids:

CVE-2023-45866

Android Security Bulletin-December 2023 \| Android Open Source Project Related entries in the VARIoT vulnerabilities database: VAR-202312-2276, VAR-202312-0897, VAR-202312-1066, VAR-202312-1228, VAR-202312-1728, VAR-202312-1919, VAR-202312-0888 Trust: 4.25 Fetched: Dec. 10, 2023, 9:25 a.m., Published: Dec. 10, 2023, midnight	Vulnerabilities: denial of service, information disclosure, code execution

Affected products

External IDs

vendor:	huawei	model:	huawei
vendor:	samsung	model:	note
vendor:	samsung	model:	notes
vendor:	samsung	model:	mobile
vendor:	motorola	model:	motorola
vendor:	motorola	model:	android
vendor:	google	model:	pixel
vendor:	google	model:	android

db:

NVD

ids:

CVE-2023-4272, CVE-2023-33089, CVE-2023-45777, CVE-2023-40083, CVE-2023-28546, CVE-2023-3889, CVE-2023-21215, CVE-2023-40080, CVE-2023-21227, CVE-2023-28551, CVE-2023-40079, CVE-2023-40076, CVE-2023-21163, CVE-2023-45781, CVE-2023-33106, CVE-2023-40089, CVE-2023-32847, CVE-2023-21403, CVE-2023-40098, CVE-2023-21652, CVE-2022-48454, CVE-2023-21164, CVE-2023-45775, CVE-2023-45776, CVE-2023-21162, CVE-2023-21217, CVE-2023-32851, CVE-2023-21263, CVE-2023-35690, CVE-2023-33080, CVE-2023-40088, CVE-2023-40073, CVE-2022-48456, CVE-2023-21394, CVE-2023-40090, CVE-2023-40087, CVE-2023-28550, CVE-2023-33063, CVE-2023-35668, CVE-2023-28586, CVE-2023-33088, CVE-2022-22076, CVE-2023-33022, CVE-2022-48459, CVE-2023-33097, CVE-2023-40096, CVE-2023-45773, CVE-2023-40097, CVE-2023-21401, CVE-2023-40075, CVE-2023-40094, CVE-2022-40507, CVE-2023-33017, CVE-2023-40074, CVE-2023-28587, CVE-2022-48461, CVE-2023-32818, CVE-2023-21662, CVE-2023-21218, CVE-2023-21267, CVE-2023-45866, CVE-2023-40091, CVE-2023-40092, CVE-2023-33098, CVE-2023-21664, CVE-2023-40081, CVE-2023-40078, CVE-2023-40082, CVE-2022-48457, CVE-2023-45774, CVE-2023-40103, CVE-2023-40084, CVE-2023-28585, CVE-2022-48455, CVE-2023-40095, CVE-2022-48458, CVE-2023-32804, CVE-2023-33018, CVE-2023-33054, CVE-2023-33081, CVE-2023-40077, CVE-2023-21216, CVE-2023-21402, CVE-2023-21166, CVE-2023-33107, CVE-2023-32850, CVE-2023-21228, CVE-2023-32848, CVE-2023-45779

Multiple Vulnerabilities in Sierra AirLink Cellular Routers - NHS Digital Trust: 5.5 Fetched: Dec. 10, 2023, 9:25 a.m., Published: Dec. 10, 2023, midnight	Vulnerabilities: denial of service, code execution, cross-site scripting...

Affected products

External IDs

vendor:

sierra

model:

aleos

db:

NVD

ids:

CVE-2023-40464, CVE-2023-40461, CVE-2023-41101, CVE-2023-38316, CVE-2023-40463, CVE-2023-40458, CVE-2023-40459, CVE-2023-40460, CVE-2023-40462

VARIoT news about IoT security