Sign-up

VARIoT news about IoT security

Security Advisory for Multiple Vulnerabilities on Multiple Products, PSV-2021-0327 - NETGEAR Support

Related entries in the VARIoT vulnerabilities database: VAR-202203-1668, VAR-202203-1671

Trust: 3.75

Fetched: Dec. 10, 2023, 9:23 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: mesh model: mesh
vendor: netgear model: r7100lg
vendor: netgear model: router
vendor: netgear model: r8000p
vendor: netgear model: r6700v3
vendor: netgear model: rax15
vendor: netgear model: r6400
vendor: netgear model: rax20
vendor: netgear model: orbi
vendor: netgear model: r8000
vendor: netgear model: r7000
vendor: netgear model: rax50
vendor: netgear model: r6400v2
vendor: netgear model: rs400
vendor: netgear model: lax20
vendor: netgear model: r7000p
vendor: netgear model: mr60
vendor: netgear model: r8500
vendor: netgear model: r6900p
vendor: netgear model: rax48
vendor: netgear model: r7900p
vendor: netgear model: r7850
vendor: netgear model: rax45
vendor: trend model: security
vendor: trend micro model: security
db: NVD ids: CVE-2022-27642, CVE-2022-27647

Moxa NPort Device Vulnerabilities (Update A) | CISA

Related entries in the VARIoT vulnerabilities database: VAR-201702-0596, VAR-201702-0594, VAR-201702-0593, VAR-201702-0860, VAR-201702-0597, VAR-201702-0862, VAR-201702-0595, VAR-201702-0851

Trust: 5.25

Fetched: Dec. 10, 2023, 9:22 a.m., Published: March 21, 2017, midnight
 Vulnerabilities: buffer overflow, code execution, cross-site request forgery...
Affected productsExternal IDs
vendor: moxa model: nport 5100a series
vendor: moxa model: nport
vendor: moxa model: nport p5150a
vendor: moxa model: nport 5200a series
vendor: moxa model: nport 5150ai-m12
vendor: moxa model: nport 5600 series
vendor: moxa model: nport 5250ai-m12
vendor: moxa model: nport 5600-8-dt
vendor: moxa model: nport 5200a
vendor: moxa model: nport 5400 series
vendor: moxa model: nport 5100a
vendor: moxa model: nport 5200 series
vendor: moxa model: nport 5110
vendor: moxa model: nport 5600-8-dtl
vendor: moxa model: nport 5600-8-dtl series
vendor: moxa model: nport 5450ai-m12
vendor: moxa model: nport ia5450a
vendor: moxa model: nport 5130
db: NVD ids: CVE-2016-9369, CVE-2016-9366, CVE-2016-9365, CVE-2016-9361, CVE-2016-9371, CVE-2016-9363, CVE-2016-9367, CVE-2016-9348

JCP | Free Full-Text | Security Perception of IoT Devices in Smart Homes

Trust: 3.25

Fetched: Dec. 10, 2023, 9:21 a.m., Published: Feb. 14, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: home assistant model: home assistant
vendor: google model: google home
vendor: google model: home

Top Vulnerabilities Exploited in VPNs in 2020 - SOCRadar® Cyber Intelligence Inc.

Related entries in the VARIoT vulnerabilities database: VAR-201905-0764, VAR-202006-1087, VAR-201912-0830, VAR-202007-0403, VAR-202010-1187, VAR-201906-0815, VAR-201912-0828, VAR-201906-0818, VAR-201912-0829

Trust: 5.5

Fetched: Dec. 10, 2023, 9:19 a.m., Published: Dec. 13, 2020, 1:15 p.m.
 Vulnerabilities: memory corruption, directory traversal, session hijacking...
Affected productsExternal IDs
vendor: cisco systems model: series routers
vendor: cisco systems model: ios xe software
vendor: cisco systems model: catalyst 9800
vendor: cisco systems model: sd-wan
vendor: cisco systems model: catalyst
vendor: cisco systems model: router
vendor: cisco systems model: vpn client
vendor: cisco systems model: ios xe
vendor: cisco systems model: cisco ios xe
vendor: cisco systems model: netscaler gateway
vendor: cisco systems model: integrated services routers
vendor: cisco systems model: series
vendor: cisco systems model: series integrated services routers
vendor: cisco systems model: access points
vendor: cisco systems model: routers
vendor: cisco systems model: cisco ios
vendor: citrix model: sd-wan
vendor: citrix model: secure gateway
vendor: citrix model: netscaler gateway
vendor: citrix model: hypervisor
vendor: citrix model: gateway
vendor: citrix model: xenserver
vendor: citrix model: application delivery controller
vendor: citrix model: sd-wan wanop
vendor: citrix model: netscaler adc
vendor: citrix model: netscaler
vendor: cisco model: series routers
vendor: cisco model: ios xe software
vendor: cisco model: catalyst 9800
vendor: cisco model: sd-wan
vendor: cisco model: catalyst
vendor: cisco model: router
vendor: cisco model: vpn client
vendor: cisco model: ios xe
vendor: cisco model: cisco ios xe
vendor: cisco model: netscaler gateway
vendor: cisco model: integrated services routers
vendor: cisco model: series
vendor: cisco model: series integrated services routers
vendor: cisco model: access points
vendor: cisco model: routers
vendor: cisco model: cisco ios
vendor: palo model: palo alto networks globalprotect
vendor: palo model: networks globalprotect
vendor: palo model: ssl vpn
vendor: palo model: networks
vendor: palo model: firewall
vendor: palo model: pan-os
vendor: goahead model: webserver
vendor: pulse secure model: pulse policy secure
vendor: pulse secure model: connect secure
vendor: pulse secure model: pulse connect secure
vendor: pulse secure model: policy secure
vendor: moxa model: edr-g903 series
vendor: moxa model: edr-g903
vendor: sonicwall model: sonicos
vendor: sonicwall model: remote access
vendor: sonicwall model: sonicosv
vendor: sonicwall model: sma100
vendor: sonicwall model: ssl vpn
vendor: pulse model: secure pulse policy secure
vendor: palo alto networks model: palo alto networks globalprotect
vendor: palo alto networks model: networks globalprotect
vendor: palo alto networks model: ssl vpn
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: palo alto networks model: pan-os
db: NVD ids: CVE-2018-13383, CVE-2020-3220, CVE-2019-7483, CVE-2020-14511, CVE-2020-5135, CVE-2018-13379, CVE-2019-7481, CVE-2019-19781, CVE-2019-11539, CVE-2018-13382, CVE-2020-2050, CVE-2019-7482, CVE-2020-2005, CVE-2019-11510, CVE-2019-1579

The top 5 most routinely exploited vulnerabilities of 2021

Related entries in the VARIoT vulnerabilities database: VAR-202112-0562, VAR-202112-0566

Trust: 5.5

Fetched: Dec. 10, 2023, 9:19 a.m., Published: April 28, 2022, 5 p.m.
 Vulnerabilities: feature bypass, authentication bypass, code execution...
Affected productsExternal IDs
vendor: zoho model: manageengine adselfservice plus
db: NVD ids: CVE-2021-26084, CVE-2021-26858, CVE-2021-45046, CVE-2021-40539, CVE-2021-34473, CVE-2021-26857, CVE-2021-27065, CVE-2021-26855, CVE-2021-31207, CVE-2021-34523, CVE-2021-44228, CVE-2021-2685

St. Jude Medical finally patches vulnerable medical IoT devices | TechTarget

Trust: 3.75

Fetched: Dec. 10, 2023, 9:18 a.m., Published: Jan. 13, 2017, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: home
db: NVD ids: CVE-2016-7201, CVE-2016-7200

CVE-2022-41099 - Security Update Guide - Microsoft - BitLocker Security Feature Bypass Vulnerability

Trust: 3.25

Fetched: Dec. 10, 2023, 9:17 a.m., Published: -
 Vulnerabilities: security feature bypass, feature bypass
Affected productsExternal IDs
db: NVD ids: CVE-2022-41099

Solutions - Cisco SAFE Overview Guide - Cisco

Trust: 3.25

Fetched: Dec. 10, 2023, 9:15 a.m., Published: Oct. 9, 2023, 10:27 a.m.
 Vulnerabilities: denial of service, privilege escalation
Affected productsExternal IDs
vendor: cisco model: intrusion prevention system
vendor: cisco model: firepower
vendor: cisco model: catalyst
vendor: cisco model: router
vendor: cisco model: meraki mx
vendor: cisco model: umbrella
vendor: cisco model: wireless lan controller
vendor: cisco model: nexus
vendor: cisco model: vpn concentrator
vendor: cisco model: identity services engine
vendor: cisco model: routers
vendor: cisco model: wireless controller

Nearly Every Windows and Linux Device Vulnerable To New LogoFAIL Firmware Attack - Slashdot

Trust: 4.75

Fetched: Dec. 10, 2023, 9:14 a.m., Published: Dec. 30, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: lenovo model: updates
vendor: lenovo model: system
vendor: lenovo model: bios
vendor: dell model: bios
db: NVD ids: CVE-2023-39539, CVE-2023-39538, CVE-2023-5058, CVE-2023-40238

Pixel Update Bulletin-December 2023 | Android Open Source Project

Trust: 4.25

Fetched: Dec. 10, 2023, 9:10 a.m., Published: Dec. 10, 2023, midnight
 Vulnerabilities: denial of service, information disclosure, code execution
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android
db: NVD ids: CVE-2023-48405, CVE-2023-48422, CVE-2023-22383, CVE-2023-33041, CVE-2023-48403, CVE-2023-48398, CVE-2023-48401, CVE-2023-48399, CVE-2023-48411, CVE-2023-41111, CVE-2023-48410, CVE-2023-28580, CVE-2023-48420, CVE-2023-48407, CVE-2023-48408, CVE-2023-48415, CVE-2023-33024, CVE-2023-28575, CVE-2023-48413, CVE-2023-48423, CVE-2023-48402, CVE-2023-48409, CVE-2023-48416, CVE-2023-48421, CVE-2023-48397, CVE-2023-48406, CVE-2023-28579, CVE-2023-21634, CVE-2023-48414, CVE-2023-48412, CVE-2023-22668, CVE-2023-37366, CVE-2023-48404

Bluetooth vulnerability affects Android, Apple and Linux devices - Techzine Europe

Trust: 3.75

Fetched: Dec. 10, 2023, 9:08 a.m., Published: Dec. 8, 2023, 1:15 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: macos
vendor: google model: android
vendor: canonical model: ubuntu
db: NVD ids: CVE-2023-45866

Apple and some Linux distros are open to Bluetooth attack • The Register

Trust: 5.75

Fetched: Dec. 10, 2023, 9:06 a.m., Published: -
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: apple model: macos
vendor: google model: pixel
vendor: google model: android
vendor: canonical model: ubuntu
db: NVD ids: CVE-2023-45866

Critical 'LogoFAIL' Bugs Offer Secure Boot Bypass for Millions of PCs

Trust: 4.75

Fetched: Dec. 8, 2023, 9:50 a.m., Published: Dec. 5, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: samsung model: note
vendor: samsung model: flow
vendor: lenovo model: system
vendor: lenovo model: bios firmware
vendor: lenovo model: bios
vendor: lenovo model: updates
db: NVD ids: CVE-2023-39539, CVE-2023-40238, CVE-2023-39538, CVE-2023-5058

The Windows November 2023 security updates are now available - gHacks Tech News

Trust: 4.0

Fetched: Dec. 8, 2023, 9:48 a.m., Published: Nov. 14, 2023, 6:44 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-36397, CVE-2023-36400

CVE-2023-45866 - vulnerability database | Vulners.com

Trust: 4.25

Fetched: Dec. 8, 2023, 9:48 a.m., Published: Dec. 7, 2023, 12:35 p.m.
 Vulnerabilities: authentication bypass, code execution
Affected productsExternal IDs
vendor: apple model: macos
vendor: google model: android
db: NVD ids: CVE-2020-0556, CVE-2023-45866

Forescout uncovers 21 Sierra Wireless router vulnerabilities | TechTarget

Trust: 4.25

Fetched: Dec. 8, 2023, 9:47 a.m., Published: Dec. 6, 2023, midnight
 Vulnerabilities: cross-site scripting, code execution
Affected productsExternal IDs
vendor: cisco model: cisco routers
vendor: cisco model: routers
vendor: cisco model: router
vendor: sierra wireless model: aleos
vendor: sierra model: aleos
db: NVD ids: CVE-2023-41101

IoT Cybersecurity in 2023: Importance & Tips To Deal With Attacks

Trust: 3.25

Fetched: Dec. 8, 2023, 9:46 a.m., Published: Dec. 8, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: tesla model: model
vendor: google model: wifi router
vendor: google model: wifi
vendor: delegate model: delegate

Bluetooth Security Vulnerability Puts Mobile and PC Devices at Risk

Trust: 5.75

Fetched: Dec. 8, 2023, 9:43 a.m., Published: Dec. 7, 2023, 10:53 p.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: apple model: macos
db: NVD ids: CVE-2023-45866

New BLUFFS Bluetooth Attack Expose Devices to Adversary-in-the-Middle Attacks

Trust: 5.0

Fetched: Dec. 8, 2023, 9:42 a.m., Published: Dec. 4, 2023, 1:16 p.m.
 Vulnerabilities: device impersonation
Affected productsExternal IDs
vendor: apple model: macos
db: NVD ids: CVE-2023-24023

Common Network Security Vulnerabilities | Cobalt

Trust: 3.5

Fetched: Dec. 8, 2023, 9:41 a.m., Published: Dec. 8, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: essential model: phone