VARIoT latest news about IoT security

2026 Device Vulnerabilities Surge: AI Exploits Threaten IoT and Infrastructure Trust: 4.5 Fetched: Jan. 23, 2026, 9:35 a.m., Published: Jan. 22, 2026, 6:31 p.m.	Vulnerabilities: default credentials

Affected products

External IDs

db:

NVD

ids:

CVE-2026-22920, CVE-2026-22910

WPair Scanner Released to Detect WhisperPair Flaw in Google’s Fast Pair Protocol Trust: 5.0 Fetched: Jan. 23, 2026, 9:30 a.m., Published: Jan. 20, 2026, 9:49 a.m.	Vulnerabilities: authentication bypass

Affected products

External IDs

vendor:

google

model:

android

db:

NVD

ids:

CVE-2025-36911

WhisperPair Attack Allows Hijacking of Laptops, Earbuds Without User Consent - Millions Affected Trust: 3.75 Fetched: Jan. 23, 2026, 9:29 a.m., Published: Jan. 20, 2026, 7:31 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	android
vendor:	oneplus	model:	oneplus

db:

NVD

ids:

CVE-2025-36911

Cisco Unified Communications Products Remote Code Execution Vulnerability Trust: 3.5 Fetched: Jan. 23, 2026, 9:29 a.m., Published: Jan. 21, 2026, 3:54 p.m.	Vulnerabilities: code execution, improper validation

Affected products

External IDs

vendor:	cisco	model:	unity connection
vendor:	cisco	model:	webex
vendor:	cisco	model:	unified communications
vendor:	cisco	model:	unified communications manager
vendor:	cisco	model:	cisco webex
vendor:	cisco	model:	unified communications manager im & presence service
vendor:	cisco	model:	unified communications manager session management edition
vendor:	cisco	model:	cisco unity
vendor:	cisco	model:	unity
vendor:	cisco	model:	cisco unity connection
vendor:	cisco	model:	cisco unified communications manager

CISA issues multiple ICS advisories, details DoS vulnerability risk in Rockwell devices used in critical manufacturing - Industrial Cyber Trust: 5.5 Fetched: Jan. 21, 2026, 10:15 a.m., Published: Jan. 14, 2026, 1:26 p.m.	Vulnerabilities: sql injection

Affected products

External IDs

vendor:	rockwell automation	model:	factorytalk
vendor:	rockwell automation	model:	automation factorytalk
vendor:	rockwell	model:	factorytalk
vendor:	rockwell	model:	automation factorytalk

db:

NVD

ids:

CVE-2025-59448, CVE-2025-59449, CVE-2025-59451, CVE-2025-9368, CVE-2025-59452, CVE-2025-12807

TP-Link Router Vulnerabilities Actively Exploited by Hackers, CISA Urges Immediate Disconnection - Security Spotlight Trust: 5.5 Fetched: Jan. 21, 2026, 10:11 a.m., Published: June 18, 2025, 3:56 p.m.	Vulnerabilities: command injection, improper validation

Affected products

External IDs

vendor:	tp-link	model:	wr841n
vendor:	tp-link	model:	routers
vendor:	tp-link	model:	wr940n
vendor:	tp-link	model:	tl-wr940n
vendor:	tp-link	model:	tl-wr740n
vendor:	tp-link	model:	tl-wr841n
vendor:	tp-link	model:	wr740n

Pixel Update Bulletin-January 2026 \| Android Open Source Project Trust: 4.25 Fetched: Jan. 21, 2026, 10:09 a.m., Published: Jan. 21, 2026, midnight	Vulnerabilities: code execution, denial of service, information disclosure

Affected products

External IDs

vendor:	google	model:	pixel
vendor:	google	model:	android

db:

NVD

ids:

CVE-2025-36911, CVE-2025-48647

Microsoft Patches Teams Vulnerability: Critical Fix Against Remote Code Risks - Application Security Trust: 4.75 Fetched: Jan. 21, 2026, 10:08 a.m., Published: Aug. 28, 2025, 9:47 a.m.	Vulnerabilities: code execution, buffer overflow, memory corruption

Affected products

External IDs

db:

NVD

ids:

CVE-2025-53783

CISA 2025 ICS Vulnerabilities: Critical Flaws in Advantech, ABB, Hitachi Energy, Ubia Trust: 3.0 Fetched: Jan. 21, 2026, 10:08 a.m., Published: Jan. 21, 2025, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

trend

model:

security

Net-SNMP Vulnerability Allows Buffer Overflow, Leading to Daemon Crash Trust: 5.75 Fetched: Jan. 21, 2026, 10:08 a.m., Published: Dec. 24, 2025, 7:54 a.m.	Vulnerabilities: buffer overflow

Affected products

External IDs

vendor:	trend	model:	security
vendor:	trend micro	model:	security
vendor:	net-snmp	model:	net-snmp

db:

NVD

ids:

CVE-2025-68615

Siemens RUGGEDCOM APE1808 Devices \| CISA Trust: 5.25 Fetched: Jan. 21, 2026, 10:06 a.m., Published: March 8, 2026, midnight	Vulnerabilities: path traversal, cross-site scripting, improper validation...

Affected products

External IDs

vendor:	siemens	model:	ruggedcom
vendor:	nozomi	model:	guardian

db:

NVD

ids:

CVE-2025-40892, CVE-2025-40891, CVE-2025-40893, CVE-2025-40898

Cisco ISE Vulnerability Exposes Critical Remote Code Execution Risk Across Enterprise Networks - Security Spotlight Trust: 4.5 Fetched: Jan. 21, 2026, 10:06 a.m., Published: July 18, 2025, 12:25 p.m.	Vulnerabilities: code execution, sql injection, restriction bypass

Affected products

External IDs

vendor:	cisco	model:	unified intelligence center
vendor:	cisco	model:	unified ccx
vendor:	cisco	model:	cisco prime infrastructure
vendor:	cisco	model:	identity services engine
vendor:	cisco	model:	cisco unified intelligence center
vendor:	cisco	model:	prime infrastructure
vendor:	trend	model:	security
vendor:	trend micro	model:	security

db:

NVD

ids:

CVE-2025-20288, CVE-2025-20272, CVE-2025-20274, CVE-2025-20337, CVE-2025-20285, CVE-2025-20284, CVE-2025-20283, CVE-2025-20282, CVE-2025-20281

Apple 2024 Vulnerability Disclosure: 110 Flaws Patched Across Devices Trust: 3.5 Fetched: Jan. 21, 2026, 10:03 a.m., Published: Jan. 21, 2024, midnight	Vulnerabilities: code execution, privilege escalation, memory corruption

Affected products

External IDs

vendor:	apple	model:	macos
vendor:	apple	model:	safari
vendor:	apple	model:	watchos
vendor:	apple	model:	webkit
vendor:	apple	model:	tvos

Node.js Trust: 3.5 Fetched: Jan. 21, 2026, 10:03 a.m., Published: Jan. 13, 2026, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

node.js

model:

node.js

Bluetooth Headphones Can Be Weaponized to Hack Phones \| eSecurity Planet Trust: 3.0 Fetched: Jan. 21, 2026, 10:02 a.m., Published: Dec. 30, 2025, 7:30 p.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2025-20702, CVE-2025-20701, CVE-2025-20700

Millions Of Audio Devices Need Security Patch Trust: 3.25 Fetched: Jan. 21, 2026, 10:01 a.m., Published: Jan. 16, 2026, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

android

WPair - Scanner Tool to Detect WhisperPair Flaw in Google's Fast Pair Protocol Trust: 5.0 Fetched: Jan. 21, 2026, 9:55 a.m., Published: Jan. 20, 2026, 4:21 p.m.	Vulnerabilities: authentication bypass

Affected products

External IDs

vendor:

google

model:

android

db:

NVD

ids:

CVE-2025-36911

One photo enabled eavesdropping: How Samsung was hacked Trust: 3.75 Fetched: Jan. 21, 2026, 9:54 a.m., Published: Jan. 20, 2026, 3:13 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	android
vendor:	google	model:	pixel
vendor:	palo	model:	networks
vendor:	palo alto networks	model:	networks
vendor:	samsung	model:	android
vendor:	samsung	model:	samsung galaxy
vendor:	samsung	model:	mobile
vendor:	samsung	model:	galaxy
vendor:	samsung	model:	samsung

db:

NVD

ids:

CVE-2025-21042

Redmi Buds Vulnerability Could Allow Call Data Theft and Firmware Instability Related entries in the VARIoT vulnerabilities database: VAR-201404-0592 Trust: 5.75 Fetched: Jan. 21, 2026, 9:53 a.m., Published: Jan. 3, 2026, midnight	Vulnerabilities: resource exhaustion, denial of service, information disclosure

Affected products

External IDs

vendor:

xiaomi

model:

redmi

db:

NVD

ids:

CVE-2025-13834, CVE-2014-0160, CVE-2025-13328

Device Status Classification \| zalexdev/whisper-pair-app \| DeepWiki Trust: 3.0 Fetched: Jan. 21, 2026, 9:51 a.m., Published: Jan. 17, 2026, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2025-36911

VARIoT news about IoT security