Sign-up

VARIoT news about IoT security

Guarding Against IoT Attacks: Strategies and Best Practices | Coursera

Trust: 4.5

Fetched: April 21, 2024, 9:07 a.m., Published: April 2, 2024, midnight
 Vulnerabilities: weak password
Affected productsExternal IDs
vendor: samsung model: mobile
vendor: lg electronics model: mobile
vendor: google model: google home
vendor: google model: home
vendor: google model: android

Top 6 Cloud Vulnerabilities - CrowdStrike

Trust: 3.5

Fetched: April 19, 2024, 9:09 a.m., Published: Feb. 2, 2024, 6:40 p.m.
 Vulnerabilities: sql injection, code injection, command injection
Affected productsExternal IDs

Cybersecurity: The need for data and patient safety with cardiac implantable electronic devices - PMC

Trust: 3.5

Fetched: April 19, 2024, 9:06 a.m., Published: March 19, 2021, midnight
 Vulnerabilities: resource depletion
Affected productsExternal IDs
vendor: google model: home
vendor: apple model: iphone
vendor: medtronic model: carelink programmer
vendor: medtronic model: carelink 2090

“Highly capable” hackers root corporate networks by exploiting firewall 0-day | Ars Technica

Trust: 3.5

Fetched: April 19, 2024, 9:05 a.m., Published: April 12, 2024, 8:48 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: citrix model: gateway
vendor: palo alto networks model: firewall
vendor: palo alto networks model: pan-os
vendor: palo alto networks model: networks
vendor: palo model: firewall
vendor: palo model: pan-os
vendor: palo model: networks
db: NVD ids: CVE-2024-3400

CVE-2024-24720 - Information Disclosure Vulnerability in Innovaphone PBX Devices prior to 14r1

Trust: 4.75

Fetched: April 17, 2024, 9:29 a.m., Published: Feb. 27, 2024, 1:15 a.m.
 Vulnerabilities: information disclosure
Affected productsExternal IDs
db: NVD ids: CVE-2024-24720

D-Link NAS Devices Targeted by Increased Attack Attempts

Trust: 4.25

Fetched: April 17, 2024, 9:29 a.m., Published: April 15, 2024, 9:36 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs

Docker Security Advisory: Multiple Vulnerabilities in runc, BuildKit, and Moby | Docker

Trust: 3.0

Fetched: April 17, 2024, 9:28 a.m., Published: Jan. 31, 2024, 8:05 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-21626, CVE-2024-24557, CVE-2024-23651, CVE-2024-23653, CVE-2024-23650, CVE-2024-23652

92,000+ internet-facing D-Link NAS devices accessible via "backdoor" account (CVE-2024-3273) - Help Net Security

Related entries in the VARIoT vulnerabilities database: VAR-202404-0069, VAR-202404-0070

Trust: 5.5

Fetched: April 17, 2024, 9:26 a.m., Published: April 8, 2024, 9 a.m.
 Vulnerabilities: command injection, command execution, arbitrary command execution
Affected productsExternal IDs
vendor: d-link model: dns-325
vendor: d-link model: dns-340l
vendor: d-link model: dns-320l
vendor: d-link model: dns-327l
db: NVD ids: CVE-2024-3272, CVE-2024-3273

D-Link Multiple NAS Devices Command Injection & Sternum Protection | Sternum IoT

Related entries in the VARIoT vulnerabilities database: VAR-202404-0070

Trust: 4.0

Fetched: April 17, 2024, 9:26 a.m., Published: April 16, 2024, 5:13 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-3273

D-Link NAS Hard-Coded Credential Security Vulnerability Discovered - DISCONNECT FROM THE INTERNET NOW - NAS Compares

Related entries in the VARIoT vulnerabilities database: VAR-202404-0070

Trust: 4.25

Fetched: April 17, 2024, 9:22 a.m., Published: April 10, 2024, 9:51 a.m.
 Vulnerabilities: command injection, denial of service
Affected productsExternal IDs
vendor: d-link model: dns-325
vendor: d-link model: router
vendor: d-link model: dns-340l
vendor: d-link model: dns-320l
vendor: d-link model: dns-327l
db: NVD ids: CVE-2024-3274, CVE-2024-3273

Secure Devices Against Zero-Day CVE-2024-23222 Flaw

Trust: 5.75

Fetched: April 17, 2024, 9:22 a.m., Published: Jan. 23, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: safari
vendor: apple model: apple tv
vendor: apple model: tvos
vendor: apple model: ipad
vendor: apple model: iphone
vendor: apple model: macos
vendor: apple model: webkit
db: NVD ids: CVE-2024-23222

Secure Devices Against Zero-Day CVE-2024-23222 Flaw

Trust: 5.75

Fetched: April 17, 2024, 9:11 a.m., Published: Jan. 23, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: safari
vendor: apple model: apple tv
vendor: apple model: tvos
vendor: apple model: ipad
vendor: apple model: iphone
vendor: apple model: macos
vendor: apple model: webkit
db: NVD ids: CVE-2024-23222

Palo Alto Networks Releases Guidance for Vulnerability in PAN-OS, CVE-2024-3400 | CISA

Trust: 5.75

Fetched: April 17, 2024, 9:08 a.m., Published: April 17, 2022, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: palo alto networks model: networks
vendor: palo alto networks model: pan-os
vendor: palo model: networks
vendor: palo model: pan-os
db: NVD ids: CVE-2024-3400

Critical takeover vulnerabilities in 92,000 D-Link devices under active exploitation | Ars Technica

Related entries in the VARIoT vulnerabilities database: VAR-202404-0069, VAR-202404-0070

Trust: 4.75

Fetched: April 17, 2024, 9:07 a.m., Published: April 8, 2024, 6:56 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: d-link model: dns-325
vendor: d-link model: dns-340l
vendor: d-link model: dns-320l
vendor: d-link model: dns-327l
db: NVD ids: CVE-2024-3272, CVE-2024-3273

Google patches critical vulnerability for Androids with Qualcomm chips | Malwarebytes

Trust: 5.5

Fetched: April 5, 2024, 9:10 a.m., Published: April 3, 2024, 8:40 p.m.
 Vulnerabilities: information disclosure, buffer overflow, memory corruption...
Affected productsExternal IDs
vendor: google model: android
vendor: google model: pixel
db: NVD ids: CVE-2024-29745, CVE-2024-23704, CVE-2023-28582, CVE-2024-29748

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak Vulnerability

Trust: 4.0

Fetched: April 5, 2024, 9:10 a.m., Published: Aug. 10, 2022, 3:49 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: clientless ssl vpn
vendor: cisco model: cisco adaptive security appliance
vendor: cisco model: asa 5506w-x
vendor: cisco model: firepower threat defense
vendor: cisco model: series
vendor: cisco model: asa 5508-x
vendor: cisco model: asdm
vendor: cisco model: firepower
vendor: cisco model: asa 5506h-x
vendor: cisco model: adaptive security appliance
vendor: cisco model: cisco adaptive security appliance software
vendor: cisco model: cisco firepower management center
vendor: cisco model: firepower 2100
vendor: cisco model: firepower threat defense software
vendor: cisco model: firepower management center
vendor: cisco model: asa 5506-x
vendor: cisco model: adaptive security appliance software
vendor: cisco model: asa software
vendor: cisco model: device manager
vendor: cisco model: asa 5516-x
vendor: cisco model: firepower 9300
db: NVD ids: CVE-2022-20866

Identifying Vulnerabilities in Security and Privacy of Smart Home Devices | SpringerLink

Trust: 3.25

Fetched: April 5, 2024, 9:07 a.m., Published: April 5, 2021, midnight
 Vulnerabilities: -

32 hardware and firmware vulnerabilities | Infosec

Related entries in the VARIoT vulnerabilities database: VAR-201909-1456, VAR-201808-0384, VAR-201806-1453

Trust: 5.25

Fetched: April 5, 2024, 9:05 a.m., Published: April 5, 2032, midnight
 Vulnerabilities: directory traversal, command injection, authentication bypass...
Affected productsExternal IDs
vendor: asus model: routers
vendor: asus model: bmc firmware
vendor: asus model: asus
vendor: asus model: router
vendor: cisco model: routers
vendor: cisco model: router
vendor: huawei model: huawei
vendor: infineon model: trusted platform
vendor: mikrotik model: routers
vendor: mikrotik model: router
vendor: mikrotik model: winbox
vendor: mikrotik model: routeros
vendor: netapp model: baseboard management controller
vendor: lenovo model: bios
vendor: lenovo model: system
db: NVD ids: CVE-2019-0863, CVE-2019-10540, CVE-2018-14847, CVE-2018-6260, CVE-2018-4251

Mobile Systems Vulnerabilities | Infosec

Trust: 4.5

Fetched: April 5, 2024, 9:05 a.m., Published: April 24, 2024, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: android

Cisco Fixed Critical CSRF Flaws in Expressway Gateways (CVE-2024-20252 and CVE-2024-20254) - SOCRadar® Cyber Intelligence Inc.

Trust: 5.75

Fetched: April 3, 2024, 9:21 a.m., Published: Feb. 8, 2024, 1:14 p.m.
 Vulnerabilities: request forgery, privilege escalation, cross-site scripting...
Affected productsExternal IDs
vendor: cisco model: expressway series
vendor: cisco model: expressway edge
vendor: cisco model: cisco expressway
vendor: cisco model: cisco telepresence
vendor: cisco model: expressway
vendor: cisco model: telepresence
vendor: cisco model: series
vendor: cisco model: telepresence video communication server
db: NVD ids: CVE-2024-22239, CVE-2024-22237, CVE-2024-22238, CVE-2024-20254, CVE-2024-20255, CVE-2024-22240, CVE-2024-22241, CVE-2024-20252