Sign-up

VARIoT news about IoT security

Public exploits already available for a severity 10 Erlang SSH vulnerability; patch now | CSO Online

Trust: 3.0

Fetched: April 22, 2025, 9:12 a.m., Published: April 21, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: national instruments model: national

As firmware-level threats continue to gain popularity in the wild, security teams need to understand how these threats work and the real-world risks they pose to an organization’s security. Updated for 2021, this paper demystifies the most common types of firmware attacks used in the wild today.

Trust: 5.25

Fetched: April 22, 2025, 9:09 a.m., Published: April 16, 2025, 7:15 p.m.
 Vulnerabilities: code execution, privilege escalation, buffer overflow
Affected productsExternal IDs
vendor: cisco model: soho
vendor: cisco model: routers
vendor: cisco model: router
vendor: cisco model: cisco routers
vendor: cisco model: series
vendor: trend model: security
vendor: trend model: antivirus
vendor: dram model: dram
vendor: asus model: routers
vendor: asus model: asus
vendor: asus model: router
vendor: sophos model: mobile
vendor: huawei model: huawei
db: NVD ids: CVE-2024-0762, CVE-2022-21894

Apple's Find My exploit lets hackers track any Bluetooth device

Trust: 3.75

Fetched: April 22, 2025, 9:08 a.m., Published: Feb. 27, 2025, 2:10 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs

IoT Security Risks: Stats and Trends to Know in 2025

Trust: 4.5

Fetched: April 22, 2025, 9:06 a.m., Published: Jan. 10, 2025, 6:57 p.m.
 Vulnerabilities: default credentials
Affected productsExternal IDs
vendor: smarter model: coffee

Contec Health CMS8000 Patient Monitor (Update A) | CISA

Trust: 4.75

Fetched: April 22, 2025, 9:06 a.m., Published: Feb. 25, 2025, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-0683, CVE-2025-1024, CVE-2025-0626, CVE-2025-1204, CVE-2024-12248

Security Advisory 0116 - Arista

Trust: 5.0

Fetched: April 18, 2025, 9:34 a.m., Published: April 15, 2025, 3:05 p.m.
 Vulnerabilities: privilege management vulnerability
Affected productsExternal IDs
vendor: untangle model: ng firewall
db: NVD ids: CVE-2024-8100

All iPhone users urged to ‘immediately update their Apple devices’ today | Express.co.uk

Trust: 3.0

Fetched: April 18, 2025, 9:29 a.m., Published: April 17, 2025, 10 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone

Your smart home may not be as secure as you think - Help Net Security

Trust: 3.25

Fetched: April 18, 2025, 9:28 a.m., Published: April 2, 2025, 3:30 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: google home
vendor: google model: home

Fortinet Uncovers Threat Actor Persistence via Symbolic Link Exploit in FortiGate Devices

Related entries in the VARIoT vulnerabilities database: VAR-202212-1132

Trust: 4.0

Fetched: April 18, 2025, 9:27 a.m., Published: April 14, 2025, 4:42 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2024-21762, CVE-2023-27997, CVE-2022-42475

iOS 18.4.1 - update your iPhone right now to apply emergency security fix | Tom's Guide

Trust: 3.5

Fetched: April 18, 2025, 9:25 a.m., Published: April 17, 2025, 11:30 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
vendor: apple model: iphone
vendor: apple model: ipad air
vendor: apple model: macos
vendor: apple model: ipad
db: NVD ids: CVE-2025-31200, CVE-2025-31201

Cybersecurity Analysis of Wearable Devices: Smartwatches Passive Attack - PMC

Trust: 4.25

Fetched: April 18, 2025, 9:21 a.m., Published: June 8, 2023, midnight
 Vulnerabilities: denial of service, default credentials
Affected productsExternal IDs
vendor: apple model: watch
vendor: wireshark model: wireshark
vendor: samsung model: galaxy
vendor: samsung model: note
vendor: samsung model: mobile
vendor: samsung model: samsung
vendor: samsung model: samsung galaxy
vendor: essential model: phone
vendor: huawei model: huawei

ICS Vulnerability Report: Energy, Manufacturing Fixes Urged

Trust: 3.5

Fetched: April 16, 2025, 9:30 a.m., Published: April 10, 2025, 5:20 a.m.
 Vulnerabilities: weak password, path traversal, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-25211, CVE-2024-4872, CVE-2025-23120, CVE-2024-3980, CVE-2025-26689

Vulnerability Trends - Vulmon

Related entries in the VARIoT vulnerabilities database: VAR-202212-1132

Trust: 5.5

Fetched: April 16, 2025, 9:30 a.m., Published: April 29, 2025, midnight
 Vulnerabilities: session management vulnerability, directory traversal, buffer overflow...
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: google chrome
db: NVD ids: CVE-2025-32428, CVE-2025-32103, CVE-2025-22457, CVE-2024-7971, CVE-2025-30406, CVE-2024-0132, CVE-2025-0282, CVE-2024-56406, CVE-2025-27840, CVE-2024-26170, CVE-2025-32102, CVE-2025-24859, CVE-2024-50264, CVE-2025-21204, CVE-2025-31137, CVE-2024-4577, CVE-2022-42475, CVE-2023-27997, CVE-2025-29927, CVE-2025-29824

APT group ToddyCat exploits a vulnerability in ESET for DLL proxying | Securelist

Related entries in the VARIoT vulnerabilities database: VAR-202108-1843

Trust: 3.75

Fetched: April 16, 2025, 9:28 a.m., Published: Jan. 16, 2050, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell model: bios
db: NVD ids: CVE-2021-36276, CVE-2024-11859

Zero-day vulnerabilities: the real threat behind Netflix’s “Zero Day”

Trust: 3.0

Fetched: April 16, 2025, 9:28 a.m., Published: March 19, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: avast model: antivirus

CVE-2025-30512 : Remote Configuration Vulnerability in Devices Affected by Vendor Products | SecurityVulnerability.io

Trust: 3.25

Fetched: April 16, 2025, 9:27 a.m., Published: April 15, 2025, 9:45 p.m.
 Vulnerabilities: configuration vulnerability
Affected productsExternal IDs
db: NVD ids: CVE-2025-30512

CVE-2025-30514 : Information Disclosure Vulnerability in Smart Device Management Software by a Major Vendor | SecurityVulnerability.io

Trust: 3.25

Fetched: April 16, 2025, 9:26 a.m., Published: April 15, 2025, 9:05 p.m.
 Vulnerabilities: information disclosure
Affected productsExternal IDs
db: NVD ids: CVE-2025-30514

CVE-2025-31654 : Information Disclosure Vulnerability in Smart Home Device Management | SecurityVulnerability.io

Trust: 4.25

Fetched: April 16, 2025, 9:25 a.m., Published: April 15, 2025, 9:07 p.m.
 Vulnerabilities: information disclosure
Affected productsExternal IDs
db: NVD ids: CVE-2025-31654

DSA-2025-151: Security Update for Dell Trusted Device for Multiple Vulnerabilities | Dell US

Trust: 3.0

Fetched: April 16, 2025, 9:24 a.m., Published: April 6, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-29984, CVE-2025-29983

CVE-2025-29223 Command Injection Vulnerability in Linksys E560...

Trust: 4.5

Fetched: April 16, 2025, 9:24 a.m., Published: April 6, 2025, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2025-29223