Sign-up

VARIoT news about IoT security

Apache Log4j Vulnerability Guidance | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 4.0

Fetched: Oct. 4, 2023, 10 a.m., Published: April 8, 2022, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-44228

Outdated IoT healthcare devices pose major security threats | CSO Online

Trust: 3.0

Fetched: Oct. 4, 2023, 9:54 a.m., Published: Jan. 31, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs

37 hardware and firmware vulnerabilities: A guide to the threats | CSO Online

Related entries in the VARIoT vulnerabilities database: VAR-202203-0083, VAR-201611-0121, VAR-201905-0709, VAR-202006-0241, VAR-202203-0045, VAR-201905-0711, VAR-201905-0710, VAR-201905-1248, VAR-202206-1278

Trust: 5.25

Fetched: Oct. 4, 2023, 9:54 a.m., Published: Aug. 11, 2022, midnight
 Vulnerabilities: code execution, privilege escalation
Affected productsExternal IDs
vendor: google model: home
vendor: google model: android
vendor: infineon model: trusted platform
vendor: apple model: macos
vendor: apple model: macbook
db: NVD ids: CVE-2022-0002, CVE-2016-6728, CVE-2020-8694, CVE-2018-12126, CVE-2020-0543, CVE-2022-0001, CVE-2018-12130, CVE-2022-23825, CVE-2020-8695, CVE-2022-29901, CVE-2022-29900, CVE-2022-23823, CVE-2018-12127, CVE-2019-11091, CVE-2022-23960, CVE-2022-24436

Anatomy of an IoT malware attack - IBM Developer

Trust: 5.0

Fetched: Oct. 4, 2023, 9:52 a.m., Published: -
 Vulnerabilities: default credentials, weak password, denial of service...
Affected productsExternal IDs
vendor: apple model: iphone
vendor: google model: android
vendor: google model: home
vendor: google model: wifi
vendor: radware model: gateway

Internet of Things: Security and Solutions Survey - PMC

Trust: 4.0

Fetched: Oct. 4, 2023, 9:48 a.m., Published: Oct. 4, 2022, midnight
 Vulnerabilities: replay attack, information leakage, denial of service...
Affected productsExternal IDs
vendor: rising model: antivirus
vendor: cisco model: leap
vendor: cisco model: umbrella
vendor: cisco model: routers
vendor: cisco model: meeting
vendor: mesh model: mesh
vendor: rapid model: scada
vendor: symantec model: antivirus

Network Attack Trends Fall 2020: Internet of Threats

Related entries in the VARIoT vulnerabilities database: VAR-201912-1374, VAR-201205-0246, VAR-201205-0305, VAR-201905-1157, VAR-201805-0263, VAR-201805-0262, VAR-202002-1447, VAR-202006-0924, VAR-202006-1056

Trust: 5.5

Fetched: Oct. 4, 2023, 9:47 a.m., Published: Jan. 28, 2022, 9:19 p.m.
 Vulnerabilities: information disclosure, traversal attack, command execution...
Affected productsExternal IDs
vendor: zyxel model: emg2926
vendor: draytek model: vigor2960 1.3.1_beta
vendor: draytek model: vigor300b 1.3.3_beta
vendor: draytek model: vigor3900 1.4.4_beta
vendor: draytek model: vigor
vendor: draytek model: vigor2960
vendor: draytek model: vigor300b
vendor: draytek model: vigor3900
vendor: draytek model: routers
vendor: palo model: networks
vendor: palo model: firewall
vendor: dasan model: gpon routers
vendor: netgear model: dgn2200
vendor: netgear model: router
vendor: netgear model: dgn1000
vendor: d-link model: dsl-2750b router
vendor: d-link model: router
vendor: d-link model: dsl-2750b
vendor: d-link model: dap-1860
vendor: d-link model: dir-818lw
vendor: d-link model: dir-818lw rev.a 2.05.b03
vendor: d-link model: dir-822
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
db: NVD ids: CVE-2019-19597, CVE-2020-17496, CVE-2012-2311, CVE-2012-1823, CVE-2019-12725, CVE-2019-16759, CVE-2018-19986, CVE-2018-10562, CVE-2018-10561, CVE-2019-9082, CVE-2018-7600, CVE-2020-8515, CVE-2020-25213, CVE-2020-14472, CVE-2017-9841, CVE-2020-15415, CVE-2018-20062

Update Regarding CVE-2022-40684 | Fortinet Blog

Related entries in the VARIoT vulnerabilities database: VAR-202210-0198

Trust: 3.75

Fetched: Oct. 4, 2023, 9:45 a.m., Published: Oct. 14, 2022, 8:05 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2022-40684

Medical Device Security and Patient Safety | Optiv

Trust: 3.0

Fetched: Oct. 4, 2023, 9:44 a.m., Published: Oct. 2, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs

Microsoft Defender for Endpoint - Mobile Threat Defense | Microsoft Learn

Trust: 3.0

Fetched: Oct. 4, 2023, 9:44 a.m., Published: Dec. 7, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android

Here are the top phone security threats in 2022 and how to avoid them | ZDNET

Trust: 3.5

Fetched: Oct. 4, 2023, 9:43 a.m., Published: Oct. 4, 2022, midnight
 Vulnerabilities: service disruption
Affected productsExternal IDs
vendor: google model: android
vendor: apple model: watch
vendor: apple model: iphone
vendor: avast model: antivirus
vendor: essential model: phone

A Comprehensive Review of Android Security: Threats, Vulnerabilities, Malware Detection, and Analysis

Trust: 3.25

Fetched: Oct. 4, 2023, 9:40 a.m., Published: June 29, 2022, midnight
 Vulnerabilities: script execution, code execution, denial of service...
Affected productsExternal IDs
vendor: rising model: antivirus
vendor: blackberry model: curve
vendor: blackberry model: link
vendor: blackberry model: blackberry
vendor: blackberry model: smartphone
vendor: essential model: phone
vendor: google model: android

Flaws in industrial wireless IoT solutions can give attackers deep access into OT networks | CSO Online

Trust: 3.5

Fetched: Oct. 4, 2023, 9:39 a.m., Published: Feb. 10, 2023, midnight
 Vulnerabilities: code execution, default credentials
Affected productsExternal IDs

'Millions' of Dell Windows PCs Contain 'Critical' Driver Vulnerability -- Redmondmag.com

Related entries in the VARIoT vulnerabilities database: VAR-202105-0569

Trust: 5.75

Fetched: Oct. 4, 2023, 9:38 a.m., Published: -
 Vulnerabilities: access control vulnerability, information disclosure, denial of service
Affected productsExternal IDs
vendor: dell model: bios
db: NVD ids: CVE-2021-21551

Most Common Wireless Network Attacks - WebTitan DNS Filter

Trust: 4.25

Fetched: Oct. 4, 2023, 9:37 a.m., Published: June 19, 2021, 9:36 a.m.
 Vulnerabilities: buffer overflow, weak password, default credentials
Affected productsExternal IDs
vendor: essential model: phone
vendor: orange model: livebox

Multiple Vulnerabilities in Buffalo and Arcadyan manufactured routers - Research Advisory | Tenable®

Related entries in the VARIoT vulnerabilities database: VAR-202104-0769, VAR-202104-0770, VAR-202104-0768

Trust: 5.5

Fetched: Oct. 4, 2023, 9:36 a.m., Published: April 23, 2021, 7:21 p.m.
 Vulnerabilities: improper access control, path traversal, code execution
Affected productsExternal IDs
vendor: beeline model: smart box
vendor: asus model: asus
vendor: asus model: dsl-ac68vg
vendor: asus model: router
vendor: asus model: dsl-ac3100
vendor: asus model: dsl-ac87vg
vendor: asus model: dsl-ac88u
vendor: asus model: routers
vendor: buffalo model: buffalo wsr-2533dhpl2
vendor: buffalo model: buffalo bbr-4mg
vendor: buffalo model: buffalo bbr-4hg
vendor: buffalo model: router
vendor: buffalo model: buffalo wsr-2533dhp3
vendor: buffalo model: bbr-4hg
vendor: buffalo model: bbr-4mg
vendor: buffalo model: wsr-2533dhpl2
vendor: buffalo model: wsr-2533dhp3
vendor: orange model: livebox
vendor: vodafone model: easybox
db: NVD ids: CVE-2021-20091, CVE-2021-20092, CVE-2021-20090

Android Security Bulletin-August 2022 | Android Open Source Project

Related entries in the VARIoT vulnerabilities database: VAR-202208-0117, VAR-202208-0197, VAR-202208-0136, VAR-202207-0242, VAR-202208-0410

Trust: 4.25

Fetched: Oct. 4, 2023, 9:34 a.m., Published: Aug. 4, 2022, midnight
 Vulnerabilities: information disclosure, code execution, denial of service
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android
vendor: motorola model: android
vendor: motorola model: motorola
vendor: huawei model: huawei
vendor: samsung model: notes
vendor: samsung model: mobile
db: NVD ids: CVE-2022-22061, CVE-2021-0887, CVE-2022-20349, CVE-2021-30259, CVE-2021-0946, CVE-2022-20239, CVE-2022-22070, CVE-2021-39696, CVE-2022-20360, CVE-2022-1786, CVE-2022-20344, CVE-2022-20361, CVE-2021-39815, CVE-2022-20353, CVE-2022-22067, CVE-2021-0947, CVE-2022-25668, CVE-2022-20347, CVE-2022-22062, CVE-2022-22059, CVE-2022-20082, CVE-2022-20356, CVE-2022-20352, CVE-2022-20354, CVE-2022-20348, CVE-2022-20355, CVE-2022-20346, CVE-2022-20350, CVE-2021-0698, CVE-2022-22069, CVE-2022-20358, CVE-2022-20345, CVE-2022-22080, CVE-2022-20122, CVE-2021-0891, CVE-2022-20357

ERROR: The request could not be satisfied

Trust: 3.25

Fetched: Oct. 4, 2023, 9:34 a.m., Published: Oct. 6, 2023, midnight
 Vulnerabilities: configuration error
Affected productsExternal IDs

Rockwell Automation ControlLogix PLC Vulnerabilities | CISA

Related entries in the VARIoT vulnerabilities database: VAR-201301-0159, VAR-201301-0154, VAR-201301-0158, VAR-201301-0156, VAR-201301-0155, VAR-201301-0157, VAR-201301-0153, VAR-201301-0164

Trust: 4.25

Fetched: Oct. 4, 2023, 9:33 a.m., Published: Feb. 13, 2019, midnight
 Vulnerabilities: buffer overflow, information exposure, replay attack
Affected productsExternal IDs
vendor: rockwell model: 1768-enbt
vendor: rockwell model: automation controllogix
vendor: rockwell model: 1768-eweb
vendor: rockwell model: compactlogix
vendor: rockwell model: guardlogix
vendor: rockwell model: softlogix
vendor: rockwell model: guardlogix controllers
vendor: rockwell model: micrologix
vendor: rockwell model: micrologix 1400 firmware
vendor: rockwell model: micrologix 1100
vendor: rockwell model: controllogix
vendor: rockwell model: softlogix controllers
vendor: rockwell model: micrologix 1400
vendor: rockwell model: 1756-enbt
vendor: rockwell model: flexlogix
vendor: rockwell model: 1756-eweb
vendor: rockwell automation model: 1768-enbt
vendor: rockwell automation model: automation controllogix
vendor: rockwell automation model: 1768-eweb
vendor: rockwell automation model: compactlogix
vendor: rockwell automation model: guardlogix
vendor: rockwell automation model: softlogix
vendor: rockwell automation model: guardlogix controllers
vendor: rockwell automation model: micrologix
vendor: rockwell automation model: micrologix 1400 firmware
vendor: rockwell automation model: micrologix 1100
vendor: rockwell automation model: controllogix
vendor: rockwell automation model: softlogix controllers
vendor: rockwell automation model: micrologix 1400
vendor: rockwell automation model: 1756-enbt
vendor: rockwell automation model: flexlogix
vendor: rockwell automation model: 1756-eweb
vendor: rockwellautomation model: 1768-enbt
vendor: rockwellautomation model: automation controllogix
vendor: rockwellautomation model: 1768-eweb
vendor: rockwellautomation model: compactlogix
vendor: rockwellautomation model: guardlogix
vendor: rockwellautomation model: softlogix
vendor: rockwellautomation model: guardlogix controllers
vendor: rockwellautomation model: micrologix
vendor: rockwellautomation model: micrologix 1400 firmware
vendor: rockwellautomation model: micrologix 1100
vendor: rockwellautomation model: controllogix
vendor: rockwellautomation model: softlogix controllers
vendor: rockwellautomation model: micrologix 1400
vendor: rockwellautomation model: 1756-enbt
vendor: rockwellautomation model: flexlogix
vendor: rockwellautomation model: 1756-eweb
db: NVD ids: CVE-2012-6442, CVE-2012-6437, CVE-2012-6441, CVE-2012-6439, CVE-2012-6438, CVE-2012-6440, CVE-2012-6436, CVE-2012-6435

Learn how to mitigate the Log4Shell vulnerability in Microsoft Defender for Endpoint - Defender Vulnerability Management | Microsoft Learn

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566, VAR-202112-0562

Trust: 4.0

Fetched: Oct. 4, 2023, 9:32 a.m., Published: June 29, 2022, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-44228, CVE-2021-45046

2021 Top Routinely Exploited Vulnerabilities | CISA

Related entries in the VARIoT vulnerabilities database: VAR-201803-1387, VAR-201906-0815, VAR-202106-0639, VAR-202109-1909, VAR-202112-0566, VAR-202008-0248, VAR-202107-1010, VAR-202102-0898, VAR-202101-1926, VAR-202112-0361

Trust: 5.25

Fetched: Oct. 4, 2023, 9:30 a.m., Published: Oct. 4, 2021, midnight
 Vulnerabilities: feature bypass, code execution, memory corruption...
Affected productsExternal IDs
vendor: zoho model: manageengine adselfservice plus
vendor: pulse model: secure pulse connect secure
vendor: citrix model: netscaler gateway
vendor: citrix model: netscaler
vendor: citrix model: sd-wan wanop
vendor: citrix model: gateway
vendor: citrix model: sd-wan
vendor: citrix model: netscaler adc
vendor: pulse secure model: pulse connect secure
vendor: pulse secure model: pulse policy secure
vendor: pulse secure model: policy secure
vendor: pulse secure model: connect secure
vendor: accellion model: accellion file transfer appliance
vendor: accellion model: file transfer appliance
vendor: qnap model: qnap qts
vendor: cisco model: cisco ios
vendor: cisco model: netscaler gateway
vendor: cisco model: ios xe
vendor: cisco model: sd-wan
vendor: cisco model: series
vendor: sonicwall model: sma 100
db: NVD ids: CVE-2021-34523, CVE-2019-19781, CVE-2021-27852, CVE-2018-0171, CVE-2021-26858, CVE-2021-27102, CVE-2019-18935, CVE-2018-13379, CVE-2017-11882, CVE-2021-34473, CVE-2021-27103, CVE-2021-26084, CVE-2021-26855, CVE-2021-1675, CVE-2021-40444, CVE-2021-22893, CVE-2021-44228, CVE-2020-1472, CVE-2021-27065, CVE-2021-42237, CVE-2021-34527, CVE-2021-20016, CVE-2021-3156, CVE-2021-40539, CVE-2021-20038, CVE-2020-2509, CVE-2021-35464, CVE-2017-0199, CVE-2021-21985, CVE-2020-0688, CVE-2021-21972, CVE-2021-27101, CVE-2021-26857, CVE-2019-11510, CVE-2021-27104, CVE-2021-31207
db: CISCO ids: CISCO-SA-20180328-SMI2