VARIoT latest news about IoT security

Dahua IP Camera Vulnerability Could Let Attackers Take Full Control Over Devices Trust: 6.5 Fetched: Oct. 4, 2023, 9:30 a.m., Published: July 29, 2022, 10:49 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	dahua	model:	ipc-hdbw2xxx
vendor:	dahua	model:	ip camera
vendor:	dahua	model:	ipc-hx2xxx
vendor:	dahua	model:	camera
vendor:	moxa	model:	nport 5110
vendor:	moxa	model:	nport
vendor:	axis	model:	ip cameras

db:

NVD

ids:

CVE-2022-30563

Mobile Systems Vulnerabilities \| Infosec Trust: 4.5 Fetched: Oct. 4, 2023, 9:27 a.m., Published: July 6, 2017, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	google	model:	chrome
vendor:	google	model:	android

Smart Yet Flawed: IoT Device Vulnerabilities Explained - Nouvelles de sécurité - Trend Micro FR Related entries in the VARIoT vulnerabilities database: VAR-202003-1707 Trust: 4.25 Fetched: Oct. 4, 2023, 9:26 a.m., Published: Oct. 24, 2023, midnight	Vulnerabilities: denial of service, default credentials

Affected products

External IDs

vendor:	sonos	model:	sonos
vendor:	trend	model:	home network security
vendor:	trend	model:	internet security
vendor:	trend	model:	security
vendor:	trend micro	model:	home network security
vendor:	trend micro	model:	internet security
vendor:	trend micro	model:	security

db:

NVD

ids:

CVE-2020-9054

Unauthenticated Remote Code Execution in a Wide Range of DrayTek Vigor Routers Trust: 4.25 Fetched: Oct. 4, 2023, 9:25 a.m., Published: Aug. 3, 2022, 5 a.m.	Vulnerabilities: buffer overflow, code execution, denial of service

Affected products

External IDs

vendor:	draytek	model:	vigor
vendor:	draytek	model:	draytek routers
vendor:	draytek	model:	routers

db:

NVD

ids:

CVE-2022-32548

Today’s Mobile Security Threats and How to Prevent Them \| Okta Trust: 3.5 Fetched: Oct. 4, 2023, 9:25 a.m., Published: Oct. 4, 2023, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	google	model:	home
vendor:	google	model:	wifi
vendor:	essential	model:	phone

Medical Device Vulnerability Management: Liabilities and Risks Trust: 3.75 Fetched: Oct. 4, 2023, 9:24 a.m., Published: Sept. 21, 2021, 10 a.m.	Vulnerabilities: code execution

Affected products	External IDs

Mobile app security best practices for 4 vulnerability types \| TechTarget Trust: 3.0 Fetched: Oct. 4, 2023, 9:24 a.m., Published: Oct. 4, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

android

Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability \| Microsoft Security Blog Related entries in the VARIoT vulnerabilities database: VAR-202112-1782, VAR-202112-2011, VAR-202112-0562, VAR-202112-0566 Trust: 5.5 Fetched: Oct. 4, 2023, 9:22 a.m., Published: Dec. 12, 2021, 5:29 a.m.	Vulnerabilities: command execution, input validation vulnerability, code execution

Affected products

External IDs

vendor:

solarwinds

model:

serv-u

db:

NVD

ids:

CVE-2021-26084, CVE-2021-45105, CVE-2021-35247, CVE-2021-44832, CVE-2021-45046, CVE-2021-44228, CVE-2021-44428, CVE-2021-34473

Network Vulnerability \| Network Security Vulnerabilities Trust: 3.5 Fetched: Oct. 4, 2023, 9:21 a.m., Published: June 14, 2023, 11:42 a.m.	Vulnerabilities: sql injection, cross-site scripting

Affected products

External IDs

vendor:

essential

model:

phone

Cyber Risks Prediction and Analysis in Medical Emergency Equipment for Situational Awareness - PMC Trust: 5.0 Fetched: Oct. 4, 2023, 9:18 a.m., Published: Aug. 4, 2021, midnight	Vulnerabilities: buffer overflow, cross-site request forgery, path traversal...

Affected products

External IDs

vendor:	mesh	model:	mesh
vendor:	essential	model:	phone
vendor:	google	model:	home
vendor:	node.js	model:	node.js

db:

NVD

ids:

CVE-2021-27408, CVE-2021-27410

A Look Back at the Top 12 IoT Exploits of 2021 (Part 1) Trust: 4.25 Fetched: Oct. 4, 2023, 9:18 a.m., Published: Oct. 12, 2023, midnight	Vulnerabilities: sql injection, code execution, injection attack...

Affected products

External IDs

vendor:	zoll	model:	zoll defibrillator
vendor:	siemens	model:	nucleus
vendor:	trend	model:	home network security
vendor:	trend	model:	security
vendor:	philips	model:	intellibridge ec40
vendor:	trend micro	model:	home network security
vendor:	trend micro	model:	security
vendor:	cisco	model:	routers
vendor:	cisco	model:	series

Assets, Threats, and Vulnerabilities Weekly challenge 3 Quiz Answers Trust: 3.0 Fetched: Oct. 4, 2023, 9:16 a.m., Published: Aug. 2, 2023, 12:01 p.m.	Vulnerabilities: -

Affected products	External IDs

Zero-Day Alert: CVE-2023-20109 - Cisco GET VPN Out-of-Bounds Write Vulnerability Trust: 5.5 Fetched: Oct. 3, 2023, 9:40 a.m., Published: May 3, 2023, midnight	Vulnerabilities: denial of service, system crash

Affected products

External IDs

vendor:	cisco	model:	guard
vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	router
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	ios software

db:

NVD

ids:

CVE-2023-20109

CVE-2023-20034 \| Tenable® Trust: 3.75 Fetched: Oct. 3, 2023, 9:39 a.m., Published: Oct. 3, 9200, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	cisco sd-wan
vendor:	cisco	model:	sd-wan vmanage
vendor:	cisco	model:	sd-wan vmanage software
vendor:	cisco	model:	sd-wan

db:

NVD

ids:

CVE-2023-20034

CVE-2023-20109 \| Tenable® Trust: 5.75 Fetched: Oct. 3, 2023, 9:37 a.m., Published: Sept. 27, 2023, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	ios software

db:

NVD

ids:

CVE-2023-20109

Overview of IoT threats in 2023_HackDig Trust: 5.25 Fetched: Oct. 3, 2023, 9:35 a.m., Published: Oct. 3, 2023, midnight	Vulnerabilities: configuration issue

Affected products

External IDs

vendor:	trend	model:	security
vendor:	trend micro	model:	security
vendor:	bosch	model:	smart camera

db:

NVD

ids:

CVE-2022-27593

CISA Warning: Nation-State Hackers Exploit Fortinet and Zoho Vulnerabilities Related entries in the VARIoT vulnerabilities database: VAR-202112-0566, VAR-202212-1132 Trust: 5.0 Fetched: Oct. 3, 2023, 9:35 a.m., Published: Sept. 8, 2023, 5:36 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:

zoho

model:

manageengine servicedesk plus

db:

NVD

ids:

CVE-2021-44228, CVE-2022-47966, CVE-2022-42475

CVE-2023-41064, CVE-2023-4863, CVE-2023-5129: Frequently Asked Questions for ImageIO and WebP/libwebp Zero-Day Vulnerabilities - Blog \| Tenable® Trust: 5.5 Fetched: Oct. 3, 2023, 9:34 a.m., Published: Sept. 28, 2023, 3:36 a.m.	Vulnerabilities: buffer overflow

Affected products

External IDs

vendor:	google	model:	chrome
vendor:	google	model:	google chrome
vendor:	apple	model:	watchos
vendor:	apple	model:	iphone
vendor:	apple	model:	macos

db:

NVD

ids:

CVE-2023-41064, CVE-2023-4863, CVE-2023-41061, CVE-2023-5129

Resisting Rowhammer and compromising vehicle fleets: Hardwear.io Netherlands 2023 lineup revealed - Media Center \| hardwear.io Trust: 3.5 Fetched: Oct. 3, 2023, 9:33 a.m., Published: Sept. 29, 2023, 4:13 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	apple	model:	watch
vendor:	google	model:	pixel
vendor:	google	model:	wifi
vendor:	google	model:	android

Types of Malware: Learn How to Protect Yourself Better Trust: 4.25 Fetched: Oct. 3, 2023, 9:29 a.m., Published: Oct. 14, 2021, 11:13 a.m.	Vulnerabilities: sql injection, code injection

Affected products

External IDs

vendor:	cisco	model:	prime license manager
vendor:	cisco	model:	cisco prime license manager
vendor:	cisco	model:	series
vendor:	google	model:	chrome
vendor:	google	model:	google chrome
vendor:	google	model:	wifi
vendor:	sophos	model:	firewall
vendor:	sophos	model:	mobile

VARIoT news about IoT security