Sign-up

VARIoT news about IoT security

QNAP's NAS devices affected by a new critical security issue, patches are available | TechSpot Forums

Trust: 4.0

Fetched: Feb. 7, 2023, 9:12 a.m., Published: Feb. 7, 4070, midnight
 Vulnerabilities: sql injection
Affected productsExternal IDs
db: NVD ids: CVE-2022-27596

Realtek Vulnerability Under Attack Over 134 Million Attempts to Hack IoT Devices

Trust: 3.75

Fetched: Feb. 7, 2023, 9:11 a.m., Published: Jan. 30, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo alto networks model: networks

OODA Loop - 30k Internet-Exposed QNAP NAS Devices Affected by Recent Vulnerability

Trust: 4.0

Fetched: Feb. 7, 2023, 9:11 a.m., Published: Feb. 1, 2023, 2:55 p.m.
 Vulnerabilities: sql injection, code injection
Affected productsExternal IDs

CVE-2022-27596: QNAP NAS Devices Vulnerable to Critical SQL Injection Vulnerability - Arctic Wolf

Trust: 4.25

Fetched: Feb. 7, 2023, 9:10 a.m., Published: Feb. 2, 2023, 5:03 p.m.
 Vulnerabilities: sql injection
Affected productsExternal IDs
db: NVD ids: CVE-2022-27596

At least 29,000 devices are affected, QNAP announced that there are serious vulnerabilities in QTS and QuTS hero - GAMINGDEPUTY

Trust: 4.25

Fetched: Feb. 7, 2023, 9:10 a.m., Published: Feb. 1, 2023, 6:53 a.m.
 Vulnerabilities: sql injection
Affected productsExternal IDs
db: NVD ids: CVE-2022-27596

Patch Critical Bug Now: QNAP NAS Devices Ripe for the Slaughter

Trust: 5.0

Fetched: Feb. 7, 2023, 9:10 a.m., Published: Feb. 2, 2023, 4:08 p.m.
 Vulnerabilities: sql injection
Affected productsExternal IDs
vendor: qnap model: qnap qts
db: NVD ids: CVE-2022-27596

QNAP's NAS devices affected by a new critical security issue, patches are available | TechSpot

Trust: 4.0

Fetched: Feb. 7, 2023, 9:10 a.m., Published: Feb. 7, 4070, midnight
 Vulnerabilities: sql injection
Affected productsExternal IDs
db: NVD ids: CVE-2022-27596

Multiple Vulnerabilities in Google Android OS Could Allow for Privilege Escalation

Trust: 5.25

Fetched: Feb. 7, 2023, 9:09 a.m., Published: Feb. 1, 2023, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: google model: android

Nearly 30,000 QNAP Devices Exposed to New Bug - Infosecurity Magazine

Trust: 3.75

Fetched: Feb. 7, 2023, 9:08 a.m., Published: Feb. 1, 2023, 9:30 a.m.
 Vulnerabilities: sql injection
Affected productsExternal IDs
db: NVD ids: CVE-2022-27596

Windows devices are threatened by a software vulnerability that makes many users a target for ransomware | technology - Archyde

Trust: 3.0

Fetched: Feb. 7, 2023, 9:08 a.m., Published: Feb. 2, 2023, 10:01 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-34689

Command-Injection Bug in Cisco Industrial Gear Opens Devices to Complete Takeover

Related entries in the VARIoT vulnerabilities database: VAR-202302-0213

Trust: 5.5

Fetched: Feb. 7, 2023, 9:07 a.m., Published: Feb. 1, 2023, 4 p.m.
 Vulnerabilities: code execution, path traversal
Affected productsExternal IDs
vendor: cisco model: routers
vendor: cisco model: 4431
vendor: cisco model: series
vendor: cisco model: router
vendor: cisco model: cisco routers
vendor: cisco model: catalyst
db: NVD ids: CVE-2023-20076, CVE-2007-4559

Positive Technologies helps fix vulnerabilities in routers and other Zyxel devices

Trust: 4.75

Fetched: Feb. 7, 2023, 9:07 a.m., Published: Feb. 8, 2023, midnight
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2022-43389, CVE-2022-43391, CVE-2022-43390, CVE-2022-43392

Export software vulnerabilities assessment per device | Microsoft Learn

Trust: 3.5

Fetched: Feb. 7, 2023, 9:06 a.m., Published: Jan. 23, 2023, 6:35 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: google chrome
vendor: google model: chrome
db: NVD ids: CVE-2020-26971, CVE-2020-15992, CVE-2020-16011

QNAP devices found to have critical code injection vulnerability - Scottish Business Resilience Centre

Trust: 3.25

Fetched: Feb. 7, 2023, 9:05 a.m., Published: Feb. 2, 2023, 10:57 a.m.
 Vulnerabilities: code injection
Affected productsExternal IDs

Vulnerability in Cisco industrial appliances is a potential nightmare (CVE-2023-20076) - Help Net Security

Related entries in the VARIoT vulnerabilities database: VAR-202302-0213

Trust: 4.5

Fetched: Feb. 7, 2023, 9:05 a.m., Published: Feb. 1, 2023, 4:52 p.m.
 Vulnerabilities: privilege escalation, command injection
Affected productsExternal IDs
vendor: cisco model: iox application
vendor: cisco model: routers
vendor: cisco model: ir510 wpan
vendor: cisco model: wireless access point
vendor: cisco model: 4431
vendor: cisco model: cisco iox application
vendor: cisco model: access points
vendor: cisco model: industrial isrs
vendor: cisco model: series
vendor: cisco model: ic3000
vendor: cisco model: router
vendor: cisco model: cisco iox
vendor: cisco model: ios xe
vendor: cisco model: catalyst
vendor: cisco model: cgr1000
db: NVD ids: CVE-2023-20076

Up to 29,000 unpatched QNAP storage devices are sitting ducks to ransomware | Ars Technica

Trust: 4.75

Fetched: Feb. 7, 2023, 9:04 a.m., Published: Feb. 1, 2023, 9:08 p.m.
 Vulnerabilities: sql injection
Affected productsExternal IDs
vendor: qnap model: photo station
db: NVD ids: CVE-2022-27593, CVE-2022-27596

KB5008380-Authentication updates (CVE-2021-42287) - Microsoft Support

Trust: 3.0

Fetched: Feb. 7, 2023, 9:04 a.m., Published: Nov. 9, 2021, midnight
 Vulnerabilities: security bypass
Affected productsExternal IDs
db: NVD ids: CVE-2021-42287

Critical Baicells Device Vulnerability Can Expose Telecoms Networks to Snooping - SecurityWeek

Related entries in the VARIoT vulnerabilities database: VAR-202301-2250

Trust: 5.0

Fetched: Feb. 7, 2023, 9:04 a.m., Published: Feb. 6, 2023, 5:54 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2023-24508

Cisco IP Phone 7800 and 8800 Series Web Management Interface Authentication Bypass Vulnerability

Trust: 3.75

Fetched: Feb. 5, 2023, 9:13 a.m., Published: Jan. 11, 2023, 3:47 p.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: cisco model: ip phone 8821
vendor: cisco model: ip phone 7800
vendor: cisco model: series
vendor: cisco model: wireless ip phone 8821
vendor: cisco model: ip phone

Flash Notice: Cisco Command-Injection Vulnerability Found in Production Equipment

Related entries in the VARIoT vulnerabilities database: VAR-202302-0213

Trust: 5.0

Fetched: Feb. 5, 2023, 9:13 a.m., Published: Feb. 3, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: cisco model: cisco iox application
vendor: cisco model: series
vendor: cisco model: ic3000
vendor: cisco model: iox application
vendor: cisco model: cgr1000
vendor: cisco model: industrial isrs
vendor: cisco model: catalyst
vendor: cisco model: cisco iox
vendor: cisco model: routers
vendor: cisco model: access points
vendor: cisco model: ir510 wpan
db: NVD ids: CVE-2023-20076