Sign-up

VARIoT news about IoT security

Cisco IP Phone 7800 and 8800 Series Web Management Interface Authentication Bypass Vulnerability

Trust: 3.75

Fetched: Feb. 5, 2023, 9:13 a.m., Published: Jan. 11, 2023, 3:47 p.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: cisco model: ip phone 8821
vendor: cisco model: ip phone 7800
vendor: cisco model: series
vendor: cisco model: wireless ip phone 8821
vendor: cisco model: ip phone

Flash Notice: Cisco Command-Injection Vulnerability Found in Production Equipment

Related entries in the VARIoT vulnerabilities database: VAR-202302-0213

Trust: 5.0

Fetched: Feb. 5, 2023, 9:13 a.m., Published: Feb. 3, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: cisco model: cisco iox application
vendor: cisco model: series
vendor: cisco model: ic3000
vendor: cisco model: iox application
vendor: cisco model: cgr1000
vendor: cisco model: industrial isrs
vendor: cisco model: catalyst
vendor: cisco model: cisco iox
vendor: cisco model: routers
vendor: cisco model: access points
vendor: cisco model: ir510 wpan
db: NVD ids: CVE-2023-20076

Uncovering the Hidden Risks: The Dangers of Mobile Phone Vulnerability | Melo Media - Zambia's No.1 News Platform

Trust: 3.0

Fetched: Feb. 5, 2023, 9:12 a.m., Published: Jan. 31, 2023, 6:42 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: essential model: phone

30k Internet-Exposed QNAP NAS Devices Affected by Recent Vulnerability - SecurityWeek

Trust: 5.0

Fetched: Feb. 5, 2023, 9:12 a.m., Published: Feb. 1, 2023, 12:10 p.m.
 Vulnerabilities: sql injection, code injection
Affected productsExternal IDs
db: NVD ids: CVE-2022-27596

Cisco BroadWorks Application Delivery Platform and Xtended Services Platform Denial of Service Vulnerability

Trust: 3.0

Fetched: Feb. 5, 2023, 9:12 a.m., Published: Jan. 11, 2023, 3:47 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs

Cisco Small Business RV160 and RV260 Series VPN Routers Remote Command Execution Vulnerability

Trust: 5.0

Fetched: Feb. 5, 2023, 9:12 a.m., Published: Jan. 11, 2023, 3:47 p.m.
 Vulnerabilities: command execution
Affected productsExternal IDs
vendor: cisco model: rv340
vendor: cisco model: series routers
vendor: cisco model: small business rv series routers
vendor: cisco model: series
vendor: cisco model: cisco small business
vendor: cisco model: rv160 vpn routers
vendor: cisco model: rv160w wireless-ac vpn routers
vendor: cisco model: rv260 vpn routers
vendor: cisco model: rv345p
vendor: cisco model: rv160
vendor: cisco model: routers
vendor: cisco model: rv160w
vendor: cisco model: small business
vendor: cisco model: rv345
vendor: cisco model: rv260w wireless-ac vpn routers
vendor: cisco model: rv260
vendor: cisco model: rv260p
vendor: cisco model: small business rv
vendor: cisco model: rv340w
vendor: cisco model: rv260w

Cisco Warns of Critical Vulnerability in End-of-Life Routers - Infosecurity Magazine

Related entries in the VARIoT vulnerabilities database: VAR-202301-0962

Trust: 5.5

Fetched: Feb. 3, 2023, 9:10 a.m., Published: Jan. 13, 2023, 4 p.m.
 Vulnerabilities: authentication bypass, code execution
Affected productsExternal IDs
vendor: cisco model: rv082
vendor: cisco model: routers
vendor: cisco model: rv042
vendor: cisco model: small business
vendor: cisco model: rv016
vendor: cisco model: cisco small business
vendor: cisco model: rv042g
db: NVD ids: CVE-2023-20025

Cisco IOx Application Hosting Environment Command Injection Vulnerability

Trust: 3.75

Fetched: Feb. 3, 2023, 9:10 a.m., Published: Feb. 1, 2023, 3:56 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: cisco model: ios xe software
vendor: cisco model: cisco ios
vendor: cisco model: iox application
vendor: cisco model: ios xe
vendor: cisco model: cisco iox
vendor: cisco model: cisco iox application

Essential vulnerabilities in Siemens PLC gadgets may permit bypass of secure boot options (CVE-2022-38773) - Lemon Shood

Related entries in the VARIoT vulnerabilities database: VAR-202301-0605

Trust: 3.75

Fetched: Feb. 1, 2023, 9:20 a.m., Published: Jan. 31, 2023, 12:08 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: simatic s7-1500 cpu 1511c
vendor: siemens model: simatic s7-1500 cpu 1511f-1 pn
vendor: siemens model: simatic s7-1500 cpu 1515-2 pn
vendor: siemens model: cpu 1513-1 pn
vendor: siemens model: cpu 1516pro f-2 pn
vendor: siemens model: simatic s7-1500 cpu 1512c
vendor: siemens model: cpu 1515f-2
vendor: siemens model: cpu 1515tf-2 pn
vendor: siemens model: cpu 1515-2
vendor: siemens model: cpu 1512sp-1 pn
vendor: siemens model: cpu 1512c-1 pn
vendor: siemens model: simatic s7-1500 cpu 1515f-2 pn
vendor: siemens model: simatic s7-1500 cpu 1518-4 pn
vendor: siemens model: s7-1500 cpu
vendor: siemens model: cpu 1513r-1 pn
vendor: siemens model: simatic s7-1500 cpu 1511-1 pn
vendor: siemens model: simatic s7-1500 cpu 1513-1 pn
vendor: siemens model: simatic s7-1500
vendor: siemens model: cpu 1512sp f-1 pn
vendor: siemens model: cpu 1516f-3
vendor: siemens model: simatic s7-1500 cpu 1513f-1 pn
vendor: siemens model: cpu 1516pro-2 pn
vendor: siemens model: simatic
vendor: siemens model: simatic s7-1500 cpu 1517-3 pn
vendor: siemens model: simatic s7-1500 cpu
vendor: siemens model: cpu 1516-3
vendor: siemens model: cpu 1515r-2 pn
vendor: siemens model: cpu 1511c-1 pn
vendor: siemens model: simatic s7-1500 cpu 1516-3 pn
vendor: siemens model: simatic s7-1500 cpu 1518
vendor: siemens model: cpu 1513f-1 pn
vendor: siemens model: cpu 1515t-2 pn
vendor: siemens model: cpu 1513pro f-2 pn
db: NVD ids: CVE-2022-38773

Critical QNAP NAS vulnerability fixed, update your device ASAP! (CVE-2022-27596) - MalwareForum.com

Trust: 3.0

Fetched: Feb. 1, 2023, 9:19 a.m., Published: Jan. 31, 2023, 12:13 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-27596

Critical QNAP NAS vulnerability fixed, update your device ASAP! (CVE-2022-27596) - New York Tech Media

Trust: 4.75

Fetched: Feb. 1, 2023, 9:19 a.m., Published: Jan. 31, 2023, 9:55 a.m.
 Vulnerabilities: injection attack, sql injection
Affected productsExternal IDs
db: NVD ids: CVE-2022-27596

QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates - Cyber Security Reviews

Trust: 4.75

Fetched: Feb. 1, 2023, 9:19 a.m., Published: Jan. 31, 2023, 9:50 a.m.
 Vulnerabilities: injection attack, sql injection, code injection
Affected productsExternal IDs
db: NVD ids: CVE-2022-27596

Over 4,000 Sophos Firewall devices vulnerable to RCE attacks - SPIXNET C2S

Related entries in the VARIoT vulnerabilities database: VAR-202209-1931

Trust: 4.5

Fetched: Feb. 1, 2023, 9:18 a.m., Published: Jan. 24, 2023, 3:55 p.m.
 Vulnerabilities: authentication bypass, code execution, sql injection...
Affected productsExternal IDs
vendor: sophos model: xg firewall
vendor: sophos model: firewall
db: NVD ids: CVE-2022-3236, CVE-2022-1040

Critical QNAP NAS vulnerability fixed, update your device ASAP! (CVE-2022-27596) | Vumetric Cyber Portal

Trust: 3.5

Fetched: Feb. 1, 2023, 9:17 a.m., Published: Feb. 1, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-27596

Nozomi Networks Discovers Nine Vulnerabilities Affecting Sewio RTLS Studio - Security Boulevard

Trust: 3.5

Fetched: Feb. 1, 2023, 9:16 a.m., Published: Jan. 31, 2023, 10:30 a.m.
 Vulnerabilities: path traversal, os command injection, cross-site scripting...
Affected productsExternal IDs
db: NVD ids: CVE-2022-47917, CVE-2022-45444, CVE-2022-47911, CVE-2022-41989, CVE-2022-45127, CVE-2022-46733, CVE-2022-47395, CVE-2022-43455, CVE-2022-43483

Week in review: ChatGPT cybersecurity, critical RCE vulnerabilities found in git, Riot Games breached - Help Net Security

Related entries in the VARIoT vulnerabilities database: VAR-202212-1751

Trust: 4.5

Fetched: Feb. 1, 2023, 9:16 a.m., Published: Jan. 28, 2023, 11:49 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: macos
vendor: apple model: watchos
vendor: riot model: riot
db: NVD ids: CVE-2022-31711, CVE-2022-31704, CVE-2022-31710, CVE-2022-31706, CVE-2022-34689, CVE-2022-42856

134 million attacks on vulnerable IoT devices around the world and it's all the fault of one mistake

Trust: 3.75

Fetched: Feb. 1, 2023, 9:15 a.m., Published: Jan. 31, 2023, 6:42 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: asus model: routers
vendor: asus model: asus
vendor: palo model: networks
vendor: palo alto networks model: networks
vendor: huawei model: huawei
db: NVD ids: CVE-2021-35394

QNAP Rolls Out Urgent Patch to Fix SQL Injection Flaw in NAS Devices

Trust: 5.25

Fetched: Feb. 1, 2023, 9:14 a.m., Published: Feb. 10, 2023, midnight
 Vulnerabilities: sql injection
Affected productsExternal IDs
db: NVD ids: CVE-2022-27596

OTORIO Reports Vulnerabilities in Sierra Wireless AirLink IIoT

Related entries in the VARIoT vulnerabilities database: VAR-201905-0851

Trust: 4.5

Fetched: Feb. 1, 2023, 9:13 a.m., Published: Feb. 4, 2023, midnight
 Vulnerabilities: code execution, command execution
Affected productsExternal IDs
vendor: sierra model: es450
vendor: sierra model: mp70
vendor: sierra model: aleos
vendor: sierra model: rv50x
vendor: sierra model: gx450
vendor: sierra model: rv50
vendor: sierra wireless model: es450
vendor: sierra wireless model: mp70
vendor: sierra wireless model: aleos
vendor: sierra wireless model: rv50x
vendor: sierra wireless model: gx450
vendor: sierra wireless model: rv50
db: NVD ids: CVE-2022-46649, CVE-2022-46650, CVE-2018-4061

Critical QNAP Vulnerability Leads to Code Injection - SecurityWeek

Trust: 4.75

Fetched: Feb. 1, 2023, 9:13 a.m., Published: Jan. 31, 2023, 12:52 p.m.
 Vulnerabilities: sql injection, code injection
Affected productsExternal IDs
db: NVD ids: CVE-2022-27596