Sign-up

VARIoT news about IoT security

Belkin’s Wemo Smart Plug Mini V2 has a security problem that won’t be fixed - The Verge

Trust: 3.0

Fetched: May 17, 2023, 9:06 a.m., Published: May 16, 2023, 5:46 p.m.
 Vulnerabilities: -
Affected productsExternal IDs

Critical RCE vulnerability in Cisco phone adapters, no update available (CVE-2023-20126) - Help Net Security

Trust: 3.75

Fetched: May 16, 2023, 9:13 a.m., Published: May 5, 2023, 9:50 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: spa112 2-port phone adapter
vendor: cisco model: spa112
vendor: cisco model: series
db: NVD ids: CVE-2023-20126

Netgear router exploit chain detailed | SC Media

Trust: 3.0

Fetched: May 16, 2023, 9:12 a.m., Published: May 15, 2023, 8 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: netgear model: netgear router
vendor: netgear model: router

Amazon releases urgent Fire TV upgrade to fix three serious flaws | Express.co.uk

Trust: 4.0

Fetched: May 16, 2023, 9:11 a.m., Published: May 3, 2023, 2:43 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: amazon model: fire tv
db: NVD ids: CVE-2023-1384, CVE-2023-1383, CVE-2023-1385

Advantech's industrial serial device servers open to attack - Help Net Security

Trust: 4.5

Fetched: May 16, 2023, 9:11 a.m., Published: May 15, 2023, 11:38 a.m.
 Vulnerabilities: memory leak, command injection, buffer overflow...
Affected productsExternal IDs
vendor: advantech model: eki-1521
vendor: advantech model: eki-1524
vendor: advantech model: eki-1521-ce

Dump these Cisco phone adapters because it's not fixing them • The Register

Trust: 3.75

Fetched: May 14, 2023, 9:17 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: umbrella
vendor: cisco model: spa112
vendor: cisco model: routers
vendor: cisco model: cisco routers
vendor: cisco model: series
vendor: cisco model: unified communications
db: NVD ids: CVE-2023-20126

VMware releases security updates for Workstation, Fusion exploits | SC Media

Trust: 4.0

Fetched: May 14, 2023, 9:16 a.m., Published: April 26, 2023, 9:46 p.m.
 Vulnerabilities: privilege escalation, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-20869, CVE-2023-20871, CVE-2023-20870

Alerts & Security Vulnerability Announcements | Ricoh Canada

Related entries in the VARIoT vulnerabilities database: VAR-202107-1010, VAR-202106-0639

Trust: 5.75

Fetched: May 14, 2023, 9:16 a.m., Published: April 4, 2023, midnight
 Vulnerabilities: information leakage, code execution, information leak
Affected productsExternal IDs
vendor: treck model: tcp/ip stack
db: NVD ids: CVE-2021-34527, CVE-2021-1675

Chaining Five Vulnerabilities to Exploit Netgear Nighthawk RAX30 Routers at Pwn2Own Toronto 2022 | Claroty

Related entries in the VARIoT vulnerabilities database: VAR-202305-0024, VAR-202305-0201, VAR-202305-0252, VAR-202305-0268, VAR-202305-0221

Trust: 6.25

Fetched: May 14, 2023, 9:15 a.m., Published: May 11, 2023, midnight
 Vulnerabilities: command injection, code execution, authentication bypass...
Affected productsExternal IDs
vendor: canary model: canary
vendor: netgear model: router
vendor: netgear model: netgear router
db: NVD ids: CVE-2023-27357, CVE-2023-27369, CVE-2023-27370, CVE-2023-27367, CVE-2023-27368

Attackers are trying to exploit old DVR vulnerabilities (CVE-2018-9995, CVE-2016-20016) - Help Net Security

Related entries in the VARIoT vulnerabilities database: VAR-201804-1666

Trust: 4.75

Fetched: May 14, 2023, 9:15 a.m., Published: May 3, 2023, 1:30 p.m.
 Vulnerabilities: authentication bypass, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2016-20016, CVE-2018-9995

2023-04 Security Bulletin: Junos OS: The kernel will crash when certain USB devices are inserted (CVE-2023-28975)

Trust: 3.25

Fetched: May 14, 2023, 9:14 a.m., Published: -
 Vulnerabilities: kernel crash
Affected productsExternal IDs
db: NVD ids: CVE-2023-28975

AndoryuBot DDoS Botnet Exploiting Ruckus AP Vulnerability - SecurityWeek

Trust: 3.0

Fetched: May 14, 2023, 9:14 a.m., Published: May 9, 2023, 8:56 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-25717

7 Steps to Improve IoT Security - BreachLock

Trust: 3.75

Fetched: May 12, 2023, 9:18 a.m., Published: May 4, 2023, 7:18 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security

Siemens SIMATIC Industrial Products | CISA

Trust: 3.75

Fetched: May 12, 2023, 9:16 a.m., Published: Jan. 10, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: simatic ipc647e
vendor: siemens model: simatic ipc847e
vendor: siemens model: simatic ipc627e
vendor: siemens model: simatic ipc427e
vendor: siemens model: simatic ipc477e pro
vendor: siemens model: simatic field pg m5
vendor: siemens model: simatic ipc477e
vendor: siemens model: simatic itp1000
vendor: siemens model: simatic
vendor: siemens model: simatic ipc677e
db: NVD ids: CVE-2022-21198

Teltonika Remote Management System and RUT Model Routers | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202305-2099, VAR-202305-2096

Trust: 4.5

Fetched: May 12, 2023, 9:15 a.m., Published: March 10, 2023, midnight
 Vulnerabilities: command execution, code execution, os command injection...
Affected productsExternal IDs
db: NVD ids: CVE-2023-2587, CVE-2023-32350, CVE-2023-2588, CVE-2023-32348, CVE-2023-2586, CVE-2023-32349, CVE-2023-32347, CVE-2023-32346

KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932 - Microsoft Support

Trust: 3.75

Fetched: May 12, 2023, 9:14 a.m., Published: May 9, 2023, midnight
 Vulnerabilities: security feature bypass, feature bypass
Affected productsExternal IDs
db: NVD ids: CVE-2023-24932

Microsoft Patch Tuesday, May 2023 Security Update Review - Qualys ThreatPROTECT

Trust: 4.75

Fetched: May 12, 2023, 9:13 a.m., Published: -
 Vulnerabilities: code execution, security feature bypass, denial of service...
Affected productsExternal IDs
db: NVD ids: CVE-2023-24954, CVE-2023-24932, CVE-2023-29325, CVE-2023-24941, CVE-2023-29324, CVE-2013-3900, CVE-2023-28283, CVE-2023-24903, CVE-2023-24949, CVE-2023-24950, CVE-2023-29336, CVE-2023-24902, CVE-2023-24955, CVE-2023-24943

Update now! May 2023 Patch Tuesday tackles 3 zero-day vulnerabilities

Trust: 4.5

Fetched: May 12, 2023, 9:13 a.m., Published: May 12, 2023, midnight
 Vulnerabilities: security feature bypass, code execution, feature bypass
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2023-24941, CVE-2023-24932, CVE-2023-29325, CVE-2023-29336

Amazon Fire Stick users issued urgent warning over security vulnerabilities - Chronicle Live

Trust: 4.25

Fetched: May 10, 2023, 9:17 a.m., Published: May 3, 2023, 9:37 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: amazon model: fire tv
db: NVD ids: CVE-2023-1384, CVE-2023-1383, CVE-2023-1385

Critical Vulnerabilities In Illumina Universal Copy Service Devices

Trust: 3.75

Fetched: May 10, 2023, 9:16 a.m., Published: May 1, 2023, 7:21 p.m.
 Vulnerabilities: code execution, privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2023-1968, CVE-2023-1966