Sign-up

VARIoT news about IoT security

Cisco warns critical RCE bug in end-of-life IP phone adapters won't get patched | SC Media

Trust: 3.75

Fetched: May 5, 2023, 9:18 a.m., Published: May 4, 2023, 9:38 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: spa 112
vendor: cisco model: ip phone
vendor: cisco model: ip phones
vendor: cisco model: series
vendor: cisco model: small business
vendor: cisco systems model: spa 112
vendor: cisco systems model: ip phone
vendor: cisco systems model: ip phones
vendor: cisco systems model: series
vendor: cisco systems model: small business
db: NVD ids: CVE-2023-20126

Report Vulnerability | Solplanet

Trust: 3.75

Fetched: May 5, 2023, 9:18 a.m., Published: March 1, 2023, 2:37 p.m.
 Vulnerabilities: sql injection, information disclosure, command execution...
Affected productsExternal IDs

List devices by recommendation | Microsoft Learn

Trust: 3.25

Fetched: May 5, 2023, 9:17 a.m., Published: Dec. 18, 2020, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: chrome

CISA Issues a New Warning for Vulnerabilities in Industrial Control Systems (ICS)

Related entries in the VARIoT vulnerabilities database: VAR-202303-1622, VAR-202303-1661

Trust: 4.75

Fetched: May 5, 2023, 9:17 a.m., Published: March 23, 2023, 10 a.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: siemens model: ruggedcom
vendor: siemens model: scalance w-700
vendor: siemens model: scalance
vendor: wellintech model: kinghistorian
vendor: snort model: snort
db: NVD ids: CVE-2023-1133, CVE-2022-43663, CVE-2023-1140, CVE-2022-45124, CVE-2023-1136

Hackers Exploiting 5-year-old Unpatched Vulnerability in TBK DVR Devices

Related entries in the VARIoT vulnerabilities database: VAR-201804-1666

Trust: 4.75

Fetched: May 5, 2023, 9:16 a.m., Published: May 3, 2023, 7:30 a.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2016-20016, CVE-2018-9995

Cisco SPA112 2-Port Phone Adapters Remote Command Execution Vulnerability

Trust: 4.75

Fetched: May 5, 2023, 9:16 a.m., Published: May 3, 2023, 3:55 p.m.
 Vulnerabilities: command execution
Affected productsExternal IDs
vendor: cisco model: spa112 2-port phone adapter
vendor: cisco model: router
vendor: cisco model: spa112
vendor: cisco model: spa122

QNAP ‘urgently’ fixing vulnerabilities in multiple systems

Trust: 3.0

Fetched: May 5, 2023, 9:16 a.m., Published: April 6, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-27597, CVE-2022-27598

Biomedical device vulnerability. Ransomware and the US Marshals. US DoJ emphasizes disruption. Updates on the hybrid war. OT risk-sharing.

Trust: 3.5

Fetched: May 5, 2023, 9:15 a.m., Published: May 1, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: android
vendor: google model: home
vendor: google model: pixel
vendor: cisco model: guard
vendor: cisco model: h
vendor: cisco model: series
vendor: cisco model: spark

Mobile Vulnerability Assessment: Tools and Techniques

Trust: 3.0

Fetched: May 5, 2023, 9:14 a.m., Published: May 3, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: blackberry model: blackberry

Hackers exploit 5-year-old unpatched flaw in TBK DVR devices

Related entries in the VARIoT vulnerabilities database: VAR-201804-1666

Trust: 3.75

Fetched: May 3, 2023, 9:16 a.m., Published: -
 Vulnerabilities: code execution, authentication bypass, command execution
Affected productsExternal IDs
db: NVD ids: CVE-2016-20016, CVE-2018-9995

Top Trending CVEs of March 2023 | NopSec

Trust: 4.5

Fetched: May 3, 2023, 9:15 a.m., Published: March 30, 2023, 4:22 p.m.
 Vulnerabilities: privilege escalation, code execution, buffer overflow...
Affected productsExternal IDs
vendor: google model: pixel
vendor: vivo model: modems
vendor: vivo model: modem
vendor: samsung model: mobile
vendor: samsung model: mobile devices
vendor: samsung model: exynos
db: NVD ids: CVE-2023-26497, CVE-2023-23415, CVE-2023-23392, CVE-2023-26498, CVE-2023-26496, CVE-2023-23397, CVE-2023-24033

Cisco TelePresence Collaboration Endpoint and RoomOS Arbitrary File Write Vulnerabilities

Trust: 5.5

Fetched: May 3, 2023, 9:14 a.m., Published: April 19, 2023, 3:47 p.m.
 Vulnerabilities: privilege escalation, file overwrite vulnerability, improper access control...
Affected productsExternal IDs
vendor: cisco model: dx80
vendor: cisco model: telepresence collaboration endpoint
vendor: cisco model: telepresence mx series
vendor: cisco model: series
vendor: cisco model: webex
vendor: cisco model: cisco webex
vendor: cisco model: telepresence sx series
vendor: cisco model: cisco telepresence
vendor: cisco model: telepresence
vendor: cisco model: telepresence ce
vendor: cisco model: roomos
vendor: cisco model: dx70
db: NVD ids: CVE-2023-20092, CVE-2023-20090, CVE-2023-20004, CVE-2023-20094, CVE-2023-20093, CVE-2023-20091

Microsoft Teams Rooms security - Microsoft Teams | Microsoft Learn

Trust: 3.75

Fetched: May 3, 2023, 9:14 a.m., Published: April 18, 2023, midnight
 Vulnerabilities: default password
Affected productsExternal IDs
vendor: google model: android

Cisco Cyber Vision Data Sheet - Cisco

Trust: 3.5

Fetched: May 2, 2023, 9:22 a.m., Published: April 24, 2023, 1:24 p.m.
 Vulnerabilities: default password
Affected productsExternal IDs
vendor: snort model: snort
vendor: cisco model: cisco identity services engine
vendor: cisco model: cisco integrated management controller
vendor: cisco model: integrated management controller
vendor: cisco model: identity services engine
vendor: cisco model: series
vendor: cisco model: ic3000
vendor: cisco model: ucs manager
vendor: cisco model: series switch
vendor: cisco model: ucs director
vendor: cisco model: routers
vendor: cisco model: firepower
vendor: cisco model: ucs performance manager
vendor: cisco model: cisco ucs manager
vendor: cisco model: cisco imc supervisor
vendor: cisco model: series routers
vendor: cisco model: router
vendor: cisco model: imc supervisor
vendor: cisco model: catalyst
vendor: cisco model: cisco ucs director
vendor: cisco model: cisco ic3000 industrial compute gateway
vendor: cisco model: ic3000 industrial compute gateway
vendor: cisco model: ucs central software
vendor: cisco model: umbrella

CVE-2023-20864: VMware Aria Operations for Logs Deserialization Vulnerability - Blog | Tenable®

Trust: 5.5

Fetched: May 2, 2023, 9:22 a.m., Published: April 21, 2023, 2:04 p.m.
 Vulnerabilities: os command injection, directory traversal, command injection...
Affected productsExternal IDs
vendor: trend model: security
vendor: trend micro model: security
db: NVD ids: CVE-2022-31706, CVE-2023-20864, CVE-2023-20865, CVE-2022-31710

Hackers can open Nexx garage doors remotely, and there's no fix

Trust: 5.0

Fetched: May 2, 2023, 9:21 a.m., Published: -
 Vulnerabilities: improper access control
Affected productsExternal IDs
db: NVD ids: CVE-2023-1749, CVE-2023-1748, CVE-2023-1751, CVE-2023-1752, CVE-2023-1750

Full Disclosure: Security vulnerabilities in Telit Cinterion IoT (formerly Thales) devices

Trust: 3.5

Fetched: May 2, 2023, 9:19 a.m., Published: May 2, 2020, midnight
 Vulnerabilities: path traversal, code execution, privilege elevation
Affected productsExternal IDs
db: NVD ids: CVE-2020-15858

Fortinet FortiOS and Fortiproxy Vulnerability | CVE-2023-25610 - YouTube

Trust: 3.0

Fetched: May 2, 2023, 9:19 a.m., Published: March 9, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-25610

Mirai botnet hackers targeting TP-Link router zero-day vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-202303-1268

Trust: 3.75

Fetched: May 2, 2023, 9:18 a.m., Published: April 25, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: tp-link model: routers
db: NVD ids: CVE-2023-1389

US, UK: Russia Exploiting Old Vulnerability to Hack Cisco Routers - SecurityWeek

Related entries in the VARIoT vulnerabilities database: VAR-201707-0964

Trust: 3.75

Fetched: May 2, 2023, 9:17 a.m., Published: April 19, 2023, 9:03 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: cisco routers
vendor: cisco model: router
vendor: cisco model: routers
vendor: cisco model: ios xe software
vendor: cisco model: ios xe
vendor: cisco model: cisco ios
db: NVD ids: CVE-2017-6742