Sign-up

VARIoT news about IoT security

Update Canonical Ubuntu Desktop: USN-7830-1: FFmpeg vulnerabilities

Trust: 6.0

Fetched: Oct. 28, 2025, 9:30 a.m., Published: Jan. 28, 7830, midnight
 Vulnerabilities: buffer overflow, denial of service, request forgery
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2025-6605, CVE-2025-7700, CVE-2023-6603, CVE-2025-10256, CVE-2025-9951

Linux Distros Unpatched Vulnerability : CVE-2022-50538 | TenableĀ®

Trust: 4.0

Fetched: Oct. 28, 2025, 9:29 a.m., Published: Oct. 10, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu_linux
db: NVD ids: CVE-2022-50538

Statement on OS command injection vulnerabilities on Omada gateways (CVE-2025-6541 and CVE-2025-6542) | Omada Network Support

Trust: 4.75

Fetched: Oct. 28, 2025, 9:28 a.m., Published: Oct. 7, 2025, midnight
 Vulnerabilities: command injection, os command injection
Affected productsExternal IDs
db: NVD ids: CVE-2025-6541, CVE-2025-6542

OvrC Platform Weaknesses Leave IoT Devices Vulnerable to Remote Attacks and Code Execution - Breach Spot

Trust: 5.75

Fetched: Oct. 28, 2025, 9:27 a.m., Published: Oct. 27, 2025, 9:15 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: home
db: NVD ids: CVE-2023-28386, CVE-2024-50381, CVE-2023-28649, CVE-2023-31241

Veeder-Root TLS4B Automatic Tank Gauge System | CISA

Trust: 4.5

Fetched: Oct. 28, 2025, 9:24 a.m., Published: Oct. 1, 2025, midnight
 Vulnerabilities: command injection, integer overflow, denial of service...
Affected productsExternal IDs
db: NVD ids: CVE-2025-58428, CVE-2025-55067

Rockwell Automation 1783-NATR | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202510-1230, VAR-202510-1054, VAR-202510-0712

Trust: 4.5

Fetched: Oct. 28, 2025, 9:23 a.m., Published: -
 Vulnerabilities: cross-site scripting, request forgery, cross-site request forgery
Affected productsExternal IDs
db: NVD ids: CVE-2025-7330, CVE-2025-7328, CVE-2025-7329

Chain of security weaknesses found in smart air compressor model - Help Net Security

Trust: 4.75

Fetched: Oct. 28, 2025, 9:23 a.m., Published: Oct. 28, 2025, 6:30 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: wireshark model: wireshark

Major Vulnerabilities Found in TP-Link VPN Routers - Infosecurity Magazine

Related entries in the VARIoT vulnerabilities database: VAR-202406-0858

Trust: 4.75

Fetched: Oct. 28, 2025, 9:23 a.m., Published: Oct. 23, 2025, 12:30 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: tp-link model: routers
db: NVD ids: CVE-2024-21827, CVE-2025-7850, CVE-2025-7851

HPESBNW04957 rev.1 - HPE Aruba Networking AOS-10 and AOS-8 Mobility Conductor, Controllers, and Gateways, Multiple Vulnerabilities

Trust: 3.5

Fetched: Oct. 28, 2025, 9:22 a.m., Published: -
 Vulnerabilities: command injection, code execution, denial of service...
Affected productsExternal IDs
db: NVD ids: CVE-2025-37137, CVE-2025-37143, CVE-2025-37134, CVE-2025-37140, CVE-2025-37141, CVE-2025-37145, CVE-2025-37135, CVE-2025-37133, CVE-2025-37132, CVE-2025-37139, CVE-2025-37144, CVE-2025-37138, CVE-2025-37142, CVE-2025-37136

81% Router Usres Have Not Changed Default Admin Passwords, Exposing Devices

Trust: 3.5

Fetched: Oct. 28, 2025, 9:21 a.m., Published: Oct. 28, 2025, 10:36 a.m.
 Vulnerabilities: default credentials, default password
Affected productsExternal IDs
vendor: wireshark model: wireshark

ERROR: The request could not be satisfied

Trust: 3.25

Fetched: Oct. 28, 2025, 9:21 a.m., Published: Oct. 28, 2025, midnight
 Vulnerabilities: configuration error
Affected productsExternal IDs

CVE-2025-62777 - MZK-DP300N Telnet Hard-Coded Credentials Vulnerability

Trust: 3.0

Fetched: Oct. 28, 2025, 9:20 a.m., Published: Oct. 28, 2025, 5:15 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-62777

Take Action: Out-of-band update to address a vulnerability in Windows Server Update Services (WSUS) - M365 Admin

Trust: 3.25

Fetched: Oct. 28, 2025, 9:20 a.m., Published: Oct. 24, 2025, 10:53 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-59287

CVE-2025-26452: Privilege Escalation Vulnerability in ResourcesImpl.java - Ameeba Exploit Tracker

Trust: 5.0

Fetched: Oct. 28, 2025, 9:18 a.m., Published: Nov. 30, 0001, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2025-26452

WhatsApp Hack Uncovers 2 Low-Risk Vulnerabilities, No Arbitrary Code Execution - CVE Vulnerability Alerts

Trust: 5.5

Fetched: Oct. 28, 2025, 9:17 a.m., Published: Oct. 28, 2025, 5:57 a.m.
 Vulnerabilities: memory corruption, code execution
Affected productsExternal IDs
vendor: apple model: macos
db: NVD ids: CVE-2025-30401, CVE-2025-55177

Critical Apple Security Updates: Why You Need to Update Your Devices Now

Related entries in the VARIoT vulnerabilities database: VAR-202501-3666

Trust: 5.5

Fetched: Oct. 28, 2025, 9:17 a.m., Published: Oct. 27, 2025, midnight
 Vulnerabilities: memory corruption, code execution, privilege escalation
Affected productsExternal IDs
vendor: apple model: software update
vendor: apple model: ipad
vendor: apple model: macos
vendor: apple model: iphone
db: NVD ids: CVE-2025-24200, CVE-2025-43357, CVE-2025-24085, CVE-2025-24201, CVE-2025-43300, CVE-2025-43298, CVE-2025-43304, CVE-2025-43400, CVE-2025-48384

ERROR: The request could not be satisfied

Trust: 3.25

Fetched: Oct. 26, 2025, 9:52 a.m., Published: -
 Vulnerabilities: configuration error
Affected productsExternal IDs

Ngioweb Botnet Powers NSOCKS Residential Proxy Network by Targeting IoT Devices - Breach Spot

Trust: 5.0

Fetched: Oct. 26, 2025, 9:51 a.m., Published: Oct. 25, 2025, 1 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: check point model: check point

Update Canonical Ubuntu Desktop: USN-7831-1: Erlang vulnerabilities

Trust: 3.0

Fetched: Oct. 26, 2025, 9:50 a.m., Published: Jan. 26, 7831, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu

Update Canonical Ubuntu Desktop: USN-7828-1: Python LDAP vulnerabilities

Trust: 4.25

Fetched: Oct. 26, 2025, 9:49 a.m., Published: Jan. 26, 7828, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2025-61912, CVE-2025-61911