Sign-up

VARIoT news about IoT security

React2Shell Vulnerability Exploited to Build Massive IoT Botnet - Hackers Arise

Related entries in the VARIoT vulnerabilities database: VAR-202303-1268

Trust: 4.5

Fetched: Jan. 13, 2026, 9:44 a.m., Published: Jan. 8, 2026, 1:56 p.m.
 Vulnerabilities: sql injection, code execution
Affected productsExternal IDs
vendor: hikvision model: hikvision
db: NVD ids: CVE-2025-55182, CVE-2023-1389, CVE-2025-24893, CVE-2025-66478

CVE-2023-44112: Device Authentication Module Out-of-Bounds Access Vulnerability - Ameeba Exploit Tracker

Trust: 4.75

Fetched: Jan. 13, 2026, 9:42 a.m., Published: Nov. 30, 0001, midnight
 Vulnerabilities: bounds access flaw, bounds access vulnerability
Affected productsExternal IDs
db: NVD ids: CVE-2023-44112

CVE-2026-0855 - Merit LILIN|IP Camera - OS Command Injection

Trust: 6.0

Fetched: Jan. 13, 2026, 9:41 a.m., Published: Jan. 12, 2026, 7:16 a.m.
 Vulnerabilities: command injection, os command injection
Affected productsExternal IDs
db: NVD ids: CVE-2026-0855

What Is Industrial Internet of Things (IIoT) Security? - Palo Alto Networks

Trust: 4.25

Fetched: Jan. 13, 2026, 9:40 a.m., Published: Jan. 6, 2026, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: palo alto networks model: networks
vendor: palo model: networks

Cisco identifies vulnerability in ISE network access control devices

Trust: 4.75

Fetched: Jan. 13, 2026, 9:39 a.m., Published: Jan. 8, 2026, midnight
 Vulnerabilities: default credentials
Affected productsExternal IDs
vendor: cisco model: identity services engine
vendor: cisco model: network access control
vendor: cisco systems model: identity services engine
vendor: cisco systems model: network access control
db: NVD ids: CVE-2026-20029

CVE-2025-3646 - Petlibro Smart Pet Feeder Platform through 1.7.31 Authorization Bypass via Device Share API

Trust: 4.0

Fetched: Jan. 13, 2026, 9:38 a.m., Published: Jan. 4, 2026, 12:15 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-3646

RondoDox Botnet Exploits Critical React2Shell Flaw to Hijack IoT Devices and Web Servers

Related entries in the VARIoT vulnerabilities database: VAR-202303-1268

Trust: 3.75

Fetched: Jan. 13, 2026, 9:34 a.m., Published: Jan. 1, 2026, 9:19 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-55182, CVE-2023-1389, CVE-2025-24893

CVE-2026-0853 A-Plus Video Technologies AP-RM864P, AP-RM86... CVETodo

Trust: 3.75

Fetched: Jan. 13, 2026, 9:34 a.m., Published: Jan. 12, 2026, 4:15 a.m.
 Vulnerabilities: default credentials, information disclosure
Affected productsExternal IDs
db: NVD ids: CVE-2026-08531, CVE-2026-0853

CVE-2025-68657 - espressif/usb_host_hid Double-Free Race Condition in USB Host HID Device Close Path - SecAlerts

Trust: 3.0

Fetched: Jan. 13, 2026, 9:33 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-68657

Patchday: Dolby Digital security vulnerability in Android closed | heise online

Trust: 3.5

Fetched: Jan. 13, 2026, 9:31 a.m., Published: Jan. 6, 2026, 12:20 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: google model: android
db: NVD ids: CVE-2025-54957

TOTOLINK EX200 Vulnerability Allows Full Device Takeover via Unauthenticated Telnet

Trust: 3.0

Fetched: Jan. 13, 2026, 9:31 a.m., Published: Jan. 7, 2026, 1:55 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-65606

CVE vulnerability via command injection in D-Link

Trust: 3.25

Fetched: Jan. 13, 2026, 9:30 a.m., Published: Jan. 10, 2026, 9:30 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs

CVE-2025-66176 - Hikvision Access Control Stack Overflow Vulnerability

Trust: 4.0

Fetched: Jan. 13, 2026, 9:29 a.m., Published: Jan. 13, 2026, 3:16 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: hikvision model: hikvision
db: NVD ids: CVE-2025-66176

IoT vulnerabilities and security in connected devices

Trust: 4.0

Fetched: Jan. 13, 2026, 9:28 a.m., Published: Dec. 20, 2025, 2:43 p.m.
 Vulnerabilities: privilege escalation, default credentials, code execution
Affected productsExternal IDs
vendor: google model: home
vendor: google model: wifi

CVE-2025-64093 - Unauthenticated Remote Code Execution via the device hostname

Trust: 5.0

Fetched: Jan. 13, 2026, 9:27 a.m., Published: Jan. 9, 2026, 10:15 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-64093

Fortinet Under Fire: Network Edge Attacks Start Strong in 2026 - Eclypsium | Supply Chain Security for the Modern Enterprise

Related entries in the VARIoT vulnerabilities database: VAR-202007-0079

Trust: 5.25

Fetched: Jan. 13, 2026, 9:23 a.m., Published: Jan. 8, 2026, 4:56 p.m.
 Vulnerabilities: authentication bypass, authentication flaw
Affected productsExternal IDs
vendor: cisco model: nx-os
vendor: cisco model: routers
vendor: cisco model: cisco nx-os
vendor: cisco model: guard
vendor: trend model: security
vendor: fortigate model: fortios
vendor: sophos model: firewall
vendor: sophos model: endpoint protection
db: NVD ids: CVE-2025-59719, CVE-2024-20399, CVE-2025-59718, CVE-2020-12812

Apple fixes zero-day vulnerabilities in emergency security update | Fox News

Trust: 5.25

Fetched: Jan. 13, 2026, 9:18 a.m., Published: Jan. 13, 2025, midnight
 Vulnerabilities: memory corruption, code execution
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: tvos
vendor: apple model: webkit
vendor: apple model: safari
vendor: apple model: iphone
vendor: apple model: ipad air
vendor: apple model: watchos
vendor: apple model: ipad
vendor: google model: chrome
vendor: google model: android
db: NVD ids: CVE-2025-43529, CVE-2025-14174

Network Edge Attacks Signal Shift Among Cyber Adversaries

Trust: 4.25

Fetched: Jan. 13, 2026, 9:16 a.m., Published: Dec. 23, 2025, 5:25 p.m.
 Vulnerabilities: authentication bypass, privilege escalation, command injection...
Affected productsExternal IDs
vendor: cisco model: routers
vendor: sonicwall model: sma1000
vendor: palo model: networks
vendor: palo model: firewall
db: NVD ids: CVE-2025-23006, CVE-2025-40602, CVE-2025-37164, CVE-2025-59718, CVE-2025-59719

Apple Warns of Zero-day Vulnerability Exploited in Attack (CVE-2025-43529) - Qualys ThreatPROTECT

Trust: 5.5

Fetched: Dec. 23, 2025, 9:38 a.m., Published: -
 Vulnerabilities: memory corruption, code execution
Affected productsExternal IDs
vendor: apple model: ipad air
vendor: apple model: safari
vendor: apple model: webkit
vendor: apple model: macos
vendor: apple model: ipad
vendor: apple model: iphone
vendor: google model: chrome
db: NVD ids: CVE-2025-41474, CVE-2025-43529

Fortinet vulnerabilities prompt pre-holiday warnings | Computer Weekly

Trust: 5.5

Fetched: Dec. 23, 2025, 9:37 a.m., Published: Dec. 18, 2025, midnight
 Vulnerabilities: privilege escalation, input validation vulnerability, authentication bypass
Affected productsExternal IDs
vendor: sonicwall model: sma1000
vendor: asus model: asus
vendor: cisco model: asyncos
vendor: cisco model: asyncos software
vendor: cisco model: series
db: NVD ids: CVE-2025-40602, CVE-2025-59719, CVE-2025-20393, CVE-2025-59718, CVE-2025-69374