Sign-up

VARIoT news about IoT security

CVE-2025-8286: Serious Vulnerability in Güralp FMUS Series Seismic Monitoring Devices - Cybersecurity Exploit Tracker by Ameeba

Trust: 3.25

Fetched: Aug. 10, 2025, 9:53 a.m., Published: Aug. 7, 2025, 12:13 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-8286

SonicWall Firewall Devices 0-day Vulnerability Actively Exploited by Akira Ransomware

Trust: 3.0

Fetched: Aug. 10, 2025, 9:53 a.m., Published: Aug. 2, 2025, 7:35 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: sonicwall model: sma 100
vendor: sonicwall model: remote access
vendor: sonicwall model: ssl vpn

14 Best Network Scanner for Effortless Network Management

Trust: 3.5

Fetched: Aug. 10, 2025, 9:52 a.m., Published: March 1, 2018, 11:23 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: delegate model: delegate
vendor: wireshark model: wireshark

CISA Warns of Active Exploitation of D-Link Devices - Rewterz

Related entries in the VARIoT vulnerabilities database: VAR-202009-0782, VAR-202009-0783

Trust: 5.75

Fetched: Aug. 10, 2025, 9:46 a.m., Published: Aug. 6, 2025, 1:27 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: trend micro model: security
vendor: d-link model: dcs-2670l
vendor: d-link model: dnr-322l
vendor: d-link model: dcs-2530l
vendor: trend model: security
db: NVD ids: CVE-2020-40799, CVE-2020-25078, CVE-2020-25079

CVE-2025-8636 : Firmware Update Command Injection Vulnerability in Kenwood DMX958XR Devices

Related entries in the VARIoT vulnerabilities database: VAR-202508-0144

Trust: 3.0

Fetched: Aug. 10, 2025, 9:45 a.m., Published: Aug. 6, 2025, 1:17 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2025-8636

What is IoT Security? - GeeksforGeeks

Trust: 3.75

Fetched: Aug. 10, 2025, 9:39 a.m., Published: March 31, 2024, 6:04 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities

Trust: 5.0

Fetched: Aug. 10, 2025, 9:39 a.m., Published: Aug. 6, 2025, 3:56 p.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
vendor: cisco model: identity services engine
vendor: cisco model: cisco identity services engine

CVE-2025-8637 : Firmware Update Command Injection Vulnerability in Kenwood DMX958XR

Trust: 4.0

Fetched: Aug. 10, 2025, 9:39 a.m., Published: Aug. 6, 2025, 1:17 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2025-8637

Critical Command Injection Flaw in UniFi Access Devices - Advisories

Trust: 5.0

Fetched: Aug. 10, 2025, 9:38 a.m., Published: Aug. 9, 2025, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: ubiquiti model: unifi
db: NVD ids: CVE-2025-27212

U.S. Agencies Ordered to Patch Actively Exploited D-Link Security Flaws

Related entries in the VARIoT vulnerabilities database: VAR-202211-1888, VAR-202009-0782, VAR-202009-0783

Trust: 6.0

Fetched: Aug. 10, 2025, 9:37 a.m., Published: Aug. 6, 2025, 8:48 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: d-link model: dcs-2670l
vendor: d-link model: dnr-322l
vendor: d-link model: dcs-2530l
db: NVD ids: CVE-2022-40799, CVE-2020-25078, CVE-2020-25079

Cross-Site Scripting (XSS) Testing for Websites | BrowserStack

Trust: 3.25

Fetched: Aug. 10, 2025, 9:36 a.m., Published: Aug. 4, 2025, 8:27 a.m.
 Vulnerabilities: session hijacking, cross-site scripting
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: android

CVE-2025-8635 : Command Injection Vulnerability in Kenwood DMX958XR Firmware

Trust: 3.0

Fetched: Aug. 10, 2025, 9:36 a.m., Published: Aug. 6, 2025, 1:17 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2025-8635

CVE-2025-41683 - Apache Device Command Injection Vulnerability

Trust: 5.25

Fetched: Aug. 10, 2025, 9:35 a.m., Published: July 23, 2025, 9:15 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2025-41683

Critical Security Flaw in Packet Power Devices Exposes Global Infrastructure to Remote Attacks | Windows Forum

Trust: 3.75

Fetched: Aug. 10, 2025, 9:34 a.m., Published: Aug. 7, 2025, 4:08 p.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2025-8284

Raft of firmware flaws on Dell business laptops could lead to device compromise - Cyber Daily

Trust: 4.75

Fetched: Aug. 10, 2025, 9:34 a.m., Published: Aug. 7, 2025, 1:42 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: dell model: latitude
db: NVD ids: CVE-2025-25215, CVE-2025-24919, CVE-2025-24922, CVE-2025-24311, CVE-2025-25050

Vulnerability Management Process: 5 Essential Steps | SentinelOne

Trust: 3.75

Fetched: Aug. 10, 2025, 9:32 a.m., Published: July 25, 2025, 6:27 a.m.
 Vulnerabilities: default credentials
Affected productsExternal IDs
vendor: trend model: security

SonicWall: Attackers did not exploit zero-day vulnerability to compromise Gen 7 firewalls - Help Net Security

Trust: 3.75

Fetched: Aug. 10, 2025, 9:32 a.m., Published: Aug. 7, 2025, 11:27 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: sonicwall model: ssl vpn
vendor: sonicwall model: sonicos
db: NVD ids: CVE-2024-40766

Ransomware spike linked to potential zero-day flaw in SonicWall devices | Cybersecurity Dive

Trust: 4.0

Fetched: Aug. 10, 2025, 9:32 a.m., Published: Aug. 1, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: sonicwall model: sonicos
db: NVD ids: CVE-2024-40766

SonicWall SMA Devices 0-Day RCE Vulnerability Exploited to Deploy OVERSTEP Ransomware

Trust: 4.0

Fetched: Aug. 10, 2025, 9:32 a.m., Published: July 17, 2025, 8:18 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: sonicwall model: sma 100
db: NVD ids: CVE-2025-328192025, CVE-2021-200382021, CVE-2021-200352021, CVE-2024-384752024, CVE-2021-200392021

CVE-2025-20702: Airoha Bluetooth Audio SDK Unauthorized Access Vulnerability - Cybersecurity Exploit Tracker by Ameeba

Trust: 3.0

Fetched: Aug. 10, 2025, 9:31 a.m., Published: Aug. 8, 2025, 10:29 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-20702