Sign-up

VARIoT news about IoT security

WhatsApp 0-Click Vulnerability Exploited Using Malicious DNG File

Trust: 5.5

Fetched: Oct. 12, 2025, 11:07 a.m., Published: Sept. 29, 2025, 10:55 a.m.
 Vulnerabilities: memory corruption, code execution
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: apple model: macos
db: NVD ids: CVE-2025-21043, CVE-2025-55177, CVE-2025-43300

Update Canonical Ubuntu Server: USN-7816-1: DPDK vulnerability

Trust: 3.0

Fetched: Oct. 12, 2025, 11:07 a.m., Published: Jan. 12, 7816, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu

Moxa Warns Users of Critical Vulnerabilities in Cellular and Secure Routers - Breach Spot

Trust: 6.0

Fetched: Oct. 12, 2025, 11:06 a.m., Published: Oct. 12, 2025, 2:15 a.m.
 Vulnerabilities: command execution, privilege escalation
Affected productsExternal IDs
vendor: moxa model: edr-810
db: NVD ids: CVE-2024-9138, CVE-2024-9140

Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability

Trust: 3.5

Fetched: Oct. 12, 2025, 11:05 a.m., Published: Oct. 6, 2025, 6:27 p.m.
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs
vendor: cisco model: ios xe software
vendor: cisco model: ios xe
vendor: cisco model: cisco ios

U.S. CISA adds Oracle, Mozilla, Microsoft Windows, Linux Kernel, and Microsoft IE flaws to its Known Exploited Vulnerabilities catalog

Trust: 3.0

Fetched: Oct. 12, 2025, 11:05 a.m., Published: Oct. 7, 2025, 6:59 a.m.
 Vulnerabilities: memory corruption, privilege escalation, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-61882, CVE-2021-43226, CVE-2021-22555, CVE-2010-3962, CVE-2013-3918, CVE-2010-3765, CVE-2011-3402

Western Digital My Cloud Devices Vulnerability Patched | Luis Oria Seidel posted on the topic | LinkedIn

Trust: 4.25

Fetched: Oct. 12, 2025, 11:05 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-34324

Security Bulletins for HUAWEI Phones/Tablets, October 2025

Trust: 3.75

Fetched: Oct. 12, 2025, 11:04 a.m., Published: Sept. 28, 2025, 10:28 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: huawei model: emui
vendor: huawei model: huawei
db: NVD ids: CVE-2025-41432, CVE-2025-38494, CVE-2025-38352, CVE-2025-52458, CVE-2025-48562, CVE-2025-48547, CVE-2025-48531, CVE-2025-48559, CVE-2025-48535, CVE-2025-32326, CVE-2025-1246, CVE-2025-021701, CVE-2025-48552, CVE-2025-48554, CVE-2025-48526, CVE-2025-32323, CVE-2025-48537, CVE-2025-38495, CVE-2025-32321, CVE-2025-26450, CVE-2025-48553, CVE-2025-48556, CVE-2025-48551, CVE-2024-49714, CVE-2025-26454, CVE-2025-48558, CVE-2025-48538, CVE-2025-48543, CVE-2025-32349

RondoDox Botnet targets 56 flaws across 30+ device types worldwide

Related entries in the VARIoT vulnerabilities database: VAR-202411-0293, VAR-201909-0903, VAR-202007-0064, VAR-202110-1691, VAR-202208-2260, VAR-201502-0201, VAR-202110-1690, VAR-202102-0290, VAR-201806-0941, VAR-202503-0082, VAR-201411-0143, VAR-202303-1268, VAR-202506-0021, VAR-201902-0427, VAR-202501-1344, VAR-201612-0015, VAR-201402-0700, VAR-202507-0531, VAR-201905-0651, VAR-201905-0652, VAR-202102-0338, VAR-201409-1156, VAR-201805-0262

Trust: 3.75

Fetched: Oct. 12, 2025, 11:03 a.m., Published: Oct. 10, 2025, 7:33 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend micro model: security
vendor: tp-link model: routers
vendor: trend model: security
db: NVD ids: CVE-2023-52163, CVE-2024-7029, CVE-2024-10914, CVE-2019-16920, CVE-2020-10987, CVE-2021-41773, CVE-2023-47565, CVE-2022-37129, CVE-2015-2051, CVE-2021-42013, CVE-2022-36553, CVE-2020-25506, CVE-2018-11714, CVE-2025-1829, CVE-2014-1635, CVE-2024-1781, CVE-2025-22905, CVE-2023-1389, CVE-2024-12856, CVE-2022-44149, CVE-2025-5504, CVE-2023-51833, CVE-2019-1663, CVE-2024-12847, CVE-2016-6277, CVE-2025-34037, CVE-2025-7414, CVE-2017-18368, CVE-2023-25280, CVE-2024-3721, CVE-2023-26801, CVE-2017-18369, CVE-2025-4008, CVE-2020-27867, CVE-2014-6271, CVE-2018-10561

Your OnePlus phone is probably at risk from a major SMS vulnerability | The Verge

Trust: 3.75

Fetched: Oct. 10, 2025, 10:22 a.m., Published: Sept. 26, 2025, 12:12 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: oneplus model: oneplus
vendor: oneplus model: oxygenos
db: NVD ids: CVE-2025-10184

CISA Warns of Cisco IOS and IOS XE SNMP Vulnerabilities Exploited in

Trust: 5.5

Fetched: Oct. 10, 2025, 10:22 a.m., Published: Oct. 9, 2025, 1:10 p.m.
 Vulnerabilities: code execution, buffer overflow
Affected productsExternal IDs
vendor: cisco model: cisco ios
vendor: cisco model: ios xe
db: NVD ids: CVE-2025-20352

RondoDox Botnet Targets Over 50 Vulnerabilities to Compromise Routers, CCTV Systems, and Web Servers

Related entries in the VARIoT vulnerabilities database: VAR-202303-1268

Trust: 4.5

Fetched: Oct. 10, 2025, 10:21 a.m., Published: Oct. 10, 2025, 8:36 a.m.
 Vulnerabilities: command injection, memory corruption, authentication bypass...
Affected productsExternal IDs
vendor: tp-link model: routers
vendor: four-faith model: four-faith
vendor: trend model: security
db: NVD ids: CVE-2023-1389, CVE-2024-12856, CVE-2024-3721

AWS Client VPN for macOS Hit by Critical Privilege Escalation Vulnerability

Trust: 4.75

Fetched: Oct. 10, 2025, 10:20 a.m., Published: Oct. 8, 2025, 11:26 a.m.
 Vulnerabilities: code execution, privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2025-11462

Connected and vulnerable: The growing urgency of IoT and mobile security in India, ETCISO

Trust: 3.5

Fetched: Oct. 10, 2025, 10:19 a.m., Published: Oct. 10, 2025, 9 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security

Access Blocked - SecNews.gr

Trust: 3.25

Fetched: Oct. 10, 2025, 10:18 a.m., Published: -
 Vulnerabilities: sql injection
Affected productsExternal IDs

Old SonicWall vulnerability resurfaces in Akira ransomware campaign, Darktrace warns - Industrial Cyber

Trust: 5.5

Fetched: Oct. 10, 2025, 10:17 a.m., Published: Oct. 9, 2025, 2:57 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: winscp model: winscp
vendor: filezilla model: server
vendor: sonicwall model: remote access
vendor: sonicwall model: ssl vpn
db: NVD ids: CVE-2024-40766

CVE-2025-59407: High-Risk Vulnerability in Flock Safety DetectionProcessing Application for Android - Cybersecurity Exploit Tracker by Ameeba

Trust: 3.0

Fetched: Oct. 10, 2025, 10:17 a.m., Published: Oct. 10, 2025, 12:44 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-59407

CVE-2025-39958 - iommu/s390: Make attach succeed when the device was surprise removed - SecAlerts

Trust: 3.0

Fetched: Oct. 10, 2025, 10:15 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-39958

PoC Exploit Released For Nothing Phone Code Execution Vulnerability

Trust: 4.0

Fetched: Oct. 10, 2025, 10:14 a.m., Published: Oct. 9, 2025, 9:36 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs

PoC Exploit Released For Nothing Phone Code Execution Vulnerability

Trust: 4.5

Fetched: Oct. 10, 2025, 10:14 a.m., Published: Oct. 10, 2025, 9:23 a.m.
 Vulnerabilities: code execution, privilege escalation, security bypass
Affected productsExternal IDs
vendor: google model: android

CVE-2023-53365 : VLAN Device Vulnerability in Linux Kernel Affecting Network Performance

Trust: 3.25

Fetched: Oct. 10, 2025, 10:12 a.m., Published: Sept. 17, 2025, 2:56 p.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs
db: NVD ids: CVE-2023-53365