VARIoT latest news about IoT security

Remotely Exploitable NetUSB Flaw Puts Millions of Devices at Risk Trust: 5.5 Fetched: May 13, 2022, 7:56 a.m., Published: June 23, 2022, midnight	Vulnerabilities: denial of service, code execution, buffer overflow...

Affected products

External IDs

vendor:	netgear	model:	r6700
vendor:	netgear	model:	r6400
vendor:	netgear	model:	d7800
vendor:	d-link	model:	router
vendor:	kcodes	model:	netusb

db:

NVD

ids:

CVE-2021-45388

Fortinet : Security vulnerabilities Related entries in the VARIoT vulnerabilities database: VAR-202111-0284, VAR-202110-0150, VAR-202112-0729, VAR-202111-0313, VAR-202112-0524, VAR-202112-0401, VAR-202111-0330, VAR-202112-0420, VAR-202112-0400, VAR-202112-0330, VAR-202110-0151, VAR-202112-0328, VAR-202112-0523, VAR-202112-0406, VAR-202112-0331, VAR-202112-0525, VAR-202112-0405, VAR-202112-0287, VAR-202112-0288, VAR-202111-0305, VAR-202109-0501, VAR-202112-0383, VAR-202112-0384, VAR-202112-1045, VAR-202110-0149, VAR-202112-0339, VAR-202112-0421, VAR-202111-0343, VAR-202111-0307, VAR-202112-0367, VAR-202112-0286, VAR-202111-0314, VAR-202111-0322, VAR-202109-0502, VAR-202111-0317, VAR-202112-1044, VAR-202112-0379, VAR-202112-0399, VAR-202111-0241, VAR-202112-0356, VAR-202112-0332, VAR-202112-0378, VAR-202112-0670, VAR-202108-0712, VAR-202112-0526, VAR-202112-0380, VAR-202112-0329, VAR-202112-0338, VAR-202111-0306, VAR-202111-0302 Trust: 5.75 Fetched: May 13, 2022, 7:56 a.m., Published: May 13, 2050, midnight	Vulnerabilities: os command injection, information disclosure, denial of service...

Affected products

External IDs

vendor:

fortigate

model:

fortios

db:

NVD

ids:

CVE-2021-36192, CVE-2021-36175, CVE-2021-42758, CVE-2021-36185, CVE-2021-43071, CVE-2021-36189, CVE-2021-36176, CVE-2021-41030, CVE-2021-36194, CVE-2021-41024, CVE-2021-36178, CVE-2021-43063, CVE-2021-36188, CVE-2021-36195, CVE-2021-41015, CVE-2021-43065, CVE-2021-41017, CVE-2021-42752, CVE-2021-41029, CVE-2021-36187, CVE-2021-36179, CVE-2021-41025, CVE-2021-41021, CVE-2021-41028, CVE-2021-36170, CVE-2021-36180, CVE-2021-41013, CVE-2021-36183, CVE-2021-36184, CVE-2021-43068, CVE-2021-43067, CVE-2021-36174, CVE-2021-41019, CVE-2021-36182, CVE-2021-36181, CVE-2021-44168, CVE-2021-41027, CVE-2021-43204, CVE-2021-36172, CVE-2021-42760, CVE-2021-41014, CVE-2021-36190, CVE-2021-36169, CVE-2021-36168, CVE-2021-36167, CVE-2021-36191, CVE-2021-43064, CVE-2021-42757, CVE-2021-36186, CVE-2021-42754

Vulnerability in IDEMIA Biometric Readers Allows Hackers to Unlock Doors \| SecurityWeek.Com Trust: 3.75 Fetched: May 13, 2022, 7:56 a.m., Published: May 13, 2022, midnight	Vulnerabilities: denial of service

Affected products	External IDs

53% of medical devices have a known critical vulnerability - Help Net Security Trust: 3.75 Fetched: May 13, 2022, 7:56 a.m., Published: Jan. 25, 2022, midnight	Vulnerabilities: default credentials

Affected products	External IDs

More than half of medical devices found to have critical vulnerabilities \| ZDNet Trust: 3.75 Fetched: May 13, 2022, 7:56 a.m., Published: May 5, 2022, midnight	Vulnerabilities: default credentials

Affected products	External IDs

Cisco Patches Critical Vulnerability in RCM for StarOS \| SecurityWeek.Com Trust: 4.5 Fetched: May 13, 2022, 7:56 a.m., Published: May 13, 2022, midnight	Vulnerabilities: denial of service, buffer overflow

Affected products

External IDs

vendor:	cisco	model:	catalyst
vendor:	cisco	model:	meraki mx
vendor:	cisco	model:	asr 5000
vendor:	cisco	model:	staros
vendor:	snort	model:	snort

db:

NVD

ids:

CVE-2022-20655, CVE-2022-20685, CVE-2022-20648, CVE-2022-20649

Cisco : Security vulnerabilities Related entries in the VARIoT vulnerabilities database: VAR-202111-0400, VAR-202110-0203, VAR-202201-1486, VAR-202110-1394, VAR-202110-0619, VAR-202111-0412, VAR-202109-0618, VAR-202201-1476, VAR-202201-1483, VAR-202111-0413, VAR-202110-1392, VAR-202110-1350, VAR-202201-1474, VAR-202111-0419, VAR-202110-1354, VAR-202201-1477, VAR-202110-0617, VAR-202111-0393, VAR-202110-1393, VAR-202201-1482, VAR-202110-1395, VAR-202111-1196, VAR-202110-0618, VAR-202110-1352, VAR-202109-0617, VAR-202111-1198, VAR-202110-1402, VAR-202111-0401, VAR-202110-1375, VAR-202201-1481, VAR-202201-1478, VAR-202111-0664, VAR-202110-1377, VAR-202201-1475, VAR-202111-0418, VAR-202110-1353, VAR-202110-0622, VAR-202112-0566, VAR-202201-1484, VAR-202110-1351, VAR-202110-0213, VAR-202110-0212, VAR-202201-1479, VAR-202111-0417, VAR-202111-1197, VAR-202201-1480, VAR-202109-0631, VAR-202201-1522, VAR-202110-1376, VAR-202201-1485 Trust: 5.25 Fetched: May 13, 2022, 7:56 a.m., Published: May 13, 2050, midnight	Vulnerabilities: denial of service, cross-site scripting, resource exhaustion...

Affected products

External IDs

vendor:	snort	model:	snort
vendor:	cisco	model:	cisco webex meetings
vendor:	cisco	model:	unified communications manager session management edition
vendor:	cisco	model:	cisco anyconnect secure mobility client
vendor:	cisco	model:	meeting
vendor:	cisco	model:	anyconnect secure mobility client
vendor:	cisco	model:	security manager
vendor:	cisco	model:	cisco evolved programmable network manager
vendor:	cisco	model:	ios xr software
vendor:	cisco	model:	cisco small business
vendor:	cisco	model:	cisco prime infrastructure
vendor:	cisco	model:	unified communications manager
vendor:	cisco	model:	cisco identity services engine
vendor:	cisco	model:	umbrella
vendor:	cisco	model:	dna center
vendor:	cisco	model:	small business rv series routers
vendor:	cisco	model:	firepower
vendor:	cisco	model:	ios xr
vendor:	cisco	model:	cisco adaptive security appliance
vendor:	cisco	model:	cisco meeting
vendor:	cisco	model:	evolved programmable network manager
vendor:	cisco	model:	small business rv
vendor:	cisco	model:	series
vendor:	cisco	model:	cisco policy suite
vendor:	cisco	model:	cisco ios xr
vendor:	cisco	model:	firepower threat defense
vendor:	cisco	model:	webex
vendor:	cisco	model:	series routers
vendor:	cisco	model:	webex meetings
vendor:	cisco	model:	cisco security manager
vendor:	cisco	model:	adaptive security appliance
vendor:	cisco	model:	meeting server
vendor:	cisco	model:	identity services engine
vendor:	cisco	model:	prime infrastructure
vendor:	cisco	model:	common services platform collector
vendor:	cisco	model:	policy suite
vendor:	cisco	model:	cisco unified communications manager
vendor:	cisco	model:	cisco meeting server
vendor:	cisco	model:	cisco webex
vendor:	mesh	model:	mesh

db:

NVD

ids:

CVE-2021-40128, CVE-2021-34782, CVE-2022-20635, CVE-2021-34783, CVE-2021-40121, CVE-2021-40124, CVE-2021-34786, CVE-2022-20647, CVE-2022-20642, CVE-2021-40120, CVE-2021-34791, CVE-2021-40118, CVE-2022-20639, CVE-2021-34773, CVE-2021-34787, CVE-2022-20645, CVE-2021-40123, CVE-2021-40126, CVE-2021-34790, CVE-2022-20637, CVE-2021-34781, CVE-2021-40131, CVE-2021-40122, CVE-2021-40116, CVE-2021-34785, CVE-2021-40129, CVE-2021-40125, CVE-2021-40115, CVE-2021-34794, CVE-2022-20640, CVE-2022-20646, CVE-2021-40119, CVE-2021-34792, CVE-2022-20641, CVE-2021-34774, CVE-2021-40114, CVE-2021-34789, CVE-2021-44228, CVE-2022-20643, CVE-2021-40117, CVE-2021-34772, CVE-2021-34766, CVE-2022-20636, CVE-2021-34784, CVE-2021-40130, CVE-2022-20638, CVE-2021-34771, CVE-2022-20658, CVE-2021-34793, CVE-2022-20644

Threat Signal Report \| FortiGuard Trust: 5.0 Fetched: May 13, 2022, 7:56 a.m., Published: Jan. 2, 2012, 8:22 p.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2022-21907

100 million IoT devices affected by zero-day flaw \| IT PRO Trust: 3.0 Fetched: May 13, 2022, 7:55 a.m., Published: May 13, 2022, midnight	Vulnerabilities: code execution

Affected products	External IDs

Command Injection Vulnerability in QVR - Security Advisory \| QNAP Trust: 5.25 Fetched: May 13, 2022, 7:55 a.m., Published: May 6, 2022, midnight	Vulnerabilities: command injection

Affected products

External IDs

db:

NVD

ids:

CVE-2021-38685

Heap-Based Buffer Overflow Vulnerability in QTS and QuTS hero - Security Advisory \| QNAP Trust: 3.0 Fetched: May 13, 2022, 7:55 a.m., Published: May 6, 2022, midnight	Vulnerabilities: buffer overflow

Affected products	External IDs

Command Injection Vulnerability in QVR - Security Advisory \| QNAP Trust: 4.25 Fetched: May 13, 2022, 7:54 a.m., Published: May 6, 2022, midnight	Vulnerabilities: command injection

Affected products

External IDs

db:

NVD

ids:

CVE-2021-34352

Improper Authentication Vulnerability in QVR - Security Advisory \| QNAP Trust: 5.25 Fetched: May 13, 2022, 7:54 a.m., Published: May 6, 2022, midnight	Vulnerabilities: authentication vulnerability

Affected products

External IDs

db:

NVD

ids:

CVE-2021-38686

Cybersecurity, Research and Intelligence Blog \| Secureworks Trust: [4.0, []] Fetched: May 13, 2022, 7:38 a.m., Published: May 19, 2022, midnight	Vulnerabilities: denial of service

Affected products	External IDs

A major vulnerability has been discovered in the open source Kubernetes development tool - Bestgamingpro Trust: [3.75, []] Fetched: May 13, 2022, 7:36 a.m., Published: May 10, 2022, midnight	Vulnerabilities: privilege escalation

Affected products

External IDs

db:

NVD

ids:

CVE-2022-24348

New Botnet Targets Linux Devices Via Log4J Vulnerability - .:: CHASLES CORP. ::. Trust: [3.25, []] Fetched: March 18, 2022, 11:17 a.m., Published: -	Vulnerabilities: command execution

Affected products	External IDs

The threat is coming from inside the power supply • The Register Related entries in the VARIoT vulnerabilities database: VAR-202203-0235, VAR-202203-0236, VAR-202203-0237 Trust: [4.5, []] Fetched: March 15, 2022, 8:18 a.m., Published: -	Vulnerabilities: authentication bypass, code execution, buffer overflow...

Affected products

External IDs

db:

NVD

ids:

CVE-2022-0715, CVE-2022-22806, CVE-2022-22805

Medtech companies issue alerts for Axeda cybersecurity vulnerability \| RAPS Trust: [4.25, []] Fetched: March 15, 2022, 8:18 a.m., Published: -	Vulnerabilities: code execution

Affected products	External IDs

Moxa’s Response Regarding the PwnKit Vulnerability Trust: [3.25, []] Fetched: March 15, 2022, 8:18 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2021-4034

IoT insecurity: Z-Wave vulnerability could affect up to 100 million devices - Breaking News Trust: [3.0, []] Fetched: March 10, 2022, 12:54 p.m., Published: -	Vulnerabilities: -

Affected products	External IDs

VARIoT news about IoT security