Sign-up

VARIoT news about IoT security

ZYXEL Authorization Bypass Vulnerability Let Attackers View and Download

Trust: 3.75

Fetched: Oct. 24, 2025, 9:21 a.m., Published: Oct. 23, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: snort model: snort
db: NVD ids: CVE-2025-9133

How Weak Passwords Expose You to Serious Security Risks

Trust: 4.5

Fetched: Oct. 24, 2025, 9:20 a.m., Published: Jan. 17, 2024, 2 p.m.
 Vulnerabilities: brute force attack, weak password
Affected productsExternal IDs
vendor: essential model: phone

Cybersecurity Threat Advisory: Critical WatchGuard firewall vulnerability | ITSC

Trust: 5.5

Fetched: Oct. 24, 2025, 9:19 a.m., Published: Oct. 22, 2025, 4:46 p.m.
 Vulnerabilities: code execution, buffer overflow
Affected productsExternal IDs
vendor: watchguard model: fireware
vendor: watchguard model: firebox
vendor: barracuda model: barracuda
vendor: barracuda model: running
db: NVD ids: CVE-2025-9242

Critical Sauter AG Flaw (CVE-2025-41723, CVSS 9.8) Allows Unauthenticated File Upload via SOAP Interface

Trust: 4.75

Fetched: Oct. 24, 2025, 9:18 a.m., Published: Oct. 22, 2025, 12:30 a.m.
 Vulnerabilities: traversal attack, code execution, default credentials...
Affected productsExternal IDs
vendor: sauter model: case suite
db: NVD ids: CVE-2025-41722, CVE-2025-41720, CVE-2025-41723, CVE-2025-41724, CVE-2025-41721, CVE-2025-41719

Update Microsoft Defender Vulnerability Management: use CVE exceptions to exclude specific Common Vulnerabilities and Exposures

Trust: 3.0

Fetched: Oct. 24, 2025, 9:18 a.m., Published: Oct. 6, 2025, midnight
 Vulnerabilities: privilege escalation, code execution
Affected productsExternal IDs

Microsoft rolled out new firmware updates (October 21, 2025) for Surface Laptop SE

Trust: 3.0

Fetched: Oct. 24, 2025, 9:17 a.m., Published: Oct. 21, 2025, midnight
 Vulnerabilities: denial of service, information disclosure
Affected productsExternal IDs

Critical Vulnerability Discovered in WatchGuard Fireware: Urgent Action Required for VPN Security - Businesstechweekly.com

Trust: 3.0

Fetched: Oct. 24, 2025, 9:16 a.m., Published: Oct. 23, 2025, 5:01 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: watchguard model: fireware
vendor: watchguard model: watchguard fireware

ASKI Energy ALS-Mini-S8 and ALS-Mini-S4 | CISA

Trust: 5.25

Fetched: Oct. 24, 2025, 9:16 a.m., Published: Oct. 1, 2025, midnight
 Vulnerabilities: authentication vulnerability
Affected productsExternal IDs
db: NVD ids: CVE-2025-9574

Update Microsoft Windows Server 2022: KB5070884: address a remote code execution (RCE) vulnerability that was identified in WSUS

Trust: 4.25

Fetched: Oct. 24, 2025, 9:15 a.m., Published: Oct. 24, 2022, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-59287

Zero-click Dolby audio bug lets attackers run code on Android and Windows devices | Malwarebytes

Trust: 5.5

Fetched: Oct. 24, 2025, 9:15 a.m., Published: Oct. 22, 2025, noon
 Vulnerabilities: code execution, buffer overflow
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android
vendor: samsung model: mobile devices
vendor: samsung model: mobile
vendor: samsung model: samsung
db: NVD ids: CVE-2025-54957

New TP-Link Router Vulnerabilities: A Primer on Rooting Routers

Related entries in the VARIoT vulnerabilities database: VAR-202303-1268, VAR-202406-0858, VAR-202410-3635

Trust: 5.25

Fetched: Oct. 24, 2025, 9:11 a.m., Published: Oct. 23, 2025, 10 a.m.
 Vulnerabilities: arbitrary command execution, code execution, os command injection...
Affected productsExternal IDs
vendor: cisco model: technical support
vendor: cisco model: router
vendor: cisco model: routers
vendor: broadcom model: linux
vendor: draytek model: draytek routers
vendor: draytek model: routers
vendor: tp-link model: routers
db: NVD ids: CVE-2023-1389, CVE-2024-41585, CVE-2024-21827, CVE-2025-7851, CVE-2025-7850, CVE-2024-41592

Threat Brief: Nation-State Actor Steals F5 Source Code and Undisclosed Vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-202205-0394

Trust: 4.25

Fetched: Oct. 22, 2025, 9:56 a.m., Published: Oct. 16, 2025, 9:30 p.m.
 Vulnerabilities: command execution, authentication bypass
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo alto networks model: networks
db: NVD ids: CVE-2025-53868, CVE-2023-46747, CVE-2025-57780, CVE-2022-1388, CVE-2025-61955

71,000+ WatchGuard Devices Vulnerable to Remote Code Execution Attacks

Trust: 5.75

Fetched: Oct. 22, 2025, 9:56 a.m., Published: Oct. 21, 2025, 5:45 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: watchguard model: fireware
db: NVD ids: CVE-2025-9242

Two New Windows Zero-Days Exploited in the Wild - One Affects Every Version Ever Shipped

Related entries in the VARIoT vulnerabilities database: VAR-202510-3116

Trust: 5.5

Fetched: Oct. 22, 2025, 9:55 a.m., Published: Oct. 15, 2025, 9:23 a.m.
 Vulnerabilities: privilege escalation, information disclosure, security feature bypass...
Affected productsExternal IDs
vendor: google model: google chrome
vendor: google model: chrome
vendor: google model: pixel
vendor: cisco model: unity
vendor: palo model: networks
vendor: mageia model: mageia
vendor: lenovo model: updates
vendor: lenovo model: edge
vendor: lenovo model: system
vendor: asus model: asus
vendor: broadcom model: linux
vendor: check point model: check point
vendor: axis model: communications
vendor: axis model: axis
vendor: axis communications model: communications
vendor: axis communications model: axis
vendor: palo alto networks model: networks
vendor: sonicwall model: remote access
vendor: samsung model: note
vendor: samsung model: samsung
vendor: apple model: watch
db: NVD ids: CVE-2025-47827, CVE-2025-59295, CVE-2025-24990, CVE-2025-49708, CVE-2025-55315, CVE-2025-59230, CVE-2025-2884, CVE-2025-59287

New Pixnapping Android Flaw Lets Rogue Apps Steal 2FA Codes Without Permissions

Trust: 3.5

Fetched: Oct. 22, 2025, 9:55 a.m., Published: Oct. 14, 2025, 11:18 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: mobile
vendor: samsung model: samsung
vendor: google model: android
vendor: google model: pixel
db: NVD ids: CVE-2025-48561

Raisecomm RAX701-GC Series | CISA

Trust: 3.75

Fetched: Oct. 22, 2025, 9:54 a.m., Published: Oct. 1, 2025, midnight
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2025-11534

Siemens Clears SIMATIC S7-1200 CPU Devices - ISSSource

Related entries in the VARIoT vulnerabilities database: VAR-201402-0435, VAR-201105-0788

Trust: 3.75

Fetched: Oct. 22, 2025, 9:53 a.m., Published: Oct. 21, 2025, 9:10 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: simatic s7-1200 cpu
vendor: siemens model: s7-1200 cpu
vendor: siemens model: simatic
vendor: siemens model: simatic s7-1200
db: NVD ids: CVE-2011-20001, CVE-2011-20002

Dolby Digital Plus 0-Click Vulnerability Enables RCE Attack via Malicious

Trust: 3.5

Fetched: Oct. 22, 2025, 9:51 a.m., Published: Oct. 21, 2025, 5:21 p.m.
 Vulnerabilities: memory corruption, code execution
Affected productsExternal IDs
vendor: wireshark model: wireshark
vendor: google model: android
vendor: essential model: phone

AWS DNS Outage, Ransomware Surge, Edge Device Vulnerabilities, Windows Update Issues, AIā€‘Driven Identity Theft

Trust: 3.75

Fetched: Oct. 22, 2025, 9:50 a.m., Published: Oct. 21, 2025, 1:30 p.m.
 Vulnerabilities: privilege escalation, code execution
Affected productsExternal IDs
vendor: citrix model: netscaler

More Than 24 Vulnerabilities Found in Advantech Industrial Wi-Fi Access Points - Urgent Patch Recommended - Breach Spot

Trust: 4.75

Fetched: Oct. 22, 2025, 9:50 a.m., Published: Oct. 22, 2025, 3 a.m.
 Vulnerabilities: privilege escalation, code execution, cross-site scripting...
Affected productsExternal IDs
db: NVD ids: CVE-2024-50370, CVE-2024-50374, CVE-2024-50375, CVE-2024-50376, CVE-2024-50359