Sign-up

VARIoT news about IoT security

Vulnerability in Android allows access to the device via video | Carding Forum for Professional Carders

Trust: 5.0

Fetched: Jan. 18, 2022, 11:44 a.m., Published: Dec. 13, 2021, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2019-2107

Why your IoT devices may be vulnerable to malware

Trust: 3.0

Fetched: Jan. 18, 2022, 11:44 a.m., Published: Nov. 25, 2021, midnight
 Vulnerabilities: default password
Affected productsExternal IDs

H-ISAC TLP White: Update: Log4j Vulnerability Affects Multiple Apache and Legacy Services; Exploit Code Publicly Released | AHA

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 5.75

Fetched: Jan. 18, 2022, 11:44 a.m., Published: Jan. 18, 2022, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: check point model: check point
db: NVD ids: CVE-2021-44228

Check Point Software discovers four vulnerabilities in MediaTek chips - Techzine Europe

Trust: 3.75

Fetched: Jan. 18, 2022, 11:43 a.m., Published: Nov. 26, 2021, 4:55 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: check point model: check point
vendor: check point software technologies model: check point
db: NVD ids: CVE-2021-0663, CVE-2021-0673, CVE-2021-0661, CVE-2021-0662

Wi-Fi Routers At Risk, Hundreds Of Security Vulnerabilities Are Detected

Trust: 3.75

Fetched: Jan. 18, 2022, 11:43 a.m., Published: Oct. 18, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: tp-link model: routers
vendor: d-link model: router
vendor: netgear model: router
vendor: linksys model: velop
vendor: asus model: gt-ax11000
vendor: asus model: asus
vendor: asus model: router

New Mirai Variant Exploits NAS Device Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-202003-1707

Trust: 4.5

Fetched: Jan. 18, 2022, 11:43 a.m., Published: Sept. 17, 2021, midnight
 Vulnerabilities: code execution, command injection
Affected productsExternal IDs
vendor: palo alto networks model: palo alto networks
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: palo model: palo alto networks
vendor: palo model: networks
vendor: palo model: firewall
db: NVD ids: CVE-2020-9054

Multiple CVE Vulnerabilities in SiteMinder devices

Related entries in the VARIoT vulnerabilities database: VAR-201808-0957, VAR-201801-0826, VAR-201609-0597, VAR-201801-1712, VAR-201905-0710, VAR-201505-0233, VAR-201805-0963, VAR-201905-0709, VAR-201801-1711, VAR-201808-0959, VAR-201410-1418, VAR-201808-0958, VAR-201905-0711

Trust: 5.5

Fetched: Jan. 18, 2022, 11:43 a.m., Published: Jan. 18, 2022, midnight
 Vulnerabilities: denial of service, information disclosure, file inclusion...
Affected productsExternal IDs
vendor: broadcom model: broadcom
db: NVD ids: CVE-2018-3646, CVE-2017-5715, CVE-2021-2388, CVE-2018-10115, CVE-2016-2183, CVE-2017-5753, CVE-2018-12127, CVE-2015-4000, CVE-2020-1745, CVE-2021-2369, CVE-2021-2341, CVE-2018-3639, CVE-2018-12126, CVE-2017-5754, CVE-2020-1938, CVE-2020-12597, CVE-2018-3615, CVE-2021-2432, CVE-2014-3566, CVE-2019-11135, CVE-2018-3620, CVE-2018-12130

Apache Log4j vulnerability (CVE-2021-44228) in Planmeca products

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 3.5

Fetched: Jan. 18, 2022, 11:42 a.m., Published: Jan. 18, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: google chrome
db: NVD ids: CVE-2021-44228

Common Vulnerabilities and Exposures (CVEs) applicable to Symantec Encryption Management Server and Symantec Endpoint Encryption

Related entries in the VARIoT vulnerabilities database: VAR-201703-0328, VAR-201201-0312, VAR-201609-0597, VAR-200801-0561, VAR-201905-0710, VAR-200404-0081, VAR-201507-0348, VAR-201406-0142, VAR-201302-0049, VAR-201405-0503, VAR-202101-0119, VAR-202112-0566, VAR-201409-1156, VAR-201611-0348, VAR-200504-0003, VAR-202101-1926, VAR-202102-0068, VAR-201609-0596, VAR-201208-0141, VAR-202006-1838, VAR-202110-1691, VAR-201801-1712, VAR-202006-1807, VAR-201501-0442, VAR-201112-0001, VAR-201801-1711, VAR-201611-0386, VAR-202102-0069, VAR-201311-0359, VAR-201109-0130, VAR-201408-0095, VAR-201601-0030, VAR-201905-0709, VAR-201201-0049, VAR-201905-1248, VAR-201409-1154, VAR-201905-0711, VAR-201404-0585, VAR-202011-0423, VAR-201506-0497, VAR-201103-0114, VAR-201408-0092, VAR-202012-1546, VAR-201501-0493, VAR-201506-0210, VAR-202110-1690, VAR-201410-1418, VAR-201404-0592, VAR-201710-0668, VAR-201408-0094, VAR-201602-0004, VAR-201003-1085, VAR-201404-0008, VAR-201504-0247, VAR-202112-1782, VAR-202005-1052, VAR-201506-0498, VAR-201302-0021, VAR-201406-0137, VAR-201403-0514, VAR-201609-0593, VAR-201801-0826, VAR-202112-0562, VAR-201610-0229, VAR-202006-1806, VAR-201503-0052, VAR-201601-0029, VAR-201412-0271, VAR-201406-0445, VAR-200711-0538, VAR-201409-0366, VAR-201404-0246, VAR-201708-0343, VAR-201501-0338, VAR-201505-0233, VAR-201704-1034, VAR-201703-0755, VAR-201601-0016, VAR-201303-0327, VAR-202002-1243, VAR-202105-1325, VAR-201406-0117, VAR-202006-0241, VAR-201405-0244, VAR-201404-0288, VAR-201506-0231, VAR-201111-0207, VAR-201503-0055, VAR-200504-0002, VAR-200705-0688, VAR-201409-1155, VAR-201408-0090, VAR-201501-0737, VAR-202102-1093, VAR-200408-0145, VAR-201401-0254, VAR-201506-0496, VAR-202102-0070, VAR-201103-0090

Trust: 5.25

Fetched: Jan. 18, 2022, 11:41 a.m., Published: April 15, 2021, midnight
 Vulnerabilities: data injection, injection attack, validation bypass...
Affected productsExternal IDs
vendor: kerio model: mailserver
vendor: net-snmp model: net-snmp
vendor: freetype model: freetype
vendor: wireshark model: wireshark
vendor: symantec model: endpoint protection
vendor: symantec model: symantec endpoint protection
vendor: google model: chrome
vendor: google model: google chrome
vendor: google model: home
vendor: google model: wifi
vendor: broadcom model: broadcom
vendor: broadcom model: linux
vendor: citrix model: netscaler application delivery controller
vendor: citrix model: application delivery controller
vendor: citrix model: netscaler
vendor: openldap model: openldap
vendor: ipswitch model: imail
vendor: ipswitch model: ipswitch imail
vendor: infineon model: trusted platform
vendor: infineon model: rsa library
db: NVD ids: CVE-2014-7287, CVE-2015-0899, CVE-2015-0480, CVE-2016-6816, CVE-2011-4577, CVE-2009-5138, CVE-2015-4760, CVE-2016-2183, CVE-2007-6388, CVE-2018-12127, CVE-2016-5189, CVE-2020-14577, CVE-2020-14593, CVE-2016-5184, CVE-2004-1060, CVE-2016-5296, CVE-2015-1793, CVE-2016-0762, CVE-2014-0221, CVE-2016-5191, CVE-2016-7053, CVE-2016-5188, CVE-2016-0800, CVE-2006-4110, CVE-2017-3231, CVE-2015-4729, CVE-2015-1787, CVE-2016-2834, CVE-2013-6449, CVE-2012-4558, CVE-2012-0883, CVE-2015-0484, CVE-2020-15778, CVE-2014-0119, CVE-2012-3417, CVE-2019-25013, CVE-2016-5190, CVE-2017-3252, CVE-2021-44228, CVE-2020-0548, CVE-2009-1191, CVE-2014-6271, CVE-2016-8864, CVE-2017-3241, CVE-2020-14578, CVE-2004-0791, CVE-1999-0472, CVE-2013-4322, CVE-2016-5568, CVE-2013-4590, CVE-2016-0703, CVE-2015-4749, CVE-2021-3156, CVE-2016-8635, CVE-2016-5696, CVE-2020-12362, CVE-2016-5291, CVE-2012-2131, CVE-2016-2181, CVE-2012-2687, CVE-2015-8149, CVE-2007-2953, CVE-2011-1958, CVE-2014-0092, CVE-2014-4877, CVE-2007-6420, CVE-2020-10543, CVE-2021-26937, CVE-2020-7053, CVE-2015-8151, CVE-2015-0412, CVE-2009-2625, CVE-2012-4290, CVE-2013-2929, CVE-2021-41773, CVE-2020-25705, CVE-2016-5554, CVE-2017-5753, CVE-2020-10878, CVE-2014-8275, CVE-2014-8176, CVE-2007-6750, CVE-2012-0067, CVE-2013-2071, CVE-2016-5182, CVE-2016-5018, CVE-2015-0289, CVE-2017-5754, CVE-2013-2187, CVE-2016-5195, CVE-2016-0483, CVE-2020-12363, CVE-2012-0066, CVE-2016-0706, CVE-2015-2601, CVE-2021-3347, CVE-2013-6885, CVE-2016-5556, CVE-2011-1959, CVE-2020-14621, CVE-2015-0291, CVE-2011-3389, CVE-2014-3506, CVE-2016-0778, CVE-2015-0406, CVE-2016-5297, CVE-2015-5346, CVE-2015-2625, CVE-2020-14351, CVE-2011-4102, CVE-2017-8046, CVE-2008-2712, CVE-2020-14583, CVE-2020-11996, CVE-2021-20265, CVE-2016-5582, CVE-2013-4554, CVE-2018-12126, CVE-2012-0027, CVE-2017-3260, CVE-2015-5345, CVE-2016-5186, CVE-2016-2776, CVE-2019-11091, CVE-2016-0466, CVE-2014-6278, CVE-2015-0469, CVE-2015-2627, CVE-2015-4733, CVE-2015-0285, CVE-2013-4365, CVE-2018-12130, CVE-2016-5597, CVE-2014-0878, CVE-2017-3272, CVE-2014-0050, CVE-2016-7054, CVE-2013-6383, CVE-2020-15436, CVE-2014-1959, CVE-2015-1790, CVE-2011-0411, CVE-2013-6381, CVE-2016-5185, CVE-2020-14579, CVE-2020-25645, CVE-2017-3289, CVE-2020-25211, CVE-2014-3510, CVE-2014-1643, CVE-2020-29661, CVE-2014-7810, CVE-2015-0400, CVE-2015-1792, CVE-2021-42013, CVE-2014-3566, CVE-2014-0095, CVE-2014-0160, CVE-2017-15361, CVE-2014-3505, CVE-2015-7547, CVE-2012-2141, CVE-2010-0425, CVE-2010-5298, CVE-2012-0042, CVE-2016-5192, CVE-2020-0549, CVE-2013-5704, CVE-2015-0287, CVE-2013-4483, CVE-2020-8625, CVE-2016-9064, CVE-2015-0459, CVE-2016-5194, CVE-2015-2808, CVE-2015-0403, CVE-2013-0485, CVE-2016-3606, CVE-2008-2168, CVE-2015-0288, CVE-2015-8150, CVE-2014-6601, CVE-2016-0714, CVE-2021-45105, CVE-2015-0208, CVE-2020-0427, CVE-2016-7855, CVE-2016-6795, CVE-2015-2632, CVE-2012-4285, CVE-2020-9484, CVE-2020-15862, CVE-2015-1789, CVE-2016-1583, CVE-2015-0207, CVE-2020-14556, CVE-2012-3499, CVE-2015-0491, CVE-2015-2621, CVE-2011-1432, CVE-2014-0195, CVE-2014-0076, CVE-2016-5573, CVE-2016-5552, CVE-2012-5669, CVE-2016-8328, CVE-2009-3720, CVE-2016-6794, CVE-2013-7265, CVE-2016-6304, CVE-2016-5425, CVE-2015-2637, CVE-2017-5715, CVE-2016-5285, CVE-2021-45046, CVE-2016-5181, CVE-2011-1506, CVE-2007-1743, CVE-2016-5548, CVE-2013-1897, CVE-2016-2848, CVE-2016-5290, CVE-2015-0293, CVE-2020-12723, CVE-2012-2110, CVE-2016-5187, CVE-2016-5546, CVE-2016-9066, CVE-2015-0209, CVE-2016-5542, CVE-2016-6796, CVE-2011-1431, CVE-2013-1896, CVE-2016-0777, CVE-2013-6438, CVE-2015-0395, CVE-2014-7288, CVE-2016-3503, CVE-2014-8730, CVE-2014-0224, CVE-2012-5568, CVE-2015-4732, CVE-2019-9702, CVE-2007-6203, CVE-2017-3262, CVE-2020-27170, CVE-2016-5547, CVE-2016-0402, CVE-2014-6277, CVE-2015-0460, CVE-2016-5183, CVE-2014-2421, CVE-2016-3511, CVE-2015-3642, CVE-2015-0407, CVE-2015-2596, CVE-2015-0204, CVE-2015-5174, CVE-2016-1240, CVE-2015-4000, CVE-2016-8735, CVE-2017-5638, CVE-2019-19532, CVE-2015-2638, CVE-2015-7575, CVE-2021-4104, CVE-2016-6797, CVE-2013-2566, CVE-2015-0292, CVE-2015-5351, CVE-2013-4286, CVE-2020-28374, CVE-2014-4216, CVE-2017-3259, CVE-2020-8648, CVE-2015-0290, CVE-2021-25217, CVE-2011-2165, CVE-2014-3470, CVE-2020-0543, CVE-2016-6325, CVE-2016-5193, CVE-2014-0198, CVE-2014-0114, CVE-2015-0410, CVE-2015-1788, CVE-2007-1742, CVE-2011-2175, CVE-2021-27803, CVE-2012-4291, CVE-2016-3500, CVE-2011-4317, CVE-2015-0286, CVE-2011-4415, CVE-2004-0790, CVE-2020-10029, CVE-2013-1619, CVE-2008-2364, CVE-2015-4731, CVE-2016-3508, CVE-2015-0408, CVE-2007-1741, CVE-2014-7169, CVE-2012-0041, CVE-2013-7263, CVE-2008-0005, CVE-2016-5549, CVE-2015-0458, CVE-2013-4353, CVE-2014-3508, CVE-2015-0235, CVE-2002-1378, CVE-2011-2698, CVE-2017-3261, CVE-2021-27219, CVE-2004-0230, CVE-2016-0763, CVE-2013-6450, CVE-2006-4145, CVE-2020-25656, CVE-2002-1379, CVE-2015-0492, CVE-2015-0383, CVE-2003-1418, CVE-2015-1791, CVE-2015-2628, CVE-2020-12364, CVE-2017-3253, CVE-2012-4929, CVE-2020-14581, CVE-2011-1430, CVE-2015-2619

Shield endpoints with IoT device security best practices

Trust: 3.75

Fetched: Jan. 18, 2022, 11:41 a.m., Published: Jan. 18, 2022, 11:41 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo model: palo alto networks
vendor: palo alto networks model: networks
vendor: palo alto networks model: palo alto networks

Log4Shell Vulnerability Test Tool

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566, VAR-202112-0562

Trust: 3.75

Fetched: Jan. 18, 2022, 11:41 a.m., Published: Dec. 14, 2021, midnight
 Vulnerabilities: code execution, information leakage
Affected productsExternal IDs
db: NVD ids: CVE-2021-44228, CVE-2021-45046

Vulners Blog - Information security news, research, malware analysis

Trust: 3.0

Fetched: Jan. 18, 2022, 11:41 a.m., Published: Dec. 21, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: zoom model: zoom

NVD - CVE-2021-38154

Trust: 3.75

Fetched: Jan. 18, 2022, 11:41 a.m., Published: Jan. 13, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canon model: ir-adv
db: NVD ids: CVE-2021-38154

What Is the Difference Between Active & Passive Vulnerability Scanners?

Trust: 3.0

Fetched: Jan. 18, 2022, 11:40 a.m., Published: Sept. 8, 2021, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs

FDA Issues Cyber Vulnerability Alert for Medical Devices Using BlackBerry RTOS | AAMI

Trust: 4.25

Fetched: Jan. 18, 2022, 11:40 a.m., Published: Jan. 18, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: blackberry model: blackberry
db: NVD ids: CVE-2021-22156

Vulnerability Management Policy | octo

Trust: 3.0

Fetched: Jan. 18, 2022, 11:39 a.m., Published: Jan. 12, 2022, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs

Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: Vulnerability Spotlight: Vulnerabilities in Anker Eufy Homebase could lead to code execution, buffer overflows

Trust: 5.5

Fetched: Jan. 18, 2022, 11:39 a.m., Published: Jan. 13, 2022, midnight
 Vulnerabilities: privilege escalation, code execution, buffer overflow
Affected productsExternal IDs
vendor: cisco model: firepower
vendor: cisco model: series
vendor: cisco model: firepower management center
vendor: snort model: snort
vendor: snort.org model: snort
db: NVD ids: CVE-2021-21940, CVE-2021-21950, CVE-2021-21954, CVE-2021-21941, CVE-2021-21952, CVE-2021-21951, CVE-2021-21955, CVE-2021-21953

Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: Vulnerability Spotlight: Information disclosure vulnerability in D-LINK DIR-3040 mesh router

Related entries in the VARIoT vulnerabilities database: VAR-202109-0383

Trust: 5.75

Fetched: Jan. 18, 2022, 11:39 a.m., Published: Jan. 13, 2022, midnight
 Vulnerabilities: information disclosure
Affected productsExternal IDs
vendor: cisco model: router
vendor: cisco model: firepower
vendor: cisco model: firepower management center
vendor: d-link model: router
vendor: d-link model: dir-3040
vendor: snort model: snort
vendor: snort.org model: snort
vendor: mesh model: mesh
db: NVD ids: CVE-2021-21913

CISA releases alert on BadAlloc vulnerability in BlackBerry products | ZDNet

Trust: 5.75

Fetched: Jan. 18, 2022, 11:39 a.m., Published: Aug. 17, 2021, midnight
 Vulnerabilities: integer overflow
Affected productsExternal IDs
vendor: blackberry model: blackberry
db: NVD ids: CVE-2021-22156

PrintNightmare Vulnerability: Detection, Explanation, and Mitigation

Related entries in the VARIoT vulnerabilities database: VAR-202106-0639, VAR-202107-1010

Trust: 4.5

Fetched: Jan. 18, 2022, 11:39 a.m., Published: Nov. 9, 2021, midnight
 Vulnerabilities: privilege escalation, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-1675, CVE-2021-34527