Sign-up

VARIoT news about IoT security

QNAP ‘urgently’ fixing vulnerabilities in multiple systems

Trust: 3.0

Fetched: May 5, 2023, 9:16 a.m., Published: April 6, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-27597, CVE-2022-27598

Biomedical device vulnerability. Ransomware and the US Marshals. US DoJ emphasizes disruption. Updates on the hybrid war. OT risk-sharing.

Trust: 3.5

Fetched: May 5, 2023, 9:15 a.m., Published: May 1, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: android
vendor: google model: home
vendor: google model: pixel
vendor: cisco model: guard
vendor: cisco model: h
vendor: cisco model: series
vendor: cisco model: spark

Mobile Vulnerability Assessment: Tools and Techniques

Trust: 3.0

Fetched: May 5, 2023, 9:14 a.m., Published: May 3, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: blackberry model: blackberry

Hackers exploit 5-year-old unpatched flaw in TBK DVR devices

Related entries in the VARIoT vulnerabilities database: VAR-201804-1666

Trust: 3.75

Fetched: May 3, 2023, 9:16 a.m., Published: -
 Vulnerabilities: code execution, authentication bypass, command execution
Affected productsExternal IDs
db: NVD ids: CVE-2016-20016, CVE-2018-9995

Top Trending CVEs of March 2023 | NopSec

Trust: 4.5

Fetched: May 3, 2023, 9:15 a.m., Published: March 30, 2023, 4:22 p.m.
 Vulnerabilities: privilege escalation, code execution, buffer overflow...
Affected productsExternal IDs
vendor: google model: pixel
vendor: vivo model: modems
vendor: vivo model: modem
vendor: samsung model: mobile
vendor: samsung model: mobile devices
vendor: samsung model: exynos
db: NVD ids: CVE-2023-26497, CVE-2023-23415, CVE-2023-23392, CVE-2023-26498, CVE-2023-26496, CVE-2023-23397, CVE-2023-24033

Cisco TelePresence Collaboration Endpoint and RoomOS Arbitrary File Write Vulnerabilities

Trust: 5.5

Fetched: May 3, 2023, 9:14 a.m., Published: April 19, 2023, 3:47 p.m.
 Vulnerabilities: privilege escalation, file overwrite vulnerability, improper access control...
Affected productsExternal IDs
vendor: cisco model: dx80
vendor: cisco model: telepresence collaboration endpoint
vendor: cisco model: telepresence mx series
vendor: cisco model: series
vendor: cisco model: webex
vendor: cisco model: cisco webex
vendor: cisco model: telepresence sx series
vendor: cisco model: cisco telepresence
vendor: cisco model: telepresence
vendor: cisco model: telepresence ce
vendor: cisco model: roomos
vendor: cisco model: dx70
db: NVD ids: CVE-2023-20092, CVE-2023-20090, CVE-2023-20004, CVE-2023-20094, CVE-2023-20093, CVE-2023-20091

Microsoft Teams Rooms security - Microsoft Teams | Microsoft Learn

Trust: 3.75

Fetched: May 3, 2023, 9:14 a.m., Published: April 18, 2023, midnight
 Vulnerabilities: default password
Affected productsExternal IDs
vendor: google model: android

Cisco Cyber Vision Data Sheet - Cisco

Trust: 3.5

Fetched: May 2, 2023, 9:22 a.m., Published: April 24, 2023, 1:24 p.m.
 Vulnerabilities: default password
Affected productsExternal IDs
vendor: snort model: snort
vendor: cisco model: cisco identity services engine
vendor: cisco model: cisco integrated management controller
vendor: cisco model: integrated management controller
vendor: cisco model: identity services engine
vendor: cisco model: series
vendor: cisco model: ic3000
vendor: cisco model: ucs manager
vendor: cisco model: series switch
vendor: cisco model: ucs director
vendor: cisco model: routers
vendor: cisco model: firepower
vendor: cisco model: ucs performance manager
vendor: cisco model: cisco ucs manager
vendor: cisco model: cisco imc supervisor
vendor: cisco model: series routers
vendor: cisco model: router
vendor: cisco model: imc supervisor
vendor: cisco model: catalyst
vendor: cisco model: cisco ucs director
vendor: cisco model: cisco ic3000 industrial compute gateway
vendor: cisco model: ic3000 industrial compute gateway
vendor: cisco model: ucs central software
vendor: cisco model: umbrella

CVE-2023-20864: VMware Aria Operations for Logs Deserialization Vulnerability - Blog | Tenable®

Trust: 5.5

Fetched: May 2, 2023, 9:22 a.m., Published: April 21, 2023, 2:04 p.m.
 Vulnerabilities: os command injection, directory traversal, command injection...
Affected productsExternal IDs
vendor: trend model: security
vendor: trend micro model: security
db: NVD ids: CVE-2022-31706, CVE-2023-20864, CVE-2023-20865, CVE-2022-31710

Hackers can open Nexx garage doors remotely, and there's no fix

Trust: 5.0

Fetched: May 2, 2023, 9:21 a.m., Published: -
 Vulnerabilities: improper access control
Affected productsExternal IDs
db: NVD ids: CVE-2023-1749, CVE-2023-1748, CVE-2023-1751, CVE-2023-1752, CVE-2023-1750

Full Disclosure: Security vulnerabilities in Telit Cinterion IoT (formerly Thales) devices

Trust: 3.5

Fetched: May 2, 2023, 9:19 a.m., Published: May 2, 2020, midnight
 Vulnerabilities: path traversal, code execution, privilege elevation
Affected productsExternal IDs
db: NVD ids: CVE-2020-15858

Fortinet FortiOS and Fortiproxy Vulnerability | CVE-2023-25610 - YouTube

Trust: 3.0

Fetched: May 2, 2023, 9:19 a.m., Published: March 9, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-25610

Mirai botnet hackers targeting TP-Link router zero-day vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-202303-1268

Trust: 3.75

Fetched: May 2, 2023, 9:18 a.m., Published: April 25, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: tp-link model: routers
db: NVD ids: CVE-2023-1389

US, UK: Russia Exploiting Old Vulnerability to Hack Cisco Routers - SecurityWeek

Related entries in the VARIoT vulnerabilities database: VAR-201707-0964

Trust: 3.75

Fetched: May 2, 2023, 9:17 a.m., Published: April 19, 2023, 9:03 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: cisco routers
vendor: cisco model: router
vendor: cisco model: routers
vendor: cisco model: ios xe software
vendor: cisco model: ios xe
vendor: cisco model: cisco ios
db: NVD ids: CVE-2017-6742

Critical bug in genome sequencing device scores '10' on CVSS ratings | SC Media

Trust: 4.0

Fetched: May 2, 2023, 9:15 a.m., Published: April 28, 2023, 7:21 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-1966, CVE-2023-1968

FDA, CISA: Illumina Medical Devices Vulnerable to Remote Hacking - SecurityWeek

Trust: 3.0

Fetched: May 2, 2023, 9:14 a.m., Published: April 28, 2023, 11:33 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-1966, CVE-2023-1968

Sophos Patches Critical Code Execution Vulnerability in Web Security Appliance - SecurityWeek

Trust: 5.75

Fetched: May 2, 2023, 9:13 a.m., Published: April 7, 2023, 10:50 a.m.
 Vulnerabilities: code execution, cross-site scripting, command injection
Affected productsExternal IDs
vendor: sophos model: firewall
vendor: sophos model: web appliance
vendor: sophos model: sophos web appliance
db: NVD ids: CVE-2022-4934, CVE-2020-36692, CVE-2023-1671

Cisco and VMware Release Security Updates to Patch Critical Flaws in their Products

Related entries in the VARIoT vulnerabilities database: VAR-202304-1775, VAR-202304-1774

Trust: 5.5

Fetched: April 30, 2023, 9:11 a.m., Published: April 21, 2023, 5:41 a.m.
 Vulnerabilities: authentication bypass, code execution, command injection
Affected productsExternal IDs
vendor: cisco model: cisco industrial network director
vendor: cisco model: industrial network director
db: NVD ids: CVE-2023-20036, CVE-2023-20865, CVE-2023-20039, CVE-2023-20154, CVE-2022-31704, CVE-2023-20864, CVE-2022-31706

Siemens CPCI85 Firmware of SICAM A8000 Devices | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202304-0672

Trust: 4.25

Fetched: April 30, 2023, 9:07 a.m., Published: Jan. 10, 2023, midnight
 Vulnerabilities: code execution, command injection
Affected productsExternal IDs
vendor: siemens model: sicam
vendor: siemens model: sicam a8000
db: NVD ids: CVE-2023-28489

CVE-2023-20864: VMware Aria Operations for Logs Deserialization Vulnerability - Blog | Tenable®

Trust: 5.5

Fetched: April 30, 2023, 9:07 a.m., Published: April 21, 2023, 2:04 p.m.
 Vulnerabilities: directory traversal, code execution, command injection...
Affected productsExternal IDs
vendor: trend model: security
vendor: trend micro model: security
db: NVD ids: CVE-2023-20865, CVE-2023-20864, CVE-2022-31710, CVE-2022-31706