VARIoT latest news about IoT security

NPort 5100A Series Serial Device Servers Vulnerability Trust: 3.0 Fetched: Jan. 18, 2022, 11:07 a.m., Published: Jan. 16, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	moxa	model:	nport 5100a series
vendor:	moxa	model:	nport 5100a series firmware
vendor:	moxa	model:	moxa
vendor:	moxa	model:	nport
vendor:	moxa	model:	nport 5100a

Apple iOS vulnerable to HomeKit 'doorLock' denial of service bug Trust: 4.5 Fetched: Jan. 18, 2022, 10:43 a.m., Published: Jan. 6, 2022, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	apple	model:	iphone
vendor:	apple	model:	icloud
vendor:	apple	model:	ipad

Apple says iOS 15.2.1 fixes its HomeKit denial of service vulnerability \| iMore Trust: 5.0 Fetched: Jan. 18, 2022, 10:43 a.m., Published: Jan. 13, 2022, 3:06 p.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	apple	model:	ipad
vendor:	apple	model:	icloud
vendor:	apple	model:	iphone

Thousands of AT&T customers in the US infected by new data-stealing malware \| Ars Technica Related entries in the VARIoT vulnerabilities database: VAR-201705-3536 Trust: 4.5 Fetched: Jan. 18, 2022, 10:39 a.m., Published: Jan. 18, 2017, midnight	Vulnerabilities: denial of service, default credentials

Affected products

External IDs

vendor:	qemu	model:	qemu
vendor:	ribbon	model:	edgemarc
vendor:	edgewater	model:	edgemarc
vendor:	ribbon communications	model:	edgemarc

db:

NVD

ids:

CVE-2017-6079

Log4j: List of vulnerable products and vendor advisories Related entries in the VARIoT vulnerabilities database: VAR-202112-0566 Trust: 4.75 Fetched: Jan. 18, 2022, 10:39 a.m., Published: Jan. 6, 2022, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:	cisco	model:	cisco webex meetings server
vendor:	cisco	model:	cisco webex
vendor:	cisco	model:	webex
vendor:	cisco	model:	sd-wan
vendor:	cisco	model:	meetings server
vendor:	cisco	model:	webex meetings
vendor:	cisco	model:	cisco webex meetings
vendor:	cisco	model:	identity services engine
vendor:	cisco	model:	firepower
vendor:	cisco	model:	cisco sd-wan
vendor:	cisco	model:	data center network manager
vendor:	cisco	model:	firepower threat defense
vendor:	cisco	model:	webex meetings server
vendor:	cisco	model:	sd-wan vmanage
vendor:	cisco	model:	series
vendor:	tippingpoint	model:	tippingpoint
vendor:	couchbase	model:	server
vendor:	citrix	model:	gateway
vendor:	trend micro	model:	security
vendor:	symantec	model:	web security
vendor:	symantec	model:	symantec endpoint protection
vendor:	symantec	model:	endpoint protection
vendor:	ubiquiti	model:	unifi
vendor:	cpanel	model:	cpanel
vendor:	trendmicro	model:	security
vendor:	broadcom	model:	api gateway
vendor:	broadcom	model:	broadcom
vendor:	broadcom	model:	linux
vendor:	sophos	model:	cloud optix
vendor:	sophos	model:	mobile
vendor:	sophos	model:	endpoint protection
vendor:	trend	model:	security
vendor:	sonicwall	model:	email security
vendor:	sonicwall	model:	analyzer
vendor:	dovecot	model:	dovecot

db:

NVD

ids:

CVE-2021-44228

security - Does the Log4j vulnerability affect Android users? - Android Enthusiasts Stack Exchange Related entries in the VARIoT vulnerabilities database: VAR-202112-0566 Trust: 4.75 Fetched: Jan. 18, 2022, 10:39 a.m., Published: -	Vulnerabilities: sql injection

Affected products

External IDs

vendor:	google	model:	android
vendor:	serve	model:	serve

db:

NVD

ids:

CVE-2021-44228

Apple patches HomeKit denial-of-service bug with new iOS update - The Verge Trust: 6.0 Fetched: Jan. 18, 2022, 10:39 a.m., Published: Jan. 12, 2022, 7:30 p.m.	Vulnerabilities: resource exhaustion

Affected products

External IDs

vendor:

apple

model:

icloud

Can a hacker remotely connect to Your Wi-Fi camera? A new vulnerability suggests yes - SAM Seamless Network Trust: 3.0 Fetched: Jan. 16, 2022, 9:22 p.m., Published: Oct. 27, 2021, midnight	Vulnerabilities: -

Affected products	External IDs

Vulnerabilities in MediaTek chips expose millions of Android devices to eavesdropping - New About Trust: 3.0 Fetched: Jan. 16, 2022, 10:13 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:

check point

model:

check point

A chip flaw left a third of all smartphones vulnerable to spying \| CyberNews Trust: 4.75 Fetched: Jan. 16, 2022, 10:13 a.m., Published: Oct. 16, 2021, midnight	Vulnerabilities: privilege escalation

Affected products

External IDs

vendor:	check point	model:	check point
vendor:	huawei	model:	huawei

Cyber Security Awareness Month - Check Point Research Trust: 3.25 Fetched: Jan. 15, 2022, 6:35 p.m., Published: Oct. 29, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

check point

model:

check point

Zoom vulnerabilities allowed attackers to obtain maximum server privileges - research \| CyberNews Trust: 4.75 Fetched: Jan. 14, 2022, 1:06 p.m., Published: Nov. 15, 2021, 8:53 a.m.	Vulnerabilities: password guessing, system crash

Affected products

External IDs

vendor:

zoom

model:

zoom

db:

NVD

ids:

CVE-2021-34414, CVE-2021-34415, CVE-2021-34416

Vulnerability Summary for the Week of September 20, 2021 \| CISA Related entries in the VARIoT vulnerabilities database: VAR-202109-1848, VAR-202109-0615, VAR-202109-1795, VAR-202109-1098, VAR-202109-1039, VAR-202109-1253, VAR-202109-0976, VAR-202109-0238, VAR-202109-0234, VAR-202109-0747, VAR-202109-1178, VAR-202109-0592, VAR-202109-0239, VAR-202109-0244, VAR-202109-0240, VAR-202109-0973, VAR-202109-1254, VAR-202109-1107, VAR-202109-0589, VAR-202109-1877, VAR-202109-0590, VAR-202109-0245, VAR-202109-0192, VAR-202109-0604, VAR-202109-1682, VAR-202109-0383, VAR-202109-0591, VAR-202109-0376, VAR-202109-0588, VAR-202109-0606, VAR-202109-0243, VAR-202109-1255, VAR-202109-1063, VAR-202109-0601, VAR-202109-1681, VAR-202109-1847, VAR-202109-0197, VAR-202109-0975, VAR-202109-0758, VAR-202109-0385, VAR-202109-0233, VAR-202109-0974, VAR-202109-0380, VAR-202109-0196, VAR-202109-0593, VAR-202109-0242 Trust: 5.25 Fetched: Jan. 14, 2022, 12:41 p.m., Published: Sept. 20, 2021, midnight	Vulnerabilities: command execution, file upload vulnerability, injection attack...

Affected products

External IDs

vendor:	delta	model:	dopsoft
vendor:	mesh	model:	mesh
vendor:	cisco	model:	series switches
vendor:	cisco	model:	fxos
vendor:	cisco	model:	catalyst
vendor:	cisco	model:	nx-os
vendor:	cisco	model:	cisco ios xr
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	information server
vendor:	cisco	model:	nx-os software
vendor:	cisco	model:	wireless controller
vendor:	cisco	model:	cbr-8
vendor:	cisco	model:	vpn client
vendor:	cisco	model:	sd-wan vmanage
vendor:	cisco	model:	series
vendor:	cisco	model:	ios software
vendor:	cisco	model:	catalyst 9800
vendor:	cisco	model:	access points
vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	service management
vendor:	cisco	model:	sd-wan vmanage software
vendor:	cisco	model:	routers
vendor:	cisco	model:	link layer discovery protocol
vendor:	cisco	model:	cisco nx-os
vendor:	cisco	model:	sd-wan
vendor:	cisco	model:	ios xe sd-wan software
vendor:	cisco	model:	cisco sd-wan
vendor:	cisco	model:	aironet
vendor:	cisco	model:	ios xr software
vendor:	cisco	model:	router
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	ios xr
vendor:	cisco	model:	aironet_access_point
vendor:	cisco	model:	access_points
vendor:	cisco	model:	aironet access point
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	cbr-8 converged broadband routers
vendor:	sonicwall	model:	remote access
vendor:	netgear	model:	r6900p
vendor:	netgear	model:	r7000
vendor:	netgear	model:	r6700v3
vendor:	netgear	model:	r6020
vendor:	netgear	model:	r6900
vendor:	netgear	model:	r7850
vendor:	netgear	model:	rs400
vendor:	netgear	model:	r8000
vendor:	netgear	model:	r7000p
vendor:	netgear	model:	router
vendor:	netgear	model:	r6400v2
vendor:	netgear	model:	r7900
vendor:	netgear	model:	r6700
vendor:	hikvision	model:	hikvision
vendor:	ansible	model:	ansible
vendor:	digi	model:	portserver ts
vendor:	google	model:	home
vendor:	google	model:	android
vendor:	google	model:	wifi
vendor:	citrix	model:	gateway
vendor:	citrix	model:	hypervisor
vendor:	national instruments	model:	national
vendor:	node.js	model:	node.js
vendor:	zoho	model:	manageengine desktop central
vendor:	zoho	model:	opmanager
vendor:	zoho	model:	manageengine opmanager
vendor:	zoho	model:	manageengine adselfservice plus
vendor:	d-link	model:	dir-615
vendor:	d-link	model:	dir-605
vendor:	d-link	model:	dir-3040
vendor:	d-link	model:	router
vendor:	d-link	model:	dcs-932l
vendor:	d-link	model:	dcs-5000l
vendor:	d-link	model:	d-link dir-3040 1.13b03
vendor:	pardus	model:	linux

db:

NVD

ids:

CVE-2021-29811, CVE-2020-19554, CVE-2021-37420, CVE-2021-41387, CVE-2021-26920, CVE-2021-22018, CVE-2020-19951, CVE-2021-32274, CVE-2021-34729, CVE-2020-8561, CVE-2021-38112, CVE-2021-22953, CVE-2021-31836, CVE-2021-32283, CVE-2021-24618, CVE-2021-29831, CVE-2021-34726, CVE-2021-33035, CVE-2021-29813, CVE-2021-24401, CVE-2021-20435, CVE-2021-32298, CVE-2021-32289, CVE-2021-22945, CVE-2021-37741, CVE-2021-41317, CVE-2021-41383, CVE-2021-26794, CVE-2021-29810, CVE-2021-32299, CVE-2021-34703, CVE-2021-24609, CVE-2020-19551, CVE-2021-41073, CVE-2021-38402, CVE-2021-36260, CVE-2021-32287, CVE-2021-41392, CVE-2021-41087, CVE-2021-32838, CVE-2021-24402, CVE-2021-36872, CVE-2021-24640, CVE-2021-39534, CVE-2021-1621, CVE-2021-34724, CVE-2021-32284, CVE-2021-22014, CVE-2021-37424, CVE-2021-22869, CVE-2021-34725, CVE-2021-20829, CVE-2021-22010, CVE-2021-41381, CVE-2020-4805, CVE-2021-1622, CVE-2021-1625, CVE-2021-23443, CVE-2021-0869, CVE-2021-38899, CVE-2019-16651, CVE-2021-29819, CVE-2021-24587, CVE-2021-32282, CVE-2020-19553, CVE-2021-29818, CVE-2021-24525, CVE-2021-1620, CVE-2021-40100, CVE-2020-19915, CVE-2021-29809, CVE-2021-41326, CVE-2021-32278, CVE-2021-38864, CVE-2021-41088, CVE-2021-34699, CVE-2021-40868, CVE-2021-24636, CVE-2021-25741, CVE-2021-36749, CVE-2021-41084, CVE-2021-40875, CVE-2021-38300, CVE-2021-41393, CVE-2021-31917, CVE-2020-20902, CVE-2021-22008, CVE-2021-38877, CVE-2021-29800, CVE-2021-29816, CVE-2021-40674, CVE-2021-1623, CVE-2021-29812, CVE-2021-22005, CVE-2021-24584, CVE-2021-36873, CVE-2021-24530, CVE-2021-32987, CVE-2021-28960, CVE-2021-24663, CVE-2021-1589, CVE-2021-39219, CVE-2021-20434, CVE-2021-38153, CVE-2021-1616, CVE-2021-24613, CVE-2021-40825, CVE-2021-29806, CVE-2021-40309, CVE-2021-34768, CVE-2021-1565, CVE-2021-29905, CVE-2021-37925, CVE-2021-24397, CVE-2021-22952, CVE-2021-34696, CVE-2021-41428, CVE-2021-39531, CVE-2021-31923, CVE-2021-41011, CVE-2021-24511, CVE-2021-34727, CVE-2021-34723, CVE-2021-38404, CVE-2021-41503, CVE-2021-32276, CVE-2021-32963, CVE-2020-12080, CVE-2021-39536, CVE-2021-22011, CVE-2021-39402, CVE-2021-31819, CVE-2021-38304, CVE-2021-41531, CVE-2021-24404, CVE-2021-32271, CVE-2021-3806, CVE-2020-4803, CVE-2021-22019, CVE-2020-23269, CVE-2021-28130, CVE-2021-22020, CVE-2021-39537, CVE-2021-21991, CVE-2020-19950, CVE-2021-37860, CVE-2021-32971, CVE-2021-1619, CVE-2021-20563, CVE-2021-24639, CVE-2021-1624, CVE-2021-34648, CVE-2019-9060, CVE-2021-41583, CVE-2021-21992, CVE-2020-23273, CVE-2021-32288, CVE-2021-41586, CVE-2021-40310, CVE-2021-31841, CVE-2021-41584, CVE-2020-21548, CVE-2021-2464, CVE-2021-40102, CVE-2021-24657, CVE-2021-34712, CVE-2020-23266, CVE-2021-29815, CVE-2021-40655, CVE-2021-32839, CVE-2021-21913, CVE-2021-32294, CVE-2021-41525, CVE-2021-32281, CVE-2021-41395, CVE-2021-40099, CVE-2021-32270, CVE-2021-24606, CVE-2020-23469, CVE-2021-34647, CVE-2021-24396, CVE-2021-32979, CVE-2021-20037, CVE-2021-29856, CVE-2021-24582, CVE-2020-4941, CVE-2021-32959, CVE-2021-31847, CVE-2021-34767, CVE-2021-41390, CVE-2021-29807, CVE-2020-26301, CVE-2021-22006, CVE-2021-34714, CVE-2021-29814, CVE-2020-21913, CVE-2021-1615, CVE-2021-38870, CVE-2021-24583, CVE-2021-22948, CVE-2021-41587, CVE-2021-41380, CVE-2021-22949, CVE-2021-41394, CVE-2021-34650, CVE-2021-29904, CVE-2021-29832, CVE-2021-24635, CVE-2021-38406, CVE-2021-32268, CVE-2021-29833, CVE-2021-39339, CVE-2021-24398, CVE-2020-16630, CVE-2021-23441, CVE-2021-24399, CVE-2021-32286, CVE-2021-41382, CVE-2021-41083, CVE-2020-24327, CVE-2021-22868, CVE-2021-37419, CVE-2021-32277, CVE-2021-39230, CVE-2021-40847, CVE-2020-12082, CVE-2021-24403, CVE-2021-34705, CVE-2021-39218, CVE-2021-24637, CVE-2021-21993, CVE-2021-24400, CVE-2016-6555, CVE-2021-22941, CVE-2021-24600, CVE-2021-40690, CVE-2021-22016, CVE-2021-29817, CVE-2021-22013, CVE-2021-29808, CVE-2021-32265, CVE-2021-40654, CVE-2021-41504, CVE-2020-12083, CVE-2020-21468, CVE-2021-37927, CVE-2020-23267, CVE-2021-20485, CVE-2021-22276, CVE-2021-39533, CVE-2020-23478, CVE-2021-22009, CVE-2019-6288, CVE-2021-32297, CVE-2021-34697, CVE-2021-32280, CVE-2021-39404, CVE-2021-1546, CVE-2021-41082, CVE-2021-1419, CVE-2021-22015, CVE-2021-39532, CVE-2021-39216, CVE-2021-41086, CVE-2021-32273, CVE-2020-28480, CVE-2021-26333, CVE-2021-39325, CVE-2021-22867, CVE-2021-1611, CVE-2021-24585, CVE-2020-4690, CVE-2021-34740, CVE-2021-41588, CVE-2021-23444, CVE-2021-3824, CVE-2020-20508, CVE-2021-24741, CVE-2021-34770, CVE-2021-41581, CVE-2021-39246, CVE-2020-21547, CVE-2020-19949, CVE-2020-20514, CVE-2021-32285, CVE-2021-21742, CVE-2021-24604, CVE-2021-20484, CVE-2021-29821, CVE-2021-3583, CVE-2016-6556, CVE-2020-23481, CVE-2021-41391, CVE-2020-4809, CVE-2021-39535, CVE-2021-36823, CVE-2021-29820, CVE-2021-22017, CVE-2021-40684, CVE-2021-20377, CVE-2021-34769, CVE-2021-25740, CVE-2021-22950, CVE-2021-32999, CVE-2021-24597, CVE-2021-32269, CVE-2021-22012, CVE-2021-29795, CVE-2021-39229, CVE-2021-26750, CVE-2021-1612, CVE-2021-24638, CVE-2021-38412, CVE-2021-22007, CVE-2021-38863, CVE-2021-32275, CVE-2021-39514, CVE-2021-24596, CVE-2021-32272

Multiple Cisco Products Snort Rule Denial of Service Vulnerability - Cisco Trust: 3.75 Fetched: Jan. 14, 2022, 12:41 p.m., Published: Oct. 29, 2021, 12:28 p.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	snort	model:	snort
vendor:	cisco	model:	integrated services virtual router
vendor:	cisco	model:	adaptive security appliance
vendor:	cisco	model:	catalyst
vendor:	cisco	model:	firepower management center
vendor:	cisco	model:	routers
vendor:	cisco	model:	series integrated services routers
vendor:	cisco	model:	firepower
vendor:	cisco	model:	cloud services router 1000v
vendor:	cisco	model:	1000v
vendor:	cisco	model:	cloud services router
vendor:	cisco	model:	router
vendor:	cisco	model:	series
vendor:	cisco	model:	integrated services routers
vendor:	cisco	model:	catalyst 8500
vendor:	cisco	model:	firepower threat defense

Windows message center \| Microsoft Docs Trust: 3.75 Fetched: Jan. 14, 2022, 12:41 p.m., Published: Jan. 13, 2022, 8:10 p.m.	Vulnerabilities: memory leak

Affected products

External IDs

vendor:

trend

model:

security

Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP Edition appliance Security Update Related entries in the VARIoT vulnerabilities database: VAR-202112-0297, VAR-202112-0296 Trust: 6.0 Fetched: Jan. 14, 2022, 12:41 p.m., Published: Nov. 11, 2021, 12:30 a.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	citrix	model:	application delivery controller
vendor:	citrix	model:	netscaler gateway
vendor:	citrix	model:	netscaler
vendor:	citrix	model:	sd-wan wanop
vendor:	citrix	model:	gateway
vendor:	citrix	model:	netscaler adc

db:

NVD

ids:

CVE-2021-22955, CVE-2021-22956

Researchers Uncover Healthcare Software Loopholes leaving medical devices vulnerable to hackers Trust: 3.25 Fetched: Jan. 14, 2022, 12:41 p.m., Published: Nov. 22, 2021, midnight	Vulnerabilities: denial of service, code execution

Affected products

External IDs

vendor:	siemens	model:	nucleus
vendor:	siemens	model:	nucleus rtos

Windows Installer vulnerability becomes actively exploited zero-day - Computer Security Articles Related entries in the VARIoT vulnerabilities database: VAR-202111-0697 Trust: 3.5 Fetched: Jan. 14, 2022, 12:41 p.m., Published: Jan. 17, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	trend micro	model:	security
vendor:	trend	model:	security

db:

NVD

ids:

CVE-2021-41379

Philips Discloses Additional Medical Device Security Vulnerabilities Trust: 3.5 Fetched: Jan. 14, 2022, 12:41 p.m., Published: Nov. 24, 2021, 5 p.m.	Vulnerabilities: denial of service, authentication bypass

Affected products

External IDs

vendor:	philips	model:	tasy emr
vendor:	philips	model:	intellibridge ec40
vendor:	siemens	model:	nucleus

Vulnerability in MediaTek chipsets discovered, promptly fixed - GSMArena.com news Trust: 3.75 Fetched: Jan. 14, 2022, 12:41 p.m., Published: Jan. 1, 2022, midnight	Vulnerabilities: privilege escalation

Affected products

External IDs

vendor:	check point	model:	check point
vendor:	huawei	model:	huawei

VARIoT news about IoT security