VARIoT latest news about IoT security

Google Home Vulnerability: Eavesdropping on Conversations Trust: 3.0 Fetched: Jan. 24, 2023, 9:18 a.m., Published: Jan. 1, 2023, 7:52 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	google home
vendor:	google	model:	home

Pwning the all Google phone with a non-Google bug \| The GitHub Blog Related entries in the VARIoT vulnerabilities database: VAR-202203-0043, VAR-201910-0902 Trust: 5.5 Fetched: Jan. 24, 2023, 9:16 a.m., Published: Jan. 23, 2023, 3:05 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	trend	model:	security
vendor:	samsung	model:	notes
vendor:	samsung	model:	note
vendor:	google	model:	android
vendor:	google	model:	pixel

db:

NVD

ids:

CVE-2022-38181, CVE-2022-0847, CVE-2021-39793, CVE-2021-0920, CVE-2022-20186, CVE-2021-1048, CVE-2022-33917, CVE-2019-2215, CVE-2022-22706, CVE-2022-36449

Detecting Vulnerability on IoT Device Firmware: A Survey Trust: 4.25 Fetched: Jan. 24, 2023, 9:14 a.m., Published: Jan. 10, 2023, midnight	Vulnerabilities: authentication bypass, denial of service, information disclosure...

Affected products

External IDs

vendor:	samsung	model:	printer
vendor:	samsung	model:	printers
vendor:	samsung smartthings	model:	printer
vendor:	samsung smartthings	model:	printers

Are smart devices cyber secure? - Verity Product Trust: 3.25 Fetched: Jan. 22, 2023, 9:24 a.m., Published: Jan. 20, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	home
vendor:	google	model:	wi-fi router
vendor:	google	model:	google home

Cisco Issues Warning on Security Flaws in Routers \| Technology Partners Trust: 3.0 Fetched: Jan. 22, 2023, 9:23 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	rv016
vendor:	cisco	model:	cisco small business
vendor:	cisco	model:	small business
vendor:	cisco	model:	routers
vendor:	cisco	model:	rv042
vendor:	cisco	model:	router
vendor:	cisco	model:	rv082
vendor:	cisco	model:	rv042g

4 critical BIOS vulnerabilities affect DELL Laptops like Alienware, Inspiron, Vostro models - Cybersecurity Red Flag Related entries in the VARIoT vulnerabilities database: VAR-202301-1432 Trust: 5.75 Fetched: Jan. 22, 2023, 9:22 a.m., Published: Jan. 4, 2023, midnight	Vulnerabilities: buffer overflow, code execution, input validation vulnerability

Affected products

External IDs

vendor:

dell

model:

bios

db:

NVD

ids:

CVE-2022-34393, CVE-2022-34401, CVE-2022-34399, CVE-2022-34460

Exploits released for two Samsung Galaxy App Store vulnerabilities - Security & Privacy News - Nsane Forums Related entries in the VARIoT vulnerabilities database: VAR-202302-0598, VAR-202302-0502 Trust: 5.75 Fetched: Jan. 22, 2023, 9:22 a.m., Published: Jan. 21, 2023, 5:16 p.m.	Vulnerabilities: improper access control

Affected products

External IDs

vendor:	samsung	model:	mobile
vendor:	samsung	model:	samsung galaxy
vendor:	samsung	model:	note
vendor:	samsung	model:	mobile devices
vendor:	samsung	model:	galaxy
vendor:	google	model:	android
vendor:	google	model:	chrome

db:

NVD

ids:

CVE-2023-21433, CVE-2023-21434

Chinese hackers exploit zero-day vulnerabilities in networking devices - Articles Related entries in the VARIoT vulnerabilities database: VAR-202212-1132 Trust: 4.25 Fetched: Jan. 22, 2023, 9:22 a.m., Published: Jan. 22, 2023, 12:27 a.m.	Vulnerabilities: buffer overflow, code execution

Affected products

External IDs

vendor:	fortigate	model:	fortios
vendor:	google	model:	nexus

db:

NVD

ids:

CVE-2022-42475

Apple Devices Have a Significant Vulnerability (So Here’s How to Fix It) - Quercus IT Blog \| Edmonton, AB \| Quercus IT Trust: 3.0 Fetched: Jan. 22, 2023, 9:20 a.m., Published: Jan. 10, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

macos

Inglourious Drivers - A Journey of Finding Vulnerabilities in Drivers Trust: 3.5 Fetched: Jan. 22, 2023, 9:14 a.m., Published: Jan. 20, 2023, midnight	Vulnerabilities: buffer overflow, code execution, privilege escalation

Affected products

External IDs

db:

NVD

ids:

CVE-2022-25637

A Time of Challenge, Change, and Celebration: Ordr's Year in Review Trust: 3.5 Fetched: Jan. 22, 2023, 9:13 a.m., Published: Dec. 30, 2022, 11 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	meeting
vendor:	cisco	model:	series switches
vendor:	cisco	model:	identity services engine
vendor:	cisco	model:	series
vendor:	cisco	model:	catalyst
vendor:	cisco	model:	cisco identity services engine

Potential Threats to Building Automation Systems \| TXOne Networks Trust: 4.25 Fetched: Jan. 22, 2023, 9:12 a.m., Published: Dec. 27, 2022, 8:51 a.m.	Vulnerabilities: denial of service, privilege escalation

Affected products

External IDs

vendor:	belkin	model:	router
vendor:	nest	model:	learning thermostat
vendor:	trend	model:	security

New Bluetooth vulnerability could break privacy Trust: 3.0 Fetched: Jan. 22, 2023, 9:11 a.m., Published: Nov. 25, 2022, midnight	Vulnerabilities: replay attack

Affected products	External IDs

Over 4,000 Sophos Firewall devices vulnerable to RCE attacks Related entries in the VARIoT vulnerabilities database: VAR-202209-1931 Trust: 4.25 Fetched: Jan. 22, 2023, 9:10 a.m., Published: -	Vulnerabilities: authentication bypass, sql injection, code injection...

Affected products

External IDs

vendor:	sophos	model:	xg firewall
vendor:	sophos	model:	firewall
vendor:	trend	model:	security
vendor:	trend micro	model:	security

db:

NVD

ids:

CVE-2022-1040, CVE-2022-3236

Synology Fixes a Max Severity RCE Vulnerability in VPN Server Products Trust: 3.75 Fetched: Jan. 22, 2023, 9:09 a.m., Published: Jan. 4, 2023, 11:28 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	synology	model:	synology router manager
vendor:	synology	model:	router manager

db:

NVD

ids:

CVE-2021-28799, CVE-2022-43931

Top 10 Hardware Vulnerabilities MSPs Should Watch Out For Trust: 3.75 Fetched: Jan. 22, 2023, 9:09 a.m., Published: Dec. 13, 2022, 5:34 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

trend

model:

security

Synology Issues Patch for Severe VPN Plus Server Vulnerability \| NetZone Technologies Trust: 5.5 Fetched: Jan. 20, 2023, 9:30 a.m., Published: -	Vulnerabilities: command injection, command execution, injection attack

Affected products

External IDs

vendor:	synology	model:	router manager
vendor:	synology	model:	synology router manager

db:

NVD

ids:

CVE-2022-43931

Critical vulnerabilities in Siemens PLC devices could allow bypass of protected boot features (CVE-2022-38773) - Help Net Security Related entries in the VARIoT vulnerabilities database: VAR-202301-0605 Trust: 4.25 Fetched: Jan. 20, 2023, 9:29 a.m., Published: Jan. 12, 2023, 1 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

siemens

model:

simatic

db:

NVD

ids:

CVE-2022-38773

OS command injection vulnerabilities (Part 3) - ITZone Trust: 3.5 Fetched: Jan. 20, 2023, 9:25 a.m., Published: Jan. 17, 2023, 7:01 a.m.	Vulnerabilities: os command injection, command injection, command execution

Affected products	External IDs

Cisco Issues Warning on Security Flaws in Routers \| LanSource, Inc. Trust: 3.0 Fetched: Jan. 20, 2023, 9:24 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	router
vendor:	cisco	model:	rv082
vendor:	cisco	model:	small business
vendor:	cisco	model:	rv042g
vendor:	cisco	model:	rv016
vendor:	cisco	model:	cisco small business
vendor:	cisco	model:	routers
vendor:	cisco	model:	rv042

VARIoT news about IoT security