Sign-up

VARIoT news about IoT security

Explained: The vulnerabilities in Apple that India’s IT Minister has flagged - and why you must update your iPhone now | Explained News,The Indian Express

Trust: 4.75

Fetched: Nov. 8, 2022, 9:21 a.m., Published: Aug. 19, 2022, 8:57 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: safari
vendor: apple model: ipad
vendor: apple model: ipad air
vendor: apple model: iphone
vendor: apple model: ipod touch
vendor: apple model: macos

Critical Vulnerabilities Found in Device42 Asset Management Platform | SecurityWeek.Com

Trust: 6.0

Fetched: Nov. 8, 2022, 9:20 a.m., Published: Nov. 8, 2022, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: cisco model: cisco nx-os
vendor: cisco model: nx-os
vendor: cisco model: nexus
db: NVD ids: CVE-2022-1400, CVE-2022-1399, CVE-2022-1401

Microsoft Defender for Endpoint - Mobile Threat Defense | Microsoft Learn

Trust: 3.0

Fetched: Nov. 8, 2022, 9:20 a.m., Published: Sept. 29, 2022, 10:52 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android

What is the new serious Apple vulnerability and how do you protect yourself from it? | Science & Tech News | Sky News

Trust: 3.0

Fetched: Nov. 8, 2022, 9:20 a.m., Published: Aug. 22, 2022, 7:13 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos

Critical RCE Vulnerability Affects Zyxel NAS Devices - Firmware Patch Released

Related entries in the VARIoT vulnerabilities database: VAR-202207-1385, VAR-202207-1298

Trust: 5.5

Fetched: Nov. 8, 2022, 9:19 a.m., Published: Sept. 7, 2022, 5:28 a.m.
 Vulnerabilities: directory traversal, privilege escalation, format string vulnerability...
Affected productsExternal IDs
vendor: zyxel model: nas542
vendor: zyxel model: nas540
vendor: zyxel model: nas326
vendor: qnap model: photo station
db: NVD ids: CVE-2022-2030, CVE-2022-34747, CVE-2022-0823, CVE-2022-30526

Lorenz Ransomware Gang Exploits Mitel VoIP Appliance Vulnerability in Attacks | SecurityWeek.Com

Related entries in the VARIoT vulnerabilities database: VAR-202204-1874

Trust: 6.0

Fetched: Nov. 8, 2022, 9:18 a.m., Published: Nov. 8, 2022, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: mitel model: mivoice connect
db: NVD ids: CVE-2022-29499

Detecting Vulnerability on IoT Device Firmware: A Survey

Trust: 4.25

Fetched: Nov. 8, 2022, 9:15 a.m., Published: Nov. 7, 2022, midnight
 Vulnerabilities: integer overflow, denial of service, code execution...
Affected productsExternal IDs
vendor: samsung smartthings model: printer
vendor: samsung smartthings model: printers
vendor: samsung model: printer
vendor: samsung model: printers

EZVIZ - Notice about Vulnerabilities in Some EZVIZ Products 20220914

Trust: 4.75

Fetched: Nov. 8, 2022, 9:13 a.m., Published: Sept. 14, 2022, midnight
 Vulnerabilities: memory initialization vulnerability, buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2022-2472, CVE-2022-2471

Exploits and exploit kits | Microsoft Learn

Related entries in the VARIoT vulnerabilities database: VAR-201601-0030

Trust: 3.0

Fetched: Nov. 8, 2022, 9:12 a.m., Published: Oct. 19, 2022, 9:04 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2013-1489, CVE-2017-0144, CVE-2016-0778

Medical device vulnerability could let hackers steal Wi-Fi credentials | CSO Online

Trust: 3.75

Fetched: Nov. 8, 2022, 9:10 a.m., Published: Sept. 9, 2022, midnight
 Vulnerabilities: format string vulnerability
Affected productsExternal IDs

Critical WhatsApp Vulnerabilities Allow Attackers Remote Device Hacking

Trust: 3.75

Fetched: Nov. 4, 2022, 8:18 p.m., Published: Sept. 28, 2022, 11:53 a.m.
 Vulnerabilities: memory corruption, integer overflow, privilege escalation...
Affected productsExternal IDs
db: NVD ids: CVE-2022-36934, CVE-2022-27492

Cisco warns of ISE vulnerability with no fixed release or workaround

Related entries in the VARIoT vulnerabilities database: VAR-202210-1641, VAR-202210-1371

Trust: 5.75

Fetched: Nov. 4, 2022, 8:18 p.m., Published: Oct. 27, 2022, 9:06 p.m.
 Vulnerabilities: path traversal, denial of service, cross-site scripting...
Affected productsExternal IDs
vendor: cisco model: meraki mx
vendor: cisco model: cisco identity services engine
vendor: cisco model: identity services engine
db: NVD ids: CVE-2022-20959, CVE-2022-20933, CVE-2022-20822

Vulnerabilities in aircraft wireless network devices expose users to hacking - SiliconANGLE

Trust: 5.0

Fetched: Nov. 4, 2022, 8:16 p.m., Published: Sept. 16, 2022, 12:24 a.m.
 Vulnerabilities: default password
Affected productsExternal IDs
db: NVD ids: CVE-2022-36158, CVE-2022-36159

Over 17000 Fortinet devices exposed online are very likely vulnerable to CVE-2022-40684Security Affairs

Related entries in the VARIoT vulnerabilities database: VAR-202210-0198

Trust: 5.75

Fetched: Nov. 4, 2022, 8:13 p.m., Published: Oct. 18, 2022, 7:56 a.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2022-40684

Multiple Vulnerabilities Discovered in Device42 Asset Management Appliance

Trust: 5.5

Fetched: Nov. 4, 2022, 8:13 p.m., Published: Aug. 10, 2022, 10:02 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: draytek model: draytek routers
vendor: draytek model: routers
db: NVD ids: CVE-2022-1400, CVE-2022-1399, CVE-2022-1410, CVE-2022-1401

Exposure score in Defender Vulnerability Management | Microsoft Learn

Trust: 3.0

Fetched: Nov. 4, 2022, 8:11 p.m., Published: Sept. 27, 2022, 11:22 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security

Realtek SDK Vulnerability Exposes Routers From Many Vendors to Remote Attacks | SecurityWeek.Com

Trust: 4.25

Fetched: Nov. 4, 2022, 8:11 p.m., Published: Nov. 4, 2022, midnight
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
vendor: tenda model: router
vendor: d-link model: router
vendor: realtek model: realtek sdk
db: NVD ids: CVE-2022-27255

Apple fixes vulnerabilities in iOS devices and Mac computers | SC Media

Related entries in the VARIoT vulnerabilities database: VAR-202209-0759

Trust: 3.75

Fetched: Nov. 4, 2022, 8:10 p.m., Published: Sept. 16, 2022, 12:42 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: iphone
db: NVD ids: CVE-2022-32917

Learn how to mitigate the Log4Shell vulnerability in Microsoft Defender for Endpoint - Defender Vulnerability Management | Microsoft Learn

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566, VAR-202112-0562

Trust: 5.0

Fetched: Nov. 4, 2022, 8:04 p.m., Published: Sept. 27, 2022, 11:22 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-44228, CVE-2021-45046

Bugs Found in Contec Airplane WiFi Devices Expose Passengers to Cyberattack | Spiceworks 1

Trust: 4.0

Fetched: Nov. 4, 2022, 8:04 p.m., Published: Sept. 15, 2022, midnight
 Vulnerabilities: default password
Affected productsExternal IDs
db: NVD ids: CVE-2022-36158, CVE-2022-36159