Sign-up

VARIoT news about IoT security

Research finds some medical devices vulnerable to hackers

Trust: 3.0

Fetched: Dec. 28, 2021, 9:20 a.m., Published: Nov. 9, 2021, 10:06 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: nucleus

Researchers Uncover Software Flaws Leaving Medical Devices Vulnerable to Hackers - 24x7 Magazine - a MEDQOR brand

Trust: 3.0

Fetched: Dec. 28, 2021, 9:20 a.m., Published: Nov. 9, 2021, 9:37 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: nucleus

Over 300,000 MikroTik Devices Found Vulnerable to Remote Hacking Bugs - The Hacker News - JN-66 Data Analytics

Related entries in the VARIoT vulnerabilities database: VAR-201803-2171, VAR-201808-0384, VAR-201910-0546, VAR-201910-0547

Trust: 5.5

Fetched: Dec. 28, 2021, 9:20 a.m., Published: Dec. 9, 2021, 1:05 p.m.
 Vulnerabilities: buffer overflow, directory traversal, code execution
Affected productsExternal IDs
vendor: hikvision model: hikvision
vendor: mikrotik model: winbox
vendor: mikrotik model: routers
vendor: mikrotik model: mikrotik routers
vendor: mikrotik model: routeros
vendor: mikrotik model: mikrotik
db: NVD ids: CVE-2018-7445, CVE-2018-14847, CVE-2021-36260, CVE-2019-3977, CVE-2019-3978

Research finds some medical devices vulnerable to hackers

Trust: 3.0

Fetched: Dec. 28, 2021, 9:20 a.m., Published: Jan. 8, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: nucleus

'Extremely Bad' Log4Shell Vulnerability Gives Hackers Easy Access to Millions of Devices | Tech Times

Trust: 3.75

Fetched: Dec. 28, 2021, 9:20 a.m., Published: Dec. 10, 2021, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: icloud

Vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566, VAR-202109-1909, VAR-202008-0248

Trust: 5.5

Fetched: Dec. 28, 2021, 9:20 a.m., Published: -
 Vulnerabilities: directory traversal, use after free, privilege escalation...
Affected productsExternal IDs
vendor: google model: google chrome
vendor: google model: chrome
vendor: citrix model: application delivery controller
vendor: citrix model: gateway
vendor: citrix model: sd-wan wanop
db: NVD ids: CVE-2021-28483, CVE-2019-1222, CVE-2021-28480, CVE-2021-26855, CVE-2020-12388, CVE-2021-28481, CVE-2020-3765, CVE-2021-28482, CVE-2020-27955, CVE-2021-44228, CVE-2018-4878, CVE-2021-17095, CVE-2019-19781, CVE-2021-40444, CVE-2019-1181, CVE-2020-16898, CVE-2019-1182, CVE-2021-42321, CVE-2021-30563, CVE-2019-0604, CVE-2019-1226, CVE-2020-1472, CVE-2019-0708, CVE-2020-0609, CVE-2020-17051, CVE-2020-0796, CVE-2020-6457, CVE-2020-0665

"These Vulnerabilities Could Leave Millions of Connected Medical Devices Open to Attack" | CPS-VO

Trust: 4.75

Fetched: Dec. 28, 2021, 9:20 a.m., Published: Jan. 13, 2022, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: siemens model: nucleus
vendor: siemens model: nucleus net

Vulnerabilities identified in the Abode IOTA security system: Fake image injection into timeline

Trust: 5.75

Fetched: Dec. 28, 2021, 9:20 a.m., Published: -
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: netgear model: orbi
vendor: netgear model: router
db: NVD ids: CVE-2020-8105

Log4Shell: The New Zero-Day Vulnerability in Log4j - Security Boulevard

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 4.75

Fetched: Dec. 28, 2021, 9:20 a.m., Published: Dec. 15, 2021, 9:57 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: icloud
db: NVD ids: CVE-2021-44228

New Mobile Network Vulnerabilities Affect All Cellular Generations Since 2G | Ad Blocker Testing

Trust: 4.75

Fetched: Dec. 28, 2021, 9:20 a.m., Published: Dec. 20, 2021, midnight
 Vulnerabilities: information disclosure
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: samsung model: mobile
vendor: apple model: iphone
vendor: huawei model: huawei
vendor: oneplus model: oneplus
vendor: oneplus model: one

Log4Shell: critical vulnerability in Apache Log4j | Kaspersky official blog

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 5.0

Fetched: Dec. 28, 2021, 9:20 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: icloud
db: NVD ids: CVE-2021-44228

Wi-Fi and Bluetooth Devices Vulnerable to Password and Data Theft - Bestgamingpro

Trust: 4.75

Fetched: Dec. 28, 2021, 9:20 a.m., Published: Jan. 9, 2022, midnight
 Vulnerabilities: denial of service, privilege escalation, code execution
Affected productsExternal IDs
vendor: broadcom model: broadcom

New vulnerabilities in mobile networks affect all cell generations since 2G - Hiper LAN 2

Trust: 4.75

Fetched: Dec. 28, 2021, 9:20 a.m., Published: Jan. 2, 2022, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: samsung model: mobile
vendor: apple model: iphone
vendor: huawei model: huawei
vendor: oneplus model: oneplus
vendor: oneplus model: one

New Mobile Network Vulnerabilities Affect All Cellular Generations Since 2G - Shackle Media

Trust: 4.75

Fetched: Dec. 28, 2021, 9:20 a.m., Published: Dec. 20, 2021, 3:26 p.m.
 Vulnerabilities: information disclosure
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: samsung model: mobile
vendor: apple model: iphone
vendor: huawei model: huawei
vendor: oneplus model: oneplus
vendor: oneplus model: one

Log4j under siege, millions of devices vulnerable - NewsBreak

Trust: 3.25

Fetched: Dec. 28, 2021, 9:20 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs

Log4j Vulnerability: What You Need to Know - Bestgamingpro

Trust: 4.0

Fetched: Dec. 28, 2021, 9:20 a.m., Published: Jan. 9, 2022, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: icloud

New Mobile Network Vulnerabilities Affect All Cellular Generations Since 2G - iHash

Trust: 4.75

Fetched: Dec. 28, 2021, 9:20 a.m., Published: Dec. 20, 2021, 3:26 p.m.
 Vulnerabilities: information disclosure
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: samsung model: mobile
vendor: apple model: iphone
vendor: huawei model: huawei
vendor: oneplus model: oneplus
vendor: oneplus model: one

32 hardware and firmware vulnerabilities - Infosec Resources

Related entries in the VARIoT vulnerabilities database: VAR-201808-0384, VAR-201806-1453, VAR-201909-1456

Trust: 5.25

Fetched: Dec. 28, 2021, 9:20 a.m., Published: July 11, 2021, 3:25 p.m.
 Vulnerabilities: directory traversal, denial of service, buffer overflow...
Affected productsExternal IDs
vendor: netapp model: baseboard management controller
vendor: infineon model: trusted platform
vendor: asus model: bmc firmware
vendor: asus model: asus
vendor: asus model: router
vendor: dram model: dram
vendor: huawei model: huawei
vendor: lenovo model: system
vendor: lenovo model: bios
vendor: mikrotik model: winbox
vendor: mikrotik model: routers
vendor: mikrotik model: routeros
vendor: mikrotik model: mikrotik
vendor: mikrotik model: router
vendor: cisco model: routers
vendor: cisco model: router
db: NVD ids: CVE-2019-0863, CVE-2018-14847, CVE-2018-4251, CVE-2018-6260, CVE-2019-10540

Moobot botnet spreading via Hikvision camera vulnerability

Trust: 4.25

Fetched: Dec. 28, 2021, 9:20 a.m., Published: -
 Vulnerabilities: command injection, default credentials
Affected productsExternal IDs
vendor: hikvision model: hikvision
vendor: hikvision model: hikvision camera
vendor: hikvision model: camera
db: NVD ids: CVE-2021-36260

SweynTooth Vulnerabilities | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202002-0487, VAR-202002-0394, VAR-202002-0295, VAR-202002-0392, VAR-202002-0391, VAR-202002-0393, VAR-202002-0294, VAR-202002-0418, VAR-202002-0491

Trust: 3.5

Fetched: Dec. 28, 2021, 9:20 a.m., Published: -
 Vulnerabilities: memory corruption, buffer overflow, security bypass
Affected productsExternal IDs
db: NVD ids: CVE-2019-19192, CVE-2019-17519, CVE-2019-17061, CVE-2019-17517, CVE-2019-19195, CVE-2019-19194, CVE-2019-17520, CVE-2019-17518, CVE-2019-17060, CVE-2019-16336, CVE-2019-19193, CVE-2019-19196