Sign-up

VARIoT news about IoT security

Vulnerability in recent MediaTek chips could allow apps to eavesdrop on you, but it's been fixed

Trust: 4.75

Fetched: Dec. 23, 2021, 9:32 a.m., Published: Nov. 24, 2021, 11 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: huawei model: huawei
vendor: nokia model: nokia
vendor: nokia model: series
vendor: check point model: check point
vendor: google model: android
vendor: xiaomi model: redmi

Vulnerabilities Identified in Hillrom Medical Device Management Products

Trust: 4.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: June 4, 2021, 10 a.m.
 Vulnerabilities: memory corruption, code execution, information leakage
Affected productsExternal IDs
db: NVD ids: CVE-2021-27410, CVE-2021-27408

Security Advisory: Apache Log4j Vulnerability - Product Announcements and Alerts - AppDynamics Documentation

Related entries in the VARIoT vulnerabilities database: VAR-202112-1782, VAR-202112-2011, VAR-202112-0566, VAR-202112-0562

Trust: 4.5

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Jan. 14, 2022, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: node.js model: node.js
vendor: cisco model: meeting
db: NVD ids: CVE-2021-45105, CVE-2021-44832, CVE-2021-44228, CVE-2021-45046

Apache Log4j Vulnerability | Fortinet Blog

Related entries in the VARIoT vulnerabilities database: VAR-202112-1782, VAR-202112-0562, VAR-202112-0566

Trust: 5.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 12, 2021, 8 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2021-45105, CVE-2021-45046, CVE-2021-4428, CVE-2021-45104, CVE-2021-44228

Kryptowire Collaborates With Orange and Finds Vulnerabilities in Mobile Devices

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 3.75

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 15, 2021, 2 p.m.
 Vulnerabilities: command execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-44228, cve-2021-44228

'Moobot' Botnet Targets Hikvision Devices via Recent Vulnerability | SecurityWeek.Com

Trust: 3.5

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Jan. 16, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: hikvision model: hikvision
vendor: hikvision model: camera
vendor: hikvision model: hikvision camera
db: NVD ids: CVE-2021-36260

Security Vulnerability: Update to the latest version of Zoom on your devices | IT Matters

Trust: 3.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Nov. 28, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: zoom model: zoom
vendor: zoom model: zoom client
vendor: zoom model: client

Apache Log4j Vulnerability Guidance | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 5.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Jan. 2, 2022, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-44228

Researchers trigger new exploit by renaming an iPhone and a Tesla - The Verge

Trust: 3.75

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 13, 2021, 8:29 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone
db: NVD ids: cve-2021-44228

Apache Log4j RCE vulnerability & Bosch IoT Suite - Developer Bosch IoT Suite

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 3.25

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 14, 2021, 11:04 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2021-44228

‘Extremely bad’ vulnerability found in widely used logging system - The Verge

Trust: 3.75

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 10, 2021, 8:52 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: icloud

Update: Notice on potential impact of Apache Log4j vulnerability towards Ricoh products and services | Global | Ricoh

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 3.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 15, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2021-44228

After Log4j, December's Patch Tuesday has snuck up on us | Malwarebytes Labs

Trust: 5.5

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 16, 2021, 10:47 a.m.
 Vulnerabilities: buffer overflow, memory corruption, code execution
Affected productsExternal IDs
vendor: google model: chrome
vendor: apple model: webkit
vendor: apple model: safari
db: NVD ids: CVE-2021-43217, CVE-2021-43890, CVE-2021-43883, CVE-2021-41333, CVE-2021-43215, CVE-2021-42310, CVE-2021-43899, CVE-2021-43905

Microsoft Defender for Endpoint - Mobile Threat Defense | Microsoft Docs

Trust: 3.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Jan. 4, 2022, 4:10 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android

Apache Log4j 2 Vulnerability (CVE-2021-44228) Information | Zebra

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566, VAR-202112-0562

Trust: 4.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Jan. 2, 2022, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2021-44228, CVE-2021-45046

Severe Chrome bug allowed RCE on devices running remote headless interface | The Daily Swig

Trust: 3.75

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 14, 2021, 1:45 p.m.
 Vulnerabilities: code execution, cross-site scripting
Affected productsExternal IDs
vendor: google model: chrome

Security Notification - Command Injection Vulnerability in Some Hikvision products | Command Injection Vulnerability | Hikvision

Trust: 5.25

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Jan. 16, 2022, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: hikvision model: hikvision

U.S. warns new software flaw leaves millions of computers vulnerable

Trust: 3.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: cve-2021-44228

Vulnerability methods and properties | Microsoft Docs

Trust: 3.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 3, 2021, midnight
 Vulnerabilities: denial of service, privilege escalation
Affected productsExternal IDs

Chinese hackers are already exploiting 'fully weaponised' Log4shell software vulnerability | Daily Mail Online

Trust: 3.5

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 11, 2021, 11:23 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: icloud
vendor: google model: android
vendor: check point model: check point