VARIoT latest news about IoT security

Fresh TOTOLINK Vulnerabilities Picked Up by Beastmode Mirai Campaign Related entries in the VARIoT vulnerabilities database: VAR-201803-1048, VAR-202202-1281, VAR-202203-0288, VAR-201608-0087, VAR-202203-0505, VAR-202203-0700, VAR-202202-0832 Trust: 4.75 Fetched: May 13, 2022, 10:50 a.m., Published: April 1, 2022, 7 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	d-link	model:	router
vendor:	d-link	model:	dir-830l
vendor:	d-link	model:	dir-836l
vendor:	d-link	model:	dir-826l
vendor:	d-link	model:	dir-820l
vendor:	d-link	model:	dir-810l
vendor:	tp-link	model:	routers
vendor:	nuuo	model:	crystal
vendor:	nuuo	model:	nvrsolo
vendor:	nuuo	model:	nvrmini2
vendor:	netgear	model:	readynas surveillance
vendor:	huawei	model:	hg532
vendor:	huawei	model:	huawei

db:

NVD

ids:

CVE-2017-17215, CVE-2021-45382, CVE-2021-4045, CVE-2016-5674, CVE-2022-26186, CVE-2022-26210, CVE-2022-25075

Microsoft Fixes 52 Vulnerabilities in February, 2022 Patches - Sophos News Related entries in the VARIoT vulnerabilities database: VAR-202202-0304, VAR-202202-0303, VAR-202202-1349 Trust: 5.5 Fetched: May 13, 2022, 10:50 a.m., Published: Feb. 9, 2022, 6:48 p.m.	Vulnerabilities: code execution, feature bypass, security feature bypass...

Affected products

External IDs

vendor:

sophos

model:

mobile

db:

NVD

ids:

CVE-2022-22000, CVE-2022-22718, CVE-2022-22001, CVE-2022-23254, CVE-2022-22715, CVE-2022-21991, CVE-2022-22710, CVE-2022-21981, CVE-2022-23264, CVE-2022-21992, CVE-2022-22717, CVE-2022-23252, CVE-2022-21999, CVE-2022-22005, CVE-2022-23269, CVE-2021-0470, CVE-2022-23263, CVE-2022-21965, CVE-2022-22002, CVE-2022-21994, CVE-2021-0452, CVE-2022-21984, CVE-2022-21985, CVE-2022-21968, CVE-2022-23262, CVE-2022-21995, CVE-2022-21993, CVE-2022-21927, CVE-2022-23280, CVE-2022-21988, CVE-2022-21989, CVE-2022-22712, CVE-2022-21987, CVE-2022-21974, CVE-2022-22716, CVE-2022-23261, CVE-2022-23274, CVE-2022-22004, CVE-2022-21996, CVE-2022-21986, CVE-2022-21997, CVE-2022-21926, CVE-2022-21844, CVE-2022-23256, CVE-2022-23276, CVE-2022-21998, CVE-2022-21971, CVE-2022-23271, CVE-2022-21957, CVE-2022-22003, CVE-2022-23255, CVE-2022-22709, CVE-2022-23273, CVE-2022-23272

5 Free WiFi Router Vulnerabilities Scanners - Who Hacked My Wifi? Trust: 3.5 Fetched: May 13, 2022, 10:50 a.m., Published: March 8, 2018, 3:34 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	d-link	model:	router
vendor:	tp-link	model:	routers
vendor:	asus	model:	router
vendor:	asus	model:	asus
vendor:	cisco	model:	router
vendor:	cisco	model:	linksys
vendor:	avast	model:	antivirus

Armis Finds Three Critical Zero-Day Vulnerabilities in APC Smart-UPS Devices, Dubbed "TLStorm," Exposing More than 20 Million Enterprise Devices Related entries in the VARIoT vulnerabilities database: VAR-202108-1890, VAR-202203-0235, VAR-202203-0237, VAR-202203-0236 Trust: 4.25 Fetched: May 13, 2022, 10:50 a.m., Published: March 14, 2022, 1:15 p.m.	Vulnerabilities: code execution, buffer overflow, authentication bypass...

Affected products

External IDs

vendor:	schneider	model:	monitor
vendor:	schneider electric	model:	monitor

db:

NVD

ids:

CVE-2021-37160, CVE-2022-0715, CVE-2022-22805, CVE-2022-22806

Binarly Discovers 16 New, High-Impact Vulnerabilities in Firmware Affecting HP Enterprise Devices Trust: 3.75 Fetched: May 13, 2022, 10:50 a.m., Published: March 8, 2022, midnight	Vulnerabilities: code execution, privilege escalation, buffer overflow...

Affected products

External IDs

db:

NVD

ids:

CVE-2022-23924, CVE-2021-39300, CVE-2022-23928, CVE-2021-39301, CVE-2021-39299, CVE-2022-23931, CVE-2022-23934, CVE-2021-39298, CVE-2022-23927, CVE-2021-39297, CVE-2022-23929, CVE-2022-23925, CVE-2022-23926, CVE-2022-23930, CVE-2022-23932, CVE-2022-23933

Cyble - Critical Vulnerabilities in Serial-to-Ethernet Devices Trust: 3.25 Fetched: May 13, 2022, 10:50 a.m., Published: Feb. 17, 2022, 11:15 a.m.	Vulnerabilities: resource exhaustion, information exposure

Affected products

External IDs

vendor:	moxa	model:	nport 5110
vendor:	moxa	model:	nport

Vulnerabilities Identified in Wyze Cam IoT Device Related entries in the VARIoT vulnerabilities database: VAR-202203-1706, VAR-202203-1880 Trust: 7.0 Fetched: May 13, 2022, 10:50 a.m., Published: April 10, 2022, midnight	Vulnerabilities: buffer overflow

Affected products

External IDs

vendor:

netgear

model:

orbi

db:

NVD

ids:

CVE-2019-12266, CVE-2019-9564

Here’s Why Apple Device Vulnerabilities Just Skyrocketed A Startling 467 Percent \| HotHardware Related entries in the VARIoT vulnerabilities database: VAR-202108-1057 Trust: 4.75 Fetched: May 13, 2022, 10:50 a.m., Published: April 14, 2022, 12:30 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	apple	model:	safari
vendor:	apple	model:	macos
vendor:	trend	model:	security
vendor:	huawei	model:	huawei

db:

NVD

ids:

CVE-2021-30860

Are All Apple Devices Vulnerable to Pegasus? Related entries in the VARIoT vulnerabilities database: VAR-202108-1057 Trust: 3.5 Fetched: May 13, 2022, 10:50 a.m., Published: April 14, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	macos
vendor:	apple	model:	watchos
vendor:	apple	model:	iphone

db:

NVD

ids:

CVE-2021-30860

NVD - CVE-2022-0018 Trust: 5.5 Fetched: May 13, 2022, 10:50 a.m., Published: April 5, 2022, midnight	Vulnerabilities: information exposure

Affected products

External IDs

vendor:	palo	model:	networks globalprotect
vendor:	palo	model:	palo alto networks globalprotect
vendor:	palo	model:	networks
vendor:	apple	model:	macos
vendor:	paloaltonetworks	model:	networks globalprotect
vendor:	paloaltonetworks	model:	palo alto networks globalprotect
vendor:	paloaltonetworks	model:	networks
vendor:	palo alto networks	model:	networks globalprotect
vendor:	palo alto networks	model:	palo alto networks globalprotect
vendor:	palo alto networks	model:	networks

db:

NVD

ids:

CVE-2022-0018

Google Android : List of security vulnerabilities Related entries in the VARIoT vulnerabilities database: VAR-202203-1012, VAR-202203-1029, VAR-202204-1532, VAR-202203-0318, VAR-202203-0306, VAR-202203-0322, VAR-202203-0319 Trust: 5.25 Fetched: May 13, 2022, 10:50 a.m., Published: April 21, 2050, midnight	Vulnerabilities: code execution, buffer overflow, use after free...

Affected products

External IDs

vendor:	samsung	model:	knox
vendor:	google	model:	android
vendor:	google	model:	home

db:

NVD

ids:

CVE-2022-27573, CVE-2022-26090, CVE-2022-27825, CVE-2022-24932, CVE-2022-24931, CVE-2022-27824, CVE-2022-27570, CVE-2022-25817, CVE-2022-25833, CVE-2022-26092, CVE-2022-27822, CVE-2022-25816, CVE-2022-27576, CVE-2022-24925, CVE-2022-25818, CVE-2022-27823, CVE-2022-24001, CVE-2022-26093, CVE-2022-27572, CVE-2022-25815, CVE-2022-27836, CVE-2022-27831, CVE-2022-27828, CVE-2022-27829, CVE-2022-27830, CVE-2022-27575, CVE-2022-27826, CVE-2022-27569, CVE-2022-26094, CVE-2022-26096, CVE-2022-24928, CVE-2022-26091, CVE-2022-26098, CVE-2022-27567, CVE-2022-27827, CVE-2022-26095, CVE-2022-27568, CVE-2022-24929, CVE-2022-27832, CVE-2022-27574, CVE-2022-25831, CVE-2022-27571, CVE-2022-25832, CVE-2022-25822, CVE-2022-25814, CVE-2022-26097, CVE-2022-26099, CVE-2022-27821, CVE-2022-27835, CVE-2022-25820

Spring4Shell Vulnerability Exploited To Spread Mirai Botnet Malware, According to Security Researchers - CPO Magazine Trust: 4.25 Fetched: May 13, 2022, 10:50 a.m., Published: April 15, 2022, 9:45 a.m.	Vulnerabilities: code execution, password guessing, denial of service

Affected products

External IDs

vendor:	palo	model:	networks
vendor:	trend micro	model:	security
vendor:	trend	model:	security
vendor:	palo alto networks	model:	networks

Healthcare IoT, Medical Device Vulnerability Disclosures Skyrocket Trust: 3.5 Fetched: May 13, 2022, 10:50 a.m., Published: March 4, 2022, 1:30 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	trend	model:	security
vendor:	palo alto networks	model:	networks
vendor:	palo	model:	networks

IoT/connected Device Discovery and Security Auditing in Corporate Networks Trust: 4.75 Fetched: May 13, 2022, 10:50 a.m., Published: Feb. 7, 2022, 9:20 a.m.	Vulnerabilities: default credentials

Affected products

External IDs

vendor:

trend

model:

security

More Lexmark device vulnerabilities (wrap-up Feb. 2022) \| Born's Tech and Windows World Related entries in the VARIoT vulnerabilities database: VAR-202201-0782, VAR-202201-1528, VAR-202201-0780 Trust: 6.0 Fetched: May 13, 2022, 10:50 a.m., Published: Feb. 12, 2022, 10:51 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:

lexmark

model:

printer

db:

NVD

ids:

CVE-2021-44734, CVE-2021-44735, CVE-2021-44738

16 Vulnerabilities Found in Firmware of HP Enterprise Devices \| SecurityWeek.Com Trust: 4.5 Fetched: May 13, 2022, 10:50 a.m., Published: April 16, 2022, midnight	Vulnerabilities: privilege escalation, information disclosure, memory corruption...

Affected products

External IDs

vendor:	lenovo	model:	edge
vendor:	lenovo	model:	system
vendor:	lenovo	model:	desktop
vendor:	lenovo	model:	updates

Lenovo patches UEFI firmware vulnerabilities impacting millions of users \| ZDNet Trust: 4.75 Fetched: May 13, 2022, 10:50 a.m., Published: April 5, 2022, midnight	Vulnerabilities: memory corruption

Affected products

External IDs

vendor:	lenovo	model:	updates
vendor:	lenovo	model:	bios
vendor:	lenovo	model:	yoga
vendor:	lenovo	model:	notebook
vendor:	lenovo	model:	system
vendor:	lenovo	model:	power management
vendor:	lenovo	model:	flex

db:

NVD

ids:

CVE-2021-3972, CVE-2021-3971, CVE-2021-3970

The Spring4Shell Vulnerability: Overview, Detection, and Remediation \| Datadog Related entries in the VARIoT vulnerabilities database: VAR-202203-1506 Trust: 3.75 Fetched: May 13, 2022, 10:50 a.m., Published: April 1, 2022, midnight	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2022-22965, CVE-2022-22963

What Is Device Vulnerability Management? \| Endpoint Trust: 5.75 Fetched: May 13, 2022, 10:50 a.m., Published: Feb. 3, 2022, 1:15 p.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:

trend

model:

security

db:

NVD

ids:

CVE-2022-23728, CVE-2019-0708

Cisco : Security vulnerabilities Related entries in the VARIoT vulnerabilities database: VAR-202201-1480, VAR-202202-1727, VAR-202111-1197, VAR-202202-1098, VAR-202111-0401, VAR-202110-1351, VAR-202110-1376, VAR-202201-1485, VAR-202110-0618, VAR-202202-1102, VAR-202201-1474, VAR-202201-1479, VAR-202110-1352, VAR-202201-1484, VAR-202204-0751, VAR-202201-1483, VAR-202201-1478, VAR-202110-1350, VAR-202110-1392, VAR-202203-0836, VAR-202111-0412, VAR-202110-0619, VAR-202110-0617, VAR-202112-0566, VAR-202110-1402, VAR-202110-1375, VAR-202111-0393, VAR-202111-1196, VAR-202201-1475, VAR-202110-1377, VAR-202202-1288, VAR-202203-1506, VAR-202201-1476, VAR-202111-0400, VAR-202202-1728, VAR-202110-1353, VAR-202201-1522, VAR-202203-0870, VAR-202111-0664, VAR-202203-0835, VAR-202204-1285, VAR-202202-1048, VAR-202201-1482, VAR-202203-1409, VAR-202111-0413, VAR-202201-1481, VAR-202204-1682, VAR-202201-1477, VAR-202201-1486, VAR-202111-1198 Trust: 4.25 Fetched: May 13, 2022, 10:50 a.m., Published: April 19, 2050, midnight	Vulnerabilities: denial of service, cross-site scripting, code execution

Affected products

External IDs

vendor:	cisco	model:	small business rv
vendor:	cisco	model:	dna center
vendor:	cisco	model:	cisco telepresence
vendor:	cisco	model:	cisco meeting
vendor:	cisco	model:	meeting
vendor:	cisco	model:	email security appliance
vendor:	cisco	model:	security manager
vendor:	cisco	model:	cisco policy suite
vendor:	cisco	model:	common services platform collector
vendor:	cisco	model:	cisco identity services engine
vendor:	cisco	model:	identity services engine
vendor:	cisco	model:	cisco meeting server
vendor:	cisco	model:	cisco prime infrastructure
vendor:	cisco	model:	umbrella
vendor:	cisco	model:	cisco adaptive security appliance
vendor:	cisco	model:	webex meetings
vendor:	cisco	model:	asyncos
vendor:	cisco	model:	staros
vendor:	cisco	model:	telepresence video communication server
vendor:	cisco	model:	anyconnect secure mobility client
vendor:	cisco	model:	series routers
vendor:	cisco	model:	cisco telepresence video communication server
vendor:	cisco	model:	policy suite
vendor:	cisco	model:	cisco asyncos
vendor:	cisco	model:	small business rv series routers
vendor:	cisco	model:	cisco small business
vendor:	cisco	model:	meeting server
vendor:	cisco	model:	firepower threat defense
vendor:	cisco	model:	series
vendor:	cisco	model:	firepower
vendor:	cisco	model:	prime infrastructure
vendor:	cisco	model:	cisco staros
vendor:	cisco	model:	expressway series
vendor:	cisco	model:	cisco webex
vendor:	cisco	model:	cisco security manager
vendor:	cisco	model:	cisco email security appliance
vendor:	cisco	model:	cisco expressway
vendor:	cisco	model:	webex
vendor:	cisco	model:	prime service catalog
vendor:	cisco	model:	adaptive security appliance
vendor:	cisco	model:	expressway
vendor:	cisco	model:	cisco anyconnect secure mobility client
vendor:	cisco	model:	asyncos software
vendor:	cisco	model:	cisco prime service catalog
vendor:	cisco	model:	cisco webex meetings
vendor:	snort	model:	snort
vendor:	mesh	model:	mesh

db:

NVD

ids:

CVE-2022-20638, CVE-2022-20750, CVE-2021-40130, CVE-2022-20630, CVE-2021-40115, CVE-2021-40117, CVE-2021-34793, CVE-2022-20644, CVE-2021-40122, CVE-2022-20680, CVE-2022-20639, CVE-2022-20636, CVE-2021-40116, CVE-2022-20643, CVE-2022-20763, CVE-2022-20642, CVE-2022-20646, CVE-2021-40118, CVE-2021-34791, CVE-2022-20755, CVE-2021-40124, CVE-2021-40121, CVE-2021-40123, CVE-2021-44228, CVE-2021-40125, CVE-2021-34794, CVE-2021-40126, CVE-2021-40131, CVE-2022-20641, CVE-2021-34792, CVE-2022-20738, CVE-2022-22965, CVE-2022-20647, CVE-2021-40128, CVE-2022-20653, CVE-2021-40114, CVE-2022-20658, CVE-2022-20756, CVE-2021-40119, CVE-2022-20754, CVE-2022-20741, CVE-2022-20659, CVE-2022-20637, CVE-2022-20762, CVE-2021-40120, CVE-2022-20640, CVE-2022-20782, CVE-2022-20645, CVE-2022-20635, CVE-2021-40129

VARIoT news about IoT security