Sign-up

VARIoT news about IoT security

Security Alert: New Vulnerability Grants IoT Camera Remote Access

Related entries in the VARIoT vulnerabilities database: VAR-202004-1234

Trust: 4.75

Fetched: Nov. 9, 2021, 12:59 p.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: cisco model: ip phones
db: NVD ids: CVE-2021-28372, CVE-2020-3161

Device Exploits Earn Hackers Over $1 Million at Pwn2Own Austin 2021 | SecurityWeek.Com

Trust: 3.75

Fetched: Nov. 9, 2021, 12:59 p.m., Published: Jan. 16, 2021, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: samsung model: printer
vendor: samsung model: galaxy
vendor: samsung model: printers
vendor: samsung model: samsung galaxy
vendor: samsung model: samsung
vendor: tp-link model: routers
vendor: zoom model: zoom
vendor: cisco model: routers
vendor: cisco model: router
vendor: sonos model: sonos
vendor: netgear model: router

Google Android September 2021 Security Patch Vulnerabilities: Discover and Take Remote Response Action Using VMDR for Mobile Devices | Qualys Security Blog

Related entries in the VARIoT vulnerabilities database: VAR-202109-0298, VAR-202109-0390

Trust: 5.25

Fetched: Nov. 9, 2021, 12:59 p.m., Published: Sept. 20, 2021, 2:45 p.m.
 Vulnerabilities: denial of service, information disclosure, improper validation...
Affected productsExternal IDs
vendor: samsung model: mobile devices
vendor: samsung model: samsung
vendor: samsung model: mobile
vendor: huawei model: huawei
vendor: google model: android
vendor: google model: pixel
db: NVD ids: CVE-2021-1946, CVE-2021-0687, CVE-2021-0689, CVE-2021-0690, CVE-2021-1933

Google Android August 2021 Security Patch Vulnerabilities: Discover and Take Remote Response Action Using VMDR for Mobile Devices | Qualys Security Blog

Related entries in the VARIoT vulnerabilities database: VAR-202109-0210, VAR-202109-0211, VAR-202109-0374, VAR-202109-0377, VAR-202109-0212

Trust: 5.25

Fetched: Nov. 9, 2021, 12:59 p.m., Published: Aug. 13, 2021, 11:19 p.m.
 Vulnerabilities: buffer overflow, information disclosure
Affected productsExternal IDs
vendor: samsung model: mobile devices
vendor: samsung model: samsung
vendor: samsung model: mobile
vendor: google model: android
vendor: google model: pixel
vendor: huawei model: huawei
db: NVD ids: CVE-2021-1916, CVE-2021-1920, CVE-2021-1976, CVE-2021-0519, CVE-2021-1972, CVE-2021-1919

Majority of consumer IoT vendors still lack vulnerability disclosure programs - report | The Daily Swig

Trust: 3.75

Fetched: Nov. 9, 2021, 12:59 p.m., Published: Nov. 4, 2021, 3:17 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security

Microsoft Techies help Apple fix critical MacOS bug | ummid.com

Related entries in the VARIoT vulnerabilities database: VAR-202108-2056

Trust: 4.0

Fetched: Nov. 9, 2021, 12:59 p.m., Published: Nov. 1, 2021, 7:32 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: iphone
db: NVD ids: CVE-2021-30892

Zero-day vulnerabilities found in Canon ImageCLASS and HP Color LaserJet Pro printers at Pwn2Own

Trust: 3.25

Fetched: Nov. 9, 2021, 12:59 p.m., Published: Nov. 3, 2021, 5:05 p.m.
 Vulnerabilities: -
Affected productsExternal IDs

Source Code Security Analyzers | NIST

Trust: 4.25

Fetched: Nov. 9, 2021, 12:59 p.m., Published: March 23, 2021, 7:29 p.m.
 Vulnerabilities: os command injection, request forgery, code execution...
Affected productsExternal IDs
vendor: node.js model: node.js
vendor: nodejs model: node.js
vendor: clamav model: clamav

Discovering the Exploitable Security Gaps in Remote Work Spaces

Trust: 5.25

Fetched: Nov. 9, 2021, 12:59 p.m., Published: Nov. 8, 2021, midnight
 Vulnerabilities: default credentials, denial of service, buffer overflow...
Affected productsExternal IDs
vendor: samsung model: mobile devices
vendor: samsung model: printer
vendor: samsung model: galaxy
vendor: samsung model: printers
vendor: samsung model: samsung galaxy
vendor: samsung model: samsung
vendor: samsung model: mobile
vendor: tp-link model: routers
vendor: tp-link model: ac1750
vendor: cisco model: routers
vendor: cisco model: rv340
vendor: cisco model: router
vendor: cisco model: series
vendor: trend micro model: security
vendor: sonos model: sonos
vendor: google model: google home
vendor: google model: home
vendor: trend model: security

CISA Warns That BrakTooth Vulnerabilities Can Now Be Exploited

Trust: 4.0

Fetched: Nov. 9, 2021, 12:59 p.m., Published: Nov. 4, 2021, 8:25 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: samsung model: samsung

New Proof of Concept tool demos BrakTooth vulnerability exploits - Securezoo

Trust: 3.75

Fetched: Nov. 9, 2021, 12:59 p.m., Published: Nov. 8, 2021, 10:33 p.m.
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs
vendor: wireshark model: wireshark

Cisco warns of hard-coded credentials and default SSH key issues in some productsSecurity Affairs

Related entries in the VARIoT vulnerabilities database: VAR-202111-0664

Trust: 3.25

Fetched: Nov. 9, 2021, 12:59 p.m., Published: Nov. 4, 2021, 8:19 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2021-40119, CVE-2021-43267, CVE-2021-34795

microsoft: Microsoft researchers help Apple fix a critical MacOS bug, Telecom News, ET Telecom

Related entries in the VARIoT vulnerabilities database: VAR-202108-2056

Trust: 3.75

Fetched: Nov. 9, 2021, 12:59 p.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: macos
db: NVD ids: CVE-2021-30892

Four zero-days vulnerabilities and 71 flaws fixed via this month's Patch Tuesday

Related entries in the VARIoT vulnerabilities database: VAR-202110-0829, VAR-202103-1464, VAR-202110-1687, VAR-202110-0498, VAR-202103-1463, VAR-202012-1527

Trust: 4.0

Fetched: Nov. 9, 2021, 12:59 p.m., Published: Oct. 12, 2021, 7:01 p.m.
 Vulnerabilities: use after free, feature bypass, denial of service...
Affected productsExternal IDs
db: NVD ids: CVE-2021-40489, CVE-2021-41355, CVE-2021-40475, CVE-2021-40480, CVE-2021-41346, CVE-2021-40450, CVE-2021-40487, CVE-2021-38672, CVE-2021-40454, CVE-2021-3449, CVE-2021-38663, CVE-2021-40460, CVE-2021-40486, CVE-2021-26441, CVE-2021-36970, CVE-2021-36953, CVE-2021-40461, CVE-2021-37978, CVE-2021-40443, CVE-2021-40463, CVE-2021-40482, CVE-2021-41344, CVE-2021-41332, CVE-2021-40462, CVE-2021-40472, CVE-2021-40476, CVE-2021-41354, CVE-2021-40471, CVE-2021-41352, CVE-2021-40455, CVE-2021-37976, CVE-2021-41338, CVE-2021-41345, CVE-2021-41334, CVE-2021-40474, CVE-2021-37980, CVE-2021-41331, CVE-2021-40449, CVE-2021-41363, CVE-2021-26427, CVE-2021-37975, CVE-2021-41340, CVE-2021-40468, CVE-2021-40456, CVE-2021-41330, CVE-2021-40488, CVE-2021-41353, CVE-2021-40467, CVE-2021-41347, CVE-2021-41342, CVE-2021-34453, CVE-2021-40466, CVE-2021-41336, CVE-2021-40479, CVE-2021-40483, CVE-2021-40481, CVE-2021-40469, CVE-2021-37977, CVE-2021-41337, CVE-2021-41343, CVE-2021-41357, CVE-2021-41348, CVE-2021-3450, CVE-2021-40484, CVE-2021-41335, CVE-2021-40457, CVE-2020-1971, CVE-2021-40478, CVE-2021-40470, CVE-2021-37979, CVE-2021-40485, CVE-2021-41350, CVE-2021-26442, CVE-2021-41339, CVE-2021-40477, CVE-2021-38662, CVE-2021-41361, CVE-2021-40473, CVE-2021-40465, CVE-2021-37974, CVE-2021-40464

CVE-2021-28372: ThroughTek "Kalay" Network Device Impersonation Vulnerability Proof of Concept - YouTube

Trust: 4.0

Fetched: Nov. 9, 2021, 12:59 p.m., Published: Aug. 17, 2021, midnight
 Vulnerabilities: device impersonation
Affected productsExternal IDs
db: NVD ids: CVE-2021-28372

The Hacker News - Cybersecurity News and Analysis - Index Page

Related entries in the VARIoT vulnerabilities database: VAR-202108-2056

Trust: 3.25

Fetched: Nov. 9, 2021, 12:59 p.m., Published: Nov. 1, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2021-38003, CVE-2021-38000, CVE-2021-42694, CVE-2021-30892, CVE-2021-42574

Multiple Cisco Operating Systems Unidirectional Link Detection Denial of Service Vulnerability - Cisco

Trust: 4.0

Fetched: Nov. 9, 2021, 12:59 p.m., Published: Dec. 10, 2021, 1:11 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: nexus 1000v
vendor: cisco model: series switches
vendor: cisco model: cisco ios xr
vendor: cisco model: nexus 9000
vendor: cisco model: nexus 9000 series
vendor: cisco model: ios xr
vendor: cisco model: nx-os software
vendor: cisco model: nexus 7000
vendor: cisco model: nexus 3000
vendor: cisco model: ios xe software
vendor: cisco model: cisco ios
vendor: cisco model: firepower 9300
vendor: cisco model: nexus
vendor: cisco model: nx-os
vendor: cisco model: 1000v
vendor: cisco model: firepower
vendor: cisco model: fxos
vendor: cisco model: cisco nx-os
vendor: cisco model: ios xr software
vendor: cisco model: series
vendor: cisco model: ios xe

Cyber Threats Haunting IoT Devices in 2021 - Kratikal Blogs

Trust: 3.25

Fetched: Nov. 9, 2021, 12:59 p.m., Published: Sept. 21, 2021, 5:22 a.m.
 Vulnerabilities: denial of service, weak password
Affected productsExternal IDs
vendor: avast model: anti-virus
vendor: serve model: serve

Realtek SDK vulnerability exploitation attempts detected (CVE-2021-35395) - Help Net Security

Trust: 4.75

Fetched: Nov. 9, 2021, 12:59 p.m., Published: Aug. 24, 2021, 9:55 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: realtek model: realtek sdk
vendor: palo alto networks model: networks
vendor: palo alto networks model: palo alto networks
vendor: palo model: networks
vendor: palo model: palo alto networks
db: NVD ids: CVE-2021-35392, CVE-2021-35393, CVE-2021-35394, CVE-2021-35395

Patch now! Insecure Hikvision security cameras can be taken over remotely | Malwarebytes Labs

Trust: 5.5

Fetched: Nov. 9, 2021, 12:59 p.m., Published: Sept. 22, 2021, 12:19 p.m.
 Vulnerabilities: injection attack, code execution, command injection
Affected productsExternal IDs
vendor: hikvision model: hikvision
vendor: hikvision model: camera
vendor: hikvision model: ip cameras
vendor: hangzhou hikvision digital technology model: hikvision
vendor: hangzhou hikvision digital technology model: camera
vendor: hangzhou hikvision digital technology model: ip cameras
vendor: zoom model: zoom
db: NVD ids: CVE-2021-36260