Sign-up

VARIoT news about IoT security

Mirai Variant MooBot Targeting D-Link Devices

Related entries in the VARIoT vulnerabilities database: VAR-202205-1571, VAR-201502-0201, VAR-201803-1769, VAR-202203-1742

Trust: 5.25

Fetched: Nov. 8, 2022, 9:49 a.m., Published: Sept. 5, 2022, 3:53 a.m.
 Vulnerabilities: command execution, code execution, arbitrary command execution...
Affected productsExternal IDs
vendor: d-link model: router
vendor: palo model: networks
vendor: palo model: firewall
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
db: NVD ids: CVE-2022-28958, CVE-2015-2051, CVE-2018-6530, CVE-2022-26258

Contec Health CMS8000 | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202209-0006

Trust: 4.5

Fetched: Nov. 8, 2022, 9:49 a.m., Published: Nov. 1, 2022, midnight
 Vulnerabilities: improper access control, default credentials
Affected productsExternal IDs
db: NVD ids: CVE-2022-38100, CVE-2022-38069, CVE-2022-3027, CVE-2022-36385, CVE-2022-38453

Android Security Bulletin-October 2022 | Android Open Source Project

Related entries in the VARIoT vulnerabilities database: VAR-202210-0187, VAR-202210-0404, VAR-202210-0350, VAR-202210-0427, VAR-202210-0100, VAR-202210-0329

Trust: 5.25

Fetched: Nov. 8, 2022, 9:48 a.m., Published: Oct. 8, 2022, midnight
 Vulnerabilities: information disclosure, denial of service, code execution
Affected productsExternal IDs
vendor: samsung model: notes
vendor: samsung model: mobile
vendor: motorola model: android
vendor: motorola model: motorola
vendor: huawei model: huawei
vendor: google model: android
vendor: google model: pixel
db: NVD ids: CVE-2022-20351, CVE-2022-25660, CVE-2022-20413, CVE-2022-20439, CVE-2022-20412, CVE-2022-26471, CVE-2021-39758, CVE-2022-20415, CVE-2022-20409, CVE-2022-20431, CVE-2022-20436, CVE-2022-20440, CVE-2022-20394, CVE-2022-20425, CVE-2022-20438, CVE-2022-20410, CVE-2022-25736, CVE-2022-20419, CVE-2022-20417, CVE-2022-26472, CVE-2021-0696, CVE-2022-20418, CVE-2022-25687, CVE-2021-39624, CVE-2022-20432, CVE-2021-0699, CVE-2022-20420, CVE-2022-20416, CVE-2022-25749, CVE-2021-39673, CVE-2021-0951, CVE-2022-20437, CVE-2022-20433, CVE-2022-20435, CVE-2022-25718, CVE-2022-25748, CVE-2022-20434, CVE-2022-20430, CVE-2022-25661

Vulnerabilities on Xiaomi’s mobile payment mechanism which could allow forged transactions : A Check Point Research analysis - Check Point Software

Trust: 3.5

Fetched: Nov. 8, 2022, 9:47 a.m., Published: Aug. 12, 2022, 9:55 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: check point model: check point
vendor: xiaomi model: redmi
vendor: xiaomi model: miui
db: NVD ids: CVE-2020-14125

WatchGuard firewall exploit threatens appliance takeover | The Daily Swig

Trust: 4.5

Fetched: Nov. 8, 2022, 9:46 a.m., Published: Sept. 1, 2022, 1:08 p.m.
 Vulnerabilities: integer overflow, privilege escalation
Affected productsExternal IDs
vendor: watchguard model: firebox

‘Critical vulnerability’ found in Apple devices, SingCERT advises users to update for security patch - CNA

Trust: 3.0

Fetched: Nov. 8, 2022, 9:46 a.m., Published: Nov. 19, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: safari
vendor: apple model: ipad
vendor: apple model: ipad air
vendor: apple model: iphone
vendor: apple model: ipod touch
vendor: apple model: macos

huawei-sa-20220819-01-7e0a6103-en

Trust: 4.0

Fetched: Nov. 8, 2022, 9:45 a.m., Published: Aug. 8, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: huawei model: huawei
db: NVD ids: CVE-2021-46834

Cybersecurity roundup: Cisco, Rapid7 discover vulnerabilities | Healthcare IT News

Trust: 4.5

Fetched: Nov. 8, 2022, 9:45 a.m., Published: Sept. 12, 2022, 1:54 p.m.
 Vulnerabilities: format string attack, string attack
Affected productsExternal IDs
vendor: cisco model: rv130w
vendor: cisco model: rv130
vendor: cisco model: small business
vendor: cisco model: rv160
vendor: cisco model: rv110w
vendor: cisco model: cisco sd-wan
vendor: cisco model: rv160w
vendor: cisco model: sd-wan
vendor: cisco model: sd-wan vmanage software
vendor: cisco model: cisco routers
vendor: cisco model: cisco small business
vendor: cisco model: sd-wan vmanage
vendor: cisco model: routers
vendor: cisco model: rv132w
vendor: cisco model: rv215w
db: NVD ids: CVE-2022-26390, CVE-2022-26393, CVE-2022-26392, CVE-2022-26394

The ‘riskiest devices’ most vulnerable to cyber attacks - The Hindu BusinessLine

Trust: 3.0

Fetched: Nov. 8, 2022, 9:45 a.m., Published: Oct. 13, 2022, 4:34 p.m.
 Vulnerabilities: -
Affected productsExternal IDs

Objects > Security Profiles > Vulnerability Protection

Trust: 3.5

Fetched: Nov. 8, 2022, 9:42 a.m., Published: Oct. 24, 2022, 5:23 p.m.
 Vulnerabilities: brute force attack
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo model: firewall
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall

Binarly Finds Six High Severity Firmware Vulnerabilities in HP Enterprise Devices

Trust: 4.5

Fetched: Nov. 8, 2022, 9:40 a.m., Published: Nov. 8, 2022, midnight
 Vulnerabilities: memory corruption, code execution, buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2022-23930, CVE-2021-39299, CVE-2022-31640, CVE-2022-31644, CVE-2022-31641, CVE-2022-31645, CVE-2022-31646

Exploit Code of Critical Realtek SDK Vulnerability Released - SOCRadar

Trust: 4.75

Fetched: Nov. 8, 2022, 9:40 a.m., Published: Aug. 17, 2022, 11:18 a.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: snort model: snort
vendor: realtek model: realtek sdk
db: NVD ids: CVE-2022-27255

New Vulnerabilities Reported in Baxter's Internet-Connected Infusion Pumps

Trust: 5.75

Fetched: Nov. 8, 2022, 9:39 a.m., Published: Sept. 8, 2022, 5:55 p.m.
 Vulnerabilities: format string vulnerability
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo model: firewall
vendor: baxter model: wireless battery module
vendor: baxter model: spectrum infusion system
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
db: NVD ids: CVE-2022-26393, CVE-2022-26390, CVE-2022-26392, CVE-2022-26394

Bypassing NAT to Attack Dataprobe iBoot-PDUs | Claroty

Trust: 4.25

Fetched: Nov. 8, 2022, 9:38 a.m., Published: Nov. 8, 2022, midnight
 Vulnerabilities: directory traversal, improper access control, code execution...
Affected productsExternal IDs
vendor: codesys model: codesys
vendor: codesys model: linux
vendor: codesys model: control
vendor: codesys model: web server
db: NVD ids: CVE-2022-3183, CVE-2022-3185, CVE-2022-3184, CVE-2022-3187, CVE-2022-3189, CVE-2022-3188, CVE-2022-3186

Nest security bulletin - August 2022 - Product Documentation Help

Trust: 4.75

Fetched: Nov. 8, 2022, 9:38 a.m., Published: Aug. 8, 2022, midnight
 Vulnerabilities: information disclosure, denial of service, code execution
Affected productsExternal IDs
vendor: google model: home

Tripwire IP360 Hardware Appliances | Tripwire

Trust: 3.25

Fetched: Nov. 8, 2022, 9:37 a.m., Published: May 8, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: tripwire model: ip360

Update now! Google patches vulnerabilities for Pixel mobile phones

Trust: 5.75

Fetched: Nov. 8, 2022, 9:36 a.m., Published: Oct. 27, 2022, 8:54 p.m.
 Vulnerabilities: memory corruption, privilege escalation, buffer overflow
Affected productsExternal IDs
vendor: google model: android
vendor: google model: pixel
db: NVD ids: CVE-2022-20231, CVE-2022-20364

Exploit Code Released for Critical Vulnerability Affecting Networking Devices with Realtek's RTL819x system on a chip (SoC) | UCSF IT

Trust: 3.25

Fetched: Nov. 8, 2022, 9:36 a.m., Published: Nov. 1, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-27255

Mitigating Cyber Vulnerabilities in Medical Devices | Baker Donelson - JDSupra

Trust: 4.25

Fetched: Nov. 8, 2022, 9:35 a.m., Published: Nov. 19, 2022, midnight
 Vulnerabilities: default password
Affected productsExternal IDs

Vulnerability methods and properties | Microsoft Learn

Trust: 3.0

Fetched: Nov. 8, 2022, 9:35 a.m., Published: Oct. 19, 2022, 9:04 p.m.
 Vulnerabilities: denial of service, privilege escalation
Affected productsExternal IDs