VARIoT latest news about IoT security

Vulnerability Assessment for Network Devices - Now More Than Ever! \| BeyondTrust Trust: 3.25 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 15, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

serve

model:

serve

Security Advisory for Fragment and Forge vulnerabilities on some WiFi capable devices, PSV-2021-0014 & PSV-2021-0080 \| Answer \| NETGEAR Support Related entries in the VARIoT vulnerabilities database: VAR-202105-1431, VAR-202105-1477, VAR-202105-1432 Trust: 3.75 Fetched: Nov. 4, 2021, 1:02 p.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	netgear	model:	r7850
vendor:	netgear	model:	rbw30
vendor:	netgear	model:	rbr40
vendor:	netgear	model:	rbr750
vendor:	netgear	model:	wn3000rpv2
vendor:	netgear	model:	r7000p
vendor:	netgear	model:	rbs750
vendor:	netgear	model:	rbr50
vendor:	netgear	model:	rax45
vendor:	netgear	model:	rax120
vendor:	netgear	model:	ex6410
vendor:	netgear	model:	router
vendor:	netgear	model:	ex6400v2
vendor:	netgear	model:	ex7000
vendor:	netgear	model:	r6700v3
vendor:	netgear	model:	r7900p
vendor:	netgear	model:	ex3700
vendor:	netgear	model:	r8300
vendor:	netgear	model:	ex7500
vendor:	netgear	model:	rax35
vendor:	netgear	model:	r6900p
vendor:	netgear	model:	ex6130
vendor:	netgear	model:	ex7700
vendor:	netgear	model:	r6220
vendor:	netgear	model:	rax15
vendor:	netgear	model:	xr300
vendor:	netgear	model:	rbs50
vendor:	netgear	model:	r8500
vendor:	netgear	model:	r7900
vendor:	netgear	model:	orbi
vendor:	netgear	model:	r6400v2
vendor:	netgear	model:	r8000p
vendor:	netgear	model:	ex2700
vendor:	netgear	model:	r6350
vendor:	netgear	model:	r6020
vendor:	netgear	model:	r7000
vendor:	netgear	model:	r6850
vendor:	netgear	model:	r6120
vendor:	netgear	model:	rbr20
vendor:	netgear	model:	srs60
vendor:	netgear	model:	r6230
vendor:	netgear	model:	mr60
vendor:	netgear	model:	ex6150v2
vendor:	netgear	model:	ex8000
vendor:	netgear	model:	wac505
vendor:	netgear	model:	ex6200v2
vendor:	netgear	model:	rbs850
vendor:	netgear	model:	ex3800
vendor:	netgear	model:	rs400
vendor:	netgear	model:	c6900
vendor:	netgear	model:	ex6250
vendor:	netgear	model:	ex6420
vendor:	netgear	model:	wn3000rpv3
vendor:	netgear	model:	rbs10
vendor:	netgear	model:	r7100lg
vendor:	netgear	model:	rbs40
vendor:	netgear	model:	rbr850
vendor:	netgear	model:	rbs50y
vendor:	netgear	model:	ex6120
vendor:	netgear	model:	dc112a
vendor:	netgear	model:	rax40
vendor:	netgear	model:	rax20
vendor:	netgear	model:	ex6100v2
vendor:	netgear	model:	r6400
vendor:	netgear	model:	ex7300v2
vendor:	netgear	model:	rbs20
vendor:	netgear	model:	ex7320
vendor:	netgear	model:	r8000
vendor:	netgear	model:	rax38
vendor:	netgear	model:	r6080
vendor:	netgear	model:	lax20
vendor:	netgear	model:	r6260
vendor:	netgear	model:	srr60
vendor:	netgear	model:	rbr10
vendor:	netgear	model:	wac510
vendor:	netgear	model:	rax50
vendor:	netgear	model:	r6700v2
vendor:	netgear	model:	lbr20
vendor:	mesh	model:	mesh

db:

NVD

ids:

CVE-2020-24588, CVE-2020-26146, CVE-2020-24587

NVD - CVE-2021-34783 Related entries in the VARIoT vulnerabilities database: VAR-202110-1394 Trust: 4.0 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 3, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	asa_5580_firmware
vendor:	cisco	model:	adaptive_security_appliance
vendor:	cisco	model:	asa_5545-x_firmware
vendor:	cisco	model:	asa_5580
vendor:	cisco	model:	asa_5505_firmware
vendor:	cisco	model:	asa_5555-x_firmware
vendor:	cisco	model:	asa_5585-x
vendor:	cisco	model:	asa_5525-x_firmware
vendor:	cisco	model:	asa_5585-x_firmware
vendor:	cisco	model:	asa_5505
vendor:	cisco	model:	asa_5512-x_firmware
vendor:	cisco	model:	asa_5515-x_firmware

db:

NVD

ids:

CVE-2021-34783

IoT Devices Affected by Multiple Vulnerabilities in Realtek WiFi Modules Trust: 3.25 Fetched: Nov. 4, 2021, 1:02 p.m., Published: -	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2021-35392

Out-of-Bounds Vulnerabilities in OpenSSL - Security Advisory \| QNAP (US) Trust: 3.0 Fetched: Nov. 4, 2021, 1:02 p.m., Published: -	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2021-3711, CVE-2021-3712

Meltdown and Spectre Vulnerabilities \| Allied Telesis Related entries in the VARIoT vulnerabilities database: VAR-201801-0826, VAR-201801-1711, VAR-201801-1712 Trust: 3.0 Fetched: Nov. 4, 2021, 1:02 p.m., Published: -	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2017-5715, CVE-2017-5754, CVE-2017-5753

Unpatched, Unprepared, Unprotected: How Critical Device Vulnerabilities Remain Unaddressed Trust: 3.5 Fetched: Nov. 4, 2021, 1:02 p.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	schneider	model:	modicon m580
vendor:	schneider	model:	m580
vendor:	schneider	model:	modicon plc
vendor:	schneider	model:	monitor
vendor:	ring	model:	ring
vendor:	cisco	model:	routers
vendor:	schneider electric	model:	modicon m580
vendor:	schneider electric	model:	m580
vendor:	schneider electric	model:	modicon plc
vendor:	schneider electric	model:	monitor

Mobile vulnerabilities: What they are and how they impact the enterprise Trust: 3.0 Fetched: Nov. 4, 2021, 1:02 p.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

android

FabulaTech USB device vulnerability exposes devices to risk - TechRepublic Trust: 3.75 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 15, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

home

db:

NVD

ids:

CVE-2002-9332, CVE-2020-9332

PTES Technical Guidelines - The Penetration Testing Execution Standard Trust: 4.0 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 1, 2022, midnight	Vulnerabilities: replay attack, data injection, file inclusion...

Affected products

External IDs

vendor:	essential	model:	phone
vendor:	novell	model:	client
vendor:	novell	model:	netware
vendor:	sony computer entertainment	model:	camera
vendor:	netgear	model:	router
vendor:	serve	model:	serve
vendor:	barracuda	model:	running
vendor:	barracuda	model:	web application firewall
vendor:	barracuda	model:	barracuda
vendor:	citrix	model:	gateway
vendor:	rapid	model:	scada
vendor:	aircrack-ng	model:	aircrack-ng
vendor:	cisco systems	model:	guard
vendor:	cisco systems	model:	cisco ios
vendor:	cisco systems	model:	router
vendor:	cisco systems	model:	wireless access point
vendor:	cisco systems	model:	ip phone
vendor:	cisco systems	model:	catalyst
vendor:	cisco systems	model:	meeting
vendor:	cisco systems	model:	network access control
vendor:	cisco systems	model:	access points
vendor:	cisco systems	model:	routers
vendor:	cisco systems	model:	cisco systems
vendor:	cisco systems	model:	hsrp
vendor:	cisco systems	model:	series
vendor:	cisco systems	model:	eigrp
vendor:	cisco systems	model:	support tools
vendor:	cisco systems	model:	leap
vendor:	asterisk	model:	open source
vendor:	canary	model:	canary
vendor:	wireshark	model:	wireshark
vendor:	sonicwall	model:	switch
vendor:	sonicwall	model:	analyzer
vendor:	sonicwall	model:	web application firewall
vendor:	google	model:	wifi
vendor:	google	model:	home
vendor:	cisco	model:	guard
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	router
vendor:	cisco	model:	wireless access point
vendor:	cisco	model:	ip phone
vendor:	cisco	model:	catalyst
vendor:	cisco	model:	meeting
vendor:	cisco	model:	network access control
vendor:	cisco	model:	access points
vendor:	cisco	model:	routers
vendor:	cisco	model:	cisco systems
vendor:	cisco	model:	hsrp
vendor:	cisco	model:	series
vendor:	cisco	model:	eigrp
vendor:	cisco	model:	support tools
vendor:	cisco	model:	leap
vendor:	mesh	model:	mesh
vendor:	hewlett packard	model:	hp-ux
vendor:	hewlett packard	model:	integrity
vendor:	hewlett packard	model:	stream
vendor:	hewlett packard	model:	switches
vendor:	hewlett packard	model:	hewlett packard
vendor:	palo	model:	firewall
vendor:	palo	model:	networks
vendor:	sony	model:	camera
vendor:	modbus	model:	slave

Internet of things - Wikipedia Trust: 4.0 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 1, 2022, midnight	Vulnerabilities: injection attack, default credentials, weak password...

Affected products

External IDs

vendor:	huawei	model:	huawei
vendor:	huawei	model:	smart phones
vendor:	serve	model:	serve
vendor:	rising	model:	antivirus
vendor:	home assistant	model:	assistant
vendor:	schneider	model:	concept
vendor:	schneider	model:	software update
vendor:	schneider	model:	modbus
vendor:	schneider	model:	monitor
vendor:	samsung smartthings	model:	printers
vendor:	samsung smartthings	model:	samsung
vendor:	samsung smartthings	model:	smartthings hub
vendor:	samsung smartthings	model:	mobile
vendor:	samsung smartthings	model:	note
vendor:	samsung smartthings	model:	mobile devices
vendor:	samsung smartthings	model:	notes
vendor:	smartthings	model:	smartthings hub
vendor:	samsung	model:	printers
vendor:	samsung	model:	samsung
vendor:	samsung	model:	smartthings hub
vendor:	samsung	model:	mobile
vendor:	samsung	model:	note
vendor:	samsung	model:	mobile devices
vendor:	samsung	model:	notes
vendor:	lenovo	model:	updates
vendor:	lenovo	model:	edge
vendor:	lenovo	model:	system
vendor:	mikrotik	model:	mikrotik
vendor:	mikrotik	model:	routers
vendor:	domoticz	model:	domoticz
vendor:	mesh	model:	mesh
vendor:	trend	model:	security
vendor:	trend	model:	antivirus
vendor:	cisco systems	model:	meeting
vendor:	cisco systems	model:	routers
vendor:	cisco systems	model:	cisco systems
vendor:	cisco systems	model:	h
vendor:	cisco systems	model:	service management
vendor:	cisco systems	model:	series
vendor:	cisco systems	model:	spark
vendor:	google	model:	google home
vendor:	google	model:	android
vendor:	google	model:	home
vendor:	cisco	model:	meeting
vendor:	cisco	model:	routers
vendor:	cisco	model:	cisco systems
vendor:	cisco	model:	h
vendor:	cisco	model:	service management
vendor:	cisco	model:	series
vendor:	cisco	model:	spark
vendor:	ring	model:	ring
vendor:	sony	model:	camera
vendor:	sony	model:	playstation 3
vendor:	sony	model:	playstation
vendor:	notion	model:	bridge
vendor:	dahua	model:	camera
vendor:	apple	model:	iphone
vendor:	apple	model:	watch

A New Citrix Device Vulnerability Has Been Discovered Trust: 3.75 Fetched: Nov. 4, 2021, 1:02 p.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	citrix	model:	application delivery controller
vendor:	citrix	model:	gateway
vendor:	citrix	model:	sd-wan wanop

db:

NVD

ids:

CVE-2019-19781

ManageEngine NetFlow Analyzer Read Me Related entries in the VARIoT vulnerabilities database: VAR-201806-1164, VAR-201806-1163, VAR-201911-1328 Trust: 4.25 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 17, 2022, midnight	Vulnerabilities: sql injection, cross-site scripting, code execution...

Affected products

External IDs

vendor:	essential	model:	phone
vendor:	huawei	model:	huawei
vendor:	huawei	model:	webui
vendor:	trend	model:	security
vendor:	axis	model:	axis
vendor:	pfsense	model:	pfsense
vendor:	zoho	model:	manageengine oputils
vendor:	zoho	model:	manageengine applications manager
vendor:	zoho	model:	manageengine opmanager
vendor:	zoho	model:	manageengine netflow analyzer
vendor:	zoho	model:	opmanager
vendor:	zoho	model:	oputils
vendor:	zoho	model:	manageengine servicedesk plus
vendor:	google	model:	nexus
vendor:	google	model:	android
vendor:	google	model:	google chrome
vendor:	google	model:	chrome
vendor:	aruba	model:	instant
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	router
vendor:	cisco	model:	nexus
vendor:	cisco	model:	quad
vendor:	cisco	model:	access points
vendor:	cisco	model:	aireos
vendor:	cisco	model:	routers
vendor:	cisco	model:	technical support
vendor:	cisco	model:	wireless lan controller
vendor:	cisco	model:	wide area application services
vendor:	cisco	model:	wireless lan controllers
vendor:	cisco	model:	series
vendor:	cisco	model:	wireless controller
vendor:	cisco	model:	cisco routers
vendor:	cisco	model:	spark
vendor:	palo	model:	firewall
vendor:	palo	model:	networks
vendor:	jquery	model:	jquery

db:

NVD

ids:

CVE-2019-8929, CVE-2019-7427, CVE-2018-12998, CVE-2018-12997, CVE-2019-7423, CVE-2018-10803, CVE-2020-11946, CVE-2019-8926, CVE-2019-12196, CVE-2020-12116, CVE-2021-20078, CVE-2021-3287, CVE-2021-41075, CVE-2019-8927, CVE-2019-17421, CVE-2018-19403, CVE-2019-7425, CVE-2019-7424, CVE-2020-10541, CVE-2017-11560, CVE-2019-8928, CVE-2019-7422, CVE-2019-7426, CVE-2008-0128, CVE-2021-44514, CVE-2019-8925

Top 10 IoT Security Issues: Ransom, Botnet Attacks, Spying Trust: 4.25 Fetched: Nov. 4, 2021, 1:02 p.m., Published: -	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	serve	model:	serve
vendor:	trend	model:	security

NVD - CVE-2021-1592 Trust: 5.5 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 3, 2022, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	cisco systems	model:	ucs manager
vendor:	cisco systems	model:	cisco systems
vendor:	cisco systems	model:	cisco ucs manager
vendor:	cisco systems	model:	unified_computing_system
vendor:	cisco	model:	ucs manager
vendor:	cisco	model:	cisco systems
vendor:	cisco	model:	cisco ucs manager
vendor:	cisco	model:	unified_computing_system

db:

NVD

ids:

CVE-2021-1592

Device Vulnerabilities in the Connected Home Related entries in the VARIoT vulnerabilities database: VAR-201505-0274 Trust: 6.25 Fetched: Nov. 4, 2021, 1:02 p.m., Published: -	Vulnerabilities: command execution, command injection, buffer overflow...

Affected products

External IDs

vendor:	realtek	model:	realtek sdk
vendor:	d-link	model:	eyeon baby monitor
vendor:	d-link	model:	dcs-825l
vendor:	d-link	model:	router
vendor:	buffalo	model:	wsr-300hp
vendor:	buffalo	model:	router
vendor:	trend micro	model:	security
vendor:	trend micro	model:	home network security
vendor:	dahua	model:	ptz camera
vendor:	dahua	model:	camera
vendor:	dahua	model:	ip camera
vendor:	belkin	model:	router
vendor:	trend	model:	security
vendor:	trend	model:	home network security

db:

NVD

ids:

CVE-2014-8361

Siemens TCP/IP Stack Vulnerabilities-AMNESIA:33 in SENTRON PAC / 3VA Devices (Update B) \| CISA Related entries in the VARIoT vulnerabilities database: VAR-202012-0245, VAR-202012-0125 Trust: 3.5 Fetched: Nov. 4, 2021, 1:02 p.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	siemens	model:	sentron pac4200
vendor:	siemens	model:	sentron pac3200
vendor:	siemens	model:	modbus tcp

db:	SIEMENS	ids:	SSA-541018
db:	NVD	ids:	CVE-2020-17437, CVE-2020-13987
db:	ICS CERT	ids:	ICSA-21-068-06
db:	US CERT	ids:	ICSA-21-068-06

Device Vulnerabilities in the Connected Home Related entries in the VARIoT vulnerabilities database: VAR-201505-0274 Trust: 6.25 Fetched: Nov. 4, 2021, 1:02 p.m., Published: -	Vulnerabilities: command execution, command injection, buffer overflow...

Affected products

External IDs

vendor:	realtek	model:	realtek sdk
vendor:	d-link	model:	eyeon baby monitor
vendor:	d-link	model:	dcs-825l
vendor:	d-link	model:	router
vendor:	buffalo	model:	wsr-300hp
vendor:	buffalo	model:	router
vendor:	trend micro	model:	security
vendor:	trend micro	model:	home network security
vendor:	dahua	model:	ptz camera
vendor:	dahua	model:	camera
vendor:	dahua	model:	ip camera
vendor:	belkin	model:	router
vendor:	trend	model:	security
vendor:	trend	model:	home network security

db:

NVD

ids:

CVE-2014-8361

Mobile Application Security Threats and Vulnerabilities 2019: Mobile Device Security - Attacks Research Related entries in the VARIoT vulnerabilities database: VAR-201611-0386 Trust: 4.25 Fetched: Nov. 4, 2021, 1:02 p.m., Published: -	Vulnerabilities: configuration vulnerability, session hijacking, cross-site scripting...

Affected products

External IDs

vendor:	google	model:	android
vendor:	google	model:	wi-fi router
vendor:	alcatel	model:	operating system
vendor:	apple	model:	icloud

db:

NVD

ids:

CVE-2019-5765, CVE-2016-5195

Full disclosure: 0day vulnerability (backdoor) in firmware for Xiaongmai-based DVRs, NVRs and IP cameras / Habr Trust: 4.5 Fetched: Nov. 4, 2021, 1:02 p.m., Published: -	Vulnerabilities: code execution

Affected products

External IDs

vendor:	qemu	model:	qemu
vendor:	xiongmai	model:	ip cameras

VARIoT news about IoT security