Sign-up

VARIoT news about IoT security

Remote Code Execution Vulnerability in NETGEAR Devices

Trust: 3.25

Fetched: Nov. 23, 2021, 9:28 a.m., Published: Nov. 18, 2021, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs

Autobahn Security Blog

Related entries in the VARIoT vulnerabilities database: VAR-202003-1707

Trust: 5.75

Fetched: Nov. 23, 2021, 9:28 a.m., Published: Oct. 27, 2021, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: vbulletin model: vbulletin
db: NVD ids: CVE-2019-16759, CVE-2020-17496, CVE-2020-9054

UK ISP Had 6 Million Routers Vulnerable for a DNS Vulnerability for 18 Months

Trust: 3.25

Fetched: Nov. 23, 2021, 9:28 a.m., Published: Dec. 15, 2021, midnight
 Vulnerabilities: default credentials
Affected productsExternal IDs
db: SCHNEIDER ids: SB601

UK ISP Had 6 Million Routers Vulnerable for a DNS Vulnerability for 18 Months

Trust: 3.25

Fetched: Nov. 23, 2021, 9:28 a.m., Published: Dec. 15, 2021, midnight
 Vulnerabilities: default credentials
Affected productsExternal IDs
db: SCHNEIDER ids: SB601

Stealthy Trojan that roots Android devices makes its way on app stores | CSO Online

Related entries in the VARIoT vulnerabilities database: VAR-202003-0573, VAR-201910-0902

Trust: 4.5

Fetched: Nov. 23, 2021, 9:28 a.m., Published: Nov. 2, 2021, 1:37 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: samsung model: mobile devices
vendor: samsung model: galaxy
vendor: samsung model: samsung galaxy
vendor: samsung model: samsung
vendor: samsung model: mobile
vendor: google model: android
db: NVD ids: CVE-2020-0069, CVE-2015-3636, CVE-2020-0041, CVE-2015-1805, CVE-2019-2215

Old Microsoft Office Vulnerability Used by Attackers to Deliver RATs

Trust: 5.5

Fetched: Nov. 23, 2021, 9:28 a.m., Published: Oct. 21, 2021, 12:45 p.m.
 Vulnerabilities: code execution, memory corruption
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: google chrome
db: NVD ids: CVE-2017-11882

Device management complexities could create cybersecurity gaps and leave NHS Trusts vulnerable

Trust: 3.75

Fetched: Nov. 23, 2021, 9:28 a.m., Published: Dec. 7, 2021, 10:49 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: palo model: networks

Keysight’s IoT Security Assessment software offers automated cybersecurity validation of IoT devices - Help Net Security

Trust: 3.0

Fetched: Nov. 23, 2021, 9:28 a.m., Published: Oct. 15, 2021, 2 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs

Vulnerability in Cisco Security Devices Is Dangerous For Business Processes in Large Companies

Related entries in the VARIoT vulnerabilities database: VAR-202007-1057, VAR-202005-0696, VAR-202005-0685, VAR-202110-1796

Trust: 5.75

Fetched: Nov. 23, 2021, 9:28 a.m., Published: Nov. 22, 2021, 4:59 p.m.
 Vulnerabilities: denial of service, buffer overflow
Affected productsExternal IDs
vendor: cisco model: adaptive security appliance
vendor: cisco model: firepower
vendor: cisco model: device manager
vendor: cisco model: firepower threat defense
db: NVD ids: CVE-2020-3452, CVE-2020-3259, CVE-2020-3187, CVE-2021-34704

Serious security vulnerabilities in DRAM memory devices

Trust: 3.25

Fetched: Nov. 23, 2021, 9:28 a.m., Published: Nov. 19, 2021, 11:23 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dram model: dram

Unpatched Windows vulnerability allows attackers to gain admin rights - gHacks Tech News

Related entries in the VARIoT vulnerabilities database: VAR-202111-0697

Trust: 3.25

Fetched: Nov. 23, 2021, 9:28 a.m., Published: Nov. 23, 2021, 5:41 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2021-41379

Patch now! Netgear fixes serious smart switch vulnerabilities | Malwarebytes Labs

Trust: 5.0

Fetched: Nov. 23, 2021, 9:28 a.m., Published: Sept. 7, 2021, 12:55 p.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs

Microsoft November 2021 Patch Tuesday Addresses 55 Vulnerabilities

Trust: 4.75

Fetched: Nov. 23, 2021, 9:28 a.m., Published: Nov. 10, 2021, 1:56 p.m.
 Vulnerabilities: improper validation, security feature bypass, code execution...
Affected productsExternal IDs
db: NVD ids: CVE-2021-38631, CVE-2021-41371, CVE-2021-43209, CVE-2021-42321, CVE-2021-42292, CVE-2021-43208

Device, Application and Cloud Security for IoT

Trust: 4.0

Fetched: Nov. 23, 2021, 9:28 a.m., Published: Nov. 19, 2021, 6:26 p.m.
 Vulnerabilities: denial of service, default credentials, injection attack...
Affected productsExternal IDs
vendor: google model: home
vendor: tesla model: model

Vulnerability Found Affecting Low-Power Intel Processors

Trust: 3.75

Fetched: Nov. 23, 2021, 9:28 a.m., Published: Nov. 20, 2021, 10:30 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: tesla model: model 3
vendor: tesla model: model
db: NVD ids: CVE-2021-0146

Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution

Trust: 4.5

Fetched: Nov. 23, 2021, 9:28 a.m., Published: Jan. 7, 2022, 7:33 p.m.
 Vulnerabilities: use after free, code execution, buffer overflow
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: google chrome
vendor: google model: home
db: NVD ids: CVE-2021-38007, CVE-2021-38019, CVE-2021-38010, CVE-2021-38014, CVE-2021-38016, CVE-2021-38011, CVE-2021-38022, CVE-2021-38012, CVE-2021-38015, CVE-2021-38006, CVE-2021-38005, CVE-2021-38008, CVE-2021-38009, CVE-2021-38017, CVE-2021-38021, CVE-2021-38013, CVE-2021-38018, CVE-2021-38020

Medtronic Recalls Remote Controllers Used with Paradigm and 508 MiniMed Insulin Pumps for Potential Cybersecurity Risks | FDA

Related entries in the VARIoT vulnerabilities database: VAR-201808-0370, VAR-201808-0175

Trust: 3.75

Fetched: Nov. 23, 2021, 9:28 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: medtronic model: minimed 508 insulin pump
vendor: medtronic model: paradigm
vendor: medtronic model: minimed 508
db: ICS CERT ids: ICSMA-18-219-02

Synopsys Research Finds Vulnerabilities in 97% of Applications, 36% Impacted by Critical- or High-Risk Vulnerabilities

Trust: 3.75

Fetched: Nov. 23, 2021, 9:28 a.m., Published: Nov. 16, 2021, 2:05 p.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs

NVD - CVE-2021-34761

Related entries in the VARIoT vulnerabilities database: VAR-202110-1305

Trust: 3.5

Fetched: Nov. 23, 2021, 9:28 a.m., Published: Jan. 3, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco systems model: cisco systems
vendor: cisco systems model: firepower threat defense
vendor: cisco systems model: firepower
vendor: cisco systems model: firepower_management_center_virtual_appliance
vendor: cisco model: cisco systems
vendor: cisco model: firepower threat defense
vendor: cisco model: firepower
vendor: cisco model: firepower_management_center_virtual_appliance
db: NVD ids: CVE-2021-34761

Vulnerability in Cisco Security Devices is Dangerous For Business Processes of Large Companies

Related entries in the VARIoT vulnerabilities database: VAR-202005-0685, VAR-202110-1796, VAR-202005-0696, VAR-202007-1057

Trust: 5.75

Fetched: Nov. 23, 2021, 9:28 a.m., Published: Jan. 8, 2022, midnight
 Vulnerabilities: denial of service, buffer overflow
Affected productsExternal IDs
vendor: cisco model: firepower
vendor: cisco model: device manager
vendor: cisco model: adaptive security appliance
vendor: cisco model: firepower threat defense
db: NVD ids: CVE-2020-3187, CVE-2021-34704, CVE-2020-3259, CVE-2020-3452