Sign-up

VARIoT news about IoT security

Cybersecurity: a beginner's guide to secure medical device design | Team Consulting

Trust: 4.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 23, 2021, 8:39 a.m.
 Vulnerabilities: brute force attack, denial of service
Affected productsExternal IDs
vendor: trend model: security

Keeping the gate locked on your IoT devices: Vulnerabilities found on Amazon's Alexa - Check Point Research

Trust: 4.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: code injection, code execution
Affected productsExternal IDs
vendor: check point model: check point
vendor: serve model: serve

Vulnerability DB | Snyk

Trust: 3.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: restriction bypass, session fixation, cross-site request forgery...
Affected productsExternal IDs
vendor: jquery model: jquery

12 Online Free Tools to Scan Website Security Vulnerabilities & Malware

Trust: 3.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: command injection, sql injection, os command injection...
Affected productsExternal IDs

10 Web Security Vulnerabilities You Can Prevent | Toptal

Trust: 4.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 10, 2022, midnight
 Vulnerabilities: sql injection, session hijacking, request forgery...
Affected productsExternal IDs
vendor: serve model: serve

Dissection of Winbox critical vulnerability - n0p Blog

Related entries in the VARIoT vulnerabilities database: VAR-201808-0384

Trust: 3.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: mikrotik model: mikrotik router
vendor: mikrotik model: winbox
vendor: mikrotik model: routeros
vendor: mikrotik model: mikrotik
vendor: mikrotik model: routers
vendor: mikrotik model: router
vendor: cisco model: routers
vendor: cisco model: router
db: NVD ids: CVE-2018-14847

Column | Destigmatizing Medical Device Vulnerability Disclosures to Improve Healthcare Cybersecurity - MedTech Intelligence

Trust: 3.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macbook
vendor: apple model: safari
vendor: apple model: ipad
vendor: apple model: macbook air
vendor: apple model: iphone
vendor: apple model: apple tv
vendor: google model: android
vendor: google model: home
db: ICS CERT ids: ICSMA-20-049-02, ICSMA-20-023-01

Industrial Internet Of Things (IoT) Identifying The Vulnerabilities Of Field Devices

Trust: 3.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: data injection
Affected productsExternal IDs
vendor: serve model: serve
vendor: rapid model: scada

What is Vulnerability Assessment? Testing Process, VAPT Scan Tool

Trust: 3.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Dec. 27, 2021, 8:32 a.m.
 Vulnerabilities: sql injection, cross-site scripting
Affected productsExternal IDs
vendor: wireshark model: wireshark

NVD - CVE-2021-41503

Related entries in the VARIoT vulnerabilities database: VAR-202109-1107

Trust: 3.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 1, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: d-link model: dcs-5000l_firmware
vendor: d-link model: dcs-5000l
vendor: d-link model: dcs-932l
vendor: d-link model: dcs-932l_firmware
vendor: dlink model: dcs-5000l_firmware
vendor: dlink model: dcs-5000l
vendor: dlink model: dcs-932l
vendor: dlink model: dcs-932l_firmware
db: NVD ids: CVE-2021-41503

Dahua Authentication Bypass ≈ Packet Storm

Related entries in the VARIoT vulnerabilities database: VAR-202109-1875, VAR-202109-1874

Trust: 3.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 6, 2021, midnight
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2021-33044, CVE-2021-33045

Fixing the authentication bypass vulnerability affecting REST APIs | ManageEngine ADSelfService Plus

Trust: 4.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: code execution, authentication bypass, command execution...
Affected productsExternal IDs
db: NVD ids: CVE-2021-40539

NVD - CVE-2021-1587

Trust: 5.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: nx-os software
vendor: cisco model: nx-os
vendor: cisco model: cisco systems
vendor: cisco model: nexus_3000
vendor: cisco model: cisco nx-os
vendor: cisco model: nexus_3048
vendor: cisco systems model: nx-os software
vendor: cisco systems model: nx-os
vendor: cisco systems model: cisco systems
vendor: cisco systems model: nexus_3000
vendor: cisco systems model: cisco nx-os
vendor: cisco systems model: nexus_3048
db: NVD ids: CVE-2021-1587

Cisco Nexus 9500 Series Switches Access Control List Bypass Vulnerability - Cisco

Trust: 3.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 15, 2021, 3:35 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: series switches
vendor: cisco model: nexus 9000 series
vendor: cisco model: nexus 3000
vendor: cisco model: nexus 9500
vendor: cisco model: nx-os
vendor: cisco model: nexus 9000
vendor: cisco model: nexus 1000v
vendor: cisco model: cisco nx-os
vendor: cisco model: nx-os software
vendor: cisco model: nexus
vendor: cisco model: series
vendor: cisco model: nexus 7000
vendor: cisco model: 1000v

Millions of Web Camera and Baby Monitor Feeds Are Exposed | WIRED

Trust: 3.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 17, 2021, noon
 Vulnerabilities: code execution
Affected productsExternal IDs

CVE-2021-3437 | HP OMEN Gaming Hub Privilege Escalation Bug Hits Millions of Gaming Devices - SentinelOne

Trust: 4.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 14, 2021, 3:23 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2021-3437

Unpatched Fortinet FortiWeb vulnerability allows remote OS command injection - Help Net Security

Related entries in the VARIoT vulnerabilities database: VAR-202106-0667

Trust: 4.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 17, 2021, 2:25 p.m.
 Vulnerabilities: authentication bypass, os command injection, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2021-22123

CISA Says BlackBerry Vulnerability to Impact Medical Device Security

Trust: 4.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 18, 2021, 5:01 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: blackberry model: blackberry
db: NVD ids: CVE-2021-22156

FORCEDENTRY: NSO Group iMessage Zero-Click Exploit Captured in the Wild - The Citizen Lab

Related entries in the VARIoT vulnerabilities database: VAR-202108-1057

Trust: 4.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 13, 2021, 7:26 p.m.
 Vulnerabilities: integer overflow, code execution
Affected productsExternal IDs
vendor: apple model: itunes
vendor: apple model: macos
vendor: apple model: watchos
db: NVD ids: CVE-2021-30860, CVE-2019-3568

Cisco: Security devices are vulnerable to SNIcat data exfiltration technique - The Record by Recorded Future

Trust: 3.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 19, 2021, 2:13 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: check point model: check point
vendor: palo alto networks model: palo alto networks
vendor: palo alto networks model: networks
vendor: palo model: palo alto networks
vendor: palo model: networks
vendor: cisco model: industrial security appliance
vendor: cisco model: firepower threat defense
vendor: cisco model: firepower
vendor: cisco model: web security appliance