VARIoT latest news about IoT security

Activity Feed \| AttackerKB Trust: 4.25 Fetched: Dec. 6, 2021, 2:33 p.m., Published: Jan. 1, 2022, midnight	Vulnerabilities: authentication bypass, path traversal, code execution

Affected products

External IDs

vendor:	zoho corporation	model:	manageengine desktop central
vendor:	zoho	model:	manageengine desktop central

db:

NVD

ids:

CVE-2021-44515

Apple to facilitate customers fixing their own devices Trust: 3.0 Fetched: Dec. 6, 2021, 2:33 p.m., Published: Nov. 17, 2021, 4:10 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

iphone

Category: Technology - Which? News Trust: 3.25 Fetched: Dec. 6, 2021, 2:33 p.m., Published: Jan. 10, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

watch

Many Healthcare, OT Systems Exposed to Attacks by NUCLEUS:13 Vulnerabilities Related entries in the VARIoT vulnerabilities database: VAR-202111-1605 Trust: 5.5 Fetched: Dec. 6, 2021, 1:02 p.m., Published: Jan. 13, 2022, midnight	Vulnerabilities: improper validation, denial of service, code execution...

Affected products

External IDs

vendor:	siemens	model:	nucleus
vendor:	siemens	model:	nucleus net

db:

NVD

ids:

CVE-2021-31886

14 BusyBox Linux Vulnerabilities Discovered (CVE-2021-42373) Trust: 4.0 Fetched: Dec. 6, 2021, 1:02 p.m., Published: Nov. 10, 2021, 4:34 p.m.	Vulnerabilities: information leak, code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2021-42373, CVE-2021-42386, CVE-2021-43267

Threat Encyclopedia \| FortiGuard Trust: 3.25 Fetched: Dec. 6, 2021, 1:02 p.m., Published: Nov. 27, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

db:

FORTIGATE

ids:

FG-IR-19-060

CVE.report - Home Related entries in the VARIoT vulnerabilities database: VAR-202201-1483, VAR-202201-1471, VAR-202110-1759, VAR-202201-1479, VAR-202201-1474, VAR-202110-1760, VAR-202201-1475, VAR-202201-1522, VAR-202201-1480, VAR-202201-1476, VAR-202201-1478, VAR-202201-1481, VAR-202102-1658, VAR-202201-1482, VAR-202110-1761, VAR-202201-0897, VAR-202201-1484, VAR-202110-1762, VAR-202201-1486, VAR-202201-1477, VAR-202201-1485 Trust: 4.25 Fetched: Dec. 6, 2021, 1:02 p.m., Published: Jan. 14, 2022, 12:40 p.m.	Vulnerabilities: request forgery, improper access control, cross-site request forgery...

Affected products

External IDs

vendor:	clamav	model:	clamav
vendor:	asus	model:	router
vendor:	asus	model:	asus
vendor:	asus	model:	rt-ax56u
vendor:	netgear	model:	router
vendor:	netgear	model:	r7000
vendor:	netgear	model:	r6260
vendor:	clam	model:	clamav
vendor:	cisco	model:	ip phone
vendor:	cisco	model:	clamav
vendor:	cisco	model:	router
vendor:	cisco	model:	guard
vendor:	cisco	model:	security manager
vendor:	cisco	model:	cisco security manager

db:

NVD

ids:

CVE-2021-34945, CVE-2021-34933, CVE-2021-34995, CVE-2021-38690, CVE-2021-34922, CVE-2021-34913, CVE-2022-0224, CVE-2022-20642, CVE-2021-38692, CVE-2021-34908, CVE-2021-34994, CVE-2021-38689, CVE-2021-34928, CVE-2021-34927, CVE-2022-0231, CVE-2021-34936, CVE-2022-22054, CVE-2021-34904, CVE-2021-34977, CVE-2021-38691, CVE-2021-34930, CVE-2021-34914, CVE-2022-20636, CVE-2021-34935, CVE-2021-46255, CVE-2022-20639, CVE-2021-34944, CVE-2021-32649, CVE-2021-38678, CVE-2022-21677, CVE-2022-0213, CVE-2021-34980, CVE-2021-34926, CVE-2022-20641, CVE-2022-20658, CVE-2021-34932, CVE-2021-34907, CVE-2021-34996, CVE-2022-23222, CVE-2022-0178, CVE-2021-34985, CVE-2021-34910, CVE-2022-20638, CVE-2022-23219, CVE-2021-34920, CVE-2021-34911, CVE-2021-38682, CVE-2022-20647, CVE-2021-34937, CVE-2022-20698, CVE-2021-36781, CVE-2021-34943, CVE-2022-22056, CVE-2021-34946, CVE-2021-34919, CVE-2021-34939, CVE-2021-34998, CVE-2022-20646, CVE-2021-34993, CVE-2022-20640, CVE-2021-39032, CVE-2021-42551, CVE-2022-23218, CVE-2021-34915, CVE-2021-34940, CVE-2021-33962, CVE-2021-34984, CVE-2022-20637, CVE-2021-34979, CVE-2022-20660, CVE-2021-34997, CVE-2021-34934, CVE-2021-34925, CVE-2021-34924, CVE-2021-34923, CVE-2021-34941, CVE-2021-34916, CVE-2021-34906, CVE-2022-20643, CVE-2021-34931, CVE-2022-21681, CVE-2021-34978, CVE-2022-20635, CVE-2021-34912, CVE-2021-34942, CVE-2021-32650, CVE-2022-20645, CVE-2022-22055, CVE-2021-34918, CVE-2021-34905, CVE-2022-20644, CVE-2022-21685, CVE-2021-38677, CVE-2021-45760, CVE-2022-21680, CVE-2021-34921, CVE-2021-34929, CVE-2021-34909, CVE-2021-34917, CVE-2021-34938

Managing IoT Security Threats and Vulnerabilities Better Trust: 3.75 Fetched: Dec. 6, 2021, 1:02 p.m., Published: Dec. 2, 2021, 9:20 p.m.	Vulnerabilities: denial of service

Affected products	External IDs

Security vulnerabilities found in more than 150 HP multifunction printers - SiliconANGLE Trust: 3.75 Fetched: Dec. 6, 2021, 1:02 p.m., Published: Nov. 26, 2021, 5:08 a.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2021-39238

Nucleus:13 - Critical Vulnerabilities Found Affecting the Nucleus TCP/IP Stack Trust: 3.75 Fetched: Dec. 6, 2021, 1:02 p.m., Published: Nov. 11, 2021, 12:30 p.m.	Vulnerabilities: denial of service, information leak, code execution

Affected products

External IDs

vendor:

siemens

model:

nucleus

150+ HP Printers Vulnerable to Bugs That Could Allow 'Full Control' Trust: 4.25 Fetched: Dec. 6, 2021, 1:02 p.m., Published: Nov. 30, 2021, 6:11 p.m.	Vulnerabilities: memory corruption

Affected products

External IDs

db:

NVD

ids:

CVE-2021-39238, CVE-2021-39237

GitHub - bp2008/DahuaLoginBypass: Chrome extension that uses vulnerabilities CVE-2021-33044 and CVE-2021-33045 to log in to Dahua cameras without authentication. Related entries in the VARIoT vulnerabilities database: VAR-202109-1875, VAR-202109-1874 Trust: 3.25 Fetched: Dec. 6, 2021, 1:02 p.m., Published: Jan. 15, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2021-33044, CVE-2021-33045

Millions of Netgear routers need security updates right away - what you need to do \| Tom's Guide Related entries in the VARIoT vulnerabilities database: VAR-202111-0632 Trust: 4.75 Fetched: Dec. 6, 2021, 12:24 p.m., Published: Nov. 18, 2021, 2:19 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	netgear	model:	orbi
vendor:	netgear	model:	rax15
vendor:	netgear	model:	r7900p
vendor:	netgear	model:	rax45
vendor:	netgear	model:	xr300
vendor:	netgear	model:	r7000p
vendor:	netgear	model:	netgear router
vendor:	netgear	model:	r6400
vendor:	netgear	model:	ex6120
vendor:	netgear	model:	rs400
vendor:	netgear	model:	r6300v2
vendor:	netgear	model:	d7000v2
vendor:	netgear	model:	r6700v3
vendor:	netgear	model:	router
vendor:	netgear	model:	wndr3400v3
vendor:	netgear	model:	r8000p
vendor:	netgear	model:	rax20
vendor:	netgear	model:	r6900p
vendor:	netgear	model:	d6220
vendor:	netgear	model:	dgn2200v4
vendor:	netgear	model:	r7850
vendor:	netgear	model:	r7000
vendor:	netgear	model:	r8300
vendor:	netgear	model:	ex6130
vendor:	netgear	model:	r8500
vendor:	netgear	model:	dc112a
vendor:	netgear	model:	r7100lg
vendor:	netgear	model:	ac1450
vendor:	netgear	model:	rax50
vendor:	netgear	model:	rax48
vendor:	netgear	model:	ex3800
vendor:	netgear	model:	wnr3500lv2
vendor:	netgear	model:	d6400
vendor:	netgear	model:	r8000
vendor:	netgear	model:	d8500
vendor:	netgear	model:	ex3700
vendor:	netgear	model:	r6400v2
vendor:	mesh	model:	mesh

db:

NVD

ids:

CVE-2021-34991

Intel Fixes 2 High-Severity Vulnerabilities - BankInfoSecurity Related entries in the VARIoT vulnerabilities database: VAR-202111-1193, VAR-202111-1151 Trust: 6.75 Fetched: Dec. 6, 2021, 12:24 p.m., Published: Jan. 2, 2022, midnight	Vulnerabilities: privilege escalation, memory corruption

Affected products

External IDs

vendor:

dell

model:

bios

db:

NVD

ids:

CVE-2021-0158, CVE-2021-0146, CVE-2021-0157

14 New Vulnerabilities Uncovered in Linux Powered Embedded Devices Trust: 4.75 Fetched: Dec. 6, 2021, 12:24 p.m., Published: Nov. 12, 2021, 7:29 a.m.	Vulnerabilities: denial of service, information leak, code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2021-42386, CVE-2021-42376, CVE-2021-42383, CVE-2021-42384, CVE-2021-42373, CVE-2021-42381, CVE-2021-42374, CVE-2021-42380, CVE-2021-42382, CVE-2021-42377, CVE-2021-42375, CVE-2021-42378, CVE-2021-42379, CVE-2021-42385

System and method for patching a device through exploitation Patent Grant Oberheide , et al. March 28, 2 [Duo Security, Inc.] Trust: 4.25 Fetched: Dec. 6, 2021, 12:24 p.m., Published: -	Vulnerabilities: buffer overflow, privilege escalation, code execution

Affected products

External IDs

vendor:	symantec	model:	endpoint protection
vendor:	symantec	model:	symantec endpoint protection

Cisco : Security vulnerabilities Related entries in the VARIoT vulnerabilities database: VAR-202110-1352, VAR-202109-0624, VAR-202110-0623, VAR-202111-0400, VAR-202111-0401, VAR-202111-0418, VAR-202110-1394, VAR-202108-0824, VAR-202110-1377, VAR-202110-1305, VAR-202111-0393, VAR-202111-0413, VAR-202111-0419, VAR-202110-1367, VAR-202109-0623, VAR-202110-1392, VAR-202110-1395, VAR-202110-0617, VAR-202110-1393, VAR-202110-1065, VAR-202110-0211, VAR-202111-0664, VAR-202111-1198, VAR-202109-0618, VAR-202110-0209, VAR-202110-1350, VAR-202109-0631, VAR-202109-0617, VAR-202110-1366, VAR-202110-1286, VAR-202111-1197, VAR-202110-0619, VAR-202110-1376, VAR-202111-1196, VAR-202110-0203, VAR-202109-0622, VAR-202110-1375, VAR-202110-1353, VAR-202110-1351, VAR-202110-1297, VAR-202111-0412, VAR-202110-0622, VAR-202110-0212, VAR-202110-1354, VAR-202108-0823, VAR-202110-0618, VAR-202110-1402, VAR-202111-0417, VAR-202110-0213, VAR-202110-1298 Trust: 5.25 Fetched: Dec. 6, 2021, 12:17 p.m., Published: Jan. 2, 2021, midnight	Vulnerabilities: injection attack, traversal attack, request forgery...

Affected products

External IDs

vendor:	cisco	model:	web security appliance
vendor:	cisco	model:	cisco policy suite
vendor:	cisco	model:	cisco adaptive security appliance
vendor:	cisco	model:	cisco telepresence management suite
vendor:	cisco	model:	cisco ios xr
vendor:	cisco	model:	telepresence management suite
vendor:	cisco	model:	cisco firepower management center
vendor:	cisco	model:	firepower threat defense
vendor:	cisco	model:	small business rv series routers
vendor:	cisco	model:	series
vendor:	cisco	model:	small business
vendor:	cisco	model:	evolved programmable network manager
vendor:	cisco	model:	meeting
vendor:	cisco	model:	umbrella
vendor:	cisco	model:	ios xr
vendor:	cisco	model:	unified communications
vendor:	cisco	model:	series routers
vendor:	cisco	model:	webex video mesh
vendor:	cisco	model:	cisco anyconnect secure mobility client
vendor:	cisco	model:	cisco webex
vendor:	cisco	model:	cisco meeting
vendor:	cisco	model:	common services platform collector
vendor:	cisco	model:	cisco evolved programmable network manager
vendor:	cisco	model:	webex
vendor:	cisco	model:	nexus
vendor:	cisco	model:	roomos
vendor:	cisco	model:	policy suite
vendor:	cisco	model:	ios xr software
vendor:	cisco	model:	firepower management center
vendor:	cisco	model:	cisco unified communications manager
vendor:	cisco	model:	cisco prime infrastructure
vendor:	cisco	model:	anyconnect secure mobility client
vendor:	cisco	model:	webex meetings
vendor:	cisco	model:	cisco small business
vendor:	cisco	model:	unified communications manager
vendor:	cisco	model:	meeting server
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	small business rv
vendor:	cisco	model:	prime infrastructure
vendor:	cisco	model:	cisco telepresence
vendor:	cisco	model:	cisco meeting server
vendor:	cisco	model:	telepresence collaboration endpoint
vendor:	cisco	model:	cisco web security appliance
vendor:	cisco	model:	dna center
vendor:	cisco	model:	adaptive security appliance
vendor:	cisco	model:	cisco roomos
vendor:	cisco	model:	identity services engine
vendor:	cisco	model:	telepresence
vendor:	cisco	model:	cisco webex meetings
vendor:	cisco	model:	unified communications manager session management edition
vendor:	cisco	model:	firepower
vendor:	cisco	model:	routers
vendor:	cisco	model:	cisco identity services engine
vendor:	mesh	model:	mesh
vendor:	snort	model:	snort

db:

NVD

ids:

CVE-2021-40116, CVE-2009-1234, CVE-2021-34765, CVE-2021-34760, CVE-2021-40128, CVE-2021-40115, CVE-2021-34774, CVE-2021-34783, CVE-2021-34749, CVE-2021-34792, CVE-2021-34761, CVE-2021-40126, CVE-2021-40120, CVE-2021-34773, CVE-2021-34763, CVE-2021-34759, CVE-2021-34791, CVE-2021-34781, CVE-2021-40123, CVE-2021-34790, CVE-2021-34762, CVE-2021-34758, CVE-2021-40119, CVE-2021-40129, CVE-2021-34786, CVE-2021-34748, CVE-2021-40118, CVE-2021-34771, CVE-2021-34785, CVE-2021-34764, CVE-2021-34754, CVE-2021-40130, CVE-2021-40121, CVE-2021-34793, CVE-2021-40131, CVE-2021-34782, CVE-2021-34746, CVE-2021-34794, CVE-2021-40114, CVE-2021-40117, CVE-2021-34756, CVE-2021-40124, CVE-2021-34789, CVE-2021-34766, CVE-2021-34787, CVE-2021-34745, CVE-2021-40122, CVE-2021-40125, CVE-2021-34784, CVE-2021-34772, CVE-2021-34755

New HP MFP vulnerabilities show why you should update and isolate printers \| CSO Online Trust: 4.5 Fetched: Dec. 6, 2021, 12:17 p.m., Published: Nov. 30, 2021, 10 a.m.	Vulnerabilities: request forgery, cross-site request forgery, information disclosure...

Affected products

External IDs

vendor:

serve

model:

serve

db:

NVD

ids:

CVE-2021-39238, CVE-2021-39237

Printing Shellz: Vulnerabilities in HP multi-function printers (MFPs) \| Born's Tech and Windows World Trust: 5.25 Fetched: Dec. 6, 2021, 12:17 p.m., Published: Nov. 30, 2021, 5:04 p.m.	Vulnerabilities: information disclosure, code execution, buffer overflow

Affected products

External IDs

vendor:	hewlett packard	model:	laserjet
vendor:	hewlett packard	model:	hewlett packard
vendor:	hewlett packard	model:	hp laserjet
vendor:	hewlett packard	model:	jetdirect

db:

NVD

ids:

CVE-2021-39238, CVE-2021-39237

Netgear vulnerabilities could put small business routers at risk - Immersive Labs Trust: 3.75 Fetched: Dec. 6, 2021, 12:17 p.m., Published: Jan. 1, 2022, midnight	Vulnerabilities: command injection

Affected products

External IDs

vendor:

netgear

model:

router

VARIoT news about IoT security