Sign-up

VARIoT news about IoT security

CVE-2025-0038 : Memory Access Vulnerability in AMD Zynq UltraScale+ Devices

Trust: 3.25

Fetched: Nov. 2, 2025, 9:20 a.m., Published: Oct. 6, 2025, 4:08 p.m.
 Vulnerabilities: memory access vulnerability
Affected productsExternal IDs
db: NVD ids: CVE-2025-0038

Buffer overflow vulnerability in the device management... · CVE-2025-58300 · GitHub Advisory Database · GitHub

Trust: 4.0

Fetched: Nov. 2, 2025, 9:20 a.m., Published: Oct. 11, 2025, midnight
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2025-58300

Update Canonical Ubuntu Desktop: USN-7852-1: libxml2 vulnerability

Trust: 4.25

Fetched: Nov. 2, 2025, 9:19 a.m., Published: Jan. 2, 7852, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu

Update Canonical Ubuntu Server: USN-7852-1: libxml2 vulnerability

Trust: 4.25

Fetched: Nov. 2, 2025, 9:18 a.m., Published: Jan. 2, 7852, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu

Don't Leave Them to Their Own Devices

Trust: 3.5

Fetched: Nov. 2, 2025, 9:18 a.m., Published: Nov. 1, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: palo alto networks model: networks
vendor: paloaltonetworks model: networks
vendor: palo model: networks

TP-Link Wi-Fi routers could be banned in US: What you need to know | Tom's Guide

Trust: 3.5

Fetched: Nov. 2, 2025, 9:17 a.m., Published: Oct. 31, 2025, 7:15 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: tp-link model: tl-wr841n
vendor: tp-link model: wr841n
vendor: tp-link model: archer c7
vendor: tp-link model: tl-wr841nd
vendor: tp-link model: routers
vendor: netgear model: router
vendor: google model: home
vendor: cisco model: soho
vendor: cisco model: router
vendor: cisco model: routers
vendor: mesh model: mesh
vendor: huawei model: huawei

BadCandy Webshell threatens unpatched Cisco IOS XE devices, warns Australian government

Trust: 3.75

Fetched: Nov. 2, 2025, 9:17 a.m., Published: Nov. 1, 2025, 5:41 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: cisco ios xe
vendor: cisco model: ios xe
vendor: cisco model: routers
vendor: cisco model: cisco ios
vendor: cisco model: ios xe software
db: NVD ids: CVE-2023-20198

Cisco IOS XE Vulnerability Being Abused in the Wild to Plant BADCANDY

Trust: 3.75

Fetched: Nov. 2, 2025, 9:16 a.m., Published: Nov. 1, 2025, 4:58 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: ios xe
vendor: cisco model: cisco ios xe
vendor: cisco model: ios xe software
vendor: cisco model: cisco ios
db: NVD ids: CVE-2023-20198

The Silent Vulnerability in Your Healthcare System - GUARDDOG AI

Trust: 3.5

Fetched: Nov. 2, 2025, 9:15 a.m., Published: Oct. 31, 2025, 4:44 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: medtronic model: paradigm
vendor: apple model: watch
vendor: samsung model: samsung galaxy
vendor: samsung model: galaxy
vendor: samsung model: samsung
vendor: essential model: phone

Hackers Exploiting Cisco IOS XE Vulnerability in the Wild to Deploy BADCANDY Web Shell

Trust: 4.75

Fetched: Nov. 2, 2025, 9:14 a.m., Published: Nov. 1, 2025, 1:22 a.m.
 Vulnerabilities: command execution
Affected productsExternal IDs
vendor: cisco model: ios xe
vendor: cisco model: cisco ios xe
vendor: cisco model: routers
vendor: cisco model: cisco ios
db: NVD ids: CVE-2023-20198, CVE-2023-20273

ASD Warns of Ongoing BADCANDY Attacks Exploiting Cisco IOS XE Vulnerability

Trust: 3.5

Fetched: Nov. 2, 2025, 9:14 a.m., Published: Nov. 1, 2025, 1:43 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: cisco ios xe
vendor: cisco model: ios xe
vendor: cisco model: cisco ios
db: NVD ids: CVE-2023-20198

Hundreds Of Australian Devices Compromised With BadCandy Implant - The Cyber Express

Trust: 4.25

Fetched: Nov. 2, 2025, 9:13 a.m., Published: Oct. 31, 2025, 10:02 a.m.
 Vulnerabilities: command execution, service disruption, command injection
Affected productsExternal IDs
vendor: cisco model: ios xe
vendor: cisco model: cisco ios xe
vendor: cisco model: ios xe software
vendor: cisco model: routers
vendor: cisco model: cisco ios
db: NVD ids: CVE-2023-20198, CVE-2023-20273

Best Practices for Securing Open Ports Identified by Nmap

Trust: 3.75

Fetched: Oct. 31, 2025, 9:52 a.m., Published: Sept. 23, 2024, 1:14 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs

Report: Average Smart Home Faces 29 Cybersecurity Attacks Daily, Integrators on Front Line - CEPRO

Trust: 3.75

Fetched: Oct. 31, 2025, 9:51 a.m., Published: Oct. 29, 2025, 4:04 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security

CISA Warns of Hackers Actively Exploiting Windows Server Update Services RCE Vulnerability in the Wild

Trust: 4.0

Fetched: Oct. 31, 2025, 9:49 a.m., Published: Oct. 25, 2025, 2:38 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-59287

Issue 283: AI Security Solutions, Formula 1’s API Flaw, Latest OWASP Authorization Incidents - API Security News

Trust: 3.25

Fetched: Oct. 31, 2025, 9:49 a.m., Published: Oct. 30, 2025, 3:27 p.m.
 Vulnerabilities: authorization vulnerability, request forgery, directory traversal...
Affected productsExternal IDs
vendor: wso2 model: wso2 api manager
vendor: wso2 model: api manager

Active Exploitation of Zyxel CPE Devices Linked to Unpatched CVE-2024-40891 Vulnerability - Breach Spot

Trust: 5.75

Fetched: Oct. 31, 2025, 9:48 a.m., Published: Oct. 4, 2025, 12:30 a.m.
 Vulnerabilities: default credentials, command injection, privilege escalation
Affected productsExternal IDs
vendor: parallels model: desktop
db: NVD ids: CVE-2024-40891, CVE-2024-40890, CVE-2024-57726

D-Link DIR-823G Multiple Vulnerabilities (2023 - 2025) (CVE-2023-26612, CVE-2023-26613, CVE-2023-26615...) - Vulnerability & Exploit Database

Related entries in the VARIoT vulnerabilities database: VAR-202402-3032, VAR-202510-2696, VAR-202402-2700, VAR-202306-2237, VAR-202402-3258, VAR-202402-2811, VAR-202411-2593, VAR-202306-2246, VAR-202402-3367, VAR-202306-2157, VAR-202404-2497, VAR-202412-2435, VAR-202402-3144, VAR-202411-0467, VAR-202402-3257, VAR-202402-3031, VAR-202503-0519, VAR-202306-2233, VAR-202510-2360, VAR-202503-0596

Trust: 6.0

Fetched: Oct. 31, 2025, 9:48 a.m., Published: Oct. 7, 2025, midnight
 Vulnerabilities: command injection, denial of service, buffer overflow...
Affected productsExternal IDs
vendor: d-link model: dir-823g
db: NVD ids: CVE-2024-27657, CVE-2025-60332, CVE-2024-27655, CVE-2023-26613, CVE-2024-27656, CVE-2024-27662, CVE-2024-51023, CVE-2023-26616, CVE-2024-27658, CVE-2023-26612, CVE-2024-33345, CVE-2024-13030, CVE-2024-27660, CVE-2024-51024, CVE-2024-27659, CVE-2024-27661, CVE-2025-2360, CVE-2023-26615, CVE-2025-60331, CVE-2025-2359

October 23, 2025-KB5070882 (OS Build 14393.8524) Out-of-band - Microsoft Support

Trust: 3.0

Fetched: Oct. 31, 2025, 9:47 a.m., Published: Oct. 23, 2025, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-59287

Update Canonical Ubuntu Desktop: USN-7847-1: GNU binutils vulnerabilities

Trust: 5.0

Fetched: Oct. 31, 2025, 9:47 a.m., Published: Jan. 31, 7847, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2025-7554, CVE-2025-7546, CVE-2025-11082, CVE-2025-5244, CVE-2025-11083, CVE-2025-8225, CVE-2025-5245, CVE-2025-1147, CVE-2025-1148, CVE-2025-3198, CVE-2025-1182