Sign-up

VARIoT news about IoT security

Security Bulletins for HUAWEI Phones/Tablets, September 2025

Trust: 3.75

Fetched: Sept. 12, 2025, 11:31 a.m., Published: Sept. 5, 2025, 4:18 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: huawei model: huawei
vendor: huawei model: emui
db: NVD ids: CVE-2025-38222, CVE-2025-58281, CVE-2025-38424, CVE-2025-37923, CVE-2025-22008, CVE-2025-38103, CVE-2025-21959, CVE-2025-38337, CVE-2025-21910, CVE-2025-37995, CVE-2025-58276, CVE-2025-37836, CVE-2025-58313, CVE-2025-38346, CVE-2025-21765, CVE-2025-38079, CVE-2023-21342, CVE-2025-38058, CVE-2025-26474, CVE-2025-58280, CVE-2025-38111, CVE-2022-49728, CVE-2025-38214, CVE-2025-38147, CVE-2025-58296, CVE-2025-38312, CVE-2025-21922, CVE-2025-22441

CVE-2025-56752: Critical Authentication Bypass Vulnerability in Ruijie RG-ES Series Switch Firmware - Cybersecurity Exploit Tracker by Ameeba

Trust: 5.0

Fetched: Sept. 12, 2025, 11:31 a.m., Published: Sept. 10, 2025, 9:33 a.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: ruijie model: switch
db: NVD ids: CVE-2025-56752

CVE-2025-36904: Critical Privilege Escalation Vulnerability in WLAN of Google Pixel Devices - Cybersecurity Exploit Tracker by Ameeba

Trust: 5.75

Fetched: Sept. 12, 2025, 11:30 a.m., Published: Sept. 10, 2025, 2:35 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: google model: android
vendor: google model: pixel
db: NVD ids: CVE-2025-36904

CVE-2025-9214 : Missing Authentication Vulnerability in Lenovo Printers

Trust: 5.75

Fetched: Sept. 12, 2025, 11:30 a.m., Published: Sept. 11, 2025, 6:33 p.m.
 Vulnerabilities: authentication vulnerability
Affected productsExternal IDs
vendor: lenovo model: system
vendor: cups model: cups
db: NVD ids: CVE-2025-9214

Apple releases fix for a zero-day threat in iOS, iPadOS and macOS - gHacks Tech News

Trust: 5.0

Fetched: Sept. 12, 2025, 11:29 a.m., Published: Aug. 21, 2025, 2 p.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: watchos
vendor: apple model: watch
vendor: apple model: ipad
vendor: apple model: macos
vendor: apple model: ipad air
db: NVD ids: CVE-2025-43300

NetScaler warns hackers are exploiting zero-day vulnerability | Cybersecurity Dive

Trust: 4.0

Fetched: Sept. 12, 2025, 11:29 a.m., Published: Aug. 27, 2025, midnight
 Vulnerabilities: denial of service, code execution, service disruption
Affected productsExternal IDs
db: NVD ids: CVE-2025-7776, CVE-2025-7775, CVE-2025-8424

CVE-2025-20159 - Cisco IOS XR Software Management Interface ACL Bypass Vulnerability - SecAlerts

Trust: 3.75

Fetched: Sept. 12, 2025, 11:28 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: ios xr software
vendor: cisco model: cisco ios xr
vendor: cisco model: ios xr
vendor: cisco model: cisco ios
db: NVD ids: CVE-2025-20159

CISA Warns of Critical SunPower Flaw Allowing Full Device Takeover

Trust: 3.0

Fetched: Sept. 12, 2025, 11:28 a.m., Published: Sept. 3, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-9696

Critical Vulnerability Found in Industrial Device Protocol | Luis Oria Seidel posted on the topic | LinkedIn

Trust: 3.0

Fetched: Sept. 12, 2025, 11:27 a.m., Published: -
 Vulnerabilities: denial of service
Affected productsExternal IDs

[2509.09158] IoTFuzzSentry: A Protocol Guided Mutation Based Fuzzer for Automatic Vulnerability Testing in Commercial IoT Devices

Trust: 5.0

Fetched: Sept. 12, 2025, 11:26 a.m., Published: Sept. 11, 2025, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-41623, CVE-2024-42531

Siemens SINAMICS Drives | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202509-0363

Trust: 3.5

Fetched: Sept. 12, 2025, 11:26 a.m., Published: Jan. 10, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: sinamics
vendor: siemens model: sinamics s210
db: NVD ids: CVE-2025-40594

Cisco Secure Firewall Management Center Software RADIUS Remote Code Execution Vulnerability - Cisco

Trust: 4.0

Fetched: Sept. 12, 2025, 11:23 a.m., Published: Aug. 28, 2025, 7:45 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: cisco model: asa software

Siemens Apogee PXC and Talon TC Devices - IT Security News

Trust: 4.75

Fetched: Sept. 12, 2025, 11:23 a.m., Published: Sept. 11, 2025, 5:35 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: talon tc
vendor: siemens model: apogee pxc
db: NVD ids: CVE-2025-40757

What's New In iPadOS 18.6.2: Security and Update Details - SimplyMac

Trust: 5.5

Fetched: Sept. 12, 2025, 11:22 a.m., Published: Aug. 21, 2025, 6:40 a.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: apple model: watch
vendor: apple model: macos
vendor: apple model: software update
vendor: apple model: iphone
vendor: apple model: ipad
vendor: apple model: ipad air
db: NVD ids: CVE-2025-43300

WhatsApp Identifies Vulnerability Targeting iOS and macOS Devices - iHLS

Trust: 5.0

Fetched: Sept. 12, 2025, 11:22 a.m., Published: Aug. 31, 2025, 12:30 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: macos
db: NVD ids: CVE-2025-55177, CVE-2025-43300

Siemens SIMATIC Virtualization as a Service (SIVaaS) | CISA

Trust: 3.75

Fetched: Sept. 12, 2025, 11:21 a.m., Published: Jan. 10, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: simatic
db: NVD ids: CVE-2025-40804

CVE-2025-36896: Elevation of Privilege Vulnerability in WLAN on Android Devices - Cybersecurity Exploit Tracker by Ameeba

Trust: 3.75

Fetched: Sept. 12, 2025, 11:21 a.m., Published: Sept. 10, 2025, 12:34 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
vendor: google model: pixel
vendor: essential model: phone
db: NVD ids: CVE-2025-36896

CVE-2025-20340 - Cisco IOS XR Address Resolution Protocol Broadcast Storm Vulnerability - SecAlerts

Trust: 5.75

Fetched: Sept. 12, 2025, 11:20 a.m., Published: -
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: ios xr software
vendor: cisco model: cisco ios xr
vendor: cisco model: cisco ios
vendor: cisco model: ios xr
db: NVD ids: CVE-2025-20340

SACK Vulnerability | Digi International

Related entries in the VARIoT vulnerabilities database: VAR-201906-1175, VAR-201906-1176, VAR-201906-1174

Trust: 5.25

Fetched: Sept. 12, 2025, 11:20 a.m., Published: -
 Vulnerabilities: privilege escalation, integer overflow, denial of service...
Affected productsExternal IDs
vendor: digi international model: anywhereusb
vendor: digi model: anywhereusb
db: NVD ids: CVE-2019-11477, CVE-2018-20162, CVE-2019-11478, CVE-2019-11479, CVE-2019-5599

CVE-2025-20248 - Cisco IOS XR Software Image Verification Bypass Vulnerability - SecAlerts

Trust: 3.75

Fetched: Sept. 12, 2025, 11:18 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: ios xr software
vendor: cisco model: cisco ios xr
vendor: cisco model: cisco ios
vendor: cisco model: ios xr
db: NVD ids: CVE-2025-20248