Sign-up

VARIoT news about IoT security

New Alarming Messaging App Vulnerabilities Could Let Hackers Take Over Your Device - UNDERCODE NEWS

Related entries in the VARIoT vulnerabilities database: VAR-201912-0574

Trust: 4.75

Fetched: June 3, 2025, 9:39 a.m., Published: May 30, 2025, 3:18 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: trend model: security
db: NVD ids: CVE-2023-41064, CVE-2023-4863, CVE-2019-8641

Technical Details Published for Critical Cisco IOS XE Vulnerability

Trust: 4.75

Fetched: June 3, 2025, 9:38 a.m., Published: June 2, 2025, 11:57 a.m.
 Vulnerabilities: path traversal, code execution, command execution
Affected productsExternal IDs
vendor: cisco model: ios xe
vendor: cisco model: cisco ios xe
vendor: cisco model: cisco ios
vendor: cisco model: catalyst

CVE-2025-49162 - Arris VIP1113 TFTP File Overwrite Vulnerability - مدیریت منیج سرور ثبت دامنه

Trust: 4.25

Fetched: June 3, 2025, 9:37 a.m., Published: June 3, 2025, 3:02 a.m.
 Vulnerabilities: file overwrite vulnerability
Affected productsExternal IDs
db: NVD ids: CVE-2025-49162

CVE-2021-32030 - ASUS Routers Improper Authentication Vulnerability | ScyScan

Related entries in the VARIoT vulnerabilities database: VAR-202105-1346

Trust: 6.0

Fetched: June 3, 2025, 9:35 a.m., Published: June 2, 2025, midnight
 Vulnerabilities: authentication vulnerability
Affected productsExternal IDs
vendor: asus model: gt-ac2900
vendor: asus model: asus
vendor: asus model: routers
db: NVD ids: CVE-2021-32030

Update Canonical Ubuntu Desktop: USN-7479-1: MySQL vulnerabilities

Trust: 3.25

Fetched: June 3, 2025, 9:33 a.m., Published: Jan. 3, 7479, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu

Critical Vulnerability in Asus Routers: Hidden Backdoor Discovered

Trust: 3.0

Fetched: June 3, 2025, 9:33 a.m., Published: May 30, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: asus model: asus
vendor: asus model: routers
vendor: asus model: router

CVE-2025-27523 - Hitachi JP1/IT Desktop Management 2 - Smart Device Manager XXE Injection Vulnerability

Trust: 4.0

Fetched: June 3, 2025, 9:33 a.m., Published: May 15, 2025, 7:15 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: hitachi model: jp1/it desktop management
vendor: hitachi model: device manager
db: NVD ids: CVE-2025-27523

Apple iOS Security Vulnerabilities in 2025

Related entries in the VARIoT vulnerabilities database: VAR-202109-1316, VAR-202109-1311, VAR-201912-0474, VAR-202109-1420, VAR-201608-0186, VAR-202109-1419, VAR-202104-0647, VAR-201608-0187, VAR-202104-0751, VAR-202104-0753, VAR-202104-0750, VAR-201608-0188, VAR-202108-1057, VAR-202212-1751

Trust: 5.25

Fetched: June 3, 2025, 9:32 a.m., Published: June 3, 2025, midnight
 Vulnerabilities: use after free, memory corruption, code execution...
Affected productsExternal IDs
vendor: apple model: watch
vendor: apple model: safari
vendor: apple model: watchos
vendor: apple model: tvos
vendor: apple model: macos
vendor: apple model: icloud
vendor: apple model: webkit
db: NVD ids: CVE-2021-30666, CVE-2025-24270, CVE-2025-24144, CVE-2025-31251, CVE-2025-31214, CVE-2025-31207, CVE-2025-31222, CVE-2025-31206, CVE-2025-30466, CVE-2025-31253, CVE-2025-24189, CVE-2025-31226, CVE-2021-30661, CVE-2019-7287, CVE-2025-31245, CVE-2025-31203, CVE-2025-31208, CVE-2021-30762, CVE-2025-31262, CVE-2025-24184, CVE-2025-30448, CVE-2025-24251, CVE-2016-4655, CVE-2025-31241, CVE-2025-24091, CVE-2025-24271, CVE-2025-31185, CVE-2025-31225, CVE-2025-31205, CVE-2025-31212, CVE-2025-31199, CVE-2025-24225, CVE-2025-31215, CVE-2025-31239, CVE-2025-31238, CVE-2025-31204, CVE-2025-24223, CVE-2025-31221, CVE-2025-31234, CVE-2025-31197, CVE-2025-31228, CVE-2021-30761, CVE-2021-1782, CVE-2025-24206, CVE-2025-24179, CVE-2016-4656, CVE-2021-1871, CVE-2021-1879, CVE-2021-1870, CVE-2025-31209, CVE-2025-31257, CVE-2025-31217, CVE-2025-31223, CVE-2025-31210, CVE-2025-30436, CVE-2025-31227, CVE-2025-24220, CVE-2016-4657, CVE-2021-30860, CVE-2022-42856, CVE-2025-31219, CVE-2025-24252, CVE-2025-24111, CVE-2025-31233

CVE-2025-5445 - Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 RP_checkFWByBBS os command injection - SecAlerts

Related entries in the VARIoT vulnerabilities database: VAR-202506-0009

Trust: 4.5

Fetched: June 3, 2025, 9:31 a.m., Published: -
 Vulnerabilities: os command injection, command injection
Affected productsExternal IDs
vendor: linksys model: re6300
vendor: linksys model: re6500
db: NVD ids: CVE-2025-5445

Critical Linux Vulnerabilities Risk Password Hash Theft Worldwide - MojoAuth - Go Passwordless

Trust: 4.0

Fetched: June 3, 2025, 9:24 a.m., Published: June 2, 2025, 1:12 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2024-47191, CVE-2025-4598, CVE-2025-5054

Critical Rockwell PowerMonitor 1000 vulnerabilities risk device takeover, raising industrial cybersecurity threat

Trust: 3.25

Fetched: June 3, 2025, 9:24 a.m., Published: May 30, 2025, 2:52 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: rockwell model: powermonitor 1000

CVE-2025-0358 : Privilege Escalation Vulnerability in VAPIX Device Configuration by Axis Communications

Trust: 5.75

Fetched: June 3, 2025, 9:23 a.m., Published: June 2, 2025, 7:39 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: axis model: axis
vendor: axis model: communications
vendor: axis communications model: axis
vendor: axis communications model: communications
db: NVD ids: CVE-2025-0358

CVE-2025-0358 - Axis VAPIX Device Configuration Privilege Escalation Vulnerability

Trust: 6.0

Fetched: June 3, 2025, 9:22 a.m., Published: June 2, 2025, 8:15 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: axis model: axis
db: NVD ids: CVE-2025-0358

Evaluating Moving Target Defense Methods Using Time to Compromise and Security Risk Metrics in IoT Networks

Trust: 3.25

Fetched: June 3, 2025, 9:21 a.m., Published: Jan. 3, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: home
vendor: google model: android

New Linux Security Bugs Could Expose Password Hashes Across Millions of Devices

Trust: 4.75

Fetched: June 3, 2025, 9:20 a.m., Published: June 2, 2025, 6:51 a.m.
 Vulnerabilities: information disclosure, privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2025-4598, CVE-2025-5054

Critical Vulnerability in Apple Devices: App May Enumerate Installed Apps (CVE-2025-30426) - Karl.Fail

Trust: 3.75

Fetched: June 3, 2025, 9:16 a.m., Published: May 22, 2025, 3:40 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: tvos
vendor: apple model: macos
db: NVD ids: CVE-2025-30426

Uncover RF Security Vulnerabilities with SDRs - Toxigon

Trust: 3.75

Fetched: June 3, 2025, 9:15 a.m., Published: June 1, 2025, 2:40 a.m.
 Vulnerabilities: replay attack
Affected productsExternal IDs

MediaTek Bluetooth Vulnerability Exposes Millions of Devices to Silent Attacks - UNDERCODE NEWS

Trust: 4.75

Fetched: June 3, 2025, 9:15 a.m., Published: June 2, 2025, 1:40 p.m.
 Vulnerabilities: denial of service, code execution, improper bounds checking
Affected productsExternal IDs
db: NVD ids: CVE-2025-20674, CVE-2025-20673, CVE-2025-20677, CVE-2025-20678, CVE-2025-20672

Cisco IOS XE Software Web-Based Management Interface Vulnerabilities

Trust: 5.5

Fetched: June 3, 2025, 9:15 a.m., Published: May 7, 2025, 3:53 p.m.
 Vulnerabilities: information disclosure, command injection, injection attack
Affected productsExternal IDs
vendor: cisco model: ios xe software
vendor: cisco model: ios xe
vendor: cisco model: cisco ios xe
vendor: cisco model: cisco ios
db: NVD ids: CVE-2025-20194, CVE-2025-20193, CVE-2025-20195

MediaTek Vulnerabilities Let Attackers Escalate Privileges Without User Interaction

Trust: 4.75

Fetched: June 3, 2025, 9:14 a.m., Published: June 2, 2025, 3:30 p.m.
 Vulnerabilities: pointer dereference issue, denial of service, privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2025-20674, CVE-2025-20673, CVE-2025-20675, CVE-2025-20676, CVE-2025-20677, CVE-2025-20678, CVE-2025-20672