VARIoT latest news about IoT security

Cisco Smart Install Vulnerability Related entries in the VARIoT vulnerabilities database: VAR-201803-1387 Trust: 3.5 Fetched: Sept. 3, 2025, 9:40 a.m., Published: Sept. 2, 2025, 6:56 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	router
vendor:	cisco	model:	ios xe

db:

NVD

ids:

CVE-2018-0171

Axis Camera Server Vulnerabilities Expose Thousands of Organizations to Attack Trust: 5.5 Fetched: Sept. 3, 2025, 9:39 a.m., Published: Aug. 8, 2025, 4:43 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	axis	model:	axis
vendor:	axis	model:	communications
vendor:	axis	model:	ip cameras
vendor:	axis communications	model:	axis
vendor:	axis communications	model:	communications
vendor:	axis communications	model:	ip cameras

db:

NVD

ids:

CVE-2025-30024, CVE-2025-30026, CVE-2025-30023

Cyber Security Certification for Smart Home Devices Trust: 3.25 Fetched: Sept. 3, 2025, 9:39 a.m., Published: Sept. 3, 2025, 9:39 a.m.	Vulnerabilities: -

Affected products	External IDs

CVE-2025-7775 Citrix RCE Zero-day \| Tenable® Trust: 4.5 Fetched: Sept. 3, 2025, 9:38 a.m., Published: Aug. 26, 2025, 5:02 p.m.	Vulnerabilities: access control vulnerability, code execution, denial of service...

Affected products

External IDs

vendor:	citrix	model:	netscaler application delivery controller
vendor:	citrix	model:	gateway
vendor:	citrix	model:	application delivery controller
vendor:	citrix	model:	netscaler
vendor:	citrix	model:	netscaler gateway
vendor:	citrix	model:	netscaler adc

db:

NVD

ids:

CVE-2019-19781, CVE-2025-8424, CVE-2023-4966, CVE-2025-7776, CVE-2025-7775, CVE-2025-5777, CVE-2022-27518

Analysis of Apple's ImageIO Zero-Day Vulnerability: Attacker Context and Historical iOS Zero-Click Similarities Trust: 4.5 Fetched: Sept. 3, 2025, 9:38 a.m., Published: Aug. 27, 2025, 4:39 p.m.	Vulnerabilities: memory corruption, code execution, buffer overflow

Affected products

External IDs

vendor:

apple

model:

macos

db:

NVD

ids:

CVE-2025-43300

MediaTek Patches Critical Modem Vulnerabilities - Intrucept Related entries in the VARIoT vulnerabilities database: VAR-202509-0101, VAR-202509-0115 Trust: 4.5 Fetched: Sept. 3, 2025, 9:37 a.m., Published: Sept. 3, 2025, 5:01 a.m.	Vulnerabilities: improper bounds checking, privilege escalation, memory corruption...

Affected products

External IDs

db:

NVD

ids:

CVE-2025-20704, CVE-2025-20706, CVE-2025-20705, CVE-2025-20703, CVE-2025-20707, CVE-2025-20708

WhatsApp Zero-Day Vulnerability Exploited in 0-Click Attacks To Hack Apple Devices Trust: 4.75 Fetched: Sept. 3, 2025, 9:37 a.m., Published: Aug. 29, 2025, 7:36 p.m.	Vulnerabilities: memory corruption

Affected products

External IDs

vendor:	apple	model:	iphone
vendor:	apple	model:	macos
vendor:	google	model:	android

db:

NVD

ids:

CVE-2025-43300, CVE-2025-55177

Zero-click attack on Apple devices via WhatsApp \| heise online Trust: 4.0 Fetched: Sept. 3, 2025, 9:36 a.m., Published: Aug. 30, 2025, 8:40 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

macos

db:

NVD

ids:

CVE-2025-55177

300k+ Plex Media Server instances still vulnerable to attack via CVE-2025-34158 - Help Net Security Trust: 4.0 Fetched: Sept. 3, 2025, 9:36 a.m., Published: Aug. 27, 2025, 11:21 a.m.	Vulnerabilities: input validation vulnerability

Affected products

External IDs

db:

NVD

ids:

CVE-2025-34158, CVE-2020-5741

Turning Camera Surveillance on its Axis \| Claroty Trust: 5.5 Fetched: Sept. 3, 2025, 9:34 a.m., Published: Aug. 3, 2025, 2:58 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	axis	model:	axis
vendor:	axis	model:	communications
vendor:	axis	model:	ip cameras
vendor:	axis communications	model:	axis
vendor:	axis communications	model:	communications
vendor:	axis communications	model:	ip cameras

db:

NVD

ids:

CVE-2025-30023, CVE-2025-30024

CISA Alerts on Critical SunPower Vulnerability Allowing Full Device Takeover Trust: 3.0 Fetched: Sept. 3, 2025, 9:34 a.m., Published: Sept. 3, 2025, 8:27 a.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2025-9696

WhatsApp Patches Critical Vulnerability Following Zero-Day Attacks_This_of_on Trust: 3.75 Fetched: Sept. 3, 2025, 9:28 a.m., Published: Sept. 3, 2025, 10:16 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

trend

model:

security

db:

NVD

ids:

CVE-2025-43300, CVE-2025-55177

Critical Wi-Fi Extender Vulnerability Actively Exploited: What It Means for Your Security Related entries in the VARIoT vulnerabilities database: VAR-202008-0768 Trust: 5.5 Fetched: Sept. 3, 2025, 9:27 a.m., Published: Sept. 2, 2025, midnight	Vulnerabilities: authentication issue

Affected products

External IDs

vendor:	tp-link	model:	gateway
vendor:	tp-link	model:	tl-wa855re
vendor:	palo	model:	networks
vendor:	trend	model:	security
vendor:	palo alto networks	model:	networks

db:

NVD

ids:

CVE-2025-55177, CVE-2020-24363

ESPHome Web Server Authentication Bypass Vulnerability Exposes Smart Devices Trust: 5.25 Fetched: Sept. 3, 2025, 9:27 a.m., Published: Sept. 2, 2025, 8:35 p.m.	Vulnerabilities: authentication bypass

Affected products

External IDs

db:

NVD

ids:

CVE-2025-57808

ESPHome Web Server Authentication Bypass Vulnerability Exposes Smart Trust: 7.0 Fetched: Sept. 3, 2025, 9:26 a.m., Published: Sept. 3, 2025, midnight	Vulnerabilities: authentication bypass

Affected products

External IDs

vendor:

wireshark

model:

wireshark

db:

NVD

ids:

CVE-2025-57808

ESPHome Vulnerability Allows Unauthorized Access to Smart Devices Trust: 6.25 Fetched: Sept. 3, 2025, 9:26 a.m., Published: Sept. 2, 2025, 2:14 p.m.	Vulnerabilities: authentication bypass

Affected products

External IDs

db:

NVD

ids:

CVE-2025-57808

WhatsApp fixes vulnerability used in zero-click attacks \| Malwarebytes Trust: 4.5 Fetched: Sept. 3, 2025, 9:25 a.m., Published: Sept. 1, 2025, 1:55 p.m.	Vulnerabilities: memory corruption

Affected products

External IDs

vendor:	apple	model:	iphone
vendor:	apple	model:	macos
vendor:	google	model:	android

db:

NVD

ids:

CVE-2025-43300, CVE-2025-55177

CVE-2025-57808: ESPHome Web Server Authentication Bypass Exposes Smart Devices Trust: 4.25 Fetched: Sept. 3, 2025, 9:19 a.m., Published: Sept. 2, 2025, 2:54 a.m.	Vulnerabilities: authentication bypass

Affected products

External IDs

db:

NVD

ids:

CVE-2025-57808

Android Security Bulletin-September 2025 \| Android Open Source Project Related entries in the VARIoT vulnerabilities database: VAR-202507-1286, VAR-202509-0101, VAR-202509-0115, VAR-202509-4136 Trust: 4.25 Fetched: Sept. 3, 2025, 9:18 a.m., Published: Sept. 3, 2025, midnight	Vulnerabilities: information disclosure, denial of service, code execution

Affected products

External IDs

vendor:	motorola	model:	motorola
vendor:	motorola	model:	android
vendor:	huawei	model:	huawei
vendor:	samsung	model:	notes
vendor:	samsung	model:	mobile
vendor:	samsung	model:	note
vendor:	samsung	model:	samsung
vendor:	google	model:	pixel
vendor:	google	model:	android
vendor:	google	model:	wifi

db:

NVD

ids:

CVE-2025-27073, CVE-2025-48544, CVE-2025-48523, CVE-2025-48539, CVE-2025-0467, CVE-2025-48581, CVE-2025-32349, CVE-2025-25180, CVE-2025-21488, CVE-2025-48524, CVE-2025-0076, CVE-2025-48551, CVE-2025-21446, CVE-2024-47898, CVE-2025-0089, CVE-2025-32321, CVE-2025-48535, CVE-2025-1246, CVE-2025-21449, CVE-2025-48547, CVE-2024-47899, CVE-2025-21427, CVE-2025-48527, CVE-2025-27034, CVE-2025-20703, CVE-2025-21482, CVE-2025-47326, CVE-2025-32345, CVE-2025-21464, CVE-2025-20708, CVE-2025-48526, CVE-2025-48563, CVE-2025-48554, CVE-2025-26464, CVE-2025-27032, CVE-2025-48558, CVE-2025-48540, CVE-2025-47328, CVE-2025-48534, CVE-2025-48562, CVE-2025-48550, CVE-2025-48559, CVE-2025-48556, CVE-2025-47329, CVE-2025-8109, CVE-2025-48548, CVE-2025-21477, CVE-2025-32326, CVE-2025-48532, CVE-2025-48541, CVE-2025-21483, CVE-2025-48561, CVE-2025-48537, CVE-2025-1706, CVE-2025-27065, CVE-2025-32346, CVE-2025-21433, CVE-2023-24023, CVE-2025-21487, CVE-2025-46707, CVE-2025-32327, CVE-2025-27066, CVE-2025-48529, CVE-2025-21481, CVE-2025-47317, CVE-2025-48560, CVE-2025-21450, CVE-2025-48553, CVE-2025-48531, CVE-2025-21465, CVE-2025-48543, CVE-2025-21432, CVE-2025-47318, CVE-2025-48545, CVE-2025-46708, CVE-2025-32333, CVE-2025-32332, CVE-2025-48552, CVE-2025-48522, CVE-2025-25179, CVE-2025-48528, CVE-2025-21454, CVE-2025-48546, CVE-2025-46710, CVE-2021-39810, CVE-2024-49714, CVE-2025-48549, CVE-2025-20696, CVE-2025-32350, CVE-2025-48538, CVE-2025-32331, CVE-2025-27052, CVE-2025-32323, CVE-2024-7881, CVE-2025-32324, CVE-2025-32330, CVE-2025-3212, CVE-2025-32325, CVE-2025-38352, CVE-2025-48542, CVE-2025-26454, CVE-2025-21484, CVE-2025-20704, CVE-2025-32347

Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Related entries in the VARIoT vulnerabilities database: VAR-202501-3666 Trust: 4.75 Fetched: Sept. 3, 2025, 9:18 a.m., Published: Aug. 21, 2025, 4:47 a.m.	Vulnerabilities: memory corruption

Affected products

External IDs

vendor:	apple	model:	ipad
vendor:	apple	model:	safari
vendor:	apple	model:	ipad air
vendor:	apple	model:	iphone
vendor:	apple	model:	macos
vendor:	google	model:	chrome

db:

NVD

ids:

CVE-2025-43200, CVE-2025-24200, CVE-2025-43300, CVE-2025-31201, CVE-2025-24085, CVE-2025-6558, CVE-2025-24201, CVE-2025-31200

VARIoT news about IoT security