{"uuid": "16641c6f-97f1-49f4-9467-c60fd8650b5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-1472", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/3127", "content": "#Threat_Research \n1. In-depth analysis of the Xstream deserialization RCE vulnerability (PoCs for CVE-2021-21345, CVE-2021-21347, CVE-2021-21350, CVE-2021-21351)\nhttp://blog.topsec.com.cn/xstream\u53cd\u5e8f\u5217\u5316\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u6df1\u5165\u5206\u6790\n2. Cisco RV34X Series:\n- RV34X /upload Authorization Bypass (CVE-2021-1472)\n- RV34X OS Command injection in Cookie string (CVE-2021-1473)\nhttps://www.iot-inspector.com/blog/advisory-cisco-rv34x-authentication-bypass-remote-command-execution", "creation_timestamp": "2021-04-15T11:02:09.000000Z"}