{"vulnerability": "CVE-2020-36178", "sightings": [{"uuid": "eb93caf8-5eab-4ef4-b1f4-be82bb0bd53e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-36178", "type": "seen", "source": "https://t.me/cibsecurity/21723", "content": "\u203c CVE-2020-36178 \u203c\n\noal_ipt_addBridgeIsolationRules on TP-Link TL-WR840N 6_EU_0.9.1_4.16 devices allows OS command injection because a raw string entered from the web interface (an IP address field) is used directly for a call to the system library function (for iptables).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-07T00:39:41.000000Z"}, {"uuid": "6eb98a25-984c-4669-bdc5-f97ab2e0a399", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-36178", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2459", "content": "#Red_Team_Tactics\n1. How to corrupt GPU buffers (data/code) on macOS on both X86/ARM (PoC)\nhttps://github.com/astarasikov/macos-gpu-fuzzing-public\n2. Cache Poisoning DoS Basics\nhttps://iustin24.github.io/Cache-Key-Normalization-Denial-of-Service\n3. Multiple Command Injections in TP Link Routers (PoC for CVE-2020-36178)\nhttps://therealunicornsecurity.github.io/TPLink", "creation_timestamp": "2021-01-09T12:07:01.000000Z"}]}