{"vulnerability": "CVE-2021-27561", "sightings": [{"uuid": "5e2c8687-b4a4-4ab1-bd74-cf380f4351f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-27561", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-02-07)", "content": "", "creation_timestamp": "2026-02-07T00:00:00.000000Z"}, {"uuid": "906b838a-08f9-4fd5-afb7-670ce9187d84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-27561", "type": "seen", "source": "https://t.me/cibsecurity/30663", "content": "\u203c CVE-2021-27561 \u203c\n\nYealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-15T22:28:51.000000Z"}, {"uuid": "666e7b6f-bdbb-4a5c-8034-b6e1756234f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-27561", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2021-11-20T09:53:52.000000Z"}, {"uuid": "f7ece1ec-2c4d-4cfa-b501-96f3816e38bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-27561", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2970889", "content": "", "creation_timestamp": "2024-12-24T20:21:18.813307Z"}, {"uuid": "fe102eaa-13b4-4600-b460-c14494497f00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-27561", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/3daec85e-6878-4d4f-b497-5914218cb71e", "content": "", "creation_timestamp": "2026-02-02T12:29:07.866030Z"}, {"uuid": "741b8e91-4b31-418a-ad2e-d072f34fc7de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-27561", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2791", "content": "#exploit\n1. CVE-2021-27561, CVE-2021-27562:\nYealink Device Management Pre Auth \u2018root\u2019 level RCE\nhttps://ssd-disclosure.com/ssd-advisory-yealink-dm-pre-auth-root-level-rce\n\n2. CVE-2021-21973:\nAn unauthorized server-side request forgery (SSRF) vulnerabilities\nhttps://mobile.twitter.com/osama_hroot/status/1365586206982082560/photo/1", "creation_timestamp": "2022-07-04T12:39:11.000000Z"}, {"uuid": "2b93fd2f-bc69-4ba9-9476-eff10d00a3e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-27561", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2925", "content": "#Threat_Research\n1. CVE-2020-29653:\nStealing Froxlor login credentials using dangling markup (PoC)\nhttps://labs.detectify.com/2021/03/10/cve-2020-29653-stealing-froxlor-login-credentials-dangling-markup\n\n2. New Mirai Variant Targeting Network Security Devices\nhttps://unit42.paloaltonetworks.com/mirai-variant-iot-vulnerabilities\n]-&gt; PoC for CVE-2020-25506:\nD-Link DNS-320 Firewall RCE Vulnerability\nhttps://gist.github.com/WinMin/6f63fd1ae95977e0e2d49bd4b5f00675\n]-&gt; PoC for CVE-2021-22502:\nRCE in Micro Focus Operation Bridge Reporter, ver.10.4\nhttps://github.com/pedrib/PoC/blob/master/advisories/Micro_Focus/Micro_Focus_OBR.md\n]-&gt; PoC for CVE-2021-27561, CVE-2021-27562:\nYealink Device Mngmnt Pre-Auth \"root\" Level RCE Vuln\nhttps://ssd-disclosure.com/ssd-advisory-yealink-dm-pre-auth-root-level-rce", "creation_timestamp": "2021-03-17T11:01:15.000000Z"}, {"uuid": "418fa110-f994-41f6-a68b-557598f07505", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-27561", "type": "seen", "source": "MISP/f5030aca-7d5a-43a4-ae03-8f4ac8e85422", "content": "", "creation_timestamp": "2021-11-08T08:58:20.000000Z"}, {"uuid": "bf4fab2e-6a82-4e09-9bfc-800b90e8edbe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-27561", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-27561.yaml", "content": "", "creation_timestamp": "2023-04-27T09:58:59.000000Z"}, {"uuid": "bf202901-400b-439b-ac31-31b4557f4e93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-27561", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/3daec85e-6878-4d4f-b497-5914218cb71e", "content": "", "creation_timestamp": "2026-02-02T12:29:07.866030Z"}, {"uuid": "9637884b-aae6-4f52-8dcc-a9b107a3dd10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-27561", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:09:54.000000Z"}]}