{"vulnerability": "CVE-2022-3055", "sightings": [{"uuid": "13b27820-bc40-474d-8ff6-ca43db749f4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-30556", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-133-01", "content": "", "creation_timestamp": "2025-05-13T10:00:00.000000Z"}, {"uuid": "923dc737-8296-4d82-a422-1f68774b03a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2022-30552", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3mf6dsue5322y", "content": "", "creation_timestamp": "2026-02-19T00:32:48.905727Z"}, {"uuid": "091723f5-39c7-4631-80d1-4391baa53ff0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-30552", "type": "seen", "source": "https://t.me/itsec_news/775", "content": "\u200b\u274c \u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c U-Boot \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0440\u0443\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0432\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0435\u043c\u044b\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.\n\n\ud83d\udcac \u0417\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c U-Boot \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0432 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0442\u0438\u043f\u0430\u0445 \u0432\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0435\u043c\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0432\u043a\u043b\u044e\u0447\u0430\u044f ChromeOS \u0438 Android. \u041e\u043d \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442 \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u043e \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440, \u0432\u043a\u043b\u044e\u0447\u0430\u044f 68k, ARM, x86, MIPS, Nios, PPC \u0438 \u0434\u0440\u0443\u0433\u0438\u0435.\n\n\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u043e\u0442\u0447\u0435\u0442\u0443 NCC Group, \u0430\u043b\u0433\u043e\u0440\u0438\u0442\u043c \u0434\u0435\u0444\u0440\u0430\u0433\u043c\u0435\u043d\u0442\u0430\u0446\u0438\u0438 IP, \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0432 U-Boot, \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d \u0434\u0432\u0443\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0438\u0437 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0435\u0442\u0438 \u043f\u0443\u0442\u0435\u043c \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u0445 \u043f\u0430\u043a\u0435\u0442\u043e\u0432.\n\n\u0421 \u043f\u043e\u043c\u043e\u0449\u044c\u044e CVE-2022-30790 (\u043e\u0446\u0435\u043d\u043a\u0430 9.6 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS) \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0430\u0442\u0430\u043a\u0443\u0435\u0442 \u0430\u043b\u0433\u043e\u0440\u0438\u0442\u043c \u0434\u0435\u0444\u0440\u0430\u0433\u043c\u0435\u043d\u0442\u0430\u0446\u0438\u0438, \u043f\u0435\u0440\u0435\u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u044f \u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0439 \u0434\u0435\u0441\u043a\u0440\u0438\u043f\u0442\u043e\u0440.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0432 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0445\u0430\u043a\u0435\u0440 \u043f\u043e\u0434\u0434\u0435\u043b\u044b\u0432\u0430\u0435\u0442 \u043c\u0435\u0442\u0430\u0434\u0430\u043d\u043d\u044b\u0435 \u0438 \u0444\u0440\u0430\u0433\u043c\u0435\u043d\u0442 \u0434\u0430\u043d\u043d\u044b\u0445 \u0442\u0430\u043a, \u0447\u0442\u043e\u0431\u044b \u043e\u043d\u0438 \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u043b\u0438 \u043d\u0430 \u043e\u0434\u043d\u043e \u0438 \u0442\u043e \u0436\u0435 \u043c\u0435\u0441\u0442\u043e. \u042d\u0442\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u043f\u0435\u0440\u0435\u0437\u0430\u043f\u0438\u0441\u0438 \u043c\u0435\u0442\u0430\u0434\u0430\u043d\u043d\u044b\u0445 \u0444\u0440\u0430\u0433\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u043c\u0438. \u041f\u043e\u0441\u043b\u0435 \u044d\u0442\u043e\u0433\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0437\u0430\u043f\u0438\u0441\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435, \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0432 \u0432\u0442\u043e\u0440\u043e\u0439 \u0444\u0440\u0430\u0433\u043c\u0435\u043d\u0442 \u0434\u0430\u043d\u043d\u044b\u0445, \u0441\u043c\u0435\u0449\u0435\u043d\u0438\u0435 \u0438 \u0434\u043b\u0438\u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e \u0434\u043e\u043b\u0436\u043d\u044b \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c \u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0441\u0442\u0432\u0443, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u044e\u0442 \u043f\u0435\u0440\u0435\u0437\u0430\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u0435 \u043c\u0435\u0442\u0430\u0434\u0430\u043d\u043d\u044b\u0435.\n\n\u041f\u043e \u0441\u043b\u043e\u0432\u0430\u043c \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u043e\u0432, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0442\u043e\u043b\u044c\u043a\u043e \u0438\u0437 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0435\u0442\u0438, \u043d\u043e \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u043e\u0441\u0442\u0430\u043d\u0435\u0442\u0441\u044f \u043a\u0440\u0430\u0439\u043d\u0435 \u044d\u0444\u0444\u0435\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u0434\u043b\u044f \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0440\u0443\u0442\u0438\u043d\u0433\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u043d\u0430 \u0431\u0430\u0437\u0435 Linux.\n\n\u0412\u0442\u043e\u0440\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u0430\u044f \u043a\u0430\u043a CVE-2022-30552 (\u043e\u0446\u0435\u043d\u043a\u0430 7.1 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0445\u0430\u043a\u0435\u0440\u0443 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u043f\u0430\u043a\u0435\u0442\u0430 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0431\u0443\u0444\u0435\u0440, \u0447\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043e\u0442\u043a\u0430\u0437\u0443 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438. \u0414\u043b\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u043f\u0430\u043a\u0435\u0442, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0438\u043c\u0435\u0435\u0442 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \u043c\u0435\u043d\u044c\u0448\u0435 \u043c\u0438\u043d\u0438\u043c\u0430\u043b\u044c\u043d\u043e \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u043e\u0439 \u0434\u043b\u0438\u043d\u044b. \u041f\u043e\u0441\u043b\u0435 \u044d\u0442\u043e\u0433\u043e \u0444\u0443\u043d\u043a\u0446\u0438\u044f \u043f\u043e\u043f\u044b\u0442\u0430\u0435\u0442\u0441\u044f \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u043a\u043e\u043f\u0438\u044e \u0431\u043e\u043b\u044c\u0448\u0435\u0433\u043e \u0440\u0430\u0437\u043c\u0435\u0440\u0430, \u0447\u0435\u043c \u0441\u043f\u043e\u0441\u043e\u0431\u0435\u043d \u0432\u043c\u0435\u0441\u0442\u0438\u0442\u044c \u0431\u0443\u0444\u0435\u0440.\n\nNCC Group \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0430 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430\u043c U-Boot \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u0445 18 \u043c\u0430\u044f. \u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043d\u0430\u0445\u043e\u0434\u044f\u0442\u0441\u044f \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438, \u043d\u043e \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u043e CVE-2022-30790 \u0438 CVE-2022-30552 \u0431\u044b\u043b\u0438 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u044b \u0434\u043e \u043f\u043e\u044f\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0430\u0442\u0447\u0430, \u0442\u0430\u043a \u043a\u0430\u043a \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u0445 \u0432 U-Boot \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e, \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0440\u0430\u0441\u0441\u044b\u043b\u043a\u0438.\n\n\u0421\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u0438\u0437 NCC Group \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u044e\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u0442\u044c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f U-Boot \u0441\u0440\u0430\u0437\u0443 \u0436\u0435 \u043f\u043e\u0441\u043b\u0435 \u0438\u0445 \u0432\u044b\u0445\u043e\u0434\u0430.\n\n#\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c #\u0425\u0430\u043a\u0435\u0440\u044b #UBoot\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2022-06-07T02:55:02.000000Z"}, {"uuid": "c5eed00e-edc2-4c4c-8304-f3cee1668191", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-30552", "type": "published-proof-of-concept", "source": "https://t.me/TopCyberTechNews/28", "content": "Top Security News for 05/06/2022\n\nCyber phases of Russia's hybrid war. Microsoft hits Polonium and mitigates Follina. CISA and its partners warn about the Karakurt extortion group. Clipminer is out in the wild. Notes from the underworld.\nhttps://thecyberwire.com/newsletters/week-that-was/6/22 \n\nLemonDucks evading detection.\nhttps://thecyberwire.com/podcasts/research-saturday/235/notes \n\nTechnical Advisory \u2013 Multiple Vulnerabilities in U-Boot (CVE-2022-30790, CVE-2022-30552) - including remote write anywhere primitive in its IP stack\nhttps://www.reddit.com/r/netsec/comments/v4ht0r/technical_advisory_multiple_vulnerabilities_in/ \n\nThe Domain Generation Algorithms of SharkBot\nhttps://malware.news/t/the-domain-generation-algorithms-of-sharkbot/60743/1 \n\nSmaller reactors may still have a big nuclear waste problem\nhttps://arstechnica.com/?p=1858107 \n\nAn actively exploited Microsoft 0-day flaw still doesn\u2019t have a patch\nhttps://arstechnica.com/?p=1858179 \n\nProtected: Biweekly Malware Challenge #1: Gozi/ISFB String Decryption\nhttps://malware.news/t/protected-biweekly-malware-challenge-1-gozi-isfb-string-decryption/60740/1 \n\nCertificate Ripper released - tool to extract server certificates\nhttps://www.reddit.com/r/netsec/comments/v4qegg/certificate_ripper_released_tool_to_extract/ \n\nAnonymous: Operation Russia after 100 days of war\nhttps://securityaffairs.co/wordpress/131933/hacktivism/anonymous-operation-russia-100-days.html \n\nMind Map of Malware Mitigations\nhttps://www.reddit.com/r/Malware/comments/v4vc7a/mind_map_of_malware_mitigations/ \n\n    \nFollow Top Cyber News at https://t.me/TopCyberTechNews\nFeel free to DM me at https://twitter.com/ShayaFeedman", "creation_timestamp": "2022-06-05T05:00:04.000000Z"}, {"uuid": "03c25eba-31cb-492b-90b4-79018fef0bb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-30550", "type": "seen", "source": "https://t.me/poxek/2167", "content": "CVE-2022-30550: Privilege escalation possible in dovecot when similar master and non-master passdbs are used\nAn issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead to an unintended security configuration and can permit privilege escalation in certain configurations.\n\u25b6\ufe0f \u0418\u0441\u0442\u043e\u0447\u043d\u0438\u043a \n\n\u0414\u043d\u0435\u0432\u043d\u0438\u043a \u0411\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u0438\u043a\u0430 \ud83d\udee1", "creation_timestamp": "2022-08-13T21:02:34.000000Z"}, {"uuid": "45ed6e9b-e8ed-477b-ba98-708d8d578ddb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-30552", "type": "published-proof-of-concept", "source": "https://t.me/freeosint/1172", "content": "\ud83d\udce1U-boot \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0432 Starlink \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u0433\u043b\u0430\u0432\u043d\u043e\u0433\u043e \u0431\u0443\u0442\u043b\u043e\u0430\u0434\u0435\u0440\u0430 \u0442\u0435\u0440\u043c\u0438\u043d\u0430\u043b\u0430 (\u043f\u043e \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u043c \u043f\u043e\u0441\u0442\u0430\u043c \u0432 \u043a\u0430\u043d\u0430\u043b\u0435 \u0443\u0436\u0435 \u0441\u043a\u043e\u0440\u0435\u0435 \u0432\u0441\u0435\u0433\u043e \u0437\u043d\u0430\u0435\u0442\u0435, \u0438\u043b\u0438 \u0440\u0430\u043d\u0435\u0435 \u0437\u043d\u0430\u043b\u0438), \u0435\u0441\u043b\u0438 \u043a\u0442\u043e \u0432\u0434\u0440\u0443\u0433 \u0437\u0430\u0445\u043e\u0447\u0435\u0442 \u0437\u0430\u043d\u044f\u0442\u044c\u0441\u044f \u0435\u0433\u043e \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0435\u043c,  \u043f\u0440\u0438\u043a\u043b\u0430\u0434\u044b\u0432\u0430\u044e \u043d\u0438\u0436\u0435 \u0441\u0441\u044b\u043b\u043a\u0438 \u0434\u043b\u044f \u0443\u043f\u0440\u043e\u0449\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430\n\n\ud83d\udce1U-boot is used in Starlink as the main bootloader in terminal (according to some posts in the channel, you probably already know, or previously knew), if someone suddenly wants to do his research, I attach the links below to simplify the process.\n\n\ud83d\udcbeU-Boot Source Tree\n\ud83d\udcbeu-boot from starlink wi-fi gen2 \n\ud83d\udcbeU-Boot in OpenWrt\n\ud83d\udcbeu-boot docs \n\ud83d\udcbeThe u-booting securely\n\ud83d\udcbeU-Boot Secure Boot\n\ud83d\udcbeU-Boot Verified Boot vulnerability: CVE-2020-10648\n\ud83d\udcbeAnalysis and reverse-engineering of the original Starlink router(helpful information about u-boot in Starlink)\n\ud83d\udcbeReversing embedded device bootloader (U-Boot) - p.1\n\ud83d\udcbeReversing embedded device bootloader (U-Boot) - p.2\n\ud83d\udcbeDas U-Boot Verified Boot Bypass\n\ud83d\udcbeRecovering Firmware Through U-boot\n\ud83d\udcbeBushwhacking your way around a bootloader\n\ud83d\udcbeMultiple Vulnerabilities in U-Boot (CVE-2022-30790, CVE-2022-30552)\n\ud83d\udcbeCVE-2022-2347\n\ud83d\udcbedepthcharge is an U-Boot hacking toolkit for security researchers and tinkerers", "creation_timestamp": "2022-11-05T09:45:10.000000Z"}, {"uuid": "90f74ba8-0f99-4281-ae26-fa53cc2b4a55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-30556", "type": "seen", "source": "Telegram/Hf_SunJuoYNf_bsQCJ20cuXyI7bzH8EMEXzusn30k3vpXeQ", "content": "", "creation_timestamp": "2024-10-15T10:14:15.000000Z"}, {"uuid": "a713185f-7c63-4e42-9842-468424117c43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-30552", "type": "seen", "source": "https://t.me/true_secator/3034", "content": "\u041a\u0430\u043a \u0431\u044b \u0432\u0443\u043b\u044c\u0433\u0430\u0440\u043d\u043e \u043d\u0435 \u0437\u0432\u0443\u0447\u0430\u043b\u043e, \u043d\u043e \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b U-Boot, \u0430 \u0435\u0441\u043b\u0438 \u0431\u044b\u0442\u044c \u0431\u043e\u043b\u0435\u0435 \u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u044b\u043c Das U-Boot, \u043e\u0440\u0438\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u043d\u0430 \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440 MIPS, PowerPC, ARM \u0438 \u0434\u0440\u0443\u0433\u0438\u0435 \u043f\u043e\u0434 \u041e\u0421 Linux \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d \u0434\u0432\u0443\u043c \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c.\n\n\u041e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430\u0445 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438\u0437 NCC Group, \u043a\u043e\u0442\u043e\u0440\u044b\u0435\u00a0\u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u043e\u0448\u0438\u0431\u043a\u0438 \u0432 \u0430\u043b\u0433\u043e\u0440\u0438\u0442\u043c\u0435 \u0434\u0435\u0444\u0440\u0430\u0433\u043c\u0435\u043d\u0442\u0430\u0446\u0438\u0438 IP-\u0430\u0434\u0440\u0435\u0441\u043e\u0432, \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u043c \u0432 U-Boot.\u00a0\n\n\u041a\u0430\u043a \u0433\u043e\u0432\u043e\u0440\u044f\u0442 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u043c\u0438 \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u043e\u0433\u043e \u0434\u0438\u0430\u043f\u0430\u0437\u043e\u043d\u0430 (CVE-2022-30790 CVSS: 9,6), \u0447\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c root \u043f\u0440\u0430\u0432\u0430, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0431\u0443\u0444\u0435\u0440\u0430 (CVE-2022-30552 \u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 7,1), \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0435\u0433\u043e \u043a \u043e\u0442\u043a\u0430\u0437\u0443 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 (DoS).\n\n\u041c\u0430\u0441\u0448\u0442\u0430\u0431 \u0443\u0433\u0440\u043e\u0437 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u043f\u0440\u0438\u043b\u0438\u0447\u043d\u044b\u0439, \u0442\u0430\u043a \u043a\u0430\u043a U-Boot \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0432 \u0442\u0430\u043a\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 \u043a\u0430\u043a ChromeOS, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 \u0434\u043b\u044f \u0447\u0442\u0435\u043d\u0438\u044f \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u044b\u0445 \u043a\u043d\u0438\u0433, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440 \u0432 Amazon Kindle \u0438 Kobo eReader. \u0414\u0430, \u0431\u0430\u0433\u0438 \u043c\u043e\u0433\u0443\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c root-\u043f\u0440\u0430\u0432\u0430 \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 \u0438 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043e\u0442\u043a\u0430\u0437\u0443 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438, \u0441\u043e\u0437\u0434\u0430\u0432 \u0438\u0441\u043a\u0430\u0436\u0435\u043d\u043d\u044b\u0439 \u043f\u0430\u043a\u0435\u0442. \u041e\u0434\u043d\u0430\u043a\u043e \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u044e \u0441\u043c\u044f\u0433\u0447\u0430\u0435\u0442 \u0442\u043e\u0442 \u0444\u0430\u043a\u0442, \u0447\u0442\u043e \u043e\u0431\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0442\u043e\u043b\u044c\u043a\u043e \u0438\u0437 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0435\u0442\u0438.\u00a0\n\n\u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043d\u0430\u0445\u043e\u0434\u044f\u0442\u0441\u044f \u0432 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0435, \u043d\u043e \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0440\u0435\u0448\u0438\u043b\u0438 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u043e\u0431 \u043e\u0448\u0438\u0431\u043a\u0430\u0445 \u0434\u043e \u0432\u044b\u043f\u0443\u0441\u043a\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439, \u0442\u0430\u043a \u043a\u0430\u043a \u043f\u0440\u043e\u0446\u0435\u0441\u0441 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 U-Boot \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e \u0447\u0435\u0440\u0435\u0437 \u0438\u0445 \u0441\u043f\u0438\u0441\u043e\u043a \u0440\u0430\u0441\u0441\u044b\u043b\u043a\u0438. \u041e\u0436\u0438\u0434\u0430\u0435\u0442\u0441\u044f, \u0447\u0442\u043e \u043d\u0435\u0434\u043e\u0447\u0435\u0442\u044b U-boot \u0431\u0443\u0434\u0443\u0442 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b \u0432 \u0433\u0440\u044f\u0434\u0443\u0449\u0435\u043c \u043f\u0430\u0442\u0447\u0435, \u043f\u043e\u0441\u043b\u0435 \u0447\u0435\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438.\u00a0\n\n\u0422\u0430\u043a \u0447\u0442\u043e \u0441\u043a\u0440\u0435\u0441\u0442\u0438\u043c \u043f\u0430\u043b\u044c\u0446\u044b \u0432 \u043e\u0436\u0438\u0434\u0430\u043d\u0438\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0438 \u0431\u0443\u0434\u0435\u043c \u043d\u0430\u0434\u0435\u044f\u0442\u044c\u0441\u044f, \u0447\u0442\u043e \u0434\u043e \u044d\u0442\u043e\u0439 \u043f\u043e\u0440\u044b \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u0442\u0435\u043b\u0438 \u0442\u0435\u043d\u0435\u0432\u043e\u0433\u043e \u0437\u0430\u043a\u0443\u043b\u0438\u0441\u044c\u044f \u043f\u043e \u0431\u044b\u0441\u0442\u0440\u043e\u043c\u0443 \u043d\u0435 \u043f\u0440\u0438\u0434\u0443\u043c\u0430\u044e\u0442 \u043a\u0430\u043a \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u044d\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0441\u0432\u043e\u0438\u0445 \u0446\u0435\u043b\u044f\u0445.", "creation_timestamp": "2022-06-07T13:23:06.000000Z"}, {"uuid": "c0783d49-a1c2-4d64-8b06-813b5fc19962", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-30556", "type": "seen", "source": "https://t.me/cibsecurity/44132", "content": "\u203c CVE-2022-30556 \u203c\n\nApache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-09T20:33:48.000000Z"}, {"uuid": "1babb170-7c69-44a7-a7bd-81317d0c9f84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-30552", "type": "seen", "source": "https://t.me/cibsecurity/44022", "content": "\u203c CVE-2022-30790 \u203c\n\nDas U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-08T16:45:57.000000Z"}, {"uuid": "44a75611-f9a7-4f1b-9e8e-d84573390ff1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-30552", "type": "seen", "source": "https://t.me/cibsecurity/44020", "content": "\u203c CVE-2022-30552 \u203c\n\nDas U-Boot 2022.01 has a Buffer Overflow.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-08T16:45:55.000000Z"}, {"uuid": "5a6b90ad-1984-4600-bb25-4b2242c6c9ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-30551", "type": "seen", "source": "https://t.me/cibsecurity/43049", "content": "\u203c CVE-2022-30551 \u203c\n\nOPC UA Legacy Java Stack 2022-04-01 allows a remote attacker to cause a server to stop processing messages by sending crafted messages that exhaust available resources.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-20T16:36:40.000000Z"}, {"uuid": "fa1e8dab-5bf7-4e89-a038-041bc227d3c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-30557", "type": "seen", "source": "https://t.me/cibsecurity/42451", "content": "\u203c CVE-2022-30557 \u203c\n\nFoxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-12T00:34:33.000000Z"}, {"uuid": "14417ed6-d5ef-41c2-a4c1-37903cb75570", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-30552", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/6154", "content": "#Threat_Research\n1. Multiple Vulnerabilities in U-Boot\n(CVE-2022-30790, CVE-2022-30552)\nhttps://research.nccgroup.com/2022/06/03/technical-advisory-multiple-vulnerabilities-in-u-boot-cve-2022-30790-cve-2022-30552\n2. TaRRaK Ransomware\nhttps://decoded.avast.io/threatresearch/decrypted-tarrak-ransomware\n3. SVCReady: A New Loader\nhttps://threatresearch.ext.hp.com/svcready-a-new-loader-reveals-itself", "creation_timestamp": "2022-06-08T11:19:35.000000Z"}, {"uuid": "1bca4792-66de-4a47-bc27-406a37345175", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2022-30552", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-134-16", "content": "", "creation_timestamp": "2026-05-14T10:00:00.000000Z"}]}