{"vulnerability": "CVE-2024-1069", "sightings": [{"uuid": "c3bff002-3860-41a6-a882-3d8743a4dd8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10697", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10599", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10697\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability has been found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac of the component API Endpoint. The manipulation of the argument mac leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2024-11-02T12:00:08.397Z\n\ud83d\udccf Modified: 2025-04-05T06:48:36.830Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.282865\n2. https://vuldb.com/?ctiid.282865\n3. https://vuldb.com/?submit.434934\n4. https://github.com/theRaz0r/iot-mycve/blob/main/tenda_ac6_rce_WriteFacMac/tenda_ac6_rce_WriteFacMac.md\n5. https://www.tenda.com.cn/", "creation_timestamp": "2025-04-05T07:36:59.000000Z"}, {"uuid": "3bbf8574-f715-45f2-80a6-cbd77eab1533", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10692", "type": "seen", "source": "https://t.me/cvedetector/12194", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10692 - The PowerPack Elementor Addons (Free Widgets, Exte\", \n  \"Content\": \"CVE ID : CVE-2024-10692 \nPublished : Dec. 6, 2024, 9:15 a.m. | 19\u00a0minutes ago \nDescription : The PowerPack Elementor Addons (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 via the Content Reveal widget due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-06T10:36:11.000000Z"}, {"uuid": "8fd23581-0649-4a92-9eee-ba34736bbc4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1069", "type": "seen", "source": "https://t.me/ctinow/190566", "content": "https://ift.tt/MR3cybA\nCVE-2024-1069 | Contact Form Entries Plugin up to 1.3.2 on WordPress unrestricted upload (ID 3028640)", "creation_timestamp": "2024-02-22T09:37:01.000000Z"}, {"uuid": "7fad6abf-5167-45ed-aae2-c7168f01f695", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10695", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113467854475993105", "content": "", "creation_timestamp": "2024-11-12T03:27:37.269947Z"}, {"uuid": "6fdf1fd0-6be8-446a-be43-a0b2c94f4c8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10696", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113518678399611221", "content": "", "creation_timestamp": "2024-11-21T02:52:48.959334Z"}, {"uuid": "5c711057-1da1-4b56-a7a5-01b1747576fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10692", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113604963601646729", "content": "", "creation_timestamp": "2024-12-06T08:36:16.556619Z"}, {"uuid": "2ed820aa-e0d6-4279-89ff-0b5a7166fd6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10690", "type": "seen", "source": "https://t.me/cvedetector/12928", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10690 - Elementor WordPress Shortcodes Information Exposure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10690 \nPublished : Dec. 14, 2024, 6:15 a.m. | 16\u00a0minutes ago \nDescription : The Shortcodes for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.4 via the 'SHORTCODE_ELEMENTOR' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private and draft posts created with Elementor that they should not have access to. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-14T07:40:02.000000Z"}, {"uuid": "4e4f4e26-d9db-459a-b35e-312de1ce1f5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10695", "type": "seen", "source": "https://t.me/cvedetector/10582", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10695 - Futurio Extra Plugin for WordPress Information Exposure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10695 \nPublished : Nov. 12, 2024, 4:15 a.m. | 37\u00a0minutes ago \nDescription : The Futurio Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.0.13 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts that they should not have access to. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-12T06:19:43.000000Z"}, {"uuid": "0f827e3f-4b77-4b68-b0c0-9ae6f6cb44cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10693", "type": "seen", "source": "https://t.me/cvedetector/10269", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10693 - \"SKT Elementor Plugin Information Exposure Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-10693 \nPublished : Nov. 9, 2024, 4:15 a.m. | 26\u00a0minutes ago \nDescription : The SKT Addons for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.3 via the Unfold widget due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-09T05:45:42.000000Z"}, {"uuid": "efcf24b4-4b21-4d71-8c3e-d23f020f3efd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10699", "type": "seen", "source": "https://t.me/cvedetector/9643", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10699 - Wazifa System SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10699 \nPublished : Nov. 2, 2024, 3:15 p.m. | 39\u00a0minutes ago \nDescription : A vulnerability was found in code-projects Wazifa System 1.0. It has been classified as critical. This affects an unknown part of the file /controllers/logincontrol.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-02T17:16:14.000000Z"}, {"uuid": "5de5a98b-3a09-4e22-9a9e-f6eb7e5820ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10698", "type": "seen", "source": "https://t.me/cvedetector/9642", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10698 - Tenda AC6 Stack-Based Buffer Overflow Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10698 \nPublished : Nov. 2, 2024, 2:15 p.m. | 18\u00a0minutes ago \nDescription : A vulnerability was found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this issue is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-02T15:35:55.000000Z"}, {"uuid": "293004f8-e555-45fe-89dc-2dc6bdc82f11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10697", "type": "seen", "source": "https://t.me/cvedetector/9641", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10697 - Tenda AC6 API Endpoint Command Injection\", \n  \"Content\": \"CVE ID : CVE-2024-10697 \nPublished : Nov. 2, 2024, 12:15 p.m. | 39\u00a0minutes ago \nDescription : A vulnerability has been found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac of the component API Endpoint. The manipulation of the argument The leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-02T13:55:38.000000Z"}, {"uuid": "7922b725-561e-484a-96a3-47e2f4b64e4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1069", "type": "seen", "source": "Telegram/fzYrT0SptVAlc2J-Dcb1IhChUeKuG49Pm2aA8opv4dmIQ1s", "content": "", "creation_timestamp": "2024-01-31T04:29:41.000000Z"}, {"uuid": "2b67e30e-8308-4665-a028-3c30fb99ab26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1069", "type": "seen", "source": "https://t.me/ctinow/176461", "content": "https://ift.tt/YOA3U2X\nCVE-2024-1069", "creation_timestamp": "2024-01-31T04:31:54.000000Z"}]}