{"vulnerability": "cve-2021-4084", "sightings": [{"uuid": "12d5124a-5612-4cc8-a9a6-d199204629d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40848", "type": "seen", "source": "https://t.me/cibsecurity/31708", "content": "\u203c CVE-2021-40848 \u203c\n\nIn Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV files could contain characters that a spreadsheet program could interpret as a command, leading to execution of a malicious string locally on a device, aka CSV injection.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-03T13:23:32.000000Z"}, {"uuid": "36f14eed-add0-480f-a49c-0106351f2bd3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40849", "type": "seen", "source": "https://t.me/cibsecurity/31707", "content": "\u203c CVE-2021-40849 \u203c\n\nIn Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the account associated with a web services token is vulnerable to being exploited and logged into, resulting in information disclosure (at a minimum) and often escalation of privileges.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-03T13:23:30.000000Z"}, {"uuid": "66983c1a-8082-4864-8cbf-69f5da1c96fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40847", "type": "seen", "source": "https://t.me/cibsecurity/29199", "content": "\u203c CVE-2021-40847 \u203c\n\nThe update process of the Circle Parental Control Service on various NETGEAR routers allows remote attackers to achieve remote code execution as root via a MitM attack. While the parental controls themselves are not enabled by default on the routers, the Circle update daemon, circled, is enabled by default. This daemon connects to Circle and NETGEAR to obtain version information and updates to the circled daemon and its filtering database. However, database updates from NETGEAR are unsigned and downloaded via cleartext HTTP. As such, an attacker with the ability to perform a MitM attack on the device can respond to circled update requests with a crafted, compressed database file, the extraction of which gives the attacker the ability to overwrite executable files with attacker-controlled code. This affects R6400v2 1.0.4.106, R6700 1.0.2.16, R6700v3 1.0.4.106, R6900 1.0.2.16, R6900P 1.3.2.134, R7000 1.0.11.123, R7000P 1.3.2.134, R7850 1.0.5.68, R7900 1.0.4.38, R8000 1.0.4.68, and RS400 1.5.0.68.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-21T22:28:05.000000Z"}, {"uuid": "6403a08d-f41b-4856-98d5-d66c15840ea5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40845", "type": "seen", "source": "https://t.me/cibsecurity/28881", "content": "\u203c CVE-2021-40845 \u203c\n\nThe web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file upload in the Custom Scripts section at php/index.php. Neither the content nor extension of the uploaded files is checked, allowing execution of PHP code under the /cmd directory.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-15T16:22:23.000000Z"}, {"uuid": "81c41d02-89f7-49d5-899f-14f94c8ad756", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40847", "type": "published-proof-of-concept", "source": "https://t.me/cKure/7250", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 CVE-2021-40847 flaw in Netgear SOHO routers could be exploited by a remote attacker to execute arbitrary code as root.\n\nhttps://securityaffairs.co/wordpress/122486/hacking/cve-2021-40847-netgear-soho-routers.html", "creation_timestamp": "2021-09-23T19:24:24.000000Z"}, {"uuid": "1e00c0cd-82d3-41c7-b729-8cb8090e6b0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-4084", "type": "seen", "source": "https://t.me/cibsecurity/33725", "content": "\u203c CVE-2021-4084 \u203c\n\npimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-10T14:25:13.000000Z"}, {"uuid": "f905ec52-b329-4948-a4f2-2c95fb0a829c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40847", "type": "seen", "source": "https://t.me/ctinow/40186", "content": "CVE-2021-40847 flaw in Netgear SOHO routers could allow remote code execution\n\nhttps://ift.tt/3AM4ekQ", "creation_timestamp": "2021-09-23T08:41:26.000000Z"}, {"uuid": "2430d02c-0099-4a97-9af9-4b73646a9c90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40847", "type": "seen", "source": "https://t.me/tomhunter/294", "content": "#news Netgear \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 (CVE-2021-40847) \u043f\u043e\u0447\u0442\u0438 \u043d\u0430 \u0434\u0435\u0441\u044f\u0442\u043a\u0435 \u0441\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0445 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u043e\u0432 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u0434\u043b\u044f \u043c\u0430\u043b\u044b\u0445 \u0438 \u0434\u043e\u043c\u0430\u0448\u043d\u0438\u0445 \u043e\u0444\u0438\u0441\u043e\u0432. \u041f\u043e\u043b\u0443\u0447\u0438\u0432 root-\u0434\u043e\u0441\u0442\u0443\u043f, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043b\u043d\u043e\u0441\u0442\u044c\u044e \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u0442\u0440\u0430\u0444\u0438\u043a, \u043f\u0440\u043e\u0445\u043e\u0434\u044f\u0449\u0438\u0439 \u0447\u0435\u0440\u0435\u0437 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0441\u0447\u0438\u0442\u044b\u0432\u0430\u0442\u044c \u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435, \u043a\u043e\u0442\u043e\u0440\u044b\u043c\u0438 \u043e\u0431\u043c\u0435\u043d\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u0441 \u0434\u0440\u0443\u0433\u0438\u043c\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c\u0438, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0432 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0439 \u0441\u0435\u0442\u0438 \u0436\u0435\u0440\u0442\u0432\u044b. \u0427\u0442\u043e\u0431\u044b \u0437\u0430\u0433\u0440\u0443\u0437\u0438\u0442\u044c \u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u044e\u044e \u0432\u0435\u0440\u0441\u0438\u044e \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0438 \u0434\u043b\u044f \u0432\u0430\u0448\u0435\u0433\u043e \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 Netgear - \u043f\u0435\u0440\u0435\u0439\u0434\u0438\u0442\u0435 \u043d\u0430 \u0441\u0430\u0439\u0442 \u0438\u0445 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0438. \n\n@tomhunter", "creation_timestamp": "2021-09-21T18:19:08.000000Z"}, {"uuid": "004d4f18-a548-44f6-850f-b91ea5ee79e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40847", "type": "seen", "source": "https://t.me/true_secator/2132", "content": "Netgear \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 (RCE), \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u0443\u044e \u0432 \u0441\u043b\u0443\u0436\u0431\u0435 \u0440\u043e\u0434\u0438\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0433\u043e \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f Circle, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 root \u043f\u043e\u0447\u0442\u0438 \u043d\u0430 \u0434\u044e\u0436\u0438\u043d\u0435 \u0441\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0445 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u043e\u0432 Netgear \u0434\u043b\u044f \u043c\u0430\u043b\u044b\u0445 \u043e\u0444\u0438\u0441\u043e\u0432/\u0434\u043e\u043c\u0430\u0448\u043d\u0438\u0445 \u043e\u0444\u0438\u0441\u043e\u0432 (SOHO).\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u0432\u0435\u043a\u0442\u043e\u0440 \u0430\u0442\u0430\u043a\u0438, CVE-2021-40847, \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d \u043e\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u043e\u0439 \u0441\u043b\u0443\u0436\u0431\u044b, \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 Circle, \u0432\u0441\u0435 \u0436\u0435 \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u0442 \u043e\u0448\u0438\u0431\u043a\u0443 \u0438 \u0432\u043a\u043b\u044e\u0447\u0435\u043d \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e, \u0438 \u043e\u0448\u0438\u0431\u043a\u0443 \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c, \u0434\u0430\u0436\u0435 \u0435\u0441\u043b\u0438 \u0441\u043b\u0443\u0436\u0431\u0430 \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0430.\n\n\u041f\u0440\u043e\u0446\u0435\u0441\u0441 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f Circle Parental Control Service \u043d\u0430 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u0430\u0445 Netgear \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0441 \u0441\u0435\u0442\u0435\u0432\u044b\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u0442\u044c RCE \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 root \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0430\u0442\u0430\u043a\u0438 MitM. \u041f\u0440\u043e\u0432\u0435\u0440\u0435\u043d\u043e GRIMM.\n\n\u0423\u0441\u043f\u0435\u0448\u043d\u043e\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u043e\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0438 \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u0442\u0440\u0430\u0444\u0438\u043a\u0430 \u0432 \u0442\u043e\u0439 \u0436\u0435 \u0441\u0435\u0442\u0438, \u0447\u0442\u043e\u0431\u044b \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c RCE \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 root \u043d\u0430 \u0446\u0435\u043b\u0435\u0432\u043e\u043c \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u0435. \u041f\u043e\u043b\u0443\u0447\u0438\u0432 root-\u043f\u0440\u0430\u0432\u0430, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0437\u0430\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u043f\u043e\u043b\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0442\u0440\u0430\u0444\u0438\u043a\u043e\u043c, \u043f\u0440\u043e\u0445\u043e\u0434\u044f\u0449\u0438\u043c \u0447\u0435\u0440\u0435\u0437 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440, \u0441\u0447\u0438\u0442\u044b\u0432\u0430\u044f \u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435, \u043a\u043e\u0442\u043e\u0440\u044b\u043c\u0438 \u043e\u0431\u043c\u0435\u043d\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u0441 \u0434\u0440\u0443\u0433\u0438\u043c\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c\u0438, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0432 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0439 \u0441\u0435\u0442\u0438 \u0436\u0435\u0440\u0442\u0432\u044b.\n\n\u041f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u0430\u044f \u0446\u0435\u043f\u043e\u0447\u043a\u0430 \u0443\u0433\u0440\u043e\u0437 \u0430\u0442\u0430\u043a \u0434\u043b\u044f \u0432\u0437\u043b\u043e\u043c\u0430 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0439 \u0441\u0435\u0442\u0438 \u043f\u043e\u0441\u043b\u0435 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u043e\u0434\u043d\u043e\u0433\u043e \u0438\u0437 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u043e\u0432 Netgear \u0441\u043e\u0442\u0440\u0443\u0434\u043d\u0438\u043a\u0430 \u0432\u044b\u0433\u043b\u044f\u0434\u0438\u0442 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c:\n \u2022 \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442 \u0440\u0430\u0437\u0432\u0435\u0434\u043a\u0443, \u0447\u0442\u043e\u0431\u044b \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0438\u0442\u044c \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442-\u043f\u0440\u043e\u0432\u0430\u0439\u0434\u0435\u0440\u0430 \u0446\u0435\u043b\u0435\u0432\u043e\u0439 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0446\u0438\u0438.\n \u2022 \u041a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u0443\u0435\u0442 \u044d\u0442\u043e\u0433\u043e \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442-\u043f\u0440\u043e\u0432\u0430\u0439\u0434\u0435\u0440\u0430 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043a\u0430\u043a\u043e\u0433\u043e-\u043b\u0438\u0431\u043e \u0434\u0440\u0443\u0433\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 (\u0444\u0438\u0448\u0438\u043d\u0433, \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0438 \u0442. \u0434.).\n \u2022 \u0418\u0437-\u043f\u043e\u0434 \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442-\u043f\u0440\u043e\u0432\u0430\u0439\u0434\u0435\u0440\u0430 \u0445\u0430\u043a\u0435\u0440\u00a0 \u043c\u043e\u0436\u0435\u0442 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043b\u044e\u0431\u044b\u0435 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u044b, \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0434\u043b\u044f \u043e\u0448\u0438\u0431\u043a\u0438 Circle Parental Control Service.\n \u2022 \u0421 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u043e\u0432 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043d\u0430\u043f\u0440\u044f\u043c\u0443\u044e \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0443\u0435\u0442 \u0441 \u043b\u044e\u0431\u044b\u043c\u0438 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u043c\u0438 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430\u043c\u0438, \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u044b\u043c\u0438 \u043a \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u0443. \u0417\u0430\u0442\u0435\u043c, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0434\u043b\u044f \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0442\u0430\u043a\u043e\u0439 \u043a\u0430\u043a PrintNightmare, \u043c\u043e\u0436\u0435\u0442 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u044d\u0442\u0438 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u044b.\n \u2022 \u041f\u043e\u0441\u043b\u0435 \u0447\u0435\u0433\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u0435\u0440\u0435\u0439\u0442\u0438 \u043a \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0439 \u0441\u0435\u0442\u0438 \u0438 \u043f\u0440\u043e\u043d\u0438\u043a\u043d\u0443\u0442\u044c \u0432 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0438\u043b\u0438 \u043d\u0430\u0447\u0430\u0442\u044c \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0438\u0435 \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0446\u0438\u044e.\n\n\u041f\u043e\u044d\u0442\u043e\u043c\u0443 \u0435\u0441\u043b\u0438, \u0432\u044b \u0432\u0441\u0435 \u0436\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u00a0 Netgear \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u0437\u0430\u0433\u0440\u0443\u0437\u0438\u0442\u044c \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u044e\u044e \u0432\u0435\u0440\u0441\u0438\u044e \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0438 \u0434\u043b\u044f \u0441\u0432\u043e\u0438\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432, \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0434\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 CVE-2021-40847.", "creation_timestamp": "2021-09-22T22:43:11.000000Z"}, {"uuid": "7296a59a-6ad6-43ac-8774-bba976c76700", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40846", "type": "seen", "source": "https://t.me/cibsecurity/38478", "content": "\u203c CVE-2021-40846 \u203c\n\nAn issue was discovered in Rhinode Trading Paints through 2.0.36. TP Updater.exe uses cleartext HTTP to check, and request, updates. Thus, attackers can man-in-the-middle a victim to download a malicious binary in place of the real update, with no SSL errors or warnings.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-05T00:27:16.000000Z"}, {"uuid": "4093e46a-9164-4cec-83a0-a2fa9884cb5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40840", "type": "seen", "source": "https://t.me/cibsecurity/37793", "content": "\u203c CVE-2021-40840 \u203c\n\nA Stored XSS issue exists in the admin/users user administration form in LiveConfig 2.12.2.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-19T00:38:27.000000Z"}, {"uuid": "31b09945-c11b-4413-ab23-aa4e8a4192c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40841", "type": "seen", "source": "https://t.me/cibsecurity/37792", "content": "\u203c CVE-2021-40841 \u203c\n\nA Path Traversal vulnerability for a log file in LiveConfig 2.12.2 allows authenticated attackers to read files on the underlying server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-19T00:38:25.000000Z"}, {"uuid": "d79e7716-efa1-499f-a1a5-0f2223b315cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40843", "type": "seen", "source": "https://t.me/cibsecurity/30536", "content": "\u203c CVE-2021-40843 \u203c\n\nProofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. An attacker with write access to the local database could cause arbitrary code to execute with SYSTEM privileges on the underlying server when a Web Console user triggers retrieval of that data. When chained with a SQL injection vulnerability, the vulnerability could be exploited remotely if Web Console users click a series of maliciously crafted URLs. All versions prior to 7.11.2 are affected.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-13T22:26:56.000000Z"}, {"uuid": "b5cf7776-595d-478a-b530-85e3d09004f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40842", "type": "seen", "source": "https://t.me/cibsecurity/30535", "content": "\u203c CVE-2021-40842 \u203c\n\nProofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. The vulnerability exists due to improper input validation on the database name parameter required in certain unauthenticated APIs. A malicious URL visited by anyone with network access to the server could be used to blindly execute arbitrary SQL statements on the backend database. Version 7.12.0 and all versions prior to 7.11.2 are affected.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-13T22:26:52.000000Z"}, {"uuid": "c94a3088-bf05-428d-9acb-eaff668cd3da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40845", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/4278", "content": "#exploit\nCVE-2021-40845:\nAlphaWeb XE - Authenticated Insecure File Upload\nleading to RCE (PoC)\nhttps://github.com/ricardojoserf/CVE-2021-40845", "creation_timestamp": "2021-09-12T13:30:11.000000Z"}, {"uuid": "3a45db26-7278-45eb-bafb-d838fd86f213", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40847", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/4359", "content": "#Threat_Research\n1. Netgear SOHO Security Bug Allows RCE, Corporate Attacks (CVE-2021-40847)\nhttps://blog.grimm-co.com/2021/09/mama-always-told-me-not-to-trust.html\n2. A vmap/vmalloc use-after-free vulnerability within the Android ION allocator\nhttps://labs.taszk.io/blog/post/61_android_ion_uaf", "creation_timestamp": "2022-05-27T12:41:34.000000Z"}, {"uuid": "52ccecbc-9ea0-4169-9df5-5bd46c63e452", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40845", "type": "seen", "source": "MISP/e9fe9c80-e538-4746-ae5b-1c9ea5c9e30b", "content": "", "creation_timestamp": "2024-11-14T06:10:10.000000Z"}]}