{"vulnerability": "cve-2023-2416", "sightings": [{"uuid": "e26471c5-991d-41ab-817f-c442d5fcef81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-24161", "type": "seen", "source": "https://t.me/cibsecurity/58110", "content": "\u203c CVE-2023-24161 \u203c\n\nTOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the webWlanIdx parameter in the setWebWlanIdx function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-14T18:35:41.000000Z"}, {"uuid": "aeef7489-fef7-421e-bfc8-5d0146844723", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-24160", "type": "seen", "source": "https://t.me/cibsecurity/58109", "content": "\u203c CVE-2023-24160 \u203c\n\nTOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-14T18:35:40.000000Z"}, {"uuid": "c0f4b672-c522-4f38-8416-b8f6ee7f9397", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-2416", "type": "seen", "source": "https://t.me/cibsecurity/64959", "content": "\u203c CVE-2023-2416 \u203c\n\nThe Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This makes it possible for unauthenticated to logout a vctia connected account which would cause a denial of service on the appointment scheduler, via a forged request granted they can trick a site user into performing an action such as clicking on a link.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-03T12:26:46.000000Z"}, {"uuid": "edfbf7af-da62-4e60-be8c-a35f93005df4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-24169", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9389", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-24169\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_0007343c.\n\ud83d\udccf Published: 2023-01-26T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-28T16:15:39.529Z\n\ud83d\udd17 References:\n1. https://github.com/DrizzlingSun/Tenda/blob/main/AC18/6/6.md", "creation_timestamp": "2025-03-28T16:27:56.000000Z"}, {"uuid": "deaebe1e-5157-42fc-a414-d6e0e03893a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-24161", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8278", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-24161\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the webWlanIdx parameter in the setWebWlanIdx function.\n\ud83d\udccf Published: 2023-02-14T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-20T20:13:56.447Z\n\ud83d\udd17 References:\n1. https://github.com/iceyjchen/VulnerabilityProjectRecords/blob/main/setWebWlanIdx/setWebWlanIdx.md", "creation_timestamp": "2025-03-20T20:19:30.000000Z"}, {"uuid": "87835f0f-10b1-4a05-bd04-a4a915bfc65d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-24167", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9388", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-24167\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/add_white_node.\n\ud83d\udccf Published: 2023-01-26T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-28T16:16:46.878Z\n\ud83d\udd17 References:\n1. https://github.com/DrizzlingSun/Tenda/blob/main/AC18/1/1.md", "creation_timestamp": "2025-03-28T16:27:53.000000Z"}, {"uuid": "f66f362c-d696-475d-8948-93ff821b38f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-24164", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9383", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-24164\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_000c2318.\n\ud83d\udccf Published: 2023-01-26T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-28T16:19:54.574Z\n\ud83d\udd17 References:\n1. https://github.com/DrizzlingSun/Tenda/blob/main/AC18/4/4.md", "creation_timestamp": "2025-03-28T16:27:49.000000Z"}, {"uuid": "c29e76ae-863b-452b-976f-2d2132185261", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-24166", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9387", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-24166\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/formWifiBasicSet.\n\ud83d\udccf Published: 2023-01-26T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-28T16:17:58.691Z\n\ud83d\udd17 References:\n1. https://github.com/DrizzlingSun/Tenda/blob/main/AC18/2/2.md", "creation_timestamp": "2025-03-28T16:27:52.000000Z"}, {"uuid": "508e8b2f-26df-48d5-8f44-b9c65a21fad8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-24165", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9385", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-24165\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/initIpAddrInfo.\n\ud83d\udccf Published: 2023-01-26T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-28T16:18:58.722Z\n\ud83d\udd17 References:\n1. https://github.com/DrizzlingSun/Tenda/blob/main/AC18/7/7.md", "creation_timestamp": "2025-03-28T16:27:51.000000Z"}]}