{"vulnerability": "cve-2023-3714", "sightings": [{"uuid": "8351dad0-c3dd-464f-aeba-5a33180afed7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37145", "type": "seen", "source": "https://t.me/cibsecurity/66198", "content": "\u203c CVE-2023-37145 \u203c\n\nTOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-07T18:24:58.000000Z"}, {"uuid": "07912baf-1606-4203-9e11-fb371e4cc107", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37144", "type": "seen", "source": "https://t.me/cibsecurity/66197", "content": "\u203c CVE-2023-37144 \u203c\n\nTenda AC10 v15.03.06.26 was discovered to contain a command injection vulnerability via the mac parameter in the function formWriteFacMac.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-07T18:24:54.000000Z"}, {"uuid": "461719d9-0a5a-45f4-8d57-057d57f06b64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37148", "type": "seen", "source": "https://t.me/cibsecurity/66196", "content": "\u203c CVE-2023-37148 \u203c\n\nTOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the ussd parameter in the setUssd function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-07T18:24:53.000000Z"}, {"uuid": "0282630a-67ca-41e0-9357-b6d61ebf5d16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37146", "type": "seen", "source": "https://t.me/cibsecurity/66193", "content": "\u203c CVE-2023-37146 \u203c\n\nTOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-07T18:24:50.000000Z"}, {"uuid": "18360cf1-efe3-41fd-97a4-0edb027ca9a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37149", "type": "seen", "source": "https://t.me/cibsecurity/66192", "content": "\u203c CVE-2023-37149 \u203c\n\nTOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-07T18:21:50.000000Z"}, {"uuid": "5c201f0e-3bc6-419c-adb8-90717c020749", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37141", "type": "seen", "source": "https://t.me/cibsecurity/66968", "content": "\u203c CVE-2023-37141 \u203c\n\nChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::ProfilingHelpers::ProfiledNewScArray().\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-19T00:36:32.000000Z"}, {"uuid": "efb07e0f-ae08-4d71-a9c2-6046efdccbde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37143", "type": "seen", "source": "https://t.me/cibsecurity/66967", "content": "\u203c CVE-2023-37143 \u203c\n\nChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function BackwardPass::IsEmptyLoopAfterMemOp().\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-19T00:36:31.000000Z"}, {"uuid": "230246a8-19bb-4696-8ef8-04eb879c9701", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37142", "type": "seen", "source": "https://t.me/cibsecurity/66965", "content": "\u203c CVE-2023-37142 \u203c\n\nChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::EntryPointInfo::HasInlinees().\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-19T00:36:29.000000Z"}, {"uuid": "5faf72e4-f77b-4370-9ea3-029216ca8fb5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-3714", "type": "seen", "source": "https://t.me/cibsecurity/66870", "content": "\u203c CVE-2023-3714 \u203c\n\nThe ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'edit_group' handler in versions up to, and including, 5.5.2. This makes it possible for authenticated attackers, with group ownership, to update group options, including the 'associate_role' parameter, which defines the member's role. This issue was partially patched in version 5.5.2 preventing privilege escalation, however, it was fully patched in 5.5.3.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-18T07:25:42.000000Z"}]}