{"vulnerability": "cve-2024-1229", "sightings": [{"uuid": "2c4bf079-213d-493c-8dd8-24deed5929c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12297", "type": "seen", "source": "https://t.me/claytechsolution/207", "content": "The Hacker News\nMoxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches\n\nTaiwanese company Moxa has released a security update to address a critical security flaw impacting its PT switches that could permit an attacker to bypass authentication guarantees.\nThe vulnerability, tracked as CVE-2024-12297, has been assigned a CVSS v4 score of 9.2 out of a maximum of 10.0.\n\"Multiple Moxa PT switches are vulnerable to an authentication bypass because of flaws in their", "creation_timestamp": "2025-03-11T08:28:13.000000Z"}, {"uuid": "234bd9d8-4480-4c6c-8f49-b444a8b8d849", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1229", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/31", "content": "\ud83d\udccc CVE ID: GHSA-jrxv-486p-m4jq\n\ud83d\udd39 Summary: No summary available.\n\ud83d\udd17 More Info: https://nvd.nist.gov/vuln/detail/CVE-2024-1229", "creation_timestamp": "2025-01-05T01:28:36.000000Z"}, {"uuid": "a218a6bd-0d46-4548-9e1c-8ccf2169b27a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1229", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/110", "content": "\ud83d\udccc **CVE ID**: GHSA-jrxv-486p-m4jq\n\ud83d\udd17 **Aliases**: CVE-2024-12279\n\ud83d\udd39 **Details**: The WP Social AutoConnect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.\n\ud83d\udd22 **Severity**: CVSS_V3: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\n\ud83d\uddd3\ufe0f **Modified**: 2025-01-04T12:30:32Z\n\ud83d\uddd3\ufe0f **Published**: 2025-01-04T12:30:32Z\n\ud83c\udff7\ufe0f **CWE IDs**: CWE-352\n\ud83d\udd17 **References**:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-1229\n2. https://plugins.trac.wordpress.org/changeset/32115\n3. https://wordpress.org/plugins/wp-fb-autoconnect/#developers\n4. https://www.wordfence.com/threat-intel/vulnerabilities/id/392d8286-a5fd-4d5d-9f6a-f13564013edc?source=cve", "creation_timestamp": "2025-01-05T01:39:15.000000Z"}, {"uuid": "2a5487ab-b4b0-41dd-aa79-2530a99a15ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12291", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/326", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12291\n\ud83d\udd39 Description: The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.15. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-01-07T04:22:01.768Z\n\ud83d\udccf Modified: 2025-01-07T04:22:01.768Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/646ba700-28d5-455f-88de-2864ef8f202c?source=cve\n2. https://wordpress.org/plugins/viewmedica/#developers", "creation_timestamp": "2025-01-07T04:39:22.000000Z"}, {"uuid": "b5e56a9d-f692-4bff-a4c9-ac6052b0fe58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12290", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/471", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12290\n\ud83d\udd39 Description: The Infility Global plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018set_type\u2019 parameter in all versions up to, and including, 2.9.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-01-07T04:22:00.720Z\n\ud83d\udccf Modified: 2025-01-07T16:23:24.304Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/6127576b-5ce2-4a3e-95de-8a2b3d90d3a0?source=cve\n2. https://wordpress.org/plugins/infility-global/#developers", "creation_timestamp": "2025-01-07T16:42:19.000000Z"}, {"uuid": "2da86751-7765-40ab-a17c-4ccce0a48941", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12298", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1422", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12298\n\ud83d\udd39 Description: We found a vulnerability Improper Restriction of XML External Entity Reference (CWE-611) in NB-series NX-Designer. Attackers may be able to abuse this vulnerability to disclose confidential data on a computer.\n\ud83d\udccf Published: 2025-01-14T00:45:38.605Z\n\ud83d\udccf Modified: 2025-01-14T00:45:38.605Z\n\ud83d\udd17 References:\n1. https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2025-002_en.pdf\n2. https://www.fa.omron.co.jp/product/security/assets/pdf/ja/OMSR-2025-002_ja.pdf", "creation_timestamp": "2025-01-14T01:07:24.000000Z"}, {"uuid": "60e524e1-de77-4935-adba-b510539768ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12297", "type": "seen", "source": "Telegram/8ThijABIfi-5nNlQ7kr_WvEtubQLhHXnUTTbU5BQXc6b8iBP", "content": "", "creation_timestamp": "2025-03-08T04:34:09.000000Z"}, {"uuid": "79db0816-1da3-4528-9aca-d5949b377dc7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12297", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1713", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12297\n\ud83d\udd39 Description: Moxa\u2019s Ethernet switch EDS-508A Series, running firmware version 3.11 and earlier, is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. These vulnerabilities may enable brute-force attacks to guess valid credentials or MD5 collision attacks to forge authentication hashes, potentially compromising the security of the device.\n\ud83d\udccf Published: 2025-01-15T10:00:46.524Z\n\ud83d\udccf Modified: 2025-01-15T10:00:46.524Z\n\ud83d\udd17 References:\n1. https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241407-cve-2024-12297-frontend-authorization-logic-disclosure-vulnerability-in-eds-508a-series", "creation_timestamp": "2025-01-15T10:10:52.000000Z"}, {"uuid": "81077ad8-9aa7-4105-9fe4-04838b04e9de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12296", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4077", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12296\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-12T10:15:10.230\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://themeforest.net/item/superio-job-board-wordpress-theme/32180231\n2. https://www.wordfence.com/threat-intel/vulnerabilities/id/dda2c437-8f41-480a-8816-2c07ab0eafa7?source=cve", "creation_timestamp": "2025-02-12T11:12:36.000000Z"}, {"uuid": "1553f847-aa6d-4293-83d6-8d060c94bee4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12296", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4104", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12296\n\ud83d\udd25 CVSS Score: 8.7 (CVSS_V3)\n\ud83d\udd39 Description: The Apus Framework plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'import_page_options' function in all versions up to, and including, 2.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.\n\ud83d\udccf Published: 2025-02-12T12:30:46Z\n\ud83d\udccf Modified: 2025-02-12T12:30:46Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-12296\n2. https://themeforest.net/item/superio-job-board-wordpress-theme/32180231\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/dda2c437-8f41-480a-8816-2c07ab0eafa7?source=cve", "creation_timestamp": "2025-02-12T13:14:46.000000Z"}, {"uuid": "ebb5f929-b923-4bd8-941d-e644686e92f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12297", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6655", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12297\n\ud83d\udd25 CVSS Score: 9.2 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L)\n\ud83d\udd39 Description: Moxa\u2019s Ethernet switch is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. These vulnerabilities may enable brute-force attacks to guess valid credentials or MD5 collision attacks to forge authentication hashes, potentially compromising the security of the device.\n\ud83d\udccf Published: 2025-01-15T10:00:46.524Z\n\ud83d\udccf Modified: 2025-03-06T08:27:52.297Z\n\ud83d\udd17 References:\n1. https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241407-cve-2024-12297-frontend-authorization-logic-disclosure-vulnerability-in-eds-508a-series\n2. https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241408-cve-2024-12297-frontend-authorization-logic-disclosure-vulnerability-identified-in-pt-switches", "creation_timestamp": "2025-03-06T08:37:17.000000Z"}, {"uuid": "0a1ec423-debd-46aa-8494-5ebc01550c14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12295", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8019", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12295\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The BoomBox Theme Extensions plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.8.0. This is due to the plugin not properly validating a user's identity prior to updating their password through the 'boombox_ajax_reset_password' function. This makes it possible for authenticated attackers, with subscriber-level privileges and above, to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.\n\ud83d\udccf Published: 2025-03-19T04:21:06.477Z\n\ud83d\udccf Modified: 2025-03-19T04:21:06.477Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/c453aaf6-767d-4929-bbb3-3c0b78b0507a?source=cve\n2. https://themeforest.net/item/boombox-viral-buzz-wordpress-theme/16596434", "creation_timestamp": "2025-03-19T04:48:46.000000Z"}, {"uuid": "a7b9eeaa-7d29-46d5-8a25-df568c921e33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12297", "type": "published-proof-of-concept", "source": "https://t.me/ics_cert/996", "content": "\u06cc\u06a9 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u062f\u0631 \u067e\u06cc\u0627\u062f\u0647\u200c\u0633\u0627\u0632\u06cc \u0645\u06a9\u0627\u0646\u06cc\u0632\u0645 \u0645\u062c\u0648\u0632 \u0641\u0631\u06cc\u0645\u0648\u0631 \u0628\u0631\u0627\u06cc \u0633\u0648\u0626\u06cc\u0686\u200c\u0647\u0627\u06cc Moxa EDS-508A \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0646\u0642\u0635 \u062f\u0631 \u0645\u06a9\u0627\u0646\u06cc\u0633\u0645 \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc/\u062a\u0623\u06cc\u06cc\u062f \u0647\u0648\u06cc\u062a \u0645\u0631\u062a\u0628\u0637 \u0627\u0633\u062a.  \n\u0633\u0648\u0621 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0628\u0647 \u0645\u0647\u0627\u062c\u0645 \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 \u0627\u062c\u0627\u0632\u0647 \u062f\u0647\u062f \u062a\u0627 \u062f\u0633\u062a\u0631\u0633\u06cc \u063a\u06cc\u0631\u0645\u062c\u0627\u0632 \u0628\u0647 \u0641\u0627\u06cc\u0644\u200c\u0647\u0627\u06cc \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc \u062f\u0633\u062a\u06af\u0627\u0647 \u0627\u0632 \u0637\u0631\u06cc\u0642 brute force \u06cc\u0627 \u062d\u0645\u0644\u0647 \u0628\u0631\u062e\u0648\u0631\u062f MD5 \u0628\u0631\u0627\u06cc \u062c\u0639\u0644 \u0647\u0634\u200c\u0647\u0627\u06cc \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u062f.\n\n BDU: 2025-00371\n CVE-2024-12297\n\n \u0646\u0635\u0628 \u0628\u0647 \u0631\u0648\u0632 \u0631\u0633\u0627\u0646\u06cc \u0627\u0632 \u0645\u0646\u0627\u0628\u0639 \u0642\u0627\u0628\u0644 \u0627\u0639\u062a\u0645\u0627\u062f  \u060c \u062a\u0648\u0635\u06cc\u0647 \u0645\u06cc \u0634\u0648\u062f \u0628\u0647 \u0631\u0648\u0632 \u0631\u0633\u0627\u0646\u06cc \u0646\u0631\u0645 \u0627\u0641\u0632\u0627\u0631 \u0631\u0627 \u062a\u0646\u0647\u0627 \u067e\u0633 \u0627\u0632 \u0627\u0631\u0632\u06cc\u0627\u0628\u06cc \u062a\u0645\u0627\u0645 \u062e\u0637\u0631\u0627\u062a \u0645\u0631\u062a\u0628\u0637 \u0646\u0635\u0628 \u06a9\u0646\u06cc\u062f.\n\n \u0627\u0642\u062f\u0627\u0645\u0627\u062a \u062c\u0628\u0631\u0627\u0646\u06cc:\n - \u0645\u062d\u062f\u0648\u062f \u06a9\u0631\u062f\u0646 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u062f\u0633\u062a\u06af\u0627\u0647 \u0647\u0627 \u0627\u0632 \u0634\u0628\u06a9\u0647 \u0647\u0627\u06cc \u062e\u0627\u0631\u062c\u06cc (\u0627\u06cc\u0646\u062a\u0631\u0646\u062a)\u061b\n - \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0644\u06cc\u0633\u062a \u0633\u0641\u06cc\u062f \u0622\u062f\u0631\u0633 \u0647\u0627\u06cc IP \u0628\u0631\u0627\u06cc \u0645\u062d\u062f\u0648\u062f \u06a9\u0631\u062f\u0646 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u0646\u0631\u0645 \u0627\u0641\u0632\u0627\u0631\u0647\u0627\u06cc \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631.\n - \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0627\u0628\u0632\u0627\u0631\u0647\u0627\u06cc \u0641\u0627\u06cc\u0631\u0648\u0627\u0644 \u0628\u0631\u0627\u06cc \u0645\u062d\u062f\u0648\u062f \u06a9\u0631\u062f\u0646 \u0627\u0645\u06a9\u0627\u0646 \u0627\u0631\u0633\u0627\u0644 \u06a9\u0646\u062a\u0631\u0644 \u0646\u0634\u062f\u0647 \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u0647\u0627 \u0628\u0647 \u0646\u0631\u0645 \u0627\u0641\u0632\u0627\u0631\u0647\u0627\u06cc \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631.\n - \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0627\u0628\u0632\u0627\u0631\u0647\u0627\u06cc \u062a\u0634\u062e\u06cc\u0635 \u0646\u0641\u0648\u0630 \u0648 \u067e\u06cc\u0634\u06af\u06cc\u0631\u06cc (IDS/IPS) \u0628\u0631\u0627\u06cc \u0646\u0638\u0627\u0631\u062a \u0628\u0631 \u062a\u0644\u0627\u0634 \u0647\u0627 \u0628\u0631\u0627\u06cc \u0628\u0647\u0631\u0647 \u0628\u0631\u062f\u0627\u0631\u06cc \u0627\u0632 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0647\u0627.\n\n \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u062a\u0648\u0635\u06cc\u0647 \u0647\u0627\u06cc \u0633\u0627\u0632\u0646\u062f\u0647:\n https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241407-cve-2024-12297-frontend-authorization-logic-disclosure-vulnerability-in-eds-508a-series\n\n\ud83d\udc48 \u0646\u0638\u0631\u0627\u062a \u0648 \u062a\u062c\u0631\u0628\u06cc\u0627\u062a \u0634\u0645\u0627 \u0627\u0631\u0632\u0634\u0645\u0646\u062f \u0627\u0633\u062a - \u0644\u0637\u0641\u0627 \u0622\u0646\u0631\u0627 \u0628\u0647 \u0627\u0634\u062a\u0631\u0627\u06a9 \u0628\u06af\u0630\u0627\u0631\u06cc\u062f. \n\ud83c\udfed \u0648\u0628\u0633\u0627\u06cc\u062a \u0648 \u06a9\u0627\u0646\u0627\u0644 \u062a\u062e\u0635\u0635\u06cc \u0627\u0645\u0646\u06cc\u062a \u0632\u06cc\u0631\u0633\u0627\u062e\u062a\u0647\u0627\u06cc \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u0635\u0646\u0639\u062a\u06cc\n\ud83d\udc6e\ud83c\udffd\u200d\u2640\ufe0f\u0647\u0631\u06af\u0648\u0646\u0647 \u0627\u0646\u062a\u0634\u0627\u0631 \u0648 \u0630\u06a9\u0631 \u0645\u0637\u0627\u0644\u0628 \u0628\u062f\u0648\u0646 \u0630\u06a9\u0631 \u062f\u0642\u06cc\u0642 \u0645\u0646\u0628\u0639 \u0648 \u0622\u062f\u0631\u0633 \u0644\u06cc\u0646\u06a9 \u0622\u0646 \u0645\u0645\u0646\u0648\u0639 \u0627\u0633\u062a. \n\u0627\u062f\u0645\u06cc\u0646:\n\u200fhttps://t.me/pedram_kiani\n\u06a9\u0627\u0646\u0627\u0644 \u062a\u0644\u06af\u0631\u0627\u0645:\nhttps://t.me/ics_cert\n\u06af\u0631\u0648\u0647 \u0648\u0627\u062a\u0633 \u0622\u067e :\nhttps://chat.whatsapp.com/FpB620AWEeSKvd8U6cFh33", "creation_timestamp": "2025-01-21T16:07:29.000000Z"}, {"uuid": "ddaaffa5-49ae-4b0e-a907-be114919f778", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12297", "type": "seen", "source": "https://t.me/cvedetector/15417", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12297 - Moxa EDS-508A Series Authentication Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12297 \nPublished : Jan. 15, 2025, 10:15 a.m. | 26\u00a0minutes ago \nDescription : Moxa\u2019s Ethernet switch EDS-508A Series, running firmware version 3.11 and earlier, is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. These vulnerabilities may enable brute-force attacks to guess valid credentials or MD5 collision attacks to forge authentication hashes, potentially compromising the security of the device. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-15T11:45:48.000000Z"}, {"uuid": "4fecdbe4-0b23-4e5f-a66a-5e3a350d5bb0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12297", "type": "seen", "source": "Telegram/pd6Hois9L-Ok_Ydu60EWoBX9NnIXOJfrvpd0U-oT8UhSwA", "content": "", "creation_timestamp": "2025-03-11T12:18:53.000000Z"}, {"uuid": "94aeb37e-7f32-46ac-9c96-a71b1c47ff5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12297", "type": "seen", "source": "https://t.me/thehackernews/6468", "content": "\u26a0\ufe0f A critical flaw (CVE-2024-12297) in Moxa PT switches could let attackers bypass authentication, with a CVSS score of 9.2/10.\n\nThis could lead to unauthorized access or service disruptions.\n\nProtect your systems now: https://thehackernews.com/2025/03/moxa-issues-fix-for-critical.html", "creation_timestamp": "2025-03-11T07:49:31.000000Z"}, {"uuid": "49bbeb3a-e416-49e5-b5dd-f2eff349a6b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12297", "type": "seen", "source": "https://bsky.app/profile/samilaiho.com/post/3ljrfgogbyk2a", "content": "", "creation_timestamp": "2025-03-07T06:36:57.079567Z"}, {"uuid": "a1dda458-95cb-4885-9a40-a59e8240e216", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12294", "type": "seen", "source": "MISP/be792712-f638-4d7d-b62d-4f5032e86764", "content": "", "creation_timestamp": "2025-09-16T23:16:38.000000Z"}, {"uuid": "c49e9671-542d-41c3-9fc5-879999b62a43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12294", "type": "seen", "source": "MISP/be792712-f638-4d7d-b62d-4f5032e86764", "content": "", "creation_timestamp": "2025-09-18T16:44:35.000000Z"}, {"uuid": "00a7217e-56d6-47ae-9121-0c348338fdcb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12293", "type": "seen", "source": "https://t.me/cvedetector/13077", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12293 - WordPress User Role Editor CSRF Vuln\", \n  \"Content\": \"CVE ID : CVE-2024-12293 \nPublished : Dec. 17, 2024, 9:15 a.m. | 33\u00a0minutes ago \nDescription : The User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.64.3. This is due to missing or incorrect nonce validation on the update_roles() function. This makes it possible for unauthenticated attackers to add or remove roles for arbitrary users, including escalating their privileges to administrator, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-17T10:55:41.000000Z"}, {"uuid": "c2dde9eb-9a14-4669-877a-054237b8488e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12296", "type": "seen", "source": "Telegram/j6UJtWLuKRtOf8eW9u6xVUJtEgaydVbAeVU1MZWTTRptwOWW", "content": "", "creation_timestamp": "2025-02-20T23:26:55.000000Z"}, {"uuid": "28e6730e-94b5-4255-bff3-482611baf154", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12294", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113633848469166263", "content": "", "creation_timestamp": "2024-12-11T11:02:04.630421Z"}, {"uuid": "d3278863-2487-4b70-8f9b-f3eff8c13c88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12292", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113635140492482846", "content": "", "creation_timestamp": "2024-12-11T16:30:39.747067Z"}, {"uuid": "f092f491-2cb3-486f-9f84-2bd8abc48e3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12292", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113639628901523480", "content": "", "creation_timestamp": "2024-12-12T11:32:07.009671Z"}, {"uuid": "cc3230d0-1a31-4bfd-ae79-7d1c848ac747", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12293", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113667204127803065", "content": "", "creation_timestamp": "2024-12-17T08:24:51.626570Z"}, {"uuid": "f8386730-0279-490c-8bb6-ebfe9a873654", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12297", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfrmbojwna2k", "content": "", "creation_timestamp": "2025-01-15T10:58:40.262027Z"}, {"uuid": "b671b269-5abb-4bb6-a734-85d347707832", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12290", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf4vhccwfg2i", "content": "", "creation_timestamp": "2025-01-07T05:16:56.499779Z"}, {"uuid": "ae14b602-c2e5-41dc-a4c7-6945b00dbd44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12291", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf4vhetdn62i", "content": "", "creation_timestamp": "2025-01-07T05:16:58.917967Z"}, {"uuid": "eb3af1c0-037e-42b2-8de1-99877a896317", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12298", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfo3aks7t32r", "content": "", "creation_timestamp": "2025-01-14T01:15:48.257413Z"}, {"uuid": "49ec8a11-5c7e-4343-a239-0848ddc86b15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12297", "type": "seen", "source": "https://bsky.app/profile/maik.io/post/3lg75gqiy432o", "content": "", "creation_timestamp": "2025-01-20T20:10:18.864726Z"}, {"uuid": "14ea7ab1-ecc1-44b2-b2ed-1e781a0e6c6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12297", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lg2q6tiko52u", "content": "", "creation_timestamp": "2025-01-19T02:02:35.967196Z"}, {"uuid": "756b5d52-b339-4c41-8c66-0186d7c372ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "cve-2024-12297", "type": "seen", "source": "https://bsky.app/profile/kyosuke-tanaka.bsky.social/post/3lg2yopxuls2v", "content": "", "creation_timestamp": "2025-01-19T04:34:40.788036Z"}, {"uuid": "b0305332-bdcb-43ac-924a-7091d49d0627", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12299", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113917730403182409", "content": "", "creation_timestamp": "2025-01-30T14:16:59.210721Z"}, {"uuid": "78eb2ff6-b1b9-4681-8d10-8577c40af41f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12295", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114187757507266850", "content": "", "creation_timestamp": "2025-03-19T06:48:26.064303Z"}, {"uuid": "809e4f12-fe1a-4390-b577-17b5efe9a697", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12296", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113990205022762415", "content": "", "creation_timestamp": "2025-02-12T09:28:15.350591Z"}, {"uuid": "9cfaf19c-31f2-446f-9bc0-c87ab9f3b998", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12296", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhxwwpliar2z", "content": "", "creation_timestamp": "2025-02-12T10:15:43.558476Z"}, {"uuid": "9e416379-f4a3-4fd9-b6df-46379783f816", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12296", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113990520258513151", "content": "", "creation_timestamp": "2025-02-12T10:48:24.432374Z"}, {"uuid": "969e6294-62c0-42ba-98d8-2f5e964a3356", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12296", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lhxzp7ttee2v", "content": "", "creation_timestamp": "2025-02-12T11:05:13.383688Z"}, {"uuid": "e2632c58-1cac-4467-84f3-ca616e99fba1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12297", "type": "seen", "source": "https://bsky.app/profile/nimblenerd.social/post/3lk3mvoirxn25", "content": "", "creation_timestamp": "2025-03-11T08:17:14.577383Z"}, {"uuid": "132e9f26-4259-491f-a77c-38b4d3cd80e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12297", "type": "seen", "source": "https://thehackernews.com/2025/03/moxa-issues-fix-for-critical.html", "content": "", "creation_timestamp": "2025-03-11T05:45:00.000000Z"}, {"uuid": "27116d44-58e7-4d24-8da8-5e0ddc2685a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12297", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3me24qaafrw2h", "content": "", "creation_timestamp": "2026-02-04T14:50:13.582806Z"}, {"uuid": "c426ef64-d7b1-4b0c-a08d-85afb20436ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12296", "type": "seen", "source": "https://t.me/cvedetector/17847", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12296 - Apus Framework WordPress Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12296 \nPublished : Feb. 12, 2025, 10:15 a.m. | 37\u00a0minutes ago \nDescription : The Apus Framework plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'import_page_options' function in all versions up to, and including, 2.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-12T12:41:51.000000Z"}, {"uuid": "007e9962-6bf4-4c0d-bf9c-77320d181fd4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12295", "type": "seen", "source": "https://t.me/cvedetector/20626", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12295 - BoomBox Theme Extensions WordPress Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12295 \nPublished : March 19, 2025, 5:15 a.m. | 1\u00a0hour, 39\u00a0minutes ago \nDescription : The BoomBox Theme Extensions plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.8.0. This is due to the plugin not properly validating a user's identity prior to updating their password through the 'boombox_ajax_reset_password' function. This makes it possible for authenticated attackers, with subscriber-level privileges and above, to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-19T07:57:42.000000Z"}, {"uuid": "034119c7-2abe-47d7-93bc-6123c7490bfd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12291", "type": "seen", "source": "https://t.me/cvedetector/14460", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12291 - ViewMedica 9 for WordPress CSRF\", \n  \"Content\": \"CVE ID : CVE-2024-12291 \nPublished : Jan. 7, 2025, 5:15 a.m. | 40\u00a0minutes ago \nDescription : The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.15. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-07T07:10:22.000000Z"}, {"uuid": "bee879f9-490e-4cea-a964-39c8c874070a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12290", "type": "seen", "source": "https://t.me/cvedetector/14457", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12290 - Infility Global WordPress Reflected Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-12290 \nPublished : Jan. 7, 2025, 5:15 a.m. | 40\u00a0minutes ago \nDescription : The Infility Global plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018set_type\u2019 parameter in all versions up to, and including, 2.9.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-07T07:10:17.000000Z"}, {"uuid": "c07c770f-d91f-4e37-afe9-3a33a6267f02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12294", "type": "seen", "source": "https://t.me/cvedetector/12629", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12294 - WordPress WPBeginner Sensitive Information Exposure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12294 \nPublished : Dec. 11, 2024, 11:15 a.m. | 20\u00a0minutes ago \nDescription : The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.1 via the 'get_legacy_cookies' function. This makes it possible for unauthenticated attackers to extract sensitive data including titles and permalinks of private, password-protected, pending, and draft posts. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-11T12:43:59.000000Z"}, {"uuid": "a0dadb9b-e4a9-4511-afdf-d610b7f3c524", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12297", "type": "published-proof-of-concept", "source": "Telegram/l3e32rH5Vr1G0LWCEJnjtgeMTZSnq6j1vh42vzGIavOEvA", "content": "", "creation_timestamp": "2025-03-11T07:54:59.000000Z"}, {"uuid": "da520823-e8d1-40eb-9541-3e7b8ce6fb5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12297", "type": "seen", "source": "https://t.me/true_secator/6827", "content": "\u0422\u0430\u0439\u0432\u0430\u043d\u044c\u0441\u043a\u0430\u044f Moxa \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0441\u0432\u043e\u0438\u0445 \u043a\u043e\u043c\u043c\u0443\u0442\u0430\u0442\u043e\u0440\u0430\u0445 PT, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043e\u0431\u043e\u0439\u0442\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2024-12297, \u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS v4 9,2 \u0438\u0437 \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u0445 10,0 \u0438 \u043e\u0431\u0443\u0441\u043b\u043e\u0432\u043b\u0435\u043d\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430\u043c\u0438 \u0432 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438.\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043d\u0430 \u0441\u0442\u043e\u0440\u043e\u043d\u0435 \u043a\u043b\u0438\u0435\u043d\u0442\u0430 \u0438 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0435\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0435, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u0432 \u0435\u0435 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u0431\u0440\u0443\u0442\u0430 \u0438 \u0430\u0442\u0430\u043a \u0441 \u043a\u043e\u043b\u043b\u0438\u0437\u0438\u0435\u0439 MD5 \u0434\u043b\u044f \u043f\u043e\u0434\u0434\u0435\u043b\u043a\u0438 \u0445\u044d\u0448\u0435\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u0447\u0442\u043e \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0442\u0430\u0432\u0438\u0442 \u043f\u043e\u0434 \u0443\u0433\u0440\u043e\u0437\u0443 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430.\n\n\u0414\u0440\u0443\u0433\u0438\u043c\u0438 \u0441\u043b\u043e\u0432\u0430\u043c\u0438, \u0443\u0441\u043f\u0435\u0448\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u044d\u0442\u043e\u0433\u043e \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043e\u0431\u0445\u043e\u0434\u0443 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f\u043c \u0438\u043b\u0438 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0440\u0430\u0431\u043e\u0442\u0443 \u0441\u043b\u0443\u0436\u0431.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u0432\u0435\u0440\u0441\u0438\u0438: PT-508 (\u0432\u0435\u0440\u0441\u0438\u044f \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0438 3.8), PT-510 (\u0432\u0435\u0440\u0441\u0438\u044f 3.8), PT-7528 (\u0432\u0435\u0440\u0441\u0438\u044f 5.0), PT-7728 (\u0432\u0435\u0440\u0441\u0438\u044f 3.9), PT-7828 (\u0432\u0435\u0440\u0441\u0438\u044f 4.0), PT-G503 (\u0432\u0435\u0440\u0441\u0438\u044f 5.3), PT-G510 (\u0432\u0435\u0440\u0441\u0438\u044f 6.5), PT-G7728 (\u0432\u0435\u0440\u0441\u0438\u044f 6.5) \u0438 PT-G7828 (\u0432\u0435\u0440\u0441\u0438\u044f 6.5 \u0438 \u0431\u043e\u043b\u0435\u0435 \u0440\u0430\u043d\u043d\u044f\u044f).\n\n\u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u043d\u043e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c, \u0441\u0432\u044f\u0437\u0430\u0432\u0448\u0438\u0441\u044c \u0441\u043e \u0441\u043b\u0443\u0436\u0431\u043e\u0439 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0438 Moxa.\n\n\u041f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a \u0432\u044b\u0440\u0430\u0437\u0438\u043b \u043f\u0440\u0438\u0437\u043d\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u0410\u0440\u0442\u0435\u043c\u0443 \u0422\u0443\u0440\u044b\u0448\u0435\u0432\u0443 \u0438\u0437 \u0420\u0443\u0441\u0430\u0442\u043e\u043c \u0410\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f (\u0420\u0410\u0421\u0423) \u0437\u0430 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0435 \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.\n\n\u041f\u043e\u043c\u0438\u043c\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0445 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f\u043c, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u044b, \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0435\u0442\u0438 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0431\u0440\u0430\u043d\u0434\u043c\u0430\u0443\u044d\u0440\u043e\u0432 \u0438\u043b\u0438 ACL, \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0442\u044c \u0441\u0435\u0433\u043c\u0435\u043d\u0442\u0430\u0446\u0438\u044e \u0441\u0435\u0442\u0438, \u0432\u043d\u0435\u0434\u0440\u0438\u0442\u044c MFA \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0430\u0436\u043d\u044b\u043c \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u043c, \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u044e \u0441\u043e\u0431\u044b\u0442\u0438\u0439, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0442\u044c \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u0442\u0440\u0430\u0444\u0438\u043a \u0438 \u043f\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u043d\u0430 \u043f\u0440\u0435\u0434\u043c\u0435\u0442 \u0430\u043d\u043e\u043c\u0430\u043b\u0438\u0439.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, Moxa \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u0442\u0443 \u0436\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Ethernet-\u043a\u043e\u043c\u043c\u0443\u0442\u0430\u0442\u043e\u0440\u0435 \u0441\u0435\u0440\u0438\u0438 EDS-508A, \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0435\u043c \u043f\u043e\u0434 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u0432\u0435\u0440\u0441\u0438\u0438 \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0438 3.11 \u0438 \u0431\u043e\u043b\u0435\u0435 \u0440\u0430\u043d\u043d\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u0439, \u0435\u0449\u0435 \u0432 \u0441\u0435\u0440\u0435\u0434\u0438\u043d\u0435 \u044f\u043d\u0432\u0430\u0440\u044f 2025 \u0433\u043e\u0434\u0430.", "creation_timestamp": "2025-03-11T13:36:07.000000Z"}, {"uuid": "bb4b8099-265e-4c23-a368-2d4c38e6ab7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "cve-2024-12297", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113831815458773296", "content": "", "creation_timestamp": "2025-01-15T10:07:41.158250Z"}, {"uuid": "c2981ae5-6666-45de-ab4b-a135cdc4e8d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12297", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfrjuzda762f", "content": "", "creation_timestamp": "2025-01-15T10:15:46.367437Z"}, {"uuid": "9ee150b8-0735-4549-87d8-fa003acb6e9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12299", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgxodio7ii2t", "content": "", "creation_timestamp": "2025-01-30T14:16:37.064684Z"}, {"uuid": "8efe96ae-da2b-4f0b-85eb-b075a319d91e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12295", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkpoa2jy5z2e", "content": "", "creation_timestamp": "2025-03-19T07:34:11.883818Z"}, {"uuid": "c7673b49-f652-4457-8177-494423c8c1a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12297", "type": "seen", "source": "https://cyber.gc.ca/en/alerts-advisories/control-systems-moxa-security-advisory-av26-085", "content": "", "creation_timestamp": "2026-02-04T15:40:27.000000Z"}]}