{"vulnerability": "cve-2024-5232", "sightings": [{"uuid": "38c6bd35-16a9-4dd9-95f4-2475c9d54346", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52325", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2747", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-52325\n\ud83d\udd39 Description: ECOVACS robot lawnmowers and vacuums are vulnerable to command injection via SetNetPin() over unauthenticated BLE connection.\n\ud83d\udccf Published: 2025-01-23T15:56:30.185Z\n\ud83d\udccf Modified: 2025-01-23T15:56:30.185Z\n\ud83d\udd17 References:\n1. https://dontvacuum.me/talks/DEFCON32/DEFCON32_reveng_hacking_ecovacs_robots.pdf\n2. https://youtu.be/_wUsM0Mlenc?t=2041\n3. https://www.ecovacs.com/global/userhelp/dsa20241130001\n4. https://www.ecovacs.com/global/userhelp/dsa20241119", "creation_timestamp": "2025-01-23T16:02:50.000000Z"}, {"uuid": "31ad73c9-3f85-4a89-8d5e-5cc84779ce63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52322", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10605", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-52322\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: WebService::Xero 0.11 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.\n\nSpecifically WebService::Xero uses the Data::Random library which specifically states that it is \"Useful mostly for test programs\". Data::Random uses the rand() function.\n\ud83d\udccf Published: 2025-04-05T16:19:16.490Z\n\ud83d\udccf Modified: 2025-04-05T16:19:16.490Z\n\ud83d\udd17 References:\n1. https://perldoc.perl.org/functions/rand\n2. https://security.metacpan.org/docs/guides/random-data-for-security.html\n3. https://metacpan.org/release/BAREFOOT/Data-Random-0.13/source/lib/Data/Random.pm#L537\n4. https://metacpan.org/release/LOCALSHOP/WebService-Xero-0.11/source/lib/WebService/Xero/Agent.pm#L17\n5. https://metacpan.org/release/LOCALSHOP/WebService-Xero-0.11/source/lib/WebService/Xero/Agent.pm#L178\n6. https://metacpan.org/release/LOCALSHOP/WebService-Xero-0.11/source/lib/WebService/Xero/Agent/PublicApplication.pm#L13\n7. https://metacpan.org/release/LOCALSHOP/WebService-Xero-0.11/source/lib/WebService/Xero/Agent/PublicApplication.pm#L93", "creation_timestamp": "2025-04-05T16:39:05.000000Z"}, {"uuid": "a7029eba-bc12-4ae7-9be2-dd807979a591", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52324", "type": "seen", "source": "https://t.me/cvedetector/12270", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52324 - Ruijie Reyee OS versions 2.206.x up to but not inc\", \n  \"Content\": \"CVE ID : CVE-2024-52324 \nPublished : Dec. 6, 2024, 7:15 p.m. | 19\u00a0minutes ago \nDescription : Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses an inherently dangerous function which could allow an attacker to send a malicious MQTT message resulting in devices executing arbitrary OS commands. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-06T20:38:57.000000Z"}, {"uuid": "b1f803e7-d55f-47bc-a64c-8229a1126800", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52320", "type": "seen", "source": "https://t.me/cvedetector/12262", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52320 - The affected product is vulnerable to a command in\", \n  \"Content\": \"CVE ID : CVE-2024-52320 \nPublished : Dec. 6, 2024, 6:15 p.m. | 28\u00a0minutes ago \nDescription : The affected product is vulnerable to a command injection. An unauthenticated attacker could send commands through a malicious HTTP request which could result in remote code execution. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-06T19:48:37.000000Z"}, {"uuid": "0a8edc43-7e5b-4200-b1de-76783f211228", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52320", "type": "seen", "source": "https://t.me/thehackernews/6188", "content": "\ud83d\udea8 Researchers discovered 3 vulnerabilities in WGS-804HPT switches used in automation systems\u2014exploitable to execute remote code.\n\n\u2937 CVE-2024-52320 &amp; CVE-2024-48871: Critical 9.8 scores!\n\u2937 Attackers can execute remote code with just a malicious HTTP request.\n\nRead the full report: https://thehackernews.com/2025/01/critical-flaws-in-wgs-804hpt-switches.html", "creation_timestamp": "2025-01-17T15:21:51.000000Z"}, {"uuid": "c984ef39-0cd7-4576-86d8-a5043b2403dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52320", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113607060208910849", "content": "", "creation_timestamp": "2024-12-06T17:29:28.290813Z"}, {"uuid": "8e818594-86dc-440c-a357-9968593bce53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52323", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-24-1676/", "content": "", "creation_timestamp": "2024-12-11T05:00:00.000000Z"}, {"uuid": "589fa59e-9814-40b8-bca2-5f1a68d89113", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52320", "type": "seen", "source": "https://bsky.app/profile/dinosn.bsky.social/post/3lgcm7dwtps2t", "content": "", "creation_timestamp": "2025-01-22T05:12:41.613213Z"}, {"uuid": "9475065b-f6f8-475b-8c32-76b5b565e072", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "cve-2024-52320", "type": "seen", "source": "https://bsky.app/profile/kyosuke-tanaka.bsky.social/post/3lgcryz36es2y", "content": "", "creation_timestamp": "2025-01-22T06:56:26.070457Z"}, {"uuid": "263143b2-0331-4731-9254-339ebfd7bda2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52325", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113878505637827040", "content": "", "creation_timestamp": "2025-01-23T16:01:36.981896Z"}, {"uuid": "636aae7e-ddd7-40e1-91c5-6b7e0c017859", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52325", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lggbqixvt72w", "content": "", "creation_timestamp": "2025-01-23T16:15:59.792315Z"}, {"uuid": "eeb5e9a4-7577-4c46-9ec7-b39d5a49c8e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52325", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113878691722009996", "content": "", "creation_timestamp": "2025-01-23T16:49:34.098657Z"}, {"uuid": "d9d96cc2-2980-4fea-846c-4ee2b04043b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52325", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lggdwefi3v2k", "content": "", "creation_timestamp": "2025-01-23T16:55:05.837341Z"}, {"uuid": "1f7c8214-dba9-4a36-a0ff-d265792e1920", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52329", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lggggvcspq2u", "content": "", "creation_timestamp": "2025-01-23T17:40:08.604680Z"}, {"uuid": "8baca09d-4e13-42bf-a754-2f6fe99d7ebd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52327", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lggggvgpfz2e", "content": "", "creation_timestamp": "2025-01-23T17:40:09.206899Z"}, {"uuid": "5b4d8006-643a-49e5-b88b-904f1705d844", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52328", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lggggvjz242k", "content": "", "creation_timestamp": "2025-01-23T17:40:09.863358Z"}, {"uuid": "2c06c41d-6c58-49c3-bb4f-cde116b580a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52322", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lm3tkyylmn2o", "content": "", "creation_timestamp": "2025-04-05T21:06:55.699157Z"}, {"uuid": "764ffe57-4eec-4d13-8d06-e6f80c0e2e3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52322", "type": "seen", "source": "https://t.me/cvedetector/22195", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52322 - Xero WebService Perl Cryptographic Entropy Weakness\", \n  \"Content\": \"CVE ID : CVE-2024-52322 \nPublished : April 5, 2025, 5:15 p.m. | 1\u00a0hour, 44\u00a0minutes ago \nDescription : WebService::Xero 0.11 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.  \n  \nSpecifically WebService::Xero uses the Data::Random library which specifically states that it is \"Useful mostly for test programs\". Data::Random uses the rand() function. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-05T21:36:05.000000Z"}, {"uuid": "592c3141-161f-4b10-b985-4353a42e897e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52329", "type": "seen", "source": "https://t.me/cvedetector/16209", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52329 - ECOVACS HOME Mobile App TLS Certificate Validation Exposure\", \n  \"Content\": \"CVE ID : CVE-2024-52329 \nPublished : Jan. 23, 2025, 5:15 p.m. | 40\u00a0minutes ago \nDescription : ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic and obtain authentication tokens. \nSeverity: 7.4 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-23T19:09:09.000000Z"}, {"uuid": "16a72339-ddce-4b1f-bc09-7cb478f8af38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52328", "type": "seen", "source": "https://t.me/cvedetector/16208", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52328 - ECOVACS Robot Camera File Deletion Arbitrary File Write\", \n  \"Content\": \"CVE ID : CVE-2024-52328 \nPublished : Jan. 23, 2025, 5:15 p.m. | 40\u00a0minutes ago \nDescription : ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker with access to the /data filesystem can delete or modify warning files such that users may not be aware that the camera is on. \nSeverity: 2.3 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-23T19:09:08.000000Z"}, {"uuid": "40ee20ae-e27e-47a3-a454-8c17be610502", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52321", "type": "seen", "source": "https://t.me/cvedetector/13526", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52321 - Sharp Router Unauthenticated Configuration Backup Disclosure\", \n  \"Content\": \"CVE ID : CVE-2024-52321 \nPublished : Dec. 23, 2024, 1:15 a.m. | 41\u00a0minutes ago \nDescription : Multiple SHARP routers contain an improper authentication vulnerability in the configuration backup function. The product's backup files containing sensitive information may be retrieved by a remote unauthenticated attacker. \nSeverity: 5.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-23T03:17:13.000000Z"}, {"uuid": "ce460997-7a41-439a-b079-b3280b0bcd4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52320", "type": "seen", "source": "https://t.me/true_secator/6636", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Claroty \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u044e\u0442 \u043e \u0442\u0440\u0435\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u0445 \u0432 \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u044b\u0445 \u043a\u043e\u043c\u043c\u0443\u0442\u0430\u0442\u043e\u0440\u0430\u0445 WGS-804HPT \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 Planet Technology, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0436\u043d\u043e \u043e\u0431\u044a\u0435\u0434\u0438\u043d\u0438\u0442\u044c \u0432 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u0434\u043b\u044f \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0434\u043e \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445.\n\n\u0417\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0435 \u043a\u043e\u043c\u043c\u0443\u0442\u0430\u0442\u043e\u0440\u044b \u0448\u0438\u0440\u043e\u043a\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0430\u0446\u0438\u0438 \u0437\u0434\u0430\u043d\u0438\u0439 \u0438 \u0434\u043e\u043c\u043e\u0432 \u0434\u043b\u044f \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0441 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c\u044e \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043e\u0434\u043d\u0438\u043c \u0438\u0437 \u044d\u0442\u0438\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0438\u0445 \u0434\u043b\u044f \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0435\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u0432\u043e \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0435\u0439 \u0441\u0435\u0442\u0438 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0433\u043e\u0440\u0438\u0437\u043e\u043d\u0442\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0435\u043d\u0438\u044f.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0443\u0434\u0430\u043b\u043e\u0441\u044c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0442\u044c \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0433\u043b\u0443\u0431\u043e\u043a\u043e\u0433\u043e \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0439 \u0432 \u044d\u0442\u0438\u0445 \u043a\u043e\u043c\u043c\u0443\u0442\u0430\u0442\u043e\u0440\u0430\u0445 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0430 QEMU. \n\n\u0412\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u043e\u0448\u0438\u0431\u043a\u0438, \u043a\u0430\u043a \u043e\u043a\u0430\u0437\u0430\u043b\u043e\u0441\u044c, \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u043e\u043c dispatcher.cgi, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u043c \u0434\u043b\u044f \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0438 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0438\u0441\u0430.\n\n\u0421\u0440\u0435\u0434\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0445 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435:\n\n- CVE-2024-52558\u00a0(CVSS: 5,3): \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430 \u0441 \u043f\u043e\u0442\u0435\u0440\u0435\u0439 \u0446\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u0438\u0441\u043a\u0430\u0436\u0435\u043d\u043d\u044b\u0439 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u0435\u0434\u0435\u0442 \u043a \u0441\u0431\u043e\u044e.\n\n- CVE-2024-52320\u00a0(CVSS: 9,8): \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434 \u041e\u0421, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0447\u0435\u0440\u0435\u0437 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a RCE.\n\n- CVE-2024-48871\u00a0(CVSS: 9,8): \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u0441\u0442\u0435\u043a\u0435, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441, \u0447\u0442\u043e \u0442\u0430\u043a\u0436\u0435 \u043f\u0440\u0438\u0432\u0435\u0434\u0435\u0442 \u043a RCE.\n\n\u0423\u0441\u043f\u0435\u0448\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u043f\u043e\u0442\u043e\u043a \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f, \u0432\u043d\u0435\u0434\u0440\u0438\u0432 \u0448\u0435\u043b\u043b-\u043a\u043e\u0434 \u0432 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441 \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.\n\n\u041f\u043e\u0441\u043b\u0435 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0442\u0430\u0439\u0432\u0430\u043d\u044c\u0441\u043a\u0438\u0439 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432 \u0432 \u0441\u043e\u0441\u0442\u0430\u0432\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 1.305b241111, \u0432\u044b\u0448\u0435\u0434\u0448\u0435\u0439 15 \u043d\u043e\u044f\u0431\u0440\u044f 2024 \u0433\u043e\u0434\u0430.", "creation_timestamp": "2025-01-20T15:07:11.000000Z"}, {"uuid": "a9c7e1bb-dd4a-40bf-b75a-42d5667cb653", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52324", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113607345259765655", "content": "", "creation_timestamp": "2024-12-06T18:41:57.692193Z"}, {"uuid": "64e66ee5-2f0e-438a-9d04-2eef8d2454be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52320", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-340-02", "content": "", "creation_timestamp": "2024-12-05T11:00:00.000000Z"}, {"uuid": "7e205e40-77ec-4047-928e-c379c763d97f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52321", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113699410946792957", "content": "", "creation_timestamp": "2024-12-23T00:55:28.758720Z"}, {"uuid": "0f639418-ee3f-426b-93c9-ced09f315265", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52321", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ldwqy3jks42m", "content": "", "creation_timestamp": "2024-12-23T01:15:40.985125Z"}, {"uuid": "7f2c6eb9-452b-4b71-adb5-cb13580c4518", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52320", "type": "seen", "source": "https://bsky.app/profile/hackingne.ws/post/3lfx2yq54or2y", "content": "", "creation_timestamp": "2025-01-17T15:05:23.688835Z"}, {"uuid": "6a3aa26d-65c7-48fd-afea-7bd5dffa6fdc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52325", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/113878791093848271", "content": "", "creation_timestamp": "2025-01-23T17:14:12.522377Z"}, {"uuid": "96ab8c7b-185b-4f7a-a015-19878112b604", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52327", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lggf3c4nos2p", "content": "", "creation_timestamp": "2025-01-23T17:15:42.665371Z"}, {"uuid": "ba3d64b9-16e2-41db-86e2-10763b9f9809", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52328", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lggf3ebl6t2w", "content": "", "creation_timestamp": "2025-01-23T17:15:44.912360Z"}, {"uuid": "fe227387-c1fc-43b9-ac4d-ef46ff3b8ec7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52329", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lggf3gdxbn2r", "content": "", "creation_timestamp": "2025-01-23T17:15:47.889261Z"}, {"uuid": "5b0d51a4-664e-41a1-800d-e67163a07f62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52320", "type": "seen", "source": "https://bsky.app/profile/bolhasec.com/post/3ljjcvefkz62d", "content": "", "creation_timestamp": "2025-03-04T01:30:10.815822Z"}, {"uuid": "f037a474-5601-458e-9fb7-141ae3e8e660", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52327", "type": "seen", "source": "https://t.me/cvedetector/16214", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52327 - ECOVACS Cloud Service Authenticated Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-52327 \nPublished : Jan. 23, 2025, 5:15 p.m. | 40\u00a0minutes ago \nDescription : The cloud service used by ECOVACS robot lawnmowers and vacuums allows authenticated attackers to bypass the PIN entry required to access the live video feed. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-23T19:09:16.000000Z"}, {"uuid": "6101030f-6cd6-46ca-835f-a2ee96ceb0e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52324", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-01", "content": "", "creation_timestamp": "2024-12-03T11:00:00.000000Z"}, {"uuid": "afca99ed-a104-4963-8607-30f5473b2bbe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52323", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113554320938975706", "content": "", "creation_timestamp": "2024-11-27T09:57:11.016781Z"}, {"uuid": "fa8af9bf-996b-4bcc-89b9-cffd08c534ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52320", "type": "seen", "source": "https://bsky.app/profile/techifeunity.bsky.social/post/3lg5hd3s4722s", "content": "", "creation_timestamp": "2025-01-20T04:01:59.088748Z"}]}