{"vulnerability": "cve-2025-2920", "sightings": [{"uuid": "d796176a-eebc-409b-aff0-7ade6e42bebf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-29209", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12864", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-29209\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: TOTOLINK X18 v9.1.0cu.2024_B20220329 has an unauthorized arbitrary command execution in the enable parameter' of the sub_41105C function of cstecgi .cgi.\n\ud83d\udccf Published: 2025-04-18T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-22T14:49:20.511Z\n\ud83d\udd17 References:\n1. https://github.com/LZY0522/CVE/blob/main/X18-sub_41105c.md", "creation_timestamp": "2025-04-22T15:03:40.000000Z"}, {"uuid": "f556a773-9b10-4aac-9948-526b86a788f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-29208", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9955", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-29208\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: CodeZips Gym Management System v1.0 is vulnerable to SQL injection in the name parameter within /dashboard/admin/deleteroutine.php.\n\ud83d\udccf Published: 2025-04-01T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-01T17:24:22.126Z\n\ud83d\udd17 References:\n1. https://github.com/LLz-7/CVE/blob/main/CVE_1.md", "creation_timestamp": "2025-04-01T17:32:35.000000Z"}, {"uuid": "4d805f23-3ebb-4d11-8229-79c5f1a0bbbd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2920", "type": "seen", "source": "https://t.me/cvedetector/21457", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2920 - Netis WF-2404 Password Hash Weakness\", \n  \"Content\": \"CVE ID : CVE-2025-2920 \nPublished : March 28, 2025, 6:15 p.m. | 18\u00a0minutes ago \nDescription : A vulnerability was found in Netis WF-2404 1.1.124EN. It has been rated as problematic. This issue affects some unknown processing of the file /\u0435tc/passwd. The manipulation leads to use of weak hash. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 2.0 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-28T20:16:00.000000Z"}, {"uuid": "7dad2f71-c174-47f1-a22f-52df26204b5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2920", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9417", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2920\n\ud83d\udd25 CVSS Score: 1 (cvssV4_0, Vector: CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in Netis WF-2404 1.1.124EN. It has been rated as problematic. This issue affects some unknown processing of the file /\u0435tc/passwd. The manipulation leads to use of weak hash. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.\n\ud83d\udccf Published: 2025-03-28T18:00:10.769Z\n\ud83d\udccf Modified: 2025-03-28T18:00:10.769Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.301895\n2. https://vuldb.com/?ctiid.301895\n3. https://vuldb.com/?submit.521037\n4. https://scoozi.substack.com/p/hacking-a-netis-wf-2404-router-cont", "creation_timestamp": "2025-03-28T18:28:14.000000Z"}, {"uuid": "e2b52777-cf48-4c77-a64e-d2330b824c3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-29208", "type": "seen", "source": "https://t.me/cvedetector/21803", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-29208 - CodeZips Gym Management System SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2025-29208 \nPublished : April 1, 2025, 6:15 p.m. | 1\u00a0hour, 25\u00a0minutes ago \nDescription : CodeZips Gym Management System v1.0 is vulnerable to SQL injection in the name parameter within /dashboard/admin/deleteroutine.php. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-01T22:15:47.000000Z"}]}