VAR-200412-0547
Vulnerability from variot - Updated: 2025-04-03 21:47SQL injection vulnerability in IP3 Networks NetAccess Appliance before firmware 3.1.18b13 allows remote attackers to bypass authentication via the (1) login or (2) password. NOTE: this issue was later reported to also affect firmware 4.0.34. The IP3 NetAccess Appliance is reported prone to a remote SQL-injection vulnerability. This issue is due to the application's failure to properly sanitize user input. This issue may allow an attacker to gain full control of the appliance through the network-administration interface. The attacker may also be able to influence database queries to view or modify sensitive information, potentially compromising the system or the database.
KPMG recommends that owners of a NetAccess NA75 take steps to ensure the security of the device, and that IP3 Networks is contacted to acquire the new firmware that includes the patches for the issues described. IP3 Networks has requested that customers contact IP3 through http://www.ip3.com/supportoverview.htm.
Product: NA75 and possibly others Revision: na-img-4.0.34.bin Vendor Status: notified, verified and patch available from 1 April 2006 Risk: High Remote: Yes Local: Yes
ISSUE 1: Various SQL injection vulnerabilities in the HTTP user interface Due to the absence of user input validation, attackers can embed SQL commands and queries into various HTTP forms. The impact of this is that attackers can login into the unit by specifying username 'admin' and password ' OR "1=1';--. However, as can be seen from the above info, we have found the vulnerability to be present in firmware 4.0.34.
ISSUE 2: Unix command injection vulnerability in command line interface Due to the absence of user input filtering in the command line interface, attackers can embed Unix commands in certain parameters by passing the commands in the unix shell substitution characters '`'.
ISSUE 3: No mandatory default password change on first login The default username and password 'admin'/'admin' do not have to be changed at first login. This greatly increases the chance of the password remaining 'admin' after install.
ISSUE 4: World readable shadow password file The shadow password file contains the encrypted passwords for all users on the system. Password crackers can be used on this file to obtain the plaintext passwords for users.
ISSUE 5: NetAccess database file world readable and writable The permission settings on the NetAccess database file allow all unix users read and write access to the file, thereby allowing potentially sensitive customer information to be disclosed.
Ralph Moonen, CISSP Manager KPMG Information Risk Management Amstelveen, The Netherlands
De informatie verzonden met dit e-mailbericht (en bijlagen) is uitsluitend bestemd voor de geadresseerde(n) en zij die van de geadresseerde(n) toestemming hebben dit bericht te lezen. Gebruik door anderen dan geadresseerde(n) is verboden. De informatie in dit e-mailbericht (en de bijlagen) kan vertrouwelijk van aard zijn en kan binnen het bereik vallen van een geheimhoudingsplicht. KPMG is niet aansprakelijk voor schade ten gevolge van het gebruik van elektronische middelen van communicatie, daaronder begrepen -maar niet beperkt tot- schade ten gevolge van niet aflevering of vertraging bij de aflevering van elektronische berichten, onderschepping of manipulatie van elektronische berichten door derden of door programmatuur/apparatuur gebruikt voor elektronische communicatie en overbrenging van virussen en andere kwaadaardige programmatuur.
Any information transmitted by means of this e-mail (and any of its attachments) is intended exclusively for the addressee or addressees and for those authorized by the addressee or addressees to read this message. Any use by a party other than the addressee or addressees is prohibited. The information contained in this e-mail (or any of its attachments) may be confidential in nature and fall under a duty of non-disclosure. KPMG shall not be liable for damages resulting from the use of electronic means of communication, including -but not limited to- damages resulting from failure or delay in delivery of electronic communications, interception or manipulation of electronic communications by third parties or by computer programs used for electronic communications and transmission of viruses and other malicious code.
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200412-0547",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "netaccess - hospitality",
"scope": "eq",
"trust": 1.0,
"vendor": "ip3",
"version": "*"
},
{
"model": "netaccess - wireless hotspots",
"scope": "eq",
"trust": 1.0,
"vendor": "ip3",
"version": "*"
},
{
"model": "netaccess",
"scope": "eq",
"trust": 1.0,
"vendor": "ip3",
"version": "*"
},
{
"model": "netaccess",
"scope": null,
"trust": 0.6,
"vendor": "ip3",
"version": null
},
{
"model": "netaccess - wireless hotspots",
"scope": null,
"trust": 0.6,
"vendor": "ip3",
"version": null
},
{
"model": "netaccess - hospitality",
"scope": null,
"trust": 0.6,
"vendor": "ip3",
"version": null
},
{
"model": "networks na75",
"scope": "eq",
"trust": 0.3,
"vendor": "ip3",
"version": "4.0.34"
},
{
"model": "networks ip3 netaccess wireless isps \u0026 mdus",
"scope": "eq",
"trust": 0.3,
"vendor": "ip3",
"version": "-4.0.34"
},
{
"model": "networks ip3 netaccess wireless isps \u0026 mdus b13",
"scope": "eq",
"trust": 0.3,
"vendor": "ip3",
"version": "-3.1.18"
},
{
"model": "networks ip3 netaccess wireless isps \u0026 mdus",
"scope": "eq",
"trust": 0.3,
"vendor": "ip3",
"version": null
},
{
"model": "networks ip3 netaccess wireless hotzones \u0026 small hotels",
"scope": "eq",
"trust": 0.3,
"vendor": "ip3",
"version": "-4.0.34"
},
{
"model": "networks ip3 netaccess wireless hotzones \u0026 small hotels b13",
"scope": "eq",
"trust": 0.3,
"vendor": "ip3",
"version": "-3.1.18"
},
{
"model": "networks ip3 netaccess wireless hotzones \u0026 small hotels",
"scope": "eq",
"trust": 0.3,
"vendor": "ip3",
"version": null
},
{
"model": "networks ip3 netaccess wireless hotspots",
"scope": "eq",
"trust": 0.3,
"vendor": "ip3",
"version": "-4.0.34"
},
{
"model": "networks ip3 netaccess wireless hotspots b13",
"scope": "eq",
"trust": 0.3,
"vendor": "ip3",
"version": "-3.1.18"
},
{
"model": "networks ip3 netaccess wireless hotspots",
"scope": "eq",
"trust": 0.3,
"vendor": "ip3",
"version": null
},
{
"model": "networks ip3 netaccess hospitality",
"scope": "eq",
"trust": 0.3,
"vendor": "ip3",
"version": "-4.0.34"
},
{
"model": "networks ip3 netaccess hospitality b13",
"scope": "eq",
"trust": 0.3,
"vendor": "ip3",
"version": "-3.1.18"
},
{
"model": "networks ip3 netaccess hospitality",
"scope": "eq",
"trust": 0.3,
"vendor": "ip3",
"version": null
},
{
"model": "networks ip3 netaccess campus and mdus",
"scope": "eq",
"trust": 0.3,
"vendor": "ip3",
"version": "-4.0.34"
},
{
"model": "networks ip3 netaccess campus and mdus b13",
"scope": "eq",
"trust": 0.3,
"vendor": "ip3",
"version": "-3.1.18"
},
{
"model": "networks ip3 netaccess campus and mdus",
"scope": "eq",
"trust": 0.3,
"vendor": "ip3",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "9858"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1019"
},
{
"db": "NVD",
"id": "CVE-2004-2326"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovery of this issue is credited to Syam Yanuar \u003csy4m@yahoo.com\u003e.",
"sources": [
{
"db": "BID",
"id": "9858"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1019"
}
],
"trust": 0.9
},
"cve": "CVE-2004-2326",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2004-2326",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-10754",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2004-2326",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200412-1019",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-10754",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10754"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1019"
},
{
"db": "NVD",
"id": "CVE-2004-2326"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in IP3 Networks NetAccess Appliance before firmware 3.1.18b13 allows remote attackers to bypass authentication via the (1) login or (2) password. NOTE: this issue was later reported to also affect firmware 4.0.34. The IP3 NetAccess Appliance is reported prone to a remote SQL-injection vulnerability. This issue is due to the application\u0027s failure to properly sanitize user input. \nThis issue may allow an attacker to gain full control of the appliance through the network-administration interface. The attacker may also be able to influence database queries to view or modify sensitive information, potentially compromising the system or the database. \n--------------------\n\nKPMG recommends that owners of a NetAccess NA75 take steps to ensure the\nsecurity of the \ndevice, and that IP3 Networks is contacted to acquire the new firmware\nthat includes the \npatches for the issues described. IP3 Networks has requested that\ncustomers contact IP3 \nthrough http://www.ip3.com/supportoverview.htm. \n\nProduct:\t\tNA75 and possibly others\nRevision:\t\tna-img-4.0.34.bin\nVendor Status: \tnotified, verified and patch available from 1 April 2006\nRisk:\t\t\tHigh\nRemote:\t\tYes\nLocal:\t\tYes\n\n---------------------\n\nISSUE 1: Various SQL injection vulnerabilities in the HTTP user\ninterface\nDue to the absence of user input validation, attackers can embed SQL\ncommands and queries \ninto various HTTP forms. The impact of this is that attackers can login\ninto the unit by \nspecifying username \u0027admin\u0027 and password \u0027 OR \"1=1\u0027;--. However, as can be seen from the above info, we have found\nthe vulnerability to \nbe present in firmware 4.0.34. \n\nISSUE 2: Unix command injection vulnerability in command line interface\nDue to the absence of user input filtering in the command line\ninterface, attackers can \nembed Unix commands in certain parameters by passing the commands in the\nunix shell \nsubstitution characters \u0027`\u0027. \n\nISSUE 3: No mandatory default password change on first login\nThe default username and password \u0027admin\u0027/\u0027admin\u0027 do not have to be\nchanged at first \nlogin. This greatly increases the chance of the password remaining\n\u0027admin\u0027 after install. \n\nISSUE 4: World readable shadow password file\nThe shadow password file contains the encrypted passwords for all users\non the system. \nPassword crackers can be used on this file to obtain the plaintext\npasswords for users. \n\nISSUE 5: NetAccess database file world readable and writable\nThe permission settings on the NetAccess database file allow all unix\nusers read and \nwrite access to the file, thereby allowing potentially sensitive\ncustomer information \nto be disclosed. \n\n\nRalph Moonen, CISSP\nManager KPMG Information Risk Management\nAmstelveen, The Netherlands\n\n\n--------------------------------------------------------------------------------------------------------------------------------------------\nDe informatie verzonden met dit e-mailbericht (en bijlagen) is uitsluitend bestemd voor de geadresseerde(n) en zij die van de geadresseerde(n) toestemming hebben dit bericht te lezen. Gebruik door anderen dan geadresseerde(n) is verboden. De informatie in dit e-mailbericht (en de bijlagen) kan vertrouwelijk van aard zijn en kan binnen het bereik vallen van een geheimhoudingsplicht. \nKPMG is niet aansprakelijk voor schade ten gevolge van het gebruik van elektronische middelen van communicatie, daaronder begrepen -maar niet beperkt tot- schade ten gevolge van niet aflevering of vertraging bij de aflevering van elektronische berichten, onderschepping of manipulatie van elektronische berichten door derden of door programmatuur/apparatuur gebruikt voor elektronische communicatie en overbrenging van virussen en andere kwaadaardige programmatuur. \n\nAny information transmitted by means of this e-mail (and any of its attachments) is intended exclusively for the addressee or addressees and for those authorized by the addressee or addressees to read this message. Any use by a party other than the addressee or addressees is prohibited. The information contained in this e-mail (or any of its attachments) may be confidential in nature and fall under a duty of non-disclosure. \nKPMG shall not be liable for damages resulting from the use of electronic means of communication, including -but not limited to- damages resulting from failure or delay in delivery of electronic communications, interception or manipulation of electronic communications by third parties or by computer programs used for electronic communications and transmission of viruses and other malicious code. \n\n--------------------------------------------------------------------------------------------------------------------------------------------\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-2326"
},
{
"db": "BID",
"id": "9858"
},
{
"db": "VULHUB",
"id": "VHN-10754"
},
{
"db": "PACKETSTORM",
"id": "45883"
}
],
"trust": 1.35
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-10754",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10754"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "9858",
"trust": 2.1
},
{
"db": "NVD",
"id": "CVE-2004-2326",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1019",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20060424 MULTIPLE VULNERABILITIES IN IP3 NETWORKS \u0027NETACCESS\u0027 NA75 APPLIANCE",
"trust": 0.6
},
{
"db": "XF",
"id": "3",
"trust": 0.6
},
{
"db": "XF",
"id": "26106",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "23808",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-77557",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-10754",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "45883",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10754"
},
{
"db": "BID",
"id": "9858"
},
{
"db": "PACKETSTORM",
"id": "45883"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1019"
},
{
"db": "NVD",
"id": "CVE-2004-2326"
}
]
},
"id": "VAR-200412-0547",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-10754"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T21:47:47.703000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-2326"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/9858"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/432007/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26106"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/432007/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/26106"
},
{
"trust": 0.3,
"url": "http://www.ip3.com/"
},
{
"trust": 0.3,
"url": "/archive/1/432007"
},
{
"trust": 0.1,
"url": "http://www.ip3.com/supportoverview.htm."
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10754"
},
{
"db": "BID",
"id": "9858"
},
{
"db": "PACKETSTORM",
"id": "45883"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1019"
},
{
"db": "NVD",
"id": "CVE-2004-2326"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-10754"
},
{
"db": "BID",
"id": "9858"
},
{
"db": "PACKETSTORM",
"id": "45883"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1019"
},
{
"db": "NVD",
"id": "CVE-2004-2326"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-10754"
},
{
"date": "2004-03-12T00:00:00",
"db": "BID",
"id": "9858"
},
{
"date": "2006-04-29T00:33:05",
"db": "PACKETSTORM",
"id": "45883"
},
{
"date": "2004-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-1019"
},
{
"date": "2004-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2004-2326"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-19T00:00:00",
"db": "VULHUB",
"id": "VHN-10754"
},
{
"date": "2006-04-26T20:26:00",
"db": "BID",
"id": "9858"
},
{
"date": "2006-06-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-1019"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2004-2326"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-1019"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IP3 Networks IP3 NetAccess Appliance SQL Inject the vulnerability.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-1019"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-1019"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…