{"vulnerability": "CVE-2020-1339", "sightings": [{"uuid": "77951a67-89de-4b19-b13f-2ab62d5dbb55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13393", "type": "seen", "source": "https://bsky.app/profile/r-netsec.bsky.social/post/3lhwhnmxiny23", "content": "", "creation_timestamp": "2025-02-11T20:09:33.101014Z"}, {"uuid": "062142a8-fe3d-4221-a23a-df04645cd522", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13398", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lroeg44lpi2k", "content": "", "creation_timestamp": "2025-06-15T21:02:18.988707Z"}, {"uuid": "c57b6729-0e51-4dce-bb44-f5bea623cd1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13390", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/540", "content": "#exploit\n1. CVE-2020-13390:\nTenda AC6/9/15/18 - DoS\nhttps://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13390-Tenda-vulnerability\n\n2. CVE-2020-14321:\nImproper Authorization in moodle\nhttps://github.com/f0ns1/CVE-2020-14321-modified-exploit\n\n3. CVE-2019-13139:\nDocker build code execution\nhttps://staaldraad.github.io/post/2019-07-16-cve-2019-13139-docker-build", "creation_timestamp": "2024-10-14T22:35:35.000000Z"}, {"uuid": "986c6fbb-f8bb-401f-b52e-e48edd3ad216", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13398", "type": "seen", "source": "https://t.me/cibsecurity/12294", "content": "ATENTION\u203c New - CVE-2020-13398 (freerdp)\n\nAn issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-05-27T07:55:26.000000Z"}, {"uuid": "6b4bb058-9724-4921-9e9b-f9d2e0c20fa9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13391", "type": "seen", "source": "https://t.me/cibsecurity/12300", "content": "ATENTION\u203c New - CVE-2020-13391\n\nAn issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/SetSpeedWan speed_dir parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-05-27T07:55:32.000000Z"}, {"uuid": "f59071ad-9039-492f-808a-0120203bb339", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13390", "type": "seen", "source": "https://t.me/cibsecurity/12301", "content": "ATENTION\u203c New - CVE-2020-13390\n\nAn issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/addressNat entrys and mitInterface parameters for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-05-27T07:55:33.000000Z"}, {"uuid": "8ddf0b7e-c785-4ead-8010-2e27f41ad445", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13392", "type": "seen", "source": "https://t.me/cibsecurity/12299", "content": "ATENTION\u203c New - CVE-2020-13392\n\nAn issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/setcfm funcpara1 parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-05-27T07:55:31.000000Z"}, {"uuid": "9e62c31e-55c5-45e3-86a1-4c3740cfe551", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13397", "type": "seen", "source": "https://t.me/cibsecurity/12295", "content": "ATENTION\u203c New - CVE-2020-13397\n\nAn issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-05-27T07:55:27.000000Z"}, {"uuid": "ea5ceb7c-8d56-416b-abba-9b056cff7506", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13396", "type": "seen", "source": "https://t.me/cibsecurity/12296", "content": "ATENTION\u203c New - CVE-2020-13396\n\nAn issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-05-27T07:55:28.000000Z"}, {"uuid": "78fefd38-86bf-446f-b9c9-aec3c5922c5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13394", "type": "seen", "source": "https://t.me/cibsecurity/12297", "content": "ATENTION\u203c New - CVE-2020-13394\n\nAn issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/SetNetControlList list parameter for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-05-27T07:55:29.000000Z"}, {"uuid": "67e0ecd4-0920-448e-b153-2c63d7ba3a09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13393", "type": "seen", "source": "https://t.me/cibsecurity/12298", "content": "ATENTION\u203c New - CVE-2020-13393\n\nAn issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/saveParentControlInfo deviceId and time parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-05-27T07:55:31.000000Z"}]}