{"vulnerability": "CVE-2020-2509", "sightings": [{"uuid": "ad45d476-47c0-4100-923e-8d982f4a27aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-2509", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:04.000000Z"}, {"uuid": "aa9a16c7-57fe-4670-a801-f86a3410a9d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-2509", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971502", "content": "", "creation_timestamp": "2024-12-24T20:30:16.565625Z"}, {"uuid": "487e847b-a128-4b85-af6a-97624757039e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-2509", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:27.000000Z"}, {"uuid": "0b908275-86e8-482a-b0fd-e90d021c239d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-2509", "type": "seen", "source": "Telegram/vkSDn9kgNOQMPXoiQkINlNnXiezAD05TUDGkWWilYmmTckdL", "content": "", "creation_timestamp": "2025-02-14T10:08:09.000000Z"}, {"uuid": "1d2c485a-5251-4440-bc52-2181fda124d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-2509", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4240", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2020-2509\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2021-04-17T04:15:11.327\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://www.qnap.com/en/security-advisory/qsa-21-05\n2. https://www.qnap.com/en/security-advisory/qsa-21-05", "creation_timestamp": "2025-02-13T15:08:13.000000Z"}, {"uuid": "5b2550bd-7fdf-4609-81b4-5823ca73c600", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2020-2509", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/303492ee-578a-4997-a22b-3d68111c358d", "content": "", "creation_timestamp": "2026-02-02T12:27:53.098709Z"}, {"uuid": "8c5b4c07-9873-4136-808c-48cdff856e40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-2509", "type": "seen", "source": "https://t.me/cKure/4647", "content": "\u25a0\u25a0\u25a0\u25a1\u25a1 QNAP caught napping as disclosure delay expires, critical NAS bugs revealed.\n\nCVE-2020-2509\nCVE-2020-9490\n\nRemote code execution hole, arbitrary file writing flaw could make a mess of stored files\n\nhttps://go.theregister.com/feed/www.theregister.com/2021/04/02/qnap_bug_nas/", "creation_timestamp": "2021-04-03T04:19:58.000000Z"}, {"uuid": "2d558d2e-ed5a-4879-9856-9ed7351d0634", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-2509", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2172", "content": "#Tool - \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\n\n\u200b\u200bWinPwnage\n\nWindows UAC bypass, Elevate, Persistence methods \n\nhttps://github.com/rootm0s/WinPwnage\n\ngo-shellcode-loader\n\nGO obfuscation, shellcode loader AES encryption.\n\nhttps://github.com/HZzz2/go-shellcode-loader\n\n\u200b\u200bTerraformGoat\n\nTerraformGoat is selefra research lab's \"Vulnerable by Design\" multi cloud deployment tool.\n\nCurrently supported cloud vendors include Alibaba Cloud, Tencent Cloud, Huawei Cloud, Amazon Web Services, Google Cloud Platform, Microsoft Azure.\n\nhttps://github.com/selefra/TerraformGoat\n\n\u200b\u200bOverkill \n\nExploit for a patched vulnerability affecting QNAP QTS. Due to the way QNAP discloses vulnerabilities, I'm unsure if this issue has a CVE or not. However, it was likely patched in November 2020 and April 2021. The n-day was \"discovered\" while doing diff analysis for CVE-2020-2509.\n\nhttps://github.com/jbaines-r7/overkill\n\n\u200b\u200bSSL Checker\n\nPython script that collects SSL/TLS information from hosts\n\nIt's a simple script running in python that collects SSL/TLS information then it returns the group of information in JSON. It can also connect through your specified SOCKS server.\n\nhttps://github.com/narbehaj/ssl-checker\n\nOauth-scan \n\n#Burp Suite Extension written in Java with the aim to provide some automatic security checks, which could be useful during penetration testing on applications implementing OAUTHv2 and OpenID standards.\n\n\u25ab\ufe0f Open Redirect issues on Redirect_Uri parameter\n\u25ab\ufe0f Authorization Code Replay issues\n\u25ab\ufe0f Leakage of secrets (i.e. Tokens, Codes)\n\u25ab\ufe0f PKCE misconfigurations\n\u25ab\ufe0f Nonce parameter misconfigurations\n\nhttps://github.com/PortSwigger/oauth-scan\n\n\u200b\u200bAntiDDOS-system\n\nProtect your web app from #DDOS attack or the Dead Ping + CAPTCHA VERIFICATION in one line! \n\nCaptcha integrated into the system, if he passes this check, then it is a human and not a robot! \n\nhttps://github.com/Sanix-Darker/AntiDDOS-system\n\n\u200b\u200bAPIKit\n\nDiscovery, Scan and Audit APIs Toolkit All In One.\n\nhttps://github.com/API-Security/APIKit\n\n\u200b\u200bTropX\n\nThe best penetration testing and tech tools unified into one beatiful command line interface!\n\nCommand line application to run penetration testing scripts. It aims to more efficiently run long processes and tedious tasks by allowing the creation of custom scripts in the CLI that can be run whenever. \n\nhttps://github.com/troopek/TropX\n\n\u200b\u200bbopscrk\n\nTool to generate smart and powerful wordlists.\n\nTargeted-attack wordlist creator: introduce personal info related to target, combines every word and transforms results into possible passwords. The lyricpass module allows to search lyrics related to artists and include them to the wordlists.\n\nhttps://github.com/r3nt0n/bopscrk\n\n\u200b\u200bWinpayloads\n\nUndetectable Windows Payload Generation.\n\nFeatures:\n1. Persistence - Adds payload persistence on reboot\n2. Psexec Spray - Spray hashes until successful connection and psexec payload on target\n3. Upload to local webserver - Easy deployment\n4. Powershell stager - allows invoking payloads in memory & more\n5. Anti sandboxing techniques\n6. Custom shellcode\n\nhttps://github.com/nccgroup/Winpayloads\n\n\u200b\u200bErebus \n\nFast and customisable parameter based vulnerability scanner based on simple YAML Rules\n\nErebus is used to test every parameter across targets based on Yaml templates leading to zero false positives and providing fast scanning on large number of hosts. Erebus offers many useful features including an intercepting proxy which allows researchers to browse the web, click on links and erebus will test every parameter that passes through the proxy.\n\nhttps://github.com/ethicalhackingplayground/erebus\n\n\u200b\u200bZeratool\n\nAutomatic Exploit Generation (AEG) and remote flag capture for exploitable CTF problems\n\nThis tool uses angr to concolically analyze binaries by hooking printf and looking for unconstrained paths. \n\nhttps://github.com/ChrisTheCoolHut/Zeratool\n\nTool \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\nwww.ghostclan.org", "creation_timestamp": "2022-12-24T16:06:16.000000Z"}, {"uuid": "9bb19c1f-e78a-49d7-8d8c-b61162ab01c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-2509", "type": "seen", "source": "https://t.me/arpsyndicate/1370", "content": "#ExploitObserverAlert\n\nCVE-2020-2509\n\nDESCRIPTION: Exploit Observer has 6 entries related to CVE-2020-2509. A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 Build 20210202 and later QTS 4.5.1.1495 Build 20201123 and later QTS 4.3.6.1620 Build 20210322 and later QTS 4.3.4.1632 Build 20210324 and later QTS 4.3.3.1624 Build 20210416 and later QTS 4.2.6 Build 20210327 and later QuTS hero h4.5.1.1491 build 20201119 and later\n\nFIRST-EPSS: 0.001460000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-05T02:39:04.000000Z"}, {"uuid": "196da598-d204-4a0c-a9a2-0316e0f46d5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-2509", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/232", "content": "#Tool - \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\n\n\u200b\u200bWinPwnage\n\nWindows UAC bypass, Elevate, Persistence methods \n\nhttps://github.com/rootm0s/WinPwnage\n\ngo-shellcode-loader\n\nGO obfuscation, shellcode loader AES encryption.\n\nhttps://github.com/HZzz2/go-shellcode-loader\n\n\u200b\u200bTerraformGoat\n\nTerraformGoat is selefra research lab's \"Vulnerable by Design\" multi cloud deployment tool.\n\nCurrently supported cloud vendors include Alibaba Cloud, Tencent Cloud, Huawei Cloud, Amazon Web Services, Google Cloud Platform, Microsoft Azure.\n\nhttps://github.com/selefra/TerraformGoat\n\n\u200b\u200bOverkill \n\nExploit for a patched vulnerability affecting QNAP QTS. Due to the way QNAP discloses vulnerabilities, I'm unsure if this issue has a CVE or not. However, it was likely patched in November 2020 and April 2021. The n-day was \"discovered\" while doing diff analysis for CVE-2020-2509.\n\nhttps://github.com/jbaines-r7/overkill\n\n\u200b\u200bSSL Checker\n\nPython script that collects SSL/TLS information from hosts\n\nIt's a simple script running in python that collects SSL/TLS information then it returns the group of information in JSON. It can also connect through your specified SOCKS server.\n\nhttps://github.com/narbehaj/ssl-checker\n\nOauth-scan \n\n#Burp Suite Extension written in Java with the aim to provide some automatic security checks, which could be useful during penetration testing on applications implementing OAUTHv2 and OpenID standards.\n\n\u25ab\ufe0f Open Redirect issues on Redirect_Uri parameter\n\u25ab\ufe0f Authorization Code Replay issues\n\u25ab\ufe0f Leakage of secrets (i.e. Tokens, Codes)\n\u25ab\ufe0f PKCE misconfigurations\n\u25ab\ufe0f Nonce parameter misconfigurations\n\nhttps://github.com/PortSwigger/oauth-scan\n\n\u200b\u200bAntiDDOS-system\n\nProtect your web app from #DDOS attack or the Dead Ping + CAPTCHA VERIFICATION in one line! \n\nCaptcha integrated into the system, if he passes this check, then it is a human and not a robot! \n\nhttps://github.com/Sanix-Darker/AntiDDOS-system\n\n\u200b\u200bAPIKit\n\nDiscovery, Scan and Audit APIs Toolkit All In One.\n\nhttps://github.com/API-Security/APIKit\n\n\u200b\u200bTropX\n\nThe best penetration testing and tech tools unified into one beatiful command line interface!\n\nCommand line application to run penetration testing scripts. It aims to more efficiently run long processes and tedious tasks by allowing the creation of custom scripts in the CLI that can be run whenever. \n\nhttps://github.com/troopek/TropX\n\n\u200b\u200bbopscrk\n\nTool to generate smart and powerful wordlists.\n\nTargeted-attack wordlist creator: introduce personal info related to target, combines every word and transforms results into possible passwords. The lyricpass module allows to search lyrics related to artists and include them to the wordlists.\n\nhttps://github.com/r3nt0n/bopscrk\n\n\u200b\u200bWinpayloads\n\nUndetectable Windows Payload Generation.\n\nFeatures:\n1. Persistence - Adds payload persistence on reboot\n2. Psexec Spray - Spray hashes until successful connection and psexec payload on target\n3. Upload to local webserver - Easy deployment\n4. Powershell stager - allows invoking payloads in memory & more\n5. Anti sandboxing techniques\n6. Custom shellcode\n\nhttps://github.com/nccgroup/Winpayloads\n\n\u200b\u200bErebus \n\nFast and customisable parameter based vulnerability scanner based on simple YAML Rules\n\nErebus is used to test every parameter across targets based on Yaml templates leading to zero false positives and providing fast scanning on large number of hosts. Erebus offers many useful features including an intercepting proxy which allows researchers to browse the web, click on links and erebus will test every parameter that passes through the proxy.\n\nhttps://github.com/ethicalhackingplayground/erebus\n\n\u200b\u200bZeratool\n\nAutomatic Exploit Generation (AEG) and remote flag capture for exploitable CTF problems\n\nThis tool uses angr to concolically analyze binaries by hooking printf and looking for unconstrained paths. \n\nhttps://github.com/ChrisTheCoolHut/Zeratool\n\nTool \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\nwww.ghostclan.org", "creation_timestamp": "2022-12-24T16:06:16.000000Z"}, {"uuid": "bb37aec3-755b-4d54-8888-13dba55cf53e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-2509", "type": "seen", "source": "Telegram/ykt9NuR2SR2kiEFmtFeQqmReNFuVNrJJAfgG6FbWKUq1G8bY", "content": "", "creation_timestamp": "2025-02-14T10:06:10.000000Z"}, {"uuid": "a408e74f-2588-4a16-9ece-255e3805a08c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25095", "type": "seen", "source": "https://t.me/cibsecurity/20979", "content": "\u203c CVE-2020-25095 \u203c\n\nLogRhythm Platform Manager (PM) 7.4.9 allows CSRF. The Web interface is vulnerable to Cross-site WebSocket Hijacking (CSWH). If a logged-in PM user visits a malicious site in the same browser session, that site can perform a CSRF attack to create a WebSocket from the victim client to the vulnerable PM server. Once the socket is created, the malicious site can interact with the vulnerable web server in the context of the logged-in user. This can include WebSocket payloads that result in command execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-17T07:42:29.000000Z"}, {"uuid": "625731d2-a171-436b-9279-7e729bf86f15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25094", "type": "seen", "source": "https://t.me/cibsecurity/20982", "content": "\u203c CVE-2020-25094 \u203c\n\nLogRhythm Platform Manager 7.4.9 allows Command Injection. To exploit this, an attacker can inject arbitrary program names and arguments into a WebSocket. These are forwarded to any remote server with a LogRhythm Smart Response agent installed. By default, the commands are run with LocalSystem privileges.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-17T07:42:32.000000Z"}, {"uuid": "28687aa9-3f0c-4ff4-b004-9714752cd9ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25096", "type": "seen", "source": "https://t.me/cibsecurity/20985", "content": "\u203c CVE-2020-25096 \u203c\n\nLogRhythm Platform Manager (PM) 7.4.9 has Incorrect Access Control. Users within LogRhythm can be delegated different roles and privileges, intended to limit what data and services they can interact with. However, no access control is enforced for WebSocket-based communication to the PM application server, which will forward requests to any configured back-end server, regardless of whether the user's access rights should permit this. As a result, even the most low-privileged user can interact with any back-end component that has a LogRhythm agent installed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-17T07:42:35.000000Z"}, {"uuid": "baead7da-7a69-4c85-a4a4-8f7a637f7542", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25096", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2369", "content": "#Offensive_security\nVulnerabilities in LogRhythm application suite (CVE-2020-25094, CVE-2020-25096, CVE 2020-25095)\nhttps://cybercx.com.au/blog/2020/12/15/logrhythm-zero-days", "creation_timestamp": "2020-12-26T14:01:51.000000Z"}, {"uuid": "70dce254-9ffd-4bb2-95c1-b6a5be8d1cbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25094", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2369", "content": "#Offensive_security\nVulnerabilities in LogRhythm application suite (CVE-2020-25094, CVE-2020-25096, CVE 2020-25095)\nhttps://cybercx.com.au/blog/2020/12/15/logrhythm-zero-days", "creation_timestamp": "2020-12-26T14:01:51.000000Z"}]}