{"vulnerability": "CVE-2020-2549", "sightings": [{"uuid": "d1298b7d-42cc-4f84-a928-c63ebf18e4af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25499", "type": "seen", "source": "MISP/28347c8a-8fa9-4d49-bd73-98a955d83c02", "content": "", "creation_timestamp": "2025-03-03T10:15:46.000000Z"}, {"uuid": "731974f7-4b51-4a6a-a6a8-20d8647b18e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25493", "type": "seen", "source": "https://t.me/cibsecurity/23447", "content": "\u203c CVE-2020-25493 \u203c\n\nOclean Mobile Application 2.1.2 communicates with an external website using HTTP so it is possible to eavesdrop the network traffic. The content of HTTP payload is encrypted using XOR with a hardcoded key, which allows for the possibility to decode the traffic.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-11T20:42:37.000000Z"}, {"uuid": "e80c2fbd-5f1b-4ba7-9113-02c1fc0b6c80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25499", "type": "seen", "source": "MISP/28347c8a-8fa9-4d49-bd73-98a955d83c02", "content": "", "creation_timestamp": "2025-03-04T04:19:35.000000Z"}, {"uuid": "c608a724-33dc-47f3-9ee6-d5254dbcf6ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25499", "type": "exploited", "source": "https://t.me/true_secator/6651", "content": "QiAnXin XLab \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442 \u043e\u0431 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 0-day \u0432 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u0430\u0445 cnPilot \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 Cambium Networks \u0434\u043b\u044f \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u0448\u0442\u0430\u043c\u043c\u0430 \u0431\u043e\u0442\u043d\u0435\u0442\u0430 AISURU \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c AIRASHI \u0438 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043d\u0438\u044f \u0432 DDoS-\u0430\u0442\u0430\u043a\u0430\u0445.\n\n\u041d\u0430\u0431\u043b\u044e\u0434\u0430\u0435\u043c\u0430\u044f \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044f \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u0435\u0442\u0441\u044f \u0441 \u0438\u044e\u043d\u044f 2024 \u0433\u043e\u0434\u0430, \u043e\u0434\u043d\u0430\u043a\u043e \u043a\u0430\u043a\u0438\u0435-\u043b\u0438\u0431\u043e \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u044b\u0435 \u0441\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u044b\u0445 \u043d\u0443\u043b\u0435\u0439 \u043f\u043e\u043a\u0430 \u043e\u0441\u0442\u0430\u044e\u0442\u0441\u044f \u043d\u0435\u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044b\u043c\u0438 \u0434\u043b\u044f \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0438\u0445 \u0437\u043b\u043e\u0443\u043f\u043e\u0442\u0440\u0435\u0431\u043b\u0435\u043d\u0438\u0439.\n\n\u0412 \u0447\u0438\u0441\u043b\u0435 \u0434\u0440\u0443\u0433\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u0430\u043c\u0438 AIRASHI: CVE-2013-3307, CVE-2016-20016, CVE-2017-5259, CVE-2018-14558, CVE-2020-25499, CVE-2020-8515, CVE-2022-3573, CVE-2022-40005, CVE-2022-44149, CVE-2023-28771, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 \u0432 IP-\u043a\u0430\u043c\u0435\u0440\u0430\u0445 AVTECH, \u0432\u0438\u0434\u0435\u043e\u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u0445 LILIN \u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 Shenzhen TVT.\n\n\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u0430\u043c\u0438 \u0431\u043e\u0442\u043d\u0435\u0442\u0430 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u043e\u0432 \u0441\u0432\u043e\u0438\u0445 \u0442\u0435\u0441\u0442\u043e\u0432, DDoS-\u043c\u043e\u0449\u043d\u043e\u0441\u0442\u044c AIRASHI \u0441\u0442\u0430\u0431\u0438\u043b\u044c\u043d\u0430 \u0443\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043d\u0430 \u0443\u0440\u043e\u0432\u043d\u0435 1\u20133 \u0422\u0431\u0438\u0442/\u0441.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e \u0432\u0437\u043b\u043e\u043c\u0430\u043d\u043d\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u0440\u0430\u0441\u043f\u043e\u043b\u043e\u0436\u0435\u043d\u044b \u0432 \u0420\u043e\u0441\u0441\u0438\u0438, \u0411\u0440\u0430\u0437\u0438\u043b\u0438\u0438, \u0412\u044c\u0435\u0442\u043d\u0430\u043c\u0435 \u0438 \u0418\u043d\u0434\u043e\u043d\u0435\u0437\u0438\u0438, \u0430 \u043e\u0441\u043d\u043e\u0432\u043d\u044b\u043c\u0438 \u0446\u0435\u043b\u044f\u043c\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u0430\u0442\u0430\u043a \u0441\u0442\u0430\u043b\u0438 \u041a\u0438\u0442\u0430\u0439, \u0421\u0428\u0410, \u041f\u043e\u043b\u044c\u0448\u0430 \u0438 \u0420\u043e\u0441\u0441\u0438\u044f.\n\nAIRASHI - \u044d\u0442\u043e \u0432\u0430\u0440\u0438\u0430\u043d\u0442 \u0431\u043e\u0442\u043d\u0435\u0442\u0430 AISURU (\u043e\u043d \u0436\u0435 NAKOTNE), \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0440\u0430\u043d\u0435\u0435 \u0431\u044b\u043b \u0434\u0435\u0442\u0435\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u043b \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0435\u0439 \u0432 \u0430\u0432\u0433\u0443\u0441\u0442\u0435 2024 \u0433\u043e\u0434\u0430 \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f  DDoS-\u0430\u0442\u0430\u043a\u0438, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u043e\u0439 \u043d\u0430 Steam, \u043f\u0440\u0438\u043c\u0435\u0440\u043d\u043e \u0432 \u043f\u0435\u0440\u0438\u043e\u0434 \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u0438\u0433\u0440\u044b\u00a0Black Myth: Wukong.\n\n\u0422\u0430\u043a\u0436\u0435 \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0447\u0430\u0441\u0442\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0435\u043c\u044b\u0435 \u0431\u043e\u0442\u043d\u0435\u0442\u044b \u0438 \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u044b\u0435 \u0432\u0430\u0440\u0438\u0430\u0446\u0438\u0438 AIRASHI, \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0449\u0438\u0435 \u0432 \u0441\u0435\u0431\u044f \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u043a\u0441\u0438, \u0447\u0442\u043e \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442 \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043d\u0430\u043c\u0435\u0440\u0435\u043d\u044b \u0440\u0430\u0441\u0448\u0438\u0440\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u044b DDoS.\n\nAISURU \u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e \u043f\u0440\u0438\u043e\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u043b \u0441\u0432\u043e\u044e \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c \u043f\u0440\u0438\u043c\u0435\u0440\u043d\u043e \u0432 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u0435 2024 \u0433\u043e\u0434\u0430, \u043d\u043e \u0447\u0435\u0440\u0435\u0437 \u043c\u0435\u0441\u044f\u0446 \u0431\u043e\u0442\u043d\u0435\u0442 \u0432\u0435\u0440\u043d\u0443\u043b\u0441\u044f \u0441 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u043c \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u043e\u043c (\u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c Kitty) \u0438 \u0437\u0430\u0442\u0435\u043c \u044d\u0432\u043e\u043b\u044e\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043b \u0432\u0442\u043e\u0440\u043e\u0439 \u0440\u0430\u0437 \u0432 \u043a\u043e\u043d\u0446\u0435 \u043d\u043e\u044f\u0431\u0440\u044f (\u043e\u043d\u0430 \u0436\u0435 AIRASHI).\n\n\u041e\u0431\u0440\u0430\u0437\u0435\u0446 kitty \u043d\u0430\u0447\u0430\u043b \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u0442\u044c\u0441\u044f \u0432 \u043d\u0430\u0447\u0430\u043b\u0435 \u043e\u043a\u0442\u044f\u0431\u0440\u044f 2024 \u0433\u043e\u0434\u0430.\n\n\u041f\u043e \u0441\u0440\u0430\u0432\u043d\u0435\u043d\u0438\u044e \u0441 \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u043c\u0438 \u043e\u0431\u0440\u0430\u0437\u0446\u0430\u043c\u0438 AISURU \u043e\u043d \u0443\u043f\u0440\u043e\u0441\u0442\u0438\u043b \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b \u0438 \u043a \u043a\u043e\u043d\u0446\u0443 \u043e\u043a\u0442\u044f\u0431\u0440\u044f \u0441\u0442\u0430\u043b \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0442\u044c \u043f\u0440\u043e\u043a\u0441\u0438-\u0441\u0435\u0440\u0432\u0435\u0440\u044b SOCKS5 \u0434\u043b\u044f \u0441\u0432\u044f\u0437\u0438 \u0441 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c C2.\n\n\u0421 \u0434\u0440\u0443\u0433\u043e\u0439 \u0441\u0442\u043e\u0440\u043e\u043d\u044b, AIRASHI \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d \u043a\u0430\u043a \u043c\u0438\u043d\u0438\u043c\u0443\u043c \u0432 \u0434\u0432\u0443\u0445 \u0440\u0430\u0437\u043d\u044b\u0445 \u0432\u0430\u0440\u0438\u0430\u043d\u0442\u0430\u0445:\n\n- AIRASHI-DDoS (\u0432\u043f\u0435\u0440\u0432\u044b\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d \u0432 \u043a\u043e\u043d\u0446\u0435 \u043e\u043a\u0442\u044f\u0431\u0440\u044f), \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0432 \u043f\u0435\u0440\u0432\u0443\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, \u043e\u0440\u0438\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d \u043d\u0430 DDoS-\u0430\u0442\u0430\u043a\u0438, \u043d\u043e \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u043c\u0430\u043d\u0434 \u0438 \u043e\u0431\u0440\u0430\u0442\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0435.\n\n- AIRASHI-Proxy (\u0432\u043f\u0435\u0440\u0432\u044b\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d \u0432 \u043d\u0430\u0447\u0430\u043b\u0435 \u0434\u0435\u043a\u0430\u0431\u0440\u044f), \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0449\u0438\u0439 \u0441\u043e\u0431\u043e\u0439 \u043c\u043e\u0434\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u0443\u044e \u0432\u0435\u0440\u0441\u0438\u044e AIRASHI-DDoS \u0441 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c\u044e \u043f\u0440\u043e\u043a\u0441\u0438.\n\n\u0411\u043e\u0442\u043d\u0435\u0442, \u0432 \u0434\u043e\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 \u0441\u0432\u043e\u0438\u0445 \u043c\u0435\u0442\u043e\u0434\u043e\u0432 \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0434\u0430\u043d\u043d\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 C2 \u0447\u0435\u0440\u0435\u0437 DNS-\u0437\u0430\u043f\u0440\u043e\u0441\u044b, \u043f\u043e\u043b\u0430\u0433\u0430\u0435\u0442\u0441\u044f \u043d\u0430 \u0441\u043e\u0432\u0435\u0440\u0448\u0435\u043d\u043d\u043e \u043d\u043e\u0432\u044b\u0439 \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0432\u043a\u043b\u044e\u0447\u0430\u0435\u0442 HMAC-SHA256 \u0438 CHACHA20 \u0434\u043b\u044f \u0441\u0432\u044f\u0437\u0438.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, AIRASHI-DDoS \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442 13 \u0442\u0438\u043f\u043e\u0432 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439, \u0432 \u0442\u043e \u0432\u0440\u0435\u043c\u044f \u043a\u0430\u043a AIRASHI-Proxy \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442 \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u044f\u0442\u044c \u0442\u0438\u043f\u043e\u0432 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439.\n\n\u0420\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u044b \u043f\u043e\u043a\u0430\u0437\u044b\u0432\u0430\u044e\u0442, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0442 \u044d\u0444\u0444\u0435\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 IoT-\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u043a\u0430\u043a \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0432\u0435\u043a\u0442\u043e\u0440\u0430 \u0434\u043e\u0441\u0442\u0443\u043f\u0430, \u0442\u0430\u043a \u0438 \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0431\u043e\u0442\u043d\u0435\u0442\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0442 \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u043c\u043e\u0449\u043d\u044b\u0445 DDoS-\u0430\u0442\u0430\u043a.", "creation_timestamp": "2025-01-23T18:41:16.000000Z"}, {"uuid": "5c6cf434-9a12-4d3d-b7f9-0ad7d95316f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25491", "type": "seen", "source": "https://t.me/cibsecurity/49989", "content": "\u203c CVE-2020-25491 \u203c\n\n6Kare Emakin 5.0.341.0 is affected by Cross Site Scripting (XSS) via the /rpc/membership/setProfile DisplayName field, which is mishandled when rendering the Activity Stream page.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-17T00:29:14.000000Z"}, {"uuid": "aeef46c3-6aa9-4a90-8dee-a440a8bfd1e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25499", "type": "seen", "source": "MISP/a7fb943f-00ef-43d8-87ca-c9ef19928d19", "content": "", "creation_timestamp": "2026-04-14T12:02:04.000000Z"}, {"uuid": "c986d30a-4b55-4d96-8234-71b43ab37d6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25498", "type": "published-proof-of-concept", "source": "Telegram/xqYWkED5BnY7biWkpcQEGsIn2wLNFqw-dj6GWUU1Ura5fQ", "content": "", "creation_timestamp": "2021-01-07T21:18:04.000000Z"}, {"uuid": "d36f6964-993a-4a42-9c7f-b2dc0a7228db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25495", "type": "seen", "source": "https://t.me/cibsecurity/21077", "content": "\u203c CVE-2020-25495 \u203c\n\nA reflected Cross-site scripting (XSS) vulnerability in Xinuo (formerly SCO) Openserver version 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section'.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-18T18:43:58.000000Z"}, {"uuid": "ce9fd30f-3c7a-4946-9b46-764c92852798", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25498", "type": "seen", "source": "https://t.me/cibsecurity/21724", "content": "\u203c CVE-2020-25498 \u203c\n\nCross Site Scripting (XSS) vulnerability in Beetel router 777VR1 can be exploited via the NTP server name in System Time and \"Keyword\" in URL Filter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-07T00:39:42.000000Z"}, {"uuid": "88d2d636-c4d4-4915-95ab-f6372d90b11c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25494", "type": "seen", "source": "https://t.me/cibsecurity/21075", "content": "\u203c CVE-2020-25494 \u203c\n\nXinuos (formerly SCO) Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in outputform or toclevels parameter to cgi-bin/printbook.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-18T18:43:56.000000Z"}, {"uuid": "32bea103-8fbd-4388-af44-94dd96e6ac33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25499", "type": "seen", "source": "https://t.me/cibsecurity/18343", "content": "\u203c CVE-2020-25499 \u203c\n\nTOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run Command'. An attacker can use this functionality to execute arbitrary OS commands on the router.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T01:23:10.000000Z"}, {"uuid": "91085dfd-d2d4-452e-bfbb-0cb28ce191f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25499", "type": "seen", "source": "https://t.me/cibsecurity/18383", "content": "\u203c CVE-2020-25499 \u203c\n\nTOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run Command'. An attacker can use this functionality to execute arbitrary OS commands on the router.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T02:25:24.000000Z"}, {"uuid": "f4bb0b4c-d7f4-45d8-8eb9-7549e6451d6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25499", "type": "seen", "source": "https://t.me/cibsecurity/18363", "content": "\u203c CVE-2020-25499 \u203c\n\nTOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run Command'. An attacker can use this functionality to execute arbitrary OS commands on the router.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T01:25:34.000000Z"}, {"uuid": "c0a32b80-82c8-40fd-a8c7-2082932d83a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25499", "type": "seen", "source": "https://t.me/cibsecurity/18324", "content": "\u203c CVE-2020-25499 \u203c\n\nTOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run Command'. An attacker can use this functionality to execute arbitrary OS commands on the router.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T00:41:08.000000Z"}, {"uuid": "682e7fc4-13a4-4bdc-bc86-c9b62744b139", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25499", "type": "seen", "source": "https://t.me/cibsecurity/18304", "content": "\u203c CVE-2020-25499 \u203c\n\nTOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run Command'. An attacker can use this functionality to execute arbitrary OS commands on the router.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T00:33:06.000000Z"}]}