{"vulnerability": "CVE-2021-3122", "sightings": [{"uuid": "984d42d9-b44e-4ae7-b52c-be4fab151ebb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3122", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/ncr_cmcagent_rce.rb", "content": "", "creation_timestamp": "2025-10-30T07:38:51.000000Z"}, {"uuid": "2358e629-e631-4569-9978-1285247ba08a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3122", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3m2ahapslw22p", "content": "", "creation_timestamp": "2025-10-02T21:02:28.093502Z"}, {"uuid": "22ed5486-630b-41b8-8fb1-4bbd547e4781", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2021-31226", "type": "seen", "source": "https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_22/2021", "content": "", "creation_timestamp": "2021-08-04T12:58:56.000000Z"}, {"uuid": "ea06066d-a129-462d-95b3-f2d91838b132", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-31226", "type": "seen", "source": "https://t.me/cibsecurity/27579", "content": "\u203c CVE-2021-31226 \u203c\n\nAn issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to lack of size validation. This vulnerability requires the attacker to send a crafted HTTP POST request with a URI longer than 50 bytes. This leads to a heap overflow in wbs_post() via an strcpy() call.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-19T14:17:48.000000Z"}, {"uuid": "094c07ae-09ff-4339-af5d-61557876dc61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-31227", "type": "seen", "source": "https://t.me/cibsecurity/27578", "content": "\u203c CVE-2021-31227 \u203c\n\nAn issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to an incorrect signed integer comparison. This vulnerability requires the attacker to send a malformed HTTP packet with a negative Content-Length, which bypasses the size checks and results in a large heap overflow in the wbs_multidata buffer copy.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-19T14:17:47.000000Z"}, {"uuid": "dedad264-427c-4f82-a405-8310caf152b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-31228", "type": "seen", "source": "https://t.me/cibsecurity/27577", "content": "\u203c CVE-2021-31228 \u203c\n\nAn issue was discovered in HCC embedded InterNiche 4.0.1. This vulnerability allows the attacker to predict a DNS query's source port in order to send forged DNS response packets that will be accepted as valid answers to the DNS client's requests (without sniffing the specific request). Data is predictable because it is based on the time of day, and has too few bits.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-19T14:17:46.000000Z"}, {"uuid": "31f4c9c2-5c75-489c-b793-40f63c1fdd34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3122", "type": "exploited", "source": "https://t.me/cibsecurity/23198", "content": "\u203c CVE-2021-3122 \u203c\n\nCMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter (within an XML document sent to port 8089) that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020 and/or 2021. NOTE: the vendor's position is that exploitation occurs only on devices with a certain \"misconfiguration.\"\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-07T22:38:35.000000Z"}, {"uuid": "2eab8620-9e30-4461-81db-4bbd80957aea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3122", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/3901", "content": "#exploit\n#Threat_Research\nCVE-2021-3122:\nDiscovering the BOH RCE Attack Vector - NCR Aloha POS 0-Day\nhttps://www.sentinelone.com/blog/cve-2021-3122-how-we-caught-a-threat-actor-exploiting-ncr-pos-zero-day\n]-> Eternalchampion exploit:\nhttps://github.com/Urahara3389/FuzzBunch-Exploit-Notice/blob/master/Eternalchampion%20exploit.md", "creation_timestamp": "2021-07-23T11:48:38.000000Z"}, {"uuid": "215d08d8-e52e-42ce-929f-8344a15ad1c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-31221", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/3250", "content": "#Threat_Research\nIndicator of Compromise Scanner for CVE-2021-31221\nhttps://github.com/f1reeye/ioc-scanner-CVE-2021-31221\n// Features:\n- application log entries indicating successful exploitation\n- file system paths\u00a0of known dropped files\n- post-exploitation activity in\u00a0shell history\n- unexpected\u00a0crontab entries/scheduled tasks\n- ports\u00a0used by known malware", "creation_timestamp": "2021-04-30T11:02:06.000000Z"}]}