{"vulnerability": "CVE-2021-3382", "sightings": [{"uuid": "588cb0fc-0398-46af-b1dc-296de1feb63d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3382", "type": "seen", "source": "https://t.me/cibsecurity/23165", "content": "\u203c CVE-2021-3382 \u203c\n\nStack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1 allows remote attackers to cause a denial of service (crash) via vectors related to a file path.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-05T18:35:18.000000Z"}, {"uuid": "db7e674d-1dde-4c0d-8e92-540bb9aafa7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-33829", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-33829.yaml", "content": "", "creation_timestamp": "2025-12-17T07:54:34.000000Z"}, {"uuid": "70d0015f-5824-41a2-a760-116a47138a24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-33829", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3mac36lna2n2f", "content": "", "creation_timestamp": "2025-12-18T21:03:03.154574Z"}, {"uuid": "6293eb8b-9ef4-45ae-9d96-0f4d9d411e88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-33827", "type": "seen", "source": "https://t.me/cibsecurity/35649", "content": "\u203c CVE-2021-33827 \u203c\n\nThe files_antivirus component before 1.0.0 for ownCloud allows OS Command Injection via the administration settings.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-16T00:21:00.000000Z"}, {"uuid": "063740b3-0b82-49ea-bace-d8f761ec0943", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-33828", "type": "seen", "source": "https://t.me/cibsecurity/35647", "content": "\u203c CVE-2021-33828 \u203c\n\nThe files_antivirus component before 1.0.0 for ownCloud mishandles the protection mechanism by which malicious files (that have been uploaded to a public share) are supposed to be deleted upon detection.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-16T00:20:58.000000Z"}, {"uuid": "669afc26-ed5b-434e-a1dd-891f4459284a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-33824", "type": "seen", "source": "https://t.me/cibsecurity/25563", "content": "\u203c CVE-2021-33824 \u203c\n\nAn issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-06-19T00:42:21.000000Z"}, {"uuid": "3d0300be-1215-4ec8-993e-9545a107865b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-33823", "type": "seen", "source": "https://t.me/cibsecurity/25562", "content": "\u203c CVE-2021-33823 \u203c\n\nAn issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attacker could send a huge amount of TCP SYN packet to make web service's resource exhausted. Then the web server is denial-of-service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-06-19T00:42:21.000000Z"}, {"uuid": "1dd38ad8-bea9-4cab-94ee-2e3788b6f143", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-33820", "type": "published-proof-of-concept", "source": "https://t.me/forensictools/350", "content": "\u041c\u044b \u043f\u043e\u0434\u043e\u0431\u0440\u0430\u043b\u0438 \u0434\u043b\u044f \u0432\u0430\u0441 \u043d\u0430\u0431\u043e\u0440 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0441\u0438\u0441\u0442\u0435\u043c \u0432\u0438\u0434\u0435\u043e\u043d\u0430\u0431\u043b\u044e\u0434\u0435\u043d\u0438\u044f, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043b\u0435\u0433\u043a\u043e \u0438 \u044d\u0444\u0444\u0435\u043a\u0442\u043d\u043e \u043c\u043e\u0436\u043d\u043e \u0432\u043e\u0441\u043f\u0440\u043e\u0438\u0437\u0432\u0435\u0441\u0442\u0438 \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u0438. \u041d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0434\u0430\u0432\u043d\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c, \u043d\u043e \u0434\u0430\u0432\u0430\u0439\u0442\u0435 \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0438\u043c \u043f\u0440\u0430\u0432\u0434\u0435 \u0432 \u0433\u043b\u0430\u0437\u0430 - \u043a\u0430\u043a \u0447\u0430\u0441\u0442\u043e \u0438\u043d\u0442\u0435\u0433\u0440\u0430\u0442\u043e\u0440\u044b \u0441\u0438\u0441\u0442\u0435\u043c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438- \u043d\u0430\u043a\u0430\u0442\u044b\u0432\u0430\u044e\u0442 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0448\u0438\u0432\u043e\u043a\u2026\n\n!!!\u0412\u0441\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0430 \u0441\u0443\u0433\u0443\u0431\u043e \u0432 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0445 \u0438 \u0443\u0447\u0435\u0431\u043d\u044b\u0445 \u0446\u0435\u043b\u044f\u0445!!!\n\n\u041d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 (\u043e\u0442 RCE \u0434\u043e \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438), \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 Geutebruck. \n\u0422\u0430\u043a\u0436\u0435 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u043a\u0430\u043c\u0435\u0440\u044b \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u0439 \u0441 \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u043e\u0439 \u0441 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u043e\u0439 UDP Technology (Ganz, Visualint, Cap, \nTHRIVE Intelligence, Sophus, VCA, TripCorps, Sprinx Technologies, Smartec, Riva) - \n[https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities] ;\n\n\u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u0432\u0438\u0434\u0435\u043e\u043f\u043e\u0442\u043e\u043a (\u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442 ThroughTek) -\n[https://www.securitylab.ru/news/521235.php]\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0435 \u043d\u0430 IP-\u043a\u0430\u043c\u0435\u0440\u0430\u0445 AvertX (\u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u043f\u0435\u0440\u0435\u0447\u0438\u0441\u043b\u044f\u0442\u044c \u0438\u043c\u0435\u043d\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \n\u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439 IP-\u043a\u0430\u043c\u0435\u0440, \u043c\u043e\u0433\u0443\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u0430\u043c\u0435\u0440\u0435 \u0441 \u043f\u0430\u0440\u043e\u043b\u0435\u043c \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e,\n\u0430 \u0442\u0430\u043a\u0436\u0435 \u043f\u0440\u0438 \u043d\u0430\u043b\u0438\u0447\u0438\u0438 \u0444\u0438\u0437\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0443 \u0443\u043d\u0438\u0432\u0435\u0440\u0441\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0430\u0441\u0438\u043d\u0445\u0440\u043e\u043d\u043d\u043e\u0433\u043e \u043f\u0440\u0438\u0435\u043c\u043d\u0438\u043a\u0430-\u043f\u0435\u0440\u0435\u0434\u0430\u0442\u0447\u0438\u043a\u0430 (UART)\n\u043c\u043e\u0433\u0443\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043a \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u043c \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f\u043c \u0438 \u0438\u0437\u043c\u0435\u043d\u044f\u0442\u044c \u0438\u0445, \u0441\u0431\u0440\u0430\u0441\u044b\u0432\u0430\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044e \u0438 \u0434\u0430\u0436\u0435 \u0432\u044b\u0432\u043e\u0434\u0438\u0442\u044c \u043a\u0430\u043c\u0435\u0440\u0443 \u0438\u0437 \u0441\u0442\u0440\u043e\u044f) -\n[https://unit42.paloaltonetworks.com/avertx-ip-cameras-vulnerabilities/]\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 DVR \u043e\u0431\u043e\u0440\u0443\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 LILIN - \n[https://blog.netlab.360.com/multiple-botnets-are-spreading-using-lilin-dvr-0-day-en/]\n\nDenver IP Camera SHO-110 - \n[https://github.com/enty8080/denver-camera-backdoor]\n\nSony IPELA Network Camera 1.82.01 (\u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430) - \n[https://www.exploit-db.com/exploits/48842];\n\nCOMMAX Smart Home Ruvie CCTV - \n[https://www.zeroscience.mk/codes/commax_cctvwrite.txt] ; \n[https://www.zeroscience.mk/codes/commax_cctvcreds.txt]\n\nPanasonic Sanyo CCTV Network Camera 2.03-0x - \n[https://www.exploit-db.com/exploits/50172]\n\nUniFi Protect G3 FLEX Camera (\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0442\u043a\u0430\u0437\u0430 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438) - \n[https://github.com/Jian-Xian/CVE-POC/blob/master/CVE-2021-33820.md]\n\nHiSilicon DVR/NVR hi3520d firmware (\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \n\u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0435 \u0438 \u043f\u043e\u043b\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e\u043c) - \n[https://habr.com/ru/post/486856/]\n[https://github.com/tothi/pwn-hisilicon-dvr]\n\nAmcrest/Dahua NVR Camera - \n[https://github.com/tenable/poc/tree/master/amcrest]", "creation_timestamp": "2021-08-22T11:10:18.000000Z"}]}