{"vulnerability": "CVE-2021-3737", "sightings": [{"uuid": "377b6ba0-356a-412c-88c1-eb7b80744ff1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3737", "type": "seen", "source": "https://t.me/arpsyndicate/1634", "content": "#ExploitObserverAlert\n\nCVE-2021-3737\n\nDESCRIPTION: Exploit Observer has 14 entries related to CVE-2021-3737. A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.\n\nFIRST-EPSS: 0.015590000\nNVD-IS: 3.6\nNVD-ES: 3.9", "creation_timestamp": "2023-12-10T14:26:54.000000Z"}, {"uuid": "e93edf23-c279-4e54-9c99-9b7604780aba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2021-3737", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0395/", "content": "", "creation_timestamp": "2026-04-02T17:00:00.000000Z"}, {"uuid": "1a61aaf1-d1bd-4cdb-9e3d-1df724a3f607", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37376", "type": "seen", "source": "https://t.me/cibsecurity/57477", "content": "\u203c CVE-2021-37376 \u203c\n\n** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek Bond, Bond 2 and Bond Pro firmware version 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-03T21:40:39.000000Z"}, {"uuid": "b0da92c4-0e2c-46a0-a285-582330d9c243", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37375", "type": "seen", "source": "https://t.me/cibsecurity/57486", "content": "\u203c CVE-2021-37375 \u203c\n\n** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek VidiU / VidiU Mini firmware version 3.0.8 and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-03T20:21:05.000000Z"}, {"uuid": "54a4c7e2-275b-4378-bd96-9c326a1fb4b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37377", "type": "seen", "source": "https://t.me/cibsecurity/57474", "content": "\u203c CVE-2021-37377 \u203c\n\n** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek Brik firmware version 7.2.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-03T20:20:50.000000Z"}, {"uuid": "aa437ce2-5349-41ff-b659-84f0489e9cf3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37379", "type": "seen", "source": "https://t.me/cibsecurity/57483", "content": "\u203c CVE-2021-37379 \u203c\n\n** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek Sphere all firmware versions allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-03T20:21:03.000000Z"}, {"uuid": "1e83b7a6-bbf3-4ea8-a2aa-379eefff1104", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3737", "type": "seen", "source": "https://t.me/cibsecurity/38464", "content": "\u203c CVE-2021-3737 \u203c\n\nA flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-04T22:27:05.000000Z"}, {"uuid": "2dfa54d0-dcbb-420f-96ae-37a6f85db123", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37371", "type": "seen", "source": "https://t.me/cibsecurity/31209", "content": "\u203c CVE-2021-37371 \u203c\n\nOnline Student Admission System 1.0 is affected by an unauthenticated SQL injection bypass vulnerability in /admin/login.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-26T16:14:55.000000Z"}, {"uuid": "e6f20326-b3ea-4608-985f-c76a978b4cef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37372", "type": "seen", "source": "https://t.me/cibsecurity/31212", "content": "\u203c CVE-2021-37372 \u203c\n\nOnline Student Admission System 1.0 is affected by an insecure file upload vulnerability. A low privileged user can upload malicious PHP files by updating their profile image to gain remote code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-26T16:15:01.000000Z"}]}