{"vulnerability": "CVE-2021-3961", "sightings": [{"uuid": "047d6b31-9d34-4801-bc8a-2691ba3a234a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39619", "type": "seen", "source": "https://t.me/cibsecurity/37315", "content": "\u203c CVE-2021-39619 \u203c\n\nIn updatePackageMappingsData of UsageStatsService.java, there is a possible way to bypass security and privacy settings of app usage due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-197399948\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-11T20:28:59.000000Z"}, {"uuid": "6b940dc7-47f1-491e-a7e8-862b556425cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39618", "type": "seen", "source": "https://t.me/cibsecurity/35619", "content": "\u203c CVE-2021-39618 \u203c\n\nIn multiple methods of EuiccNotificationManager.java, there is a possible way to install existing packages without user consent due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-196855999\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-14T22:25:39.000000Z"}, {"uuid": "e70f257c-762d-467d-8745-2430acc055e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39615", "type": "seen", "source": "https://t.me/cibsecurity/27743", "content": "\u203c CVE-2021-39615 \u203c\n\n** UNSUPPORTED WHEN ASSIGNED ** D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.If an attacker succeeds in recovering the cleartext password of the identified hash value, he will be able to log in via SSH or Telnet and thus gain access to the underlying embedded Linux operating system on the device. Fixed in version 2.12/2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n? Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-24T02:23:05.000000Z"}, {"uuid": "8e5b79c5-cebc-4ae9-ab04-735c277718a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39614", "type": "seen", "source": "https://t.me/cibsecurity/27748", "content": "\u203c CVE-2021-39614 \u203c\n\nD-Link DVX-2000MS contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. As weak passwords have been used, the plaintext passwords can be recovered from the hash values.\n\n? Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-24T02:23:14.000000Z"}, {"uuid": "3e1b25d6-a9b3-4b35-9440-1ca307d4c048", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39613", "type": "seen", "source": "https://t.me/cibsecurity/27753", "content": "\u203c CVE-2021-39613 \u203c\n\n** UNSUPPORTED WHEN ASSIGNED ** D-Link DVG-3104MS version 1.0.2.0.3, 1.0.2.0.4, and 1.0.2.0.4E contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. As weak passwords have been used, the plaintext passwords can be recovered from the hash values. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n? Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-24T02:23:21.000000Z"}]}