{"vulnerability": "CVE-2022-3784", "sightings": [{"uuid": "f69fc391-e28b-4d7e-9f79-0c0d3f6d8a4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3784", "type": "seen", "source": "https://t.me/cibsecurity/52326", "content": "\u203c CVE-2022-3784 \u203c\n\nA vulnerability classified as critical was found in Axiomatic Bento4 5e7bb34. Affected by this vulnerability is the function AP4_Mp4AudioDsiParser::ReadBits of the file Ap4Mp4AudioInfo.cpp of the component mp4hls. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212563.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-31T23:13:36.000000Z"}, {"uuid": "bd771c0f-79ea-4ef0-b566-a7c803aa5580", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-37840", "type": "seen", "source": "https://t.me/cibsecurity/49319", "content": "\u203c CVE-2022-37840 \u203c\n\nIn TOTOLINK A860R V4.1.2cu.5182_B20201027, the main function in downloadfile.cgi has a buffer overflow vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-06T20:13:30.000000Z"}, {"uuid": "168389d5-23de-4fd5-b833-2c2a6f26cfe4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-37842", "type": "seen", "source": "https://t.me/cibsecurity/49317", "content": "\u203c CVE-2022-37842 \u203c\n\nIn TOTOLINK A860R V4.1.2cu.5182_B20201027, the parameters in infostat.cgi are not filtered, causing a buffer overflow vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-06T20:13:28.000000Z"}, {"uuid": "c27733b8-909a-4cfc-89d3-a14518fe987d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-37841", "type": "seen", "source": "https://t.me/cibsecurity/49312", "content": "\u203c CVE-2022-37841 \u203c\n\nIn TOTOLINK A860R V4.1.2cu.5182_B20201027 there is a hard coded password for root in /etc/shadow.sample.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-06T20:13:20.000000Z"}, {"uuid": "2d526815-35ef-47cc-9bbb-4144f1697df6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-37843", "type": "seen", "source": "https://t.me/cibsecurity/49321", "content": "\u203c CVE-2022-37843 \u203c\n\nIn TOTOLINK A860R V4.1.2cu.5182_B20201027 in cstecgi.cgi, the acquired parameters are directly put into the system for execution without filtering, resulting in a command injection vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-06T20:13:32.000000Z"}]}