{"vulnerability": "CVE-2023-2418", "sightings": [{"uuid": "8ac2426a-e865-4de9-abf7-aab5c5727936", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24189", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7304", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-24189\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An XML External Entity (XXE) vulnerability in urule v2.1.7 allows attackers to execute arbitrary code via uploading a crafted XML file to /urule/common/saveFile.\n\ud83d\udccf Published: 2023-02-24T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-12T14:27:27.886Z\n\ud83d\udd17 References:\n1. https://github.com/youseries/urule\n2. https://github.com/Venus-WQLab/bug_report/blob/main/ureport/ureport-cve-2023-24189.md", "creation_timestamp": "2025-03-12T14:40:38.000000Z"}, {"uuid": "a050e2f1-876f-461e-b34e-821a7c2bfa80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24184", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7624", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-24184\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability.\n\ud83d\udccf Published: 2023-02-21T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-14T18:31:34.919Z\n\ud83d\udd17 References:\n1. https://github.com/fuxianghah/IOT/tree/main/Motorala/MR2600/13", "creation_timestamp": "2025-03-14T18:44:56.000000Z"}, {"uuid": "5ea091cb-a00e-47a1-9366-2512e6d179d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24188", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8389", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-24188\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: ureport v2.2.9 was discovered to contain a directory traversal vulnerability via the deletion function which allows for arbitrary files to be deleted.\n\ud83d\udccf Published: 2023-02-13T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-21T18:07:35.900Z\n\ud83d\udd17 References:\n1. http://ureport.com\n2. https://github.com/youseries/ureport\n3. https://github.com/Venus-WQLab/bug_report/blob/main/ureport/ureport-cve-2023-24188.md", "creation_timestamp": "2025-03-21T18:19:48.000000Z"}, {"uuid": "5dba6dae-cde8-4c00-827a-49992721e8dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24181", "type": "seen", "source": "Telegram/dnOaQx-UdlneQX4t-kY2MceYhSs8dSn-JfmGT3tJWqbqVeXK", "content": "", "creation_timestamp": "2025-02-14T10:03:09.000000Z"}, {"uuid": "70a6b14d-1d01-46e2-9391-985ba0373799", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24189", "type": "seen", "source": "https://t.me/cibsecurity/58895", "content": "\u203c CVE-2023-24189 \u203c\n\nAn XML External Entity (XXE) vulnerability in urule v2.1.7 allows attackers to execute arbitrary code via uploading a crafted XML file to /urule/common/saveFile.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-25T00:19:35.000000Z"}, {"uuid": "b14583ee-2113-42ef-bff8-f9cd4b816385", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24180", "type": "seen", "source": "https://t.me/cibsecurity/59970", "content": "\u203c CVE-2023-24180 \u203c\n\nLibelfin v0.3 was discovered to contain an integer overflow in the load function at elf/mmap_loader.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted elf file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-14T17:23:27.000000Z"}, {"uuid": "abcd4cc8-b62a-4541-820b-0ebfbd5de6ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24181", "type": "seen", "source": "https://t.me/cibsecurity/61770", "content": "\u203c CVE-2023-24181 \u203c\n\nLuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /openvpn/pageswitch.htm.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-10T18:39:01.000000Z"}, {"uuid": "7959d081-13af-4383-b800-c123f3638a62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24188", "type": "seen", "source": "https://t.me/cibsecurity/58026", "content": "\u203c CVE-2023-24188 \u203c\n\nureport v2.2.9 was discovered to contain an arbitrary file deletion vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-13T22:30:03.000000Z"}, {"uuid": "379c6423-dc2d-4bad-b1ed-977a770da411", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24184", "type": "seen", "source": "https://t.me/cibsecurity/58613", "content": "\u203c CVE-2023-24184 \u203c\n\nTOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-21T18:16:56.000000Z"}, {"uuid": "a8ee3af0-7449-4a66-b0a3-d765fa4d0401", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24187", "type": "seen", "source": "https://t.me/cibsecurity/58065", "content": "\u203c CVE-2023-24187 \u203c\n\nAn XML External Entity (XXE) vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-14T07:30:40.000000Z"}]}