{"vulnerability": "CVE-2023-35086", "sightings": [{"uuid": "01280253-96df-42b8-8e0a-d172eb4362d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35086", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/3949", "content": "\ud83d\udcccCVE-2023-20593 AMD Zen Processor Exploit  : https://system32.ink/cve-2023-20593-amd-zen-processor-exploit/\n\n\ud83d\udcccCVE-2023-35086 POC : https://system32.ink/cve-2023-35086-poc/\n\n\ud83d\udcccCisco SPA112 2-Port Phone Adapters RCE Exploit : https://system32.ink/cisco-spa112-2-port-phone-adapters-rce-exploit/\n\n\ud83d\udcccKernel Exploits Factory  : https://system32.ink/kernel-exploits-factory/\n\n\ud83d\udcccVenomRAT v6.0.3 : https://system32.ink/venomrat-v6.0.3-source-code/\n\n\ud83d\udccc99 Cents Only Stores Data Leak : https://system32.ink/99-cents-only-stores-data-leak/\n\n\ud83d\udcccFiberlink 210 routers Os Injection Exploit : https://system32.ink/fiberlink-210-routers-os-injection-exploit-cve-2023-33617/\n\n@Crackcodes | System32.ink | Crackcodes.in", "creation_timestamp": "2023-07-26T16:04:50.000000Z"}, {"uuid": "98afe9e4-a34a-4ce3-a42a-23a485d390af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35086", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4800", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aPOC of CVE-2023-35086 only DoS\nURL\uff1ahttps://github.com/tin-z/CVE-2023-35086-POC\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-07-25T01:40:32.000000Z"}, {"uuid": "f3636290-4efe-418b-85a1-a9624bb3ddd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35086", "type": "published-proof-of-concept", "source": "Telegram/6-EftlhErD1GWjLSgmoZ7L78z1QAr8fxcxU75ipFaPbp4A", "content": "", "creation_timestamp": "2023-07-26T15:11:13.000000Z"}, {"uuid": "def6e59f-70c4-45e6-87af-17e09584acba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35086", "type": "seen", "source": "https://t.me/cibsecurity/67086", "content": "\u203c CVE-2023-35086 \u203c\n\nIt is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by directly using input as a format string when calling syslog in logmessage_normal function, in the do_detwan_cgi module of httpd. An unauthenticated remote attacker without privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service.This issue affects RT-AX56U V2: 3.0.0.4.386_50460; RT-AC86U: 3.0.0.4_386_51529.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-21T12:33:23.000000Z"}, {"uuid": "190cc74f-a33d-4379-8f0e-e0bf026933c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35086", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8738", "content": "#exploit\n1. CVE-2023-35086:\nASUS RT-AX56U V2 / RT-AC86U httpd DoS\nhttps://github.com/tin-z/CVE-2023-35086-POC\n\n2. CVE-2023-32991, CVE-2023-32992:\nSSRF in miniorange-saml-sp-plugin\nhttps://securitylab.github.com/advisories/GHSL-2023-074_SAML_Single_Sign_On__SSO__Jenkins_plugin\n\n3. CVE-2023-33802:\nSumatraPDF 3.4.6 - DoS\nhttps://github.com/CDACesec/CVE-2023-33802", "creation_timestamp": "2023-07-26T13:23:32.000000Z"}]}