{"vulnerability": "CVE-2023-39238", "sightings": [{"uuid": "721aaf1a-0204-4987-911b-149da549b6d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39238", "type": "seen", "source": "https://infosec.exchange/users/dragonjar/statuses/113820938242909207", "content": "", "creation_timestamp": "2025-01-13T12:01:29.286416Z"}, {"uuid": "90b907e6-32af-4d26-aae1-0aae2ea060f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39238", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/943", "content": "Tools - Hackers Factory \n\nSUDO_KILLER: identify and exploit sudo rules\u2019 misconfigurations and vulnerabilities within sudo\n\nhttps://github.com/TH3xACE/SUDO_KILLER\n\n\u00a0\u00a0\u00a0 ./sudo_killer.sh -c -e -r report.txt -p /tmp\n\nhttpx commands cheat sheet \n\nhttps://github.com/Ignitetechnologies/Mindmap/tree/main/httpx\n\nHunting for Unauthenticated n-days in Asus Routers \n\nhttps://github.com/ShielderSec/poc/tree/main/CVE-2023-39238\n\nIt's a bash script to help bypass HTTP 403 errors using path & header fuzzing, HTTP method & protocol version testing, and more. \n\nhttps://github.com/nazmul-ethi/Bypass-Four03\n\nGolang Function Recovery. java\n\nhttps://github.com/advanced-threat-research/GhidraScripts/blob/main/GolangFunctionRecovery.java\n\nDocker container for running CobaltStrike 4.10\n\nhttps://github.com/ZSECURE/zDocker-cobaltstrike\n\nGitHub - RootUp/SmuggleSheild: Basic protection against HTML smuggling attempts.\n\nhttps://github.com/RootUp/SmuggleSheild\n\nSome good tools for Bug Bounty Hunting\n\nhttps://github.com/Ignitetechnologies/Mindmap/blob/main/Tools/Bug%20Bounty%20Tools%20HD.png\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-09-21T23:29:28.000000Z"}, {"uuid": "d4f43d07-e8ed-43c6-a119-dbde10cfad33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39238", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/8785", "content": "Tools - Hackers Factory \n\nSUDO_KILLER: identify and exploit sudo rules\u2019 misconfigurations and vulnerabilities within sudo\n\nhttps://github.com/TH3xACE/SUDO_KILLER\n\n\u00a0\u00a0\u00a0 ./sudo_killer.sh -c -e -r report.txt -p /tmp\n\nhttpx commands cheat sheet \n\nhttps://github.com/Ignitetechnologies/Mindmap/tree/main/httpx\n\nHunting for Unauthenticated n-days in Asus Routers \n\nhttps://github.com/ShielderSec/poc/tree/main/CVE-2023-39238\n\nIt's a bash script to help bypass HTTP 403 errors using path & header fuzzing, HTTP method & protocol version testing, and more. \n\nhttps://github.com/nazmul-ethi/Bypass-Four03\n\nGolang Function Recovery. java\n\nhttps://github.com/advanced-threat-research/GhidraScripts/blob/main/GolangFunctionRecovery.java\n\nDocker container for running CobaltStrike 4.10\n\nhttps://github.com/ZSECURE/zDocker-cobaltstrike\n\nGitHub - RootUp/SmuggleSheild: Basic protection against HTML smuggling attempts.\n\nhttps://github.com/RootUp/SmuggleSheild\n\nSome good tools for Bug Bounty Hunting\n\nhttps://github.com/Ignitetechnologies/Mindmap/blob/main/Tools/Bug%20Bounty%20Tools%20HD.png\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-09-22T21:41:16.000000Z"}, {"uuid": "4256ae9f-3aca-4dbf-a81c-3371726a0468", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39238", "type": "published-proof-of-concept", "source": "https://t.me/InfoSecInsider/23840", "content": "Tools - Hackers Factory \n\nSUDO_KILLER: identify and exploit sudo rules\u2019 misconfigurations and vulnerabilities within sudo\n\nhttps://github.com/TH3xACE/SUDO_KILLER\n\n\u00a0\u00a0\u00a0 ./sudo_killer.sh -c -e -r report.txt -p /tmp\n\nhttpx commands cheat sheet \n\nhttps://github.com/Ignitetechnologies/Mindmap/tree/main/httpx\n\nHunting for Unauthenticated n-days in Asus Routers \n\nhttps://github.com/ShielderSec/poc/tree/main/CVE-2023-39238\n\nIt's a bash script to help bypass HTTP 403 errors using path & header fuzzing, HTTP method & protocol version testing, and more. \n\nhttps://github.com/nazmul-ethi/Bypass-Four03\n\nGolang Function Recovery. java\n\nhttps://github.com/advanced-threat-research/GhidraScripts/blob/main/GolangFunctionRecovery.java\n\nDocker container for running CobaltStrike 4.10\n\nhttps://github.com/ZSECURE/zDocker-cobaltstrike\n\nGitHub - RootUp/SmuggleSheild: Basic protection against HTML smuggling attempts.\n\nhttps://github.com/RootUp/SmuggleSheild\n\nSome good tools for Bug Bounty Hunting\n\nhttps://github.com/Ignitetechnologies/Mindmap/blob/main/Tools/Bug%20Bounty%20Tools%20HD.png\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-09-22T16:40:28.000000Z"}, {"uuid": "cf64e3ce-86be-44fe-93e3-321b67910136", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39238", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3747", "content": "Tools - Hackers Factory \n\nSUDO_KILLER: identify and exploit sudo rules\u2019 misconfigurations and vulnerabilities within sudo\n\nhttps://github.com/TH3xACE/SUDO_KILLER\n\n    ./sudo_killer.sh -c -e -r report.txt -p /tmp\n\nhttpx commands cheat sheet \n \nhttps://github.com/Ignitetechnologies/Mindmap/tree/main/httpx\n\nHunting for Unauthenticated n-days in Asus Routers \n \nhttps://github.com/ShielderSec/poc/tree/main/CVE-2023-39238\n\nIt's a bash script to help bypass HTTP 403 errors using path & header fuzzing, HTTP method & protocol version testing, and more. \n \nhttps://github.com/nazmul-ethi/Bypass-Four03\n\nGolang Function Recovery. java\n\nhttps://github.com/advanced-threat-research/GhidraScripts/blob/main/GolangFunctionRecovery.java\n\nDocker container for running CobaltStrike 4.10\n\nhttps://github.com/ZSECURE/zDocker-cobaltstrike\n\nGitHub - RootUp/SmuggleSheild: Basic protection against HTML smuggling attempts.\n\nhttps://github.com/RootUp/SmuggleSheild\n\nSome good tools for Bug Bounty Hunting\n\nhttps://github.com/Ignitetechnologies/Mindmap/blob/main/Tools/Bug%20Bounty%20Tools%20HD.png\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-09-21T22:29:39.000000Z"}, {"uuid": "bc5e264b-5423-4815-b9d9-b205503a6070", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39238", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/7446", "content": "Tools - Hackers Factory \n\nSUDO_KILLER: identify and exploit sudo rules\u2019 misconfigurations and vulnerabilities within sudo\n\nhttps://github.com/TH3xACE/SUDO_KILLER\n\n\u00a0\u00a0\u00a0 ./sudo_killer.sh -c -e -r report.txt -p /tmp\n\nhttpx commands cheat sheet \n\nhttps://github.com/Ignitetechnologies/Mindmap/tree/main/httpx\n\nHunting for Unauthenticated n-days in Asus Routers \n\nhttps://github.com/ShielderSec/poc/tree/main/CVE-2023-39238\n\nIt's a bash script to help bypass HTTP 403 errors using path & header fuzzing, HTTP method & protocol version testing, and more. \n\nhttps://github.com/nazmul-ethi/Bypass-Four03\n\nGolang Function Recovery. java\n\nhttps://github.com/advanced-threat-research/GhidraScripts/blob/main/GolangFunctionRecovery.java\n\nDocker container for running CobaltStrike 4.10\n\nhttps://github.com/ZSECURE/zDocker-cobaltstrike\n\nGitHub - RootUp/SmuggleSheild: Basic protection against HTML smuggling attempts.\n\nhttps://github.com/RootUp/SmuggleSheild\n\nSome good tools for Bug Bounty Hunting\n\nhttps://github.com/Ignitetechnologies/Mindmap/blob/main/Tools/Bug%20Bounty%20Tools%20HD.png\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-09-22T21:41:16.000000Z"}, {"uuid": "37284bab-67a4-4984-9e20-1b40857d6154", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39238", "type": "seen", "source": "https://t.me/cibsecurity/70049", "content": "\u203c CVE-2023-39238 \u203c\n\nIt is identified a format string vulnerability in ASUS RT-AX56U V2. This vulnerability is caused by lacking validation for a specific value\u00c2\u00a0within its set_iperf3_svr.cgi module. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-07T12:18:30.000000Z"}, {"uuid": "850a7837-6669-42c6-9364-87cadd1f3c4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39238", "type": "seen", "source": "https://t.me/Russian_OSINT/2996", "content": "\u041c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u044b ASUS RT-AX55, RT-AX56U_V2 \u0438 RT-AC86U \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u044b \u2194\ufe0f3 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043c\u043e\u0433\u0443\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0437\u0430\u0432\u043b\u0430\u0434\u0435\u0442\u044c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c\u0438.\n\n1\ufe0f\u20e3CVE-2023-39238 (CVSS 9.8)\n2\ufe0f\u20e3CVE-2023-39239 (CVSS 9.8)\n3\ufe0f\u20e3CVE-2023-39240 (CVSS 9.8)\n\nhttps://securityaffairs.com/150399/iot/asus-routers-critical-rces.html\n\n\ud83d\udee1 \u041f\u043e\u0434\u043f\u0438\u0441\u0430\u0442\u044c\u0441\u044f @Russian_OSINT", "creation_timestamp": "2023-09-06T10:16:19.000000Z"}, {"uuid": "38406854-3296-4744-b78d-b3b6abf004e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39238", "type": "published-proof-of-concept", "source": "https://t.me/InfoSecInsider/343", "content": "Tools - Hackers Factory \n\nSUDO_KILLER: identify and exploit sudo rules\u2019 misconfigurations and vulnerabilities within sudo\n\nhttps://github.com/TH3xACE/SUDO_KILLER\n\n\u00a0\u00a0\u00a0 ./sudo_killer.sh -c -e -r report.txt -p /tmp\n\nhttpx commands cheat sheet \n\nhttps://github.com/Ignitetechnologies/Mindmap/tree/main/httpx\n\nHunting for Unauthenticated n-days in Asus Routers \n\nhttps://github.com/ShielderSec/poc/tree/main/CVE-2023-39238\n\nIt's a bash script to help bypass HTTP 403 errors using path & header fuzzing, HTTP method & protocol version testing, and more. \n\nhttps://github.com/nazmul-ethi/Bypass-Four03\n\nGolang Function Recovery. java\n\nhttps://github.com/advanced-threat-research/GhidraScripts/blob/main/GolangFunctionRecovery.java\n\nDocker container for running CobaltStrike 4.10\n\nhttps://github.com/ZSECURE/zDocker-cobaltstrike\n\nGitHub - RootUp/SmuggleSheild: Basic protection against HTML smuggling attempts.\n\nhttps://github.com/RootUp/SmuggleSheild\n\nSome good tools for Bug Bounty Hunting\n\nhttps://github.com/Ignitetechnologies/Mindmap/blob/main/Tools/Bug%20Bounty%20Tools%20HD.png\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-09-22T16:40:28.000000Z"}]}