{"vulnerability": "CVE-2023-4389", "sightings": [{"uuid": "b2460e08-705f-468c-8ebd-56cdec47f223", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-43896", "type": "seen", "source": "https://t.me/cibsecurity/71970", "content": "\u203c CVE-2023-43896 \u203c\n\nA buffer overflow in Macrium Reflect 8.1.7544 and below allows attackers to escalate privileges or execute arbitrary code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-10T20:16:51.000000Z"}, {"uuid": "56f0a4ab-c491-4225-a3fa-8fe5161c31c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-43892", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10569", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-43892\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the Hostname parameter within the WAN settings. This vulnerability is exploited via a crafted payload.\n\ud83d\udccf Published: 2023-10-02T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-04T20:43:42.151Z\n\ud83d\udd17 References:\n1. https://github.com/adhikara13/CVE/blob/main/netis_N3/blind%20command%20injection%20in%20hostname%20parameter%20in%20wan%20settings.md", "creation_timestamp": "2025-04-04T21:36:23.000000Z"}, {"uuid": "61dba5a4-94d2-4dc4-a9e4-92813379203a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-43891", "type": "seen", "source": "https://t.me/cibsecurity/71444", "content": "\u203c CVE-2023-43891 \u203c\n\nNetis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the Changing Username and Password function. This vulnerability is exploited via a crafted payload.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-03T02:47:24.000000Z"}, {"uuid": "17619d80-4786-44f3-b295-59e9e1b5554a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-43899", "type": "seen", "source": "https://t.me/cibsecurity/71876", "content": "\u203c CVE-2023-43899 \u203c\n\nhansun CMS v1.0 was discovered to contain a SQL injection vulnerability via the component /ajax/ajax_login.ashx.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-10T02:16:09.000000Z"}, {"uuid": "e7a75109-228b-483c-994a-7c4eea2bae71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-43890", "type": "seen", "source": "https://t.me/cibsecurity/71434", "content": "\u203c CVE-2023-43890 \u203c\n\nNetis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the diagnostic tools page. This vulnerability is exploited via a crafted HTTP request.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-03T00:40:44.000000Z"}, {"uuid": "c2fcc30e-7351-4a3e-aa92-79dc6f16474c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-43898", "type": "seen", "source": "https://t.me/cibsecurity/71529", "content": "\u203c CVE-2023-43898 \u203c\n\nNothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted pic file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-04T00:24:30.000000Z"}, {"uuid": "d9939b38-8e51-4e8a-99a4-0577d04632b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-43892", "type": "seen", "source": "https://t.me/cibsecurity/71449", "content": "\u203c CVE-2023-43892 \u203c\n\nNetis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the Hostname parameter within the WAN settings. This vulnerability is exploited via a crafted payload.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-03T02:47:29.000000Z"}, {"uuid": "23a83e84-509d-4b9e-b78b-5dc58b573428", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-43893", "type": "seen", "source": "https://t.me/cibsecurity/71446", "content": "\u203c CVE-2023-43893 \u203c\n\nNetis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the wakeup_mac parameter in the Wake-On-LAN (WoL) function. This vulnerability is exploited via a crafted payload.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-03T02:47:26.000000Z"}, {"uuid": "7b794089-a6b1-498e-8bdb-34a21224f84c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4389", "type": "seen", "source": "https://t.me/cibsecurity/68680", "content": "\u203c CVE-2023-4389 \u203c\n\nA flaw was found in btrfs_get_root_ref in fs/btrfs/disk-io.c in the btrfs filesystem in the Linux Kernel due to a double decrement of the reference count. This issue may allow a local attacker with user privilege to crash the system or may lead to leaked internal kernel information.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-16T22:47:12.000000Z"}]}