{"vulnerability": "CVE-2024-4159", "sightings": [{"uuid": "65132322-5d98-4adf-a463-1ea6a3abe972", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41592", "type": "seen", "source": "https://bsky.app/profile/r-blueteamsec.bsky.social/post/3lfg7gqembb2q", "content": "", "creation_timestamp": "2025-01-10T22:09:32.568864Z"}, {"uuid": "401224d0-9528-4405-8cdb-c1847b48b4be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41591", "type": "seen", "source": "https://t.me/cvedetector/6930", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41591 - DrayTek Vigor3910 DOM-Based Reflected Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2024-41591 \nPublished : Oct. 3, 2024, 7:15 p.m. | 19\u00a0minutes ago \nDescription : DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-03T21:38:18.000000Z"}, {"uuid": "432e4a4b-2c3a-4b9a-8e6b-982c6ad6cc4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41591", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7576", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-41591\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS.\n\ud83d\udccf Published: 2024-10-03T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-14T15:36:23.805Z\n\ud83d\udd17 References:\n1. https://www.forescout.com/resources/draytek14-vulnerabilities\n2. https://www.forescout.com/resources/draybreak-draytek-research/", "creation_timestamp": "2025-03-14T15:43:27.000000Z"}, {"uuid": "0cf667d1-d16e-446a-abf3-cc743b6022a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41597", "type": "seen", "source": "https://t.me/cvedetector/1232", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41597 - ProcessWire Cross Site Request Forgery (CSRF) Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-41597 \nPublished : July 19, 2024, 8:15 p.m. | 35\u00a0minutes ago \nDescription : Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execute arbitrary code via a crafted HTML file to the comments functionality. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-19T22:53:52.000000Z"}, {"uuid": "41ced91a-613d-421e-a4f0-07c6cf678b4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41595", "type": "seen", "source": "https://t.me/cvedetector/6934", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41595 - DrayTek Vigor310 CGI Page Buffer Overflow/ DOS Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-41595 \nPublished : Oct. 3, 2024, 7:15 p.m. | 19\u00a0minutes ago \nDescription : DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to change settings or cause a denial of service via .cgi pages because of missing bounds checks on read and write operations. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-03T21:38:24.000000Z"}, {"uuid": "fa9686aa-5be2-4c56-ae8e-5a1961541707", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41594", "type": "seen", "source": "https://t.me/cvedetector/6933", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41594 - DrayTek Vigor310 OpenSSL Static Seed Information Leak\", \n  \"Content\": \"CVE ID : CVE-2024-41594 \nPublished : Oct. 3, 2024, 7:15 p.m. | 19\u00a0minutes ago \nDescription : An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-03T21:38:23.000000Z"}, {"uuid": "b7d40207-694a-4a34-b5c9-155823f474e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41593", "type": "seen", "source": "https://t.me/cvedetector/6932", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41593 - DrayTek Vigor310 Remote Heap-Based Buffer Overflow\", \n  \"Content\": \"CVE ID : CVE-2024-41593 \nPublished : Oct. 3, 2024, 7:15 p.m. | 19\u00a0minutes ago \nDescription : DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy call, leading to a heap-based Buffer Overflow. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-03T21:38:23.000000Z"}, {"uuid": "9a50afa1-0139-4133-850a-f39292464c25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41592", "type": "seen", "source": "https://t.me/cvedetector/6931", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41592 - DrayTek Vigor3910 Stack-Based Overflow Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-41592 \nPublished : Oct. 3, 2024, 7:15 p.m. | 19\u00a0minutes ago \nDescription : DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-03T21:38:19.000000Z"}, {"uuid": "181d2536-a497-40c7-b0f7-d37393faa795", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41590", "type": "seen", "source": "https://t.me/cvedetector/6929", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41590 - DrayTek Vigor310 Buffer Overflow Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-41590 \nPublished : Oct. 3, 2024, 7:15 p.m. | 19\u00a0minutes ago \nDescription : Several CGI endpoints are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strcpy function on DrayTek Vigor310 devices through 4.3.2.6. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-03T21:38:17.000000Z"}, {"uuid": "91355439-ca1f-4a49-a080-5ba1dc46e147", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41596", "type": "seen", "source": "https://t.me/cvedetector/6924", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41596 - DrayTek Vigor310 Buffer Overflow Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-41596 \nPublished : Oct. 3, 2024, 7:15 p.m. | 19\u00a0minutes ago \nDescription : Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 (in the Vigor management UI) because of improper retrieval and handling of the CGI form parameters. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-03T21:38:11.000000Z"}, {"uuid": "85565725-cb8b-40ae-9dd3-56265b926690", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41599", "type": "seen", "source": "https://t.me/cvedetector/1230", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41599 - \"RuoYi Cross Site Scripting\"\", \n  \"Content\": \"CVE ID : CVE-2024-41599 \nPublished : July 19, 2024, 8:15 p.m. | 35\u00a0minutes ago \nDescription : Cross Site Scripting vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the file upload method \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-19T22:53:50.000000Z"}, {"uuid": "23a8aaa6-1eb4-4c82-809d-d0266ca3f7fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41592", "type": "seen", "source": "https://t.me/true_secator/6544", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Forescout\u00a0\u0438\u00a0PRODAFT \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0438 \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u043d\u044b\u0439 \u043e\u0442\u0447\u0435\u0442 \u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u043e\u0439 \u043d\u0430 \u0431\u043e\u043b\u0435\u0435 \u0447\u0435\u043c 20\u00a0000 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 DrayTek Vigor \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u043c\u0438\u0440\u0443.\n\n\u041e\u0434\u043d\u043e\u0439 \u0438\u0437 \u0436\u0435\u0440\u0442\u0432 \u0438\u0437\u0443\u0447\u0430\u0435\u043c\u043e\u0439 \u043c\u0430\u0441\u0448\u0442\u0430\u0431\u043d\u043e\u0439 \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u043e\u0439 \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 DrayTek \u0441\u0442\u0430\u043b\u043e\u00a0\u041f\u043e\u043b\u0438\u0446\u0435\u0439\u0441\u043a\u043e\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0411\u043e\u043b\u044c\u0448\u043e\u0433\u043e \u041c\u0430\u043d\u0447\u0435\u0441\u0442\u0435\u0440\u0430, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u043f\u043e\u0434\u0432\u0435\u0440\u0433\u043b\u043e\u0441\u044c \u0430\u0442\u0430\u043a\u0435 \u0432\u0438\u0440\u0443\u0441\u0430-\u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044f \u0432 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u0435 \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e \u0433\u043e\u0434\u0430.\n\n\u041a\u0430\u043a \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438, \u0441 \u0430\u0432\u0433\u0443\u0441\u0442\u0430 \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e \u0433\u043e\u0434\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0442\u0430\u0439\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 0-day \u0432 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u0430\u0445 DrayTek \u0434\u043b\u044f \u0432\u0437\u043b\u043e\u043c\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432, \u043a\u0440\u0430\u0436\u0438 \u043f\u0430\u0440\u043e\u043b\u0435\u0439, \u0430 \u0437\u0430\u0442\u0435\u043c \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c-\u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0435\u0439 \u0432 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u044b\u0445 \u0441\u0435\u0442\u044f\u0445.\n\n\u0410\u0442\u0430\u043a\u0438 \u0431\u044b\u043b\u0438 \u0441\u043e\u0432\u0435\u0440\u0448\u0435\u043d\u044b \u0433\u0440\u0443\u043f\u043f\u043e\u0439 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432, \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0439 \u043a\u0430\u043a\u00a0Monstrous Mantis,\u00a0\u043a\u043e\u0442\u043e\u0440\u0430\u044f, \u043a\u0430\u043a \u043f\u043e\u043b\u0430\u0433\u0430\u044e\u0442, \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0431\u0430\u043d\u0434\u043e\u0439 \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0435\u0439 Ragnar Locker.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043b \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u0434\u043b\u044f \u0438\u0437\u0432\u043b\u0435\u0447\u0435\u043d\u0438\u044f \u043f\u0430\u0440\u043e\u043b\u0435\u0439 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u043e\u0432 DrayTek Vigor, \u0430 \u0437\u0430\u0442\u0435\u043c \u043f\u0435\u0440\u0435\u0434\u0430\u0432\u0430\u043b \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u0430\u043c, \u0434\u0432\u043e\u0435 \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0431\u044b\u043b\u0438 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u044b \u043a\u0430\u043a \u0434\u0430\u0432\u043d\u0438\u0435 \u0443\u0447\u0430\u0441\u0442\u043d\u0438\u043a\u0438 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 Ransomware-as-a-Service.\n\n\u0418\u0437\u0431\u0438\u0440\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u0434\u0435\u043b\u044f\u0441\u044c \u0440\u0430\u0441\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c\u0438 \u0443\u0447\u0435\u0442\u043d\u044b\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u043c\u0438 \u0441 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u043c\u0438 \u043f\u0430\u0440\u0442\u043d\u0435\u0440\u0430\u043c\u0438, Monstrous Mantis \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u043b \u0436\u0435\u0441\u0442\u043a\u0438\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0440\u0430\u0441\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u0435\u043c \u0436\u0435\u0440\u0442\u0432 \u0438 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u043b \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0443\u044e \u0441\u0435\u043a\u0440\u0435\u0442\u043d\u043e\u0441\u0442\u044c.\n\n\u041e\u043d\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u044d\u0442\u0438 \u043f\u0430\u0440\u043e\u043b\u0438 \u0434\u043b\u044f \u0432\u0437\u043b\u043e\u043c\u0430 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0439, \u0430 \u0437\u0430\u0442\u0435\u043c \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u043b\u0438 \u0442\u0430\u043a\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b-\u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0438, \u043a\u0430\u043a RagnarLocker, Qilin, Nokoyawa \u0438\u043b\u0438 RansomHouse.\n \n\u041f\u0435\u0440\u0432\u0430\u044f \u043f\u0430\u0440\u0442\u043d\u0435\u0440\u0441\u043a\u0430\u044f \u0433\u0440\u0443\u043f\u043f\u0430 \u0431\u044b\u043b\u0430 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0430 \u043a\u0430\u043a Ruthless Mantis (PTI-288), \u0431\u044b\u0432\u0448\u0438\u0439 \u0444\u0438\u043b\u0438\u0430\u043b \u0431\u0430\u043d\u0434\u044b REvil.\n\n\u0421\u043e\u0441\u0440\u0435\u0434\u043e\u0442\u043e\u0447\u0438\u0432\u0448\u0438\u0441\u044c \u043f\u0440\u0435\u0438\u043c\u0443\u0449\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u043d\u0430 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044f\u0445 \u0432 \u0412\u0435\u043b\u0438\u043a\u043e\u0431\u0440\u0438\u0442\u0430\u043d\u0438\u0438 \u0438 \u041d\u0438\u0434\u0435\u0440\u043b\u0430\u043d\u0434\u0430\u0445, \u043e\u043d\u0438 \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u043d\u0435 \u043c\u0435\u043d\u0435\u0435 337 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0439, \u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u044f Nokoyawa \u0438 Qilin.\n\n\u041f\u0440\u043e\u0444\u0438\u043b\u044c \u0438\u0445 \u0436\u0435\u0440\u0442\u0432 \u0432\u0430\u0440\u044c\u0438\u0440\u043e\u0432\u0430\u043b\u0441\u044f \u043e\u0442 \u043a\u0440\u0443\u043f\u043d\u044b\u0445 \u043f\u0440\u0435\u0434\u043f\u0440\u0438\u044f\u0442\u0438\u0439 \u0434\u043e \u041c\u0421\u041f, \u0447\u0442\u043e \u043f\u043e\u0434\u0447\u0435\u0440\u043a\u0438\u0432\u0430\u0435\u0442 \u0438\u0445 \u043d\u0435\u0438\u0437\u0431\u0438\u0440\u0430\u0442\u0435\u043b\u044c\u043d\u0443\u044e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0441\u0435\u0442\u0435\u0439 \u0434\u043b\u044f \u043c\u0430\u043a\u0441\u0438\u043c\u0438\u0437\u0430\u0446\u0438\u0438 \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f.\n\n\u0412\u0442\u043e\u0440\u043e\u0439 \u043f\u0430\u0440\u0442\u043d\u0435\u0440 \u0431\u044b\u043b \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d \u043a\u0430\u043a LARVA-15, \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0439 \u043a\u0430\u043a Wazawaka. \u0415\u0433\u043e \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u043b\u0438\u0441\u044c \u043d\u0430 \u0412\u0435\u043b\u0438\u043a\u043e\u0431\u0440\u0438\u0442\u0430\u043d\u0438\u044e, \u041d\u0438\u0434\u0435\u0440\u043b\u0430\u043d\u0434\u044b, \u0410\u0432\u0441\u0442\u0440\u0430\u043b\u0438\u044e, \u0422\u0430\u0439\u0432\u0430\u043d\u044c, \u0418\u0442\u0430\u043b\u0438\u044e, \u041f\u043e\u043b\u044c\u0448\u0443, \u0424\u0440\u0430\u043d\u0446\u0438\u044e, \u0413\u0435\u0440\u043c\u0430\u043d\u0438\u044e \u0438 \u0422\u0443\u0440\u0446\u0438\u044e.\n\nForescout \u0438 PRODAFT \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u044e\u0442, \u0447\u0442\u043e LARVA-15 \u043d\u0435 \u0432\u043d\u0435\u0434\u0440\u044f\u043b ransomware \u0441\u0430\u043c\u043e\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e, \u0430 \u0432\u044b\u0441\u0442\u0443\u043f\u0430\u043b \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u0431\u0440\u043e\u043a\u0435\u0440\u0430 \u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (IAB), \u043c\u043e\u043d\u0435\u0442\u0438\u0437\u0438\u0440\u0443\u044f \u0441\u0432\u043e\u0438 \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u044f.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c Forescout \u0442\u0430\u043a \u0438 \u043d\u0435 \u0443\u0434\u0430\u043b\u043e\u0441\u044c \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0438\u043b\u0438 \u0441\u0432\u044f\u0437\u0430\u0442\u044c \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u0443\u044e 0-day \u0441 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0439 CVE, \u0438 \u0434\u0430\u0436\u0435 \u043d\u0435\u044f\u0441\u043d\u043e, \u0431\u044b\u043b\u0430 \u043b\u0438 \u043e\u043d\u0430 \u0432\u043e\u043e\u0431\u0449\u0435 \u043a\u043e\u0433\u0434\u0430-\u043b\u0438\u0431\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u044e\u0442, \u0447\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043f\u043e \u0432\u0441\u0435\u0439 \u0432\u0438\u0434\u0438\u043c\u043e\u0441\u0442\u0438, \u0431\u044b\u043b\u0430 \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u0430 \u043d\u0430 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442 \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0438 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u0430 (mainfunction.cgi), \u043a\u043e\u0442\u043e\u0440\u044b\u0439, \u043a\u0430\u043a \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e, \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u0442 \u0431\u043e\u043b\u044c\u0448\u043e\u0439 \u0431\u0430\u0433\u0430\u0436 \u043d\u0430\u043a\u043e\u043f\u043b\u0435\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439: 22 \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u043d\u044b\u0445 \u043d\u043e\u0432\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439 CVE \u0441 \u043c\u043e\u043c\u0435\u043d\u0442\u0430 \u0432\u044b\u043f\u0443\u0441\u043a\u0430 Forescout \u043e\u0442\u0447\u0435\u0442\u0430 Dray:Break.\n\n\u041f\u0440\u0438\u0447\u0435\u043c \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e \u0438\u0437 \u044d\u0442\u0438\u0445 \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0438\u043c\u0435\u044e\u0442 \u043e\u0431\u0449\u0438\u0435 \u043f\u0435\u0440\u0432\u043e\u043f\u0440\u0438\u0447\u0438\u043d\u044b, \u0441\u0445\u043e\u0436\u0438\u0435 \u0441 CVE-2020-8515, \u0438 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0442 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 Forescout \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0432 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0438 DrayTek (CVE-2024-41592).\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0441\u0435\u0442\u0443\u044e\u0442, \u0447\u0442\u043e \u0441\u043e\u0445\u0440\u0430\u043d\u0435\u043d\u0438\u0435 \u043f\u043e\u0434\u043e\u0431\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043f\u043e\u0434\u0447\u0435\u0440\u043a\u0438\u0432\u0430\u0435\u0442 \u0442\u0440\u0435\u0432\u043e\u0436\u043d\u0443\u044e \u0442\u0435\u043d\u0434\u0435\u043d\u0446\u0438\u044e: \u043f\u043e\u043a\u0430 \u044d\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0441\u0442\u0430\u044e\u0442\u0441\u044f \u043d\u0435\u0440\u0435\u0448\u0435\u043d\u043d\u044b\u043c\u0438, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f, \u0441\u043a\u043e\u0440\u0435\u0435 \u0432\u0441\u0435\u0433\u043e, \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0438\u0442\u0441\u044f \u043d\u0435 \u0442\u043e\u043b\u044c\u043a\u043e \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 DrayTek, \u043d\u043e \u0438 \u043d\u0430 \u0434\u0440\u0443\u0433\u0438\u0445 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430\u0445.", "creation_timestamp": "2024-12-16T13:40:18.000000Z"}]}