{"vulnerability": "CVE-2024-4168", "sightings": [{"uuid": "7dbee94f-1cfb-4123-9d0f-0b2e6fc1c21a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4168", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/79", "content": "\ud83d\udccc **CVE ID**: GHSA-r5j8-58v3-g23g\n\ud83d\udd17 **Aliases**: CVE-2024-41768\n\ud83d\udd39 **Details**: IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause an unhandled SSL exception which could leave the connection in an unexpected or insecure state.\n\ud83d\udd22 **Severity**: CVSS_V3: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L\n\ud83d\uddd3\ufe0f **Modified**: 2025-01-04T15:30:45Z\n\ud83d\uddd3\ufe0f **Published**: 2025-01-04T15:30:45Z\n\ud83c\udff7\ufe0f **CWE IDs**: CWE-544\n\ud83d\udd17 **References**:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-4168\n2. https://www.ibm.com/support/pages/node/180202", "creation_timestamp": "2025-01-05T01:35:35.000000Z"}, {"uuid": "8e0f8077-1495-4b6b-a8ee-cf544223280c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4168", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/101", "content": "\ud83d\udccc **CVE ID**: GHSA-r5j8-58v3-g23g\n\ud83d\udd17 **Aliases**: CVE-2024-41768\n\ud83d\udd39 **Details**: IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause an unhandled SSL exception which could leave the connection in an unexpected or insecure state.\n\ud83d\udd22 **Severity**: CVSS_V3: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L\n\ud83d\uddd3\ufe0f **Modified**: 2025-01-04T15:30:45Z\n\ud83d\uddd3\ufe0f **Published**: 2025-01-04T15:30:45Z\n\ud83c\udff7\ufe0f **CWE IDs**: CWE-544\n\ud83d\udd17 **References**:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-4168\n2. https://www.ibm.com/support/pages/node/180202", "creation_timestamp": "2025-01-05T01:38:22.000000Z"}, {"uuid": "c3bbda42-c837-4afe-9ce4-56e68f527b8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4168", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/57", "content": "\ud83d\udccc **CVE ID**: GHSA-r5j8-58v3-g23g\n\ud83d\udd17 **References**:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-4168\n2. https://www.ibm.com/support/pages/node/180202", "creation_timestamp": "2025-01-05T01:32:53.000000Z"}, {"uuid": "69fe3ff1-2f6e-4275-bb1f-876dd735560e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41681", "type": "seen", "source": "https://t.me/cvedetector/2983", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41681 - Oracle Location Intelligence DES & MD5 Encryption Downgrade Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-41681 \nPublished : Aug. 13, 2024, 8:15 a.m. | 58\u00a0minutes ago \nDescription : A vulnerability has been identified in Location Intelligence family (All versions Severity: 6.7 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-13T11:15:20.000000Z"}, {"uuid": "7c9730b6-77a6-463f-9534-6e7af0a1de40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41683", "type": "seen", "source": "https://t.me/cvedetector/2981", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41683 - \"Location Intelligence Weak Password Enforcement\"\", \n  \"Content\": \"CVE ID : CVE-2024-41683 \nPublished : Aug. 13, 2024, 8:15 a.m. | 58\u00a0minutes ago \nDescription : A vulnerability has been identified in Location Intelligence family (All versions Severity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-13T11:15:15.000000Z"}, {"uuid": "4aaf9f74-1d7c-4ddc-abda-be10e5736161", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41682", "type": "seen", "source": "https://t.me/cvedetector/2980", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41682 - \"Location Intelligence Unauthenticated Brute Force Authentication bypass\"\", \n  \"Content\": \"CVE ID : CVE-2024-41682 \nPublished : Aug. 13, 2024, 8:15 a.m. | 58\u00a0minutes ago \nDescription : A vulnerability has been identified in Location Intelligence family (All versions Severity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-13T11:15:14.000000Z"}, {"uuid": "0d408b5f-e7a6-48c5-9101-a260b040f12c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41685", "type": "seen", "source": "https://t.me/cvedetector/1684", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41685 - SyroTech SY-GPON-1110-WDONT Router Missing HTTPOnly Flag for Session Cookies\", \n  \"Content\": \"CVE ID : CVE-2024-41685 \nPublished : July 26, 2024, 12:15 p.m. | 55\u00a0minutes ago \nDescription : This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing HTTPOnly flag for the session cookies associated with the router's web management interface. An attacker with remote access could exploit this by intercepting transmission within an HTTP session on the vulnerable system.  \n  \nSuccessful exploitation of this vulnerability could allow the attacker to capture cookies and obtain sensitive information on the targeted system. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-26T15:30:13.000000Z"}, {"uuid": "e168749d-fa14-4553-bc2d-7a12e712c5ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41684", "type": "seen", "source": "https://t.me/cvedetector/1683", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41684 - SyroTech SY-GPON-1110-WDONT Router Session Cookie Hijacking Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-41684 \nPublished : July 26, 2024, 12:15 p.m. | 55\u00a0minutes ago \nDescription : This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing secure flag for the session cookies associated with the router's web management interface. An attacker with remote access could exploit this by intercepting transmission within an HTTP session on the vulnerable system.  \n  \nSuccessful exploitation of this vulnerability could allow the attacker to capture cookies and compromise the targeted system. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-26T15:30:09.000000Z"}, {"uuid": "5230f022-d797-4db4-a6fb-b3dce7b884e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41688", "type": "seen", "source": "https://t.me/cvedetector/1677", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41688 - SyroTech SY-GPON-1110-WDONT Router Unencrypted Credential Storage Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-41688 \nPublished : July 26, 2024, 12:15 p.m. | 55\u00a0minutes ago \nDescription : This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due lack of encryption in storing of usernames and passwords within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext credentials on the vulnerable system.  \n  \nSuccessful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted system. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-26T15:30:03.000000Z"}, {"uuid": "9a975fb6-ab28-437b-8b9a-ff07d914ffba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41686", "type": "seen", "source": "https://t.me/cvedetector/1676", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41686 - SyroTech SY-GPON-1110-WDONT Router Password Policy Implementation Vulnerability (Insufficient Password Complexity)\", \n  \"Content\": \"CVE ID : CVE-2024-41686 \nPublished : July 26, 2024, 12:15 p.m. | 55\u00a0minutes ago \nDescription : This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to improper implementation of password policies. A local attacker could exploit this by creating password that do not adhere to the defined security standards/policy on the vulnerable system.  \n  \nSuccessful exploitation of this vulnerability could allow the attacker to expose the router to potential security threats. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-26T15:29:59.000000Z"}, {"uuid": "093abc54-ead0-4ffd-ba7d-a2b2c8c6dac1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41687", "type": "seen", "source": "https://t.me/cvedetector/1682", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41687 - \"SyroTech SY-GPON-1110-WDONT Plain Text Password Transmit Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-41687 \nPublished : July 26, 2024, 12:15 p.m. | 55\u00a0minutes ago \nDescription : This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to transmission of password in plain text. A remote attacker could exploit this vulnerability by intercepting transmission within an HTTP session on the vulnerable system.  \n  \nSuccessful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted system. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-26T15:30:08.000000Z"}, {"uuid": "4c6da4b3-6728-4c36-a17e-59604c128113", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41689", "type": "seen", "source": "https://t.me/cvedetector/1679", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41689 - SyroTech SY-GPON-1110-WDONT Router WPA/WPS Credentials Exposure\", \n  \"Content\": \"CVE ID : CVE-2024-41689 \nPublished : July 26, 2024, 12:15 p.m. | 55\u00a0minutes ago \nDescription : This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to unencrypted storing of WPA/ WPS credentials within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext WPA/ WPS credentials on the vulnerable system.  \n  \nSuccessful exploitation of this vulnerability could allow the attacker to bypass WPA/ WPS and gain access to the Wi-Fi network of the targeted system. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-26T15:30:05.000000Z"}]}