/
/
Weekly Threat & Vulnerabilities Report

Weekly Threat & Vulnerabilities Report

Report
June 28, 2024
Profile Icon

Jason Franscisco

CVE-2024-29973
arrow pointing top right
Command Injection
CISA-KEV
OSS
Zero Day
Critical
Affected Product
Zyxel NAS326 firmware
Exploited-in-Wild

False

CVSS Score
9.8
EPSS Score
0.93664
CVE-2024-5806
arrow pointing top right
Improper Authentication
CISA-KEV
OSS
Zero Day
Critical
Affected Product
MOVEit Transfer
Exploited-in-Wild
CVSS Score
9.1
EPSS Score
0.00043
CVE-2024-28995
arrow pointing top right
Path Traversal
CISA-KEV
OSS
Zero Day
High
Affected Product
SolarWinds Serv-U
Exploited-in-Wild
CVSS Score
7.5
EPSS Score
0.34343
CVE-2022-2586
arrow pointing top right
Use-After-Free
CISA-KEV
OSS
Zero Day
High
Affected Product
Linux Kernel
CVSS Score
7.8
EPSS Score
0.01048
CVE-2022-24816
arrow pointing top right
Remote Code Execution
CISA-KEV
OSS
Zero Day
Critical
Affected Product
GeoSolutionsGroup JAI-EXT
CVSS Score
9.8
EPSS Score
0.96777
CVE-2020-13965
arrow pointing top right
Stored Cross Site Scripting
CISA-KEV
OSS
Zero Day
Medium
Affected Product
Roundcube Webmail
CVSS Score
6.1
EPSS Score
0.00483
Exploit Activity and Mass Scanning Observed on Cytellite Sensors
Telemetry collected from Loginsoft sensors were analyzed and processed to derive insights on what is actively being exploited and actively being scanned.  As source of truth, source IPv4 addresses & payloads can be provided on need-to-know basis.
CVE-2024-23692
arrow pointing top right
CISA-KEV
Critical

Template Injection vulnerability in Rejetto HTTP File Server 2.3m

Affected Products
Rejetto HTTP File Server
Exploited-in-Wild

False

CVE-2023-4415
arrow pointing top right
CISA-KEV
High

Improper Authentication vulnerability in Ruijie RG-EW1200G 07161417 r483

Affected Products
Ruijie RG-EW1200G 07161417 r483
Exploited-in-Wild

False

CVE-2023-38646
arrow pointing top right
CISA-KEV
Critical

Remote code execution vulnerability in Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1.

Affected Products
Metabase open source/Enterprise
CVE-2023-33010
arrow pointing top right
CISA-KEV
Critical

Buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions leads to denial of service or remote code execution on affected device

Affected Products
Zyxel ATP series firmware
CVE-2023-20198
arrow pointing top right
CISA-KEV
Critical

Privilege escalation vulnerability in web UI feature of Cisco IOS XE Software

Affected Products
Cisco IOS XE Web UI
Exploited-in-Wild
CVE-2023-26801
arrow pointing top right
CISA-KEV
Critical

Command injection vulnerability in LB-LINK devices.

Affected Products
LB-LINK
Exploited-in-Wild
CVE-2023-20073
arrow pointing top right
CISA-KEV
Critical

Arbitrary File Upload Vulnerability in Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers

Affected Products
Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers
Exploited-in-Wild

False

CVE-2023-1389
arrow pointing top right
CISA-KEV
High

Command Injection Vulnerability in TP-Link Archer AX-21.

Affected Products
TP-Link Archer AX-21
Exploited-in-Wild
CVE-2022-30023
arrow pointing top right
CISA-KEV
High

Command injection vulnerability via the Ping function in Tenda Products.

Affected Products
Tenda Devices
Exploited-in-Wild
CVE-2022-41040
arrow pointing top right
CISA-KEV
High

Server-Side Request Forgery (SSRF) vulnerability in Microsoft Exchange Server

Affected Products
Microsoft Exchange Server
Exploited-in-Wild
Vulnerabilities abused by Botnet
Identified vulnerabilities exploited by Botnets, including recent CVEs logged in Malware Information Sharing Platform (MISP). Presenting the top 5 CVEs with payloads suggestive of Botnet activities, like utilizing wget with IP addresses.

An unauthenticated command injection vulnerability found in the TP-Link Archer AX21 WiFi router.

Command injection vulnerability in LB-LINK BL-AC1900_2.0 1.0.1, BL-WR9000 2.4.9, BL-X26 1.2.5 and BL-LTE300 1.0.8

Affected Product
LB-LINK BL Devices
Abused by Botnet

Remote code execution vulnerability in Huawei HG532 router

Affected Product
Huawei HG532
Abused by Botnet

Improper protocol access control vulnerability in Eir D1000 modem.

Affected Product
Eir D1000 modem
Abused by Botnet

Arbitrary command execution vulnerability in D-Link DIR-645 Wired/Wireless Router

Affected Product
D-Link DIR-645 Wired/Wireless Router
Vulnerabilities Abused by Malware
We proactively monitor the vulnerabilities which are targeted by adversaries. Each vulnerability is humanly studied and mapped with Mitre ATT&CK tactics and techniques. Source of information is derived from our vulnerability intelligence platform collected and curated information from various sources such as Twitter, Telegram, OSINT groups, Blogs, Data leak sites and more.

Command Injection vulnerability in “setCookie” parameter in Zyxel NAS326 and NAS542 devices

Missing Authentication for Critical Function vulnerability in UNIMO Technology digital video recorders and UDR-JA1016 firmware

Use-After-Free vulnerability in Linux Kernel nft_object leads to privilege escalation

PRE-NVD observed for this week
It refers to vulnerabilities discovered and potentially exploited before their official inclusion in the National Vulnerability Database. The LOVI Platform aggregates and distributes data from open sources and social media, currently tracking over 100 security alerts and planning to expand.
CVE-2024-1867
arrow pointing top right
Local Privilege Escalation
Affected Product
G DATA Total Security
CVE-2024-33605
arrow pointing top right
Path Traversal
Affected Product
Sharp and Toshiba Tec multi-function printers
CVE-2024-2201
arrow pointing top right
Information Disclosure
Affected Product
Native Spectre v2
CVE-2024-23937
arrow pointing top right
Information Disclosure
Affected Product
Silicon Labs Gecko OS
CVE-2024-23935
arrow pointing top right
Stack-based Buffer Overflow
Affected Product
Alpine Halo9
Reference
CVE-2023-4458
arrow pointing top right
Out-Of-Bounds Read
Affected Product
Linux Kernel
Reference

Sign up to our Newsletter