{"vulnerability": "CVE-2021-3422", "sightings": [{"uuid": "a0a2e5d2-06ff-48eb-826b-3e29ff47585e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-34220", "type": "seen", "source": "https://t.me/cibsecurity/27648", "content": "\u203c CVE-2021-34220 \u203c\n\nCross-site scripting in tr069config.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the \"User Name\" field or \"Password\" field.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-20T20:19:25.000000Z"}, {"uuid": "ce635e1a-0e4b-4cf2-8dd1-e4241792799d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3422", "type": "seen", "source": "https://t.me/cibsecurity/39553", "content": "\u203c CVE-2021-3422 \u203c\n\nThe lack of validation of a key-value field in the Splunk-to-Splunk protocol results in a denial-of-service in Splunk Enterprise instances configured to index Universal Forwarder traffic. See https://docs.splunk.com/Documentation/Splunk/latest/Forwarding/Enableareceiver for more information on configuring an indexer to listen for UF traffic. It does not impact Universal Forwarders. When Splunk forwarding is secured using TLS or a Token, the attack requires compromising the certificate or token, or both. As a partial mitigation and a security best practice, see https://docs.splunk.com/Documentation/Splunk/latest/Security/ConfigureSplunkforwardingtousesignedcertificates and https://docs.splunk.com/Documentation/Forwarder/latest/Forwarder/Controlforwarderaccess. Implementation of either or both reduces the severity to Medium.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-25T21:30:56.000000Z"}, {"uuid": "d25a9022-b6b3-48a3-ba25-1413506d1157", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-34223", "type": "seen", "source": "https://t.me/cibsecurity/27645", "content": "\u203c CVE-2021-34223 \u203c\n\nCross-site scripting in urlfilter.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the \"URL Address\" field.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-20T20:19:21.000000Z"}, {"uuid": "3fbc8c6d-5adf-4647-868f-2ecafc9d1bf9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-34228", "type": "seen", "source": "https://t.me/cibsecurity/27643", "content": "\u203c CVE-2021-34228 \u203c\n\nCross-site scripting in parent_control.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the \"Description\" field and \"Service Name\" field.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-20T20:19:19.000000Z"}]}