{"vulnerability": "CVE-2022-3876", "sightings": [{"uuid": "5d4c8b97-75e4-4c9a-bf75-25223806008a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38766", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3048", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aPoC for vulnerability in Renault ZOE Keyless System(CVE-2022-38766)\nURL\uff1ahttps://github.com/AUTOCRYPT-IVS-VnV/CVE-2022-38766\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-08-26T16:58:46.000000Z"}, {"uuid": "9cdae38f-6626-42ee-9836-dfe9bbfaff9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38767", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13503", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-38767\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure.\n\ud83d\udccf Published: 2022-11-25T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-25T18:44:18.928Z\n\ud83d\udd17 References:\n1. https://windriver.com\n2. https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2022-38767", "creation_timestamp": "2025-04-25T19:07:25.000000Z"}, {"uuid": "a950e3a3-2843-4c06-a1d0-5255c776a29c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38766", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11254", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-38766\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The remote keyless system on Renault ZOE 2021 vehicles sends 433.92 MHz RF signals from the same Rolling Codes set for each door-open request, which allows for a replay attack.\n\ud83d\udccf Published: 2023-01-03T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-10T15:37:10.779Z\n\ud83d\udd17 References:\n1. https://github.com/AUTOCRYPT-IVS-VnV/CVE-2022-38766", "creation_timestamp": "2025-04-10T15:48:56.000000Z"}, {"uuid": "99d0f93f-a34c-44d8-bf9a-51c7df5d5bc2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38766", "type": "seen", "source": "https://t.me/arpsyndicate/533", "content": "#ExploitObserverAlert\n\nCVE-2022-38766\n\nDESCRIPTION: Exploit Observer has 7 entries related to CVE-2022-38766. The remote keyless system on Renault ZOE 2021 vehicles sends 433.92 MHz RF signals from the same Rolling Codes set for each door-open request, which allows for a replay attack.\n\nFIRST-EPSS: 0.000450000\nNVD-IS: 5.2\nNVD-ES: 2.8", "creation_timestamp": "2023-11-24T14:55:39.000000Z"}, {"uuid": "f26b0cdb-a40c-4174-886d-53c68abff7c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38766", "type": "seen", "source": "https://t.me/arpsyndicate/1643", "content": "#ExploitObserverAlert\n\nCVE-2022-38766\n\nDESCRIPTION: Exploit Observer has 7 entries related to CVE-2022-38766. The remote keyless system on Renault ZOE 2021 vehicles sends 433.92 MHz RF signals from the same Rolling Codes set for each door-open request, which allows for a replay attack.\n\nFIRST-EPSS: 0.000450000\nNVD-IS: 5.2\nNVD-ES: 2.8", "creation_timestamp": "2023-12-10T15:08:46.000000Z"}, {"uuid": "c56850b7-d71e-4a17-bebb-c18440f72caf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38766", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/182", "content": "Drone Hacking Tool\n\nA GUI tool that works with a USB Wifi adapter and HackRF One for hacking drones.\n\nDrones, as a high mobility item that can be carried around easily and launched, are becoming cheaper and more popular among the public, they can be seen almost anywhere nowadays.\n\nHowever, the drone built-in flying cameras could use for illegal usage like candid photos on private property. This shows drones clearly present risks to public safety and personal privacy.\n\nTherefore, we are working on using wireless connection methods (Wi-Fi, GPS) to hack it and take over. In this project, our goal is to capture drones to stop users with malicious intent for proof of concept and a sense of accomplishment.\n\nhttps://github.com/HKSSY/Drone-Hacking-Tool\n\nzyxel ipc camera pwn\n\nThis is a minimal proof of concept to remotely open a root shell on a Zyxel IP enabled camera. Known vulnerable models are:\n\n\u25ab\ufe0f Zyxel IPC-3605N\n\u25ab\ufe0f Zyxel IPC-4605N\n\nhttps://github.com/hydrogen18/zyxel_ipc_camera_pwn\n\nRFID Gooseneck\n\nTraditional RFID badge cloning methods require you to be within 3 feet of your target, so how can you conduct a socially distanced physical penetration test and clone a badge if you must stay at least 6 feet from a person? Since 2020, companies have increasingly adopted a hybrid work environment, allowing employees to partially work remotely which has decreased the amount of foot traffic in and out of a building at any given time. \n\nSo after throwing around some ideas I thought, why not create a mobile long-range reader device that we could deploy early in the morning at a client site and let it do all the work for us. This project guide contains an entry-level hardware design that you can build in a day and deploy in the field in order to increase your chances of remotely cloning an RFID badge.\n\nHere's the full build guide for making your own RFID Goosneck Long Range Reader!\n\nhttps://github.com/sh0ckSec/RFID-Gooseneck\n\nExchangeFinder\n\nA simple and open-source tool that tries to find Micrsoft Exchange instance for a given domain based on the top common DNS names for Microsoft Exchange.\n\nhttps://github.com/mhaskar/ExchangeFinder\n\nCVE-2022-24637\n\nOpen Web Analytics (OWA) before 1.7.4 allows an UNAUTHENTICATED remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '", "creation_timestamp": "2022-12-19T00:22:37.000000Z"}, {"uuid": "525c4336-fa76-4673-8bd8-32956569836b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38766", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2152", "content": "Drone Hacking Tool\n\nA GUI tool that works with a USB Wifi adapter and HackRF One for hacking drones.\n\nDrones, as a high mobility item that can be carried around easily and launched, are becoming cheaper and more popular among the public, they can be seen almost anywhere nowadays.\n\nHowever, the drone built-in flying cameras could use for illegal usage like candid photos on private property. This shows drones clearly present risks to public safety and personal privacy.\n\nTherefore, we are working on using wireless connection methods (Wi-Fi, GPS) to hack it and take over. In this project, our goal is to capture drones to stop users with malicious intent for proof of concept and a sense of accomplishment.\n\nhttps://github.com/HKSSY/Drone-Hacking-Tool\n\nzyxel ipc camera pwn\n\nThis is a minimal proof of concept to remotely open a root shell on a Zyxel IP enabled camera. Known vulnerable models are:\n\n\u25ab\ufe0f Zyxel IPC-3605N\n\u25ab\ufe0f Zyxel IPC-4605N\n\nhttps://github.com/hydrogen18/zyxel_ipc_camera_pwn\n\nRFID Gooseneck\n\nTraditional RFID badge cloning methods require you to be within 3 feet of your target, so how can you conduct a socially distanced physical penetration test and clone a badge if you must stay at least 6 feet from a person? Since 2020, companies have increasingly adopted a hybrid work environment, allowing employees to partially work remotely which has decreased the amount of foot traffic in and out of a building at any given time. \n\nSo after throwing around some ideas I thought, why not create a mobile long-range reader device that we could deploy early in the morning at a client site and let it do all the work for us. This project guide contains an entry-level hardware design that you can build in a day and deploy in the field in order to increase your chances of remotely cloning an RFID badge.\n\nHere's the full build guide for making your own RFID Goosneck Long Range Reader!\n\nhttps://github.com/sh0ckSec/RFID-Gooseneck\n\nExchangeFinder\n\nA simple and open-source tool that tries to find Micrsoft Exchange instance for a given domain based on the top common DNS names for Microsoft Exchange.\n\nhttps://github.com/mhaskar/ExchangeFinder\n\nCVE-2022-24637\n\nOpen Web Analytics (OWA) before 1.7.4 allows an UNAUTHENTICATED remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '", "creation_timestamp": "2022-12-19T00:22:37.000000Z"}, {"uuid": "758f529e-9468-431c-923e-cfc474f8a100", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38766", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/475", "content": "CVE-2022-38766 : PoC for vulnerability in Renault ZOE Keyless System\nhttps://github.com/AUTOCRYPT-IVS-VnV/CVE-2022-38766", "creation_timestamp": "2022-09-27T07:30:24.000000Z"}, {"uuid": "7a2e6a3d-8b46-4387-a7eb-84c6a660f42b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3876", "type": "seen", "source": "https://t.me/crackcodes/1979", "content": "#exploit\n1. CVE-2020-9854:\n\"Unauthd\" - three logic bugs ftw\nhttps://objective-see.org/blog/blog_0x4D.html\n\n2. CVE-2022-3875, CVE-2022-3876, CVE-2022-3877:\nVulnerabilities in Passwordstate\nhttps://www.modzero.com/modlog/archives/2022/12/19/better_make_sure_your_password_manager_is_secure/index.html", "creation_timestamp": "2022-12-24T17:39:19.000000Z"}, {"uuid": "c7b602e7-707b-417f-ad1f-053efefaf109", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38765", "type": "seen", "source": "https://t.me/cibsecurity/54209", "content": "\u203c CVE-2022-38765 \u203c\n\nCanon Medical Informatics Vitrea Vision 7.7.76.1 does not adequately enforce access controls. An authenticated user is able to gain unauthorized access to imaging records by tampering with the vitrea-view/studies/search patientId parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-09T02:12:52.000000Z"}, {"uuid": "b3656ac5-dc19-4cdf-bc1a-818c8351088d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38766", "type": "seen", "source": "https://t.me/cibsecurity/55807", "content": "\u203c CVE-2022-38766 \u203c\n\nThe remote keyless system on Renault ZOE 2021 vehicles sends 433.92 MHz RF signals from the same Rolling Codes set for each door-open request, which allows for a replay attack.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-03T18:17:18.000000Z"}, {"uuid": "047567de-a5b9-46e3-a998-d0fb7bbb25cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38767", "type": "seen", "source": "https://t.me/cibsecurity/53497", "content": "\u203c CVE-2022-38767 \u203c\n\nAn issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-12T20:22:00.000000Z"}, {"uuid": "ff6d2c0d-4077-4832-9ba8-03de0b2c391e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3876", "type": "seen", "source": "https://t.me/cibsecurity/54841", "content": "\u203c CVE-2022-3876 \u203c\n\nA vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This issue affects some unknown processing of the file /api/browserextension/UpdatePassword/ of the component API. The manipulation of the argument PasswordID leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-216245 was assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-19T14:22:28.000000Z"}, {"uuid": "8f479a24-faa5-4684-accd-25f7de8320c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38764", "type": "seen", "source": "https://t.me/cibsecurity/50075", "content": "\u203c CVE-2022-38764 \u203c\n\nA vulnerability on Trend Micro HouseCall version 1.62.1.1133 and below could allow a local attacker to escalate privlieges due to an overly permissive folder om the product installer.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-19T22:38:12.000000Z"}, {"uuid": "6caf47fa-7b9e-4171-97bc-222a65c55e2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38769", "type": "seen", "source": "https://t.me/cibsecurity/49751", "content": "\u203c CVE-2022-38769 \u203c\n\nThe mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to fetch cleartext passwords upon a successful login request.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-14T02:25:57.000000Z"}, {"uuid": "ac2febd7-f82e-46b6-97ac-307c479f5f22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38768", "type": "seen", "source": "https://t.me/cibsecurity/49740", "content": "\u203c CVE-2022-38768 \u203c\n\nThe mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to bypass authorization.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-14T02:25:43.000000Z"}, {"uuid": "c7a675b7-92ab-41ea-be41-a6ff30e58dcb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38766", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/6693", "content": "#exploit\n1. CVE-2022-24637:\nOpen web analytics info disclosure to RCE\nhttps://github.com/watchdog2000/cve-2022-24637_open-web-analytics-info-disclosure-to-rce\n\n2. CVE-2022-38766:\nPoC for vulnerability in Renault ZOE Keyless System\nhttps://github.com/AUTOCRYPT-IVS-VnV/CVE-2022-38766", "creation_timestamp": "2022-08-29T11:37:02.000000Z"}, {"uuid": "2a2d7588-4a12-45b3-acc8-0ae67bbd38df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3876", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/7411", "content": "#exploit\n1. CVE-2020-9854:\n\"Unauthd\" - three logic bugs ftw\nhttps://objective-see.org/blog/blog_0x4D.html\n\n2. CVE-2022-3875, CVE-2022-3876, CVE-2022-3877:\nVulnerabilities in Passwordstate\nhttps://www.modzero.com/modlog/archives/2022/12/19/better_make_sure_your_password_manager_is_secure/index.html", "creation_timestamp": "2022-12-23T22:31:07.000000Z"}]}