{"vulnerability": "CVE-2023-2721", "sightings": [{"uuid": "14746087-e2f2-4334-a930-56ae8f16ba36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27217", "type": "published-proof-of-concept", "source": "Telegram/5V-V67RMgXe-KhRE3LhyfbBHMYLvSDTwmXRDr1uRtJiNIw", "content": "", "creation_timestamp": "2023-05-17T14:21:35.000000Z"}, {"uuid": "0f7c454e-2c90-40c0-884e-03a21b4a6bb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27216", "type": "seen", "source": "Telegram/kTUPvMWYW6CHi3Vrf3iQOAJ6vSIDnLjyKqiWCiOg17eKNSNg", "content": "", "creation_timestamp": "2025-02-14T10:00:27.000000Z"}, {"uuid": "599e9080-3a9e-4f8c-a18a-8834dfb2b7d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27217", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2582", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-27217\n\ud83d\udd39 Description: A stack-based buffer overflow in the ChangeFriendlyName() function of Belkin Smart Outlet V2 F7c063 firmware_2.00.11420.OWRT.PVT_SNSV2 allows attackers to cause a Denial of Service (DoS) via a crafted UPNP request.\n\ud83d\udccf Published: 2023-05-18T00:00:00\n\ud83d\udccf Modified: 2025-01-22T16:39:01.813Z\n\ud83d\udd17 References:\n1. https://sternumiot.com/iot-blog/mini-smart-plug-v2-vulnerability-buffer-overflow/", "creation_timestamp": "2025-01-22T17:01:57.000000Z"}, {"uuid": "d3ba65af-8226-4183-b8a3-6226888c8151", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27213", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5934", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-27213\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Online Student Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter at /eduauth/student/search.php.\n\ud83d\udccf Published: 2023-03-09T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-28T17:15:45.362Z\n\ud83d\udd17 References:\n1. https://www.sourcecodester.com/php/16137/online-student-management-system-php-free-download.html\n2. https://github.com/xiumulty/CVE/blob/main/online%20student%20management%20system%20v1.0/sql%20in%20search.php.md", "creation_timestamp": "2025-02-28T17:27:21.000000Z"}, {"uuid": "8694a5df-e61b-448b-9d0a-d66e9bc48bc5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27212", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5933", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-27212\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A cross-site scripting (XSS) vulnerability in /php-opos/signup.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the redirect parameter.\n\ud83d\udccf Published: 2023-03-09T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-28T17:16:55.705Z\n\ud83d\udd17 References:\n1. https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html\n2. https://github.com/xiumulty/CVE/blob/main/online%20pizza%20ordering%20system%20v1.0/xss%20in%20signup.php.md", "creation_timestamp": "2025-02-28T17:27:20.000000Z"}, {"uuid": "15e3f865-724d-4725-b448-d799ceac9de8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27211", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5932", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-27211\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A cross-site scripting (XSS) vulnerability in /admin/navbar.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter.\n\ud83d\udccf Published: 2023-03-09T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-28T17:17:46.773Z\n\ud83d\udd17 References:\n1. https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html\n2. https://github.com/xiumulty/CVE/blob/main/online%20pizza%20ordering%20system%20v1.0/xss%20in%20navbar.php%20.md", "creation_timestamp": "2025-02-28T17:27:19.000000Z"}, {"uuid": "6557308f-4346-4034-a1fb-f8f2a6c3a0d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27210", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5930", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-27210\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Online Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/view_order.php.\n\ud83d\udccf Published: 2023-03-09T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-28T17:18:25.189Z\n\ud83d\udd17 References:\n1. https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html\n2. https://github.com/xiumulty/CVE/blob/main/online%20pizza%20ordering%20system%20v1.0/sql%20in%20view_order.php.md", "creation_timestamp": "2025-02-28T17:27:15.000000Z"}, {"uuid": "2008b9a7-2bc3-44c2-9fcf-d2f52db96722", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27214", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5935", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-27214\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Online Student Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the fromdate and todate parameters at /eduauth/student/between-date-reprtsdetails.php.\n\ud83d\udccf Published: 2023-03-09T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-28T17:15:00.417Z\n\ud83d\udd17 References:\n1. https://www.sourcecodester.com/php/16137/online-student-management-system-php-free-download.html\n2. https://github.com/xiumulty/CVE/blob/main/online%20student%20management%20system%20v1.0/sql%20in%20between-date-reprtsdetails.php.md", "creation_timestamp": "2025-02-28T17:27:22.000000Z"}, {"uuid": "3cd57322-c031-46fc-8834-1f8150e1669c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27217", "type": "seen", "source": "https://t.me/cibsecurity/64360", "content": "\u203c CVE-2023-27217 \u203c\n\nA stack-based buffer overflow in the ChangeFriendlyName() function of Belkin Smart Outlet V2 F7c063 firmware_2.00.11420.OWRT.PVT_SNSV2 allows attackers to cause a Denial of Service (DoS) via a crafted UPNP request.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-18T07:31:54.000000Z"}, {"uuid": "94082118-1bca-4726-ae09-5d4395f69fb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27217", "type": "seen", "source": "https://t.me/KomunitiSiber/215", "content": "Serious Unpatched Vulnerability Uncovered in Popular Belkin Wemo Smart Plugs\nhttps://thehackernews.com/2023/05/serious-unpatched-vulnerability.html\n\nThe second generation version of Belkin's Wemo Mini Smart Plug has been found to contain a buffer overflow vulnerability that could be weaponized by a threat actor to inject arbitrary commands remotely.\nThe issue, assigned the identifier\u00a0CVE-2023-27217, was discovered and reported to Belkin on January 9, 2023, by Israeli IoT security company Sternum, which reverse-engineered the device and", "creation_timestamp": "2023-05-17T13:43:03.000000Z"}, {"uuid": "93f86309-aa6a-4756-9db8-2d0cc6885d9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2721", "type": "seen", "source": "https://t.me/true_secator/4396", "content": "Google \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u043e\u043b\u044e\u0431\u0438\u0432\u0448\u0435\u0433\u043e\u0441\u044f \u0445\u0430\u043a\u0435\u0440\u0430\u043c\u0438 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Chrome 113 \u0441 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c 12 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f. \u041e \u0448\u0435\u0441\u0442\u0438 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u0445 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u0432\u043d\u0435\u0448\u043d\u0438\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u0430\u044f \u043a\u0430\u043a CVE-2023-2721, \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c \u0413\u0443\u0430\u043d \u0413\u043e\u043d\u0433\u043e\u043c \u0438\u0437 Qihoo 360, \u043e\u043f\u0438\u0441\u0430\u043d\u0430 \u043a\u0430\u043a \u043e\u0448\u0438\u0431\u043a\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f \u0432 \u043d\u0430\u0432\u0438\u0433\u0430\u0446\u0438\u0438.\n\n\u0423\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0439 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0441\u043e\u0437\u0434\u0430\u0442\u044c HTML-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0443, \u0447\u0442\u043e\u0431\u044b \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043f\u043e\u0432\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u0435 \u043a\u0443\u0447\u0438, \u043a\u043e\u0433\u0434\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u043e\u0431\u0440\u0430\u0449\u0430\u0435\u0442\u0441\u044f \u043a \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0435.\u00a0\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0434\u043e\u043b\u0436\u0435\u043d \u0431\u0443\u0434\u0435\u0442 \u0443\u0431\u0435\u0434\u0438\u0442\u044c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043f\u043e\u0441\u0435\u0442\u0438\u0442\u044c \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0443.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0434\u043e\u0431\u043d\u043e\u0433\u043e \u0442\u0438\u043f\u0430 \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u043f\u043e\u0432\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044e \u043f\u0430\u043c\u044f\u0442\u0438, \u0447\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430, \u043e\u0442\u043a\u0430\u0437\u0443 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u043f\u043e\u0432\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044e \u0434\u0430\u043d\u043d\u044b\u0445, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0434\u043b\u044f \u0432\u044b\u0445\u043e\u0434\u0430 \u0438\u0437 \u043f\u0435\u0441\u043e\u0447\u043d\u0438\u0446\u044b \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430.\n\n\u0412 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u043c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0438 Chrome \u0431\u044b\u043b\u0438 \u0442\u0430\u043a\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u044b \u0442\u0440\u0438 \u0434\u0440\u0443\u0433\u0438\u0445 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f. \u0412\u0441\u0435 \u043e\u043d\u0438 \u0438\u043c\u0435\u044e\u0442 \u0432\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438.\n\n\u041e\u0448\u0438\u0431\u043a\u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0439 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441 \u0430\u0432\u0442\u043e\u0437\u0430\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430, DevTools \u0438 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u044b \u0433\u043e\u0441\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0430.\n\n\u0412 \u043d\u043e\u0432\u043e\u043c \u0432\u044b\u043f\u0443\u0441\u043a\u0435 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 \u0442\u0430\u043a\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u043e\u0448\u0438\u0431\u043a\u0430 \u043f\u0443\u0442\u0430\u043d\u0438\u0446\u044b \u0441 \u0442\u0438\u043f\u0430\u043c\u0438 \u0432 \u0434\u0432\u0438\u0436\u043a\u0435 JavaScript V8 \u0438 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043d\u0435\u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u0439 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u0440\u0435\u0434\u043d\u0435\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0432 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430\u0445 WebApp.\n\nGoogle \u0432\u044b\u043f\u043b\u0430\u0442\u0438\u043b\u0430 11 500 \u0434\u043e\u043b\u043b\u0430\u0440\u043e\u0432 \u0432 \u0432\u0438\u0434\u0435 \u0432\u043e\u0437\u043d\u0430\u0433\u0440\u0430\u0436\u0434\u0435\u043d\u0438\u044f \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0437\u0430 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u043e\u043a.\u00a0\u041e\u0434\u043d\u0430\u043a\u043e \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u0435\u0449\u0435 \u043f\u0440\u0435\u0434\u0441\u0442\u043e\u0438\u0442 \u043e\u0446\u0435\u043d\u0438\u0442\u044c \u0434\u0432\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u0443\u0440\u043e\u0432\u043d\u044f, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u043e\u043a\u043e\u043d\u0447\u0430\u0442\u0435\u043b\u044c\u043d\u0430\u044f \u0441\u0443\u043c\u043c\u0430 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0432\u044b\u0448\u0435.\n\n\u041f\u043e\u0441\u043b\u0435\u0434\u043d\u044f\u044f \u0432\u0435\u0440\u0441\u0438\u044f Chrome \u0442\u0435\u043f\u0435\u0440\u044c \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442\u0441\u044f \u043a\u0430\u043a 113.0.5672.126 \u0434\u043b\u044f macOS \u0438 Linux \u0438 \u043a\u0430\u043a 113.0.5672.126/.127 \u0434\u043b\u044f Windows.", "creation_timestamp": "2023-05-18T16:48:37.000000Z"}, {"uuid": "4807c92a-0bbb-4d0d-b05c-a698669b2cdf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27217", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/4391", "content": "\u041f\u043e\u043c\u043d\u0438\u0442\u0435 \u0432\u0438\u043d\u0440\u0430\u0440\u043d\u044b\u0439 \u0430\u043d\u0435\u043a\u0434\u043e\u0442 \u043f\u0440\u043e \u041a\u0430\u044f, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043d\u0438\u043a\u0430\u043a \u043d\u0435 \u043c\u043e\u0433 \u0441\u043e\u0441\u0442\u0430\u0432\u0438\u0442\u044c \u0441\u043b\u043e\u0432\u043e \"\u0412\u0415\u0427\u041d\u041e\u0421\u0422\u042c\" \u0438\u0437 \u0431\u0443\u043a\u0432 \u0416, \u041e, \u041f \u0438 \u0410. \u041e\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442\u0441\u044f, \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u0430\u044f \u0448\u0443\u0442\u043a\u0430 \u0435\u0441\u0442\u044c \u0438 \u043f\u0440\u043e \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442 \u0432\u0435\u0449\u0435\u0439 - the \"S\" in \"IoT\" stands for Security.\n\n\u0410 \u0442\u0435\u043f\u0435\u0440\u044c \u043a \u043d\u043e\u0432\u043e\u0441\u0442\u044f\u043c.\n\n\u0412 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0445 \u0441\u043c\u0430\u0440\u0442-\u0440\u043e\u0437\u0435\u0442\u043a\u0430\u0445 Wemo Mini Smart Plug \u0432\u0442\u043e\u0440\u043e\u0433\u043e \u043f\u043e\u043a\u043e\u043b\u0435\u043d\u0438\u044f \u043e\u0442 Belkin \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0431\u0443\u0444\u0435\u0440\u0430, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u0432\u043e\u0434\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0445 \u043a\u043e\u043c\u0430\u043d\u0434.\n\nWemo Mini Smart Plug V2 (F7C063) \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u0435\u0442 \u0443\u0434\u043e\u0431\u043d\u043e\u0435 \u0434\u0438\u0441\u0442\u0430\u043d\u0446\u0438\u043e\u043d\u043d\u043e\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0435\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0432\u043a\u043b\u044e\u0447\u0430\u0442\u044c \u0438 \u0432\u044b\u043a\u043b\u044e\u0447\u0430\u0442\u044c \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u044b\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043e\u043f\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u0433\u043e \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f, \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u043d\u0430 \u0441\u043c\u0430\u0440\u0442\u0444\u043e\u043d\u0435 \u0438\u043b\u0438 \u043f\u043b\u0430\u043d\u0448\u0435\u0442\u0435.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0430\u044f \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u00a0CVE-2023-27217, \u0431\u044b\u043b\u0430 \u043d\u0430\u0439\u0434\u0435\u043d\u0430 \u0438 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0430 9 \u044f\u043d\u0432\u0430\u0440\u044f 2023 \u0433\u043e\u0434\u0430 \u0438\u0437\u0440\u0430\u0438\u043b\u044c\u0441\u043a\u043e\u0439\u00a0Sternum, \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0437\u0438\u0440\u0443\u044e\u0449\u0435\u0439\u0441\u044f \u043d\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 IoT, \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0440\u0435\u0438\u043d\u0436\u0438\u043d\u0438\u0440\u0438\u043d\u0433\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0441\u043c\u043e\u0433\u043b\u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0435.\n\n\u0421\u0443\u0442\u044c \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0435\u0439 \u0438\u0437\u043c\u0435\u043d\u044f\u0442\u044c \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u043d\u043e\u0435 \u0438\u043c\u044f \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u2014 \u00abWemo mini 6E9\u00bb. \u0414\u043b\u0438\u043d\u0430 \u0438\u043c\u0435\u043d\u0438 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0430 30 \u0441\u0438\u043c\u0432\u043e\u043b\u0430\u043c\u0438 \u0438\u043b\u0438 \u043c\u0435\u043d\u044c\u0448\u0435, \u043d\u043e \u044d\u0442\u043e \u043f\u0440\u0430\u0432\u0438\u043b\u043e \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u0435\u0442\u0441\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u0441\u0430\u043c\u0438\u043c \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435\u043c.\n\n\u0412 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u043e\u0431\u0445\u043e\u0434 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0441\u0438\u043c\u0432\u043e\u043b\u043e\u0432 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043c\u043e\u0434\u0443\u043b\u044f Python \u0441 \u0438\u043c\u0435\u043d\u0435\u043c\u00a0pyWeMo\u00a0\u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u044e \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0431\u0443\u0444\u0435\u0440\u0430, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u0437\u0430\u0442\u0435\u043c \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u043e \u0434\u043b\u044f \u0441\u0431\u043e\u044f \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0438\u043b\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u043a\u043e\u043c\u0430\u043d\u0434.\n\nBelkin \u0432 \u043e\u0442\u0432\u0435\u0442 \u043d\u0430 \u043e\u0442\u0447\u0435\u0442 \u0440\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u043e\u0432 \u0437\u0430\u044f\u0432\u0438\u043b\u0430, \u0447\u0442\u043e \u043d\u0435 \u043f\u043b\u0430\u043d\u0438\u0440\u0443\u0435\u0442 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0442\u044c \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u043a \u0438\u0437-\u0437\u0430 \u0442\u043e\u0433\u043e, \u0447\u0442\u043e \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e \u043f\u043e\u0434\u0445\u043e\u0434\u0438\u0442 \u043a \u043a\u043e\u043d\u0446\u0443 \u0441\u0440\u043e\u043a\u0430 \u0441\u043b\u0443\u0436\u0431\u044b (EoL) \u0438 \u0437\u0430\u043c\u0435\u043d\u0435\u043d\u043e \u0431\u043e\u043b\u0435\u0435 \u043d\u043e\u0432\u044b\u043c\u0438 \u043c\u043e\u0434\u0435\u043b\u044f\u043c\u0438.\n\n\u0423\u0447\u0438\u0442\u044b\u0432\u0430\u044f, \u0447\u0442\u043e \u044d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0437\u0430\u043f\u0443\u0449\u0435\u043d\u0430 \u0447\u0435\u0440\u0435\u0437 \u043e\u0431\u043b\u0430\u0447\u043d\u044b\u0439 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441 (\u0442\u043e \u0435\u0441\u0442\u044c \u0431\u0435\u0437 \u043f\u0440\u044f\u043c\u043e\u0433\u043e \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u043a \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0443), \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c Wemo Mini Smart Plug V2 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0438\u0437\u0431\u0435\u0433\u0430\u0442\u044c \u043f\u0440\u044f\u043c\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0443 \u0438 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u0442\u044c \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043c\u0435\u0440 \u0441\u0435\u0433\u043c\u0435\u043d\u0442\u0430\u0446\u0438\u0438 \u0432 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0441\u0435\u0442\u044f\u0445.", "creation_timestamp": "2023-05-17T19:20:05.000000Z"}, {"uuid": "f5ad5529-eb4e-45c5-b500-90369a77bc97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2721", "type": "seen", "source": "https://t.me/cibsecurity/64258", "content": "\u203c CVE-2023-2721 \u203c\n\nUse after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-16T22:30:51.000000Z"}, {"uuid": "5fab3de9-642b-410f-ade9-b79152c2f43a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27216", "type": "seen", "source": "https://t.me/cibsecurity/61973", "content": "\u203c CVE-2023-27216 \u203c\n\nAn issue found in D-Link DSL-3782 v.1.03 allows remote authenticated users to execute arbitrary code as root via the network settings page.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-12T20:23:15.000000Z"}, {"uuid": "263b7a19-1f5f-4a26-b962-fea6e6ede2cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27211", "type": "seen", "source": "https://t.me/cibsecurity/59767", "content": "\u203c CVE-2023-27211 \u203c\n\nA cross-site scripting (XSS) vulnerability in /admin/navbar.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-10T00:20:50.000000Z"}, {"uuid": "2a3f7121-df6b-4f8b-893a-84888e4046ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27213", "type": "seen", "source": "https://t.me/cibsecurity/59758", "content": "\u203c CVE-2023-27213 \u203c\n\nOnline Student Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter at /eduauth/student/search.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-10T00:20:36.000000Z"}, {"uuid": "117fabb8-a68c-49b4-800d-1e04b27d3fa9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27210", "type": "seen", "source": "https://t.me/cibsecurity/59757", "content": "\u203c CVE-2023-27210 \u203c\n\nOnline Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/view_order.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-10T00:20:35.000000Z"}, {"uuid": "057f8db4-2d10-462e-943d-da8ff68ee09a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27212", "type": "seen", "source": "https://t.me/cibsecurity/59755", "content": "\u203c CVE-2023-27212 \u203c\n\nA cross-site scripting (XSS) vulnerability in /php-opos/signup.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the redirect parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-10T11:31:03.000000Z"}, {"uuid": "0d6a6de5-d6f4-4a39-9f97-d42412fe52e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27217", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8324", "content": "#exploit\n1. Critical Sandbox Escape Vulnerability in VM2\nhttps://gist.github.com/arkark/e9f5cf5782dec8321095be3e52acf5ac\n\n2. Wago License Page Exploit\nhttps://onekey.com/blog/security-advisory-wago-unauthenticated-remote-command-execution\n\n3. CVE-2023-27217:\n\"FriendlyName\" Buffer Overflow in Wemo Smart Plug V2\nhttps://sternumiot.com/iot-blog/mini-smart-plug-v2-vulnerability-buffer-overflow", "creation_timestamp": "2023-05-19T11:07:01.000000Z"}]}