{"vulnerability": "cve-2018-9866", "sightings": [{"uuid": "fe4c2898-1231-4670-a2a1-6fbcaf826e69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-9866", "type": "seen", "source": "MISP/c25ea0f0-f1fc-4399-b3c8-4fab2c198ab8", "content": "", "creation_timestamp": "2020-10-09T16:07:58.000000Z"}, {"uuid": "e3f3f0e3-1310-4316-afe9-a0afb31fd191", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-9866", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2024-12-14)", "content": "", "creation_timestamp": "2024-12-14T00:00:00.000000Z"}, {"uuid": "7a609601-9998-4b27-a57c-64f4d3d67358", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-9866", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2024-12-27)", "content": "", "creation_timestamp": "2024-12-27T00:00:00.000000Z"}, {"uuid": "8e2fe064-ca91-49ab-9dad-bb1e758b317e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-9866", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-01)", "content": "", "creation_timestamp": "2025-02-01T00:00:00.000000Z"}, {"uuid": "35ca074b-f7df-4a8f-b434-9db7ef5f39b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-9866", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-01)", "content": "", "creation_timestamp": "2025-02-01T00:00:00.000000Z"}, {"uuid": "067af3f8-83e8-4da8-ba17-9ee372b7d3a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-9866", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2024-11-16)", "content": "", "creation_timestamp": "2024-11-16T00:00:00.000000Z"}, {"uuid": "38f02578-6cea-4e85-9f3e-52daea2b6e00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-9866", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-03-08)", "content": "", "creation_timestamp": "2025-03-08T00:00:00.000000Z"}, {"uuid": "4c5494b6-0c5a-4956-9728-7716f32eb278", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-9866", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-03-08)", "content": "", "creation_timestamp": "2025-03-08T00:00:00.000000Z"}, {"uuid": "c8b1fd94-c517-4e66-8aed-dac7156c3c88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-9866", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14971", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2018-9866\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and earlier.\n\ud83d\udccf Published: 2018-08-03T20:00:00.000Z\n\ud83d\udccf Modified: 2025-05-05T19:08:14.640Z\n\ud83d\udd17 References:\n1. https://twitter.com/ddouhine/status/1019251292202586112\n2. https://github.com/rapid7/metasploit-framework/pull/10305\n3. https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0007", "creation_timestamp": "2025-05-05T19:20:33.000000Z"}, {"uuid": "3a6e73fd-741a-479c-a2fa-5611c2eefe91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-9866", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-04-10)", "content": "", "creation_timestamp": "2025-04-10T00:00:00.000000Z"}, {"uuid": "612066ee-c28c-4509-9aca-b258b0e28ac1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-9866", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-04-26)", "content": "", "creation_timestamp": "2025-04-26T00:00:00.000000Z"}, {"uuid": "78f69506-7e1f-48f5-a285-f0baa55b9f16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-9866", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-04-26)", "content": "", "creation_timestamp": "2025-04-26T00:00:00.000000Z"}, {"uuid": "9aee3235-fe49-42a7-a6b0-6c2f64ad36a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-9866", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-05-25)", "content": "", "creation_timestamp": "2025-05-25T00:00:00.000000Z"}, {"uuid": "754076ed-c441-41d5-8048-ae1038b87aa7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-9866", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-04-05)", "content": "", "creation_timestamp": "2025-04-05T00:00:00.000000Z"}, {"uuid": "a9b1e4fc-22d9-4430-a2c6-9a366b1358bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-9866", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/107", "content": "#Analytics\n25 vulnerabilities/exploits used by IoT Botnet (Mirai, Qbot, Gafygt etc.)\n1. CVE-2015-2280: AirLink101 IPCam 1620W OS CI\n2. CVE-2017-17215: Huawei Router HG532 Arbitrary Command Execution\n3. CVE-2018-10561, CVE-2018-10562 - GPON Routers Auth Bypass/Command Injection\n4. CVE-2018-14417: SoftNAS Cloud <4.0.3 OS CI\n5. CVE-2014-8361: Realtek SDK Miniigd UPnP SOAP Command Execution\n6. CVE-2017-5638: Apache Struts 2.x RCE\n7. CVE-2018-9866: SonicWall SMS RCE\n8. CVE-2017-6884: Zyxel EMG2926 OS CI\n9. CVE-2015-2051: HNAP SoapAction Header Command Execution\n10. CVE-2008-4873: Sepal SPBOARD 4.5 - \"board.cgi\" RCE\n11. CVE-2016-6277: NETGEAR R7000 - CI\n12. D-Link DSL-2750B - OS CI\n13. CAM Wireless IP Camera - Unauth RCE\n14. Eir D1000 Wireless Router - WAN Side RCI\n15. TUTOS 1.3 \"cmd.php\" RCE\n16. WP Plugin DZS-VideoGallery - CSS/CI\n17. Netgear DGN1000 - Setup.cgi RCE\n18. Web Attack (CCTV-DVR RCE)\n19. MVPower DVR TV-7104HE - Shell Command Execution\n20. Vacron NVR RCE\n21. Linksys E-series - RCE\n22. D-Link command.php RCE\n23. EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 - RCE\n24. AVTech IP Camera/NVR/DVR Devices - Multiple Vulns\n25. NetGain \"ping\" Command Injection", "creation_timestamp": "2024-10-11T09:08:41.000000Z"}]}