{"vulnerability": "cve-2021-2009", "sightings": [{"uuid": "2c2d2991-a827-4169-ba1c-144c90df394a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20090", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2021-11-20T09:53:52.000000Z"}, {"uuid": "7f0689d9-d714-4236-80bc-c2df487ee2f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20090", "type": "seen", "source": "MISP/f5030aca-7d5a-43a4-ae03-8f4ac8e85422", "content": "", "creation_timestamp": "2021-11-08T08:58:17.000000Z"}, {"uuid": "4fc89811-afa8-49d9-a805-eeb6453f4a38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20090", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-20090.yaml", "content": "", "creation_timestamp": "2023-04-27T09:58:59.000000Z"}, {"uuid": "5dfca0fe-2d0e-4fa7-a1b9-8872336fa937", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20092", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-20092.yaml", "content": "", "creation_timestamp": "2023-04-27T09:58:59.000000Z"}, {"uuid": "91ea0b38-0889-44f8-9308-47f5075eeadd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20091", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-20091.yaml", "content": "", "creation_timestamp": "2023-04-27T09:58:59.000000Z"}, {"uuid": "ade2bac7-ba20-4e7f-bf24-15c777a413d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20090", "type": "seen", "source": "MISP/e095ef94-467b-41a6-a282-7f86f3a8010c", "content": "", "creation_timestamp": "2024-11-14T06:09:35.000000Z"}, {"uuid": "cff8c791-7639-4530-95ae-9519e0943378", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20092", "type": "seen", "source": "MISP/85e13e1d-37d1-4f7f-8886-1b21a35cbf2c", "content": "", "creation_timestamp": "2024-11-14T06:09:34.000000Z"}, {"uuid": "6727c5f5-8ae7-41da-a8e5-eee9935ae624", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20091", "type": "seen", "source": "MISP/a8314450-afdb-47f1-b401-463a9d038b5f", "content": "", "creation_timestamp": "2024-11-14T06:09:34.000000Z"}, {"uuid": "47cd4af0-d357-4776-8bfc-8587b8e3e2da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20090", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971126", "content": "", "creation_timestamp": "2024-12-24T20:24:37.957498Z"}, {"uuid": "cb1aa8d2-f325-4ada-a8b1-5b9ad468136c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20092", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-03-25)", "content": "", "creation_timestamp": "2025-03-25T00:00:00.000000Z"}, {"uuid": "e7a96a03-81e2-4fe0-b13a-238d325692eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20092", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lj6s256f7b2s", "content": "", "creation_timestamp": "2025-02-27T21:02:01.250953Z"}, {"uuid": "d12da6e2-7795-4705-86ed-c623228560a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20090", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:09:51.000000Z"}, {"uuid": "36d93444-e857-4781-9d23-8130d36f743a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20092", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-10-02)", "content": "", "creation_timestamp": "2025-10-02T00:00:00.000000Z"}, {"uuid": "f1d7630c-2bfd-4921-94f4-fe925e2a9649", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20092", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-03-17)", "content": "", "creation_timestamp": "2025-03-17T00:00:00.000000Z"}, {"uuid": "a5af9ad3-ca7d-4336-951f-c89548ee2752", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20092", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-10-03)", "content": "", "creation_timestamp": "2025-10-03T00:00:00.000000Z"}, {"uuid": "1a7611c2-2bb1-40d7-af6f-b76ba8bf3cf0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2021-20090", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/6daca379-ed96-45eb-bd27-d9969513d77e", "content": "", "creation_timestamp": "2026-02-02T12:28:38.717271Z"}, {"uuid": "7fa293e4-f800-42db-a1d0-2c375ea1e559", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20091", "type": "seen", "source": "MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d", "content": "", "creation_timestamp": "2025-08-31T03:00:50.000000Z"}, {"uuid": "681991d7-b015-4d82-9859-b1e5c2b2cd17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20092", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-01-05)", "content": "", "creation_timestamp": "2026-01-05T00:00:00.000000Z"}, {"uuid": "d632948d-37b0-488e-b2eb-031cac4b1bf0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20092", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-10-03)", "content": "", "creation_timestamp": "2025-10-03T00:00:00.000000Z"}, {"uuid": "9f92dff0-d6ef-4056-a66d-f8ca1582cf8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20090", "type": "published-proof-of-concept", "source": "https://t.me/cKure/6536", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 Bypassing Authentication on Arcadyan Routers with CVE-2021\u201320090 and rooting some Buffalo\n\nhttps://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2", "creation_timestamp": "2021-08-08T18:22:44.000000Z"}, {"uuid": "43f0b799-edd8-46ff-b8be-704825d3ff5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20090", "type": "exploited", "source": "https://t.me/cKure/6532", "content": "\u25a0\u25a0\u25a1\u25a1\u25a1 CVE-2021-20090 actively exploited to target millions of IoT devices worldwide.\n\nhttps://hackademicus.nl/cve-2021-20090-actively-exploited-to-target-millions-of-iot-devices-worldwide/", "creation_timestamp": "2021-08-08T08:22:21.000000Z"}, {"uuid": "d6ee3a33-8191-4ab0-be71-0608f02c991c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20090", "type": "seen", "source": "https://t.me/cibsecurity/30354", "content": "\u203c CVE-2021-20122 \u203c\n\nThe Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is affected by an authenticated command injection vulnerability in multiple parameters passed to tr69_cmd.cgi. A remote attacker connected to the router's LAN and authenticated with a super user account, or using a bypass authentication vulnerability like CVE-2021-20090 could leverage this issue to run commands or gain a shell as root on the target device.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-11T20:24:48.000000Z"}, {"uuid": "a75b3918-8471-435c-8dfa-190745d3f22f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20090", "type": "exploited", "source": "https://t.me/cybred/311", "content": "https://www.bleepingcomputer.com/news/security/actively-exploited-bug-bypasses-authentication-on-millions-of-routers/\n\nhttps://blogs.juniper.net/en-us/security/freshly-disclosed-vulnerability-cve-2021-20090-exploited-in-the-wild\n\nhttps://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2", "creation_timestamp": "2021-08-08T19:39:20.000000Z"}, {"uuid": "a5fda5ba-46ca-4cf6-b18b-cdb5e211f2c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20090", "type": "exploited", "source": "https://t.me/true_secator/1984", "content": "\u200b\u200b\u041f\u043e\u0441\u043b\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u043e\u0439 Unit 42 \u0432 \u043c\u0430\u0440\u0442\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u0438 \u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 IoT \u0431\u043e\u0442\u043d\u0435\u0442 Mirai \u043d\u0430\u0447\u0430\u043b \u043d\u043e\u0432\u0443\u044e \u044d\u043a\u0441\u043f\u0430\u043d\u0441\u0438\u044e. \n\n\u0421\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b Juniper Threat Labs \u0437\u0430\u0434\u0435\u0442\u0435\u043a\u0442\u0438\u043b\u0438 \u043d\u043e\u0432\u044b\u0435 \u0430\u0442\u0430\u043a\u0438, \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2021-20090, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043e\u0431\u043e\u0439\u0442\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e \u0432 \u0432\u0435\u0431-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430\u0445 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u043e\u0432 \u0441 \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u043e\u0439 Arcadyan.\n\n\u0412\u043f\u0435\u0440\u0432\u044b\u0435 \u0434\u044b\u0440\u0430 \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0435\u0439 Tenable \u0435\u0449\u0451 26 \u0430\u043f\u0440\u0435\u043b\u044f, \u0438, \u043a\u0430\u043a \u0432\u044b\u044f\u0441\u043d\u0438\u043b\u043e\u0441\u044c, \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u043d\u0435 \u043c\u0435\u043d\u0435\u0435 10 \u043b\u0435\u0442, \u043f\u0440\u043e\u043d\u0438\u043a\u043d\u0443\u0432 \u0447\u0435\u0440\u0435\u0437 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a \u043a\u0430\u043a \u043c\u0438\u043d\u0438\u043c\u0443\u043c \u0432 20 \u043c\u043e\u0434\u0435\u043b\u0435\u0439 \u043e\u0442 17 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u043e\u0432, \u0432\u043a\u043b\u044e\u0447\u0430\u044f Asus, British Telecom, Deutsche Telekom, Orange, O2 (Telefonica), Verizon, Vodafone, Telstra \u0438 Telus. \u0422\u0430\u043a\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c \u043f\u043e \u043f\u043e\u0434\u0441\u0447\u0435\u0442\u0430\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0430 \u0442\u0435\u043a\u0443\u0449\u0438\u0439 \u043c\u043e\u043c\u0435\u043d\u0442 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u044b \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432.\n\n\u0421\u043f\u0443\u0441\u0442\u044f 2 \u0434\u043d\u044f \u043f\u043e\u0441\u043b\u0435 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438 \u043e\u0442 3 \u0430\u0432\u0433\u0443\u0441\u0442\u0430 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430 PoC, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0432\u0437\u044f\u043b\u0438\u0441\u044c \u0437\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0431\u0430\u0433\u0443, \u0447\u0442\u043e\u0431\u044b \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u0438 \u0440\u0430\u0437\u0432\u0435\u0440\u043d\u0443\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u043f\u043e\u043b\u0435\u0437\u043d\u044b\u0435 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438 Mirai \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445. \u0410\u0442\u0430\u043a\u0438 \u0438\u0441\u0445\u043e\u0434\u0438\u043b\u0438 \u0441 IP-\u0430\u0434\u0440\u0435\u0441\u0430, \u0440\u0430\u0441\u043f\u043e\u043b\u043e\u0436\u0435\u043d\u043d\u043e\u0433\u043e \u0432 \u0423\u0445\u0430\u043d\u0435, \u043f\u0440\u043e\u0432\u0438\u043d\u0446\u0438\u044f \u0425\u0443\u0431\u044d\u0439, \u041a\u0438\u0442\u0430\u0439.\n\n\u041d\u0430\u043f\u043e\u043c\u043d\u0438\u043c, \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0437\u0430\u043c\u0435\u0442\u0438\u043b\u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c Mirai \u0435\u0449\u0435 18 \u0444\u0435\u0432\u0440\u0430\u043b\u044f, \u0441 \u0442\u0435\u0445 \u043f\u043e\u0440 \u0430\u0434\u043c\u0438\u043d\u044b \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u043e \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u043b\u0438 \u043d\u043e\u0432\u044b\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b \u0432 \u0441\u0432\u043e\u0439 \u0430\u0440\u0441\u0435\u043d\u0430\u043b, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0438\u043b\u0438 \u0438 CVE-2021-20090. \u0410 \u0443\u0447\u0438\u0442\u044b\u0432\u0430\u044f, \u0447\u0442\u043e \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0435\u0432 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u043c\u043e\u0433\u0443\u0442 \u0434\u0430\u0436\u0435 \u043d\u0435 \u0437\u043d\u0430\u0442\u044c \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u0435\u043d\u0438\u0438 \u0431\u043e\u0442\u043d\u0435\u0442 \u0438 \u0442\u0435\u043c \u0431\u043e\u043b\u0435\u0435 \u0434\u044b\u0440\u044b, \u0434\u0430 \u0438 \u0437\u043d\u0430\u044f, \u0447\u0442\u043e \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0430 \u043d\u0430 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u0430 \u043e\u0431\u044b\u0447\u043d\u043e \u043c\u0435\u043d\u044f\u0435\u0442\u0441\u044f \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u043e\u043d \u0443\u043c\u0435\u0440 - \u043d\u043e\u0432\u0430\u044f \u0430\u0442\u0430\u043a\u0430 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u043e\u0447\u0435\u043d\u044c \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439, \u0434\u0435\u0448\u0435\u0432\u043e\u0439 \u0438 \u0432\u0435\u0441\u044c\u043c\u0430 \u043f\u0440\u043e\u0441\u0442\u043e\u0439 \u0432 \u0438\u0441\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0438.\n\n\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u043c \u0432\u043d\u0438\u043c\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u0438\u0437\u0443\u0447\u0438\u0442\u044c \u0438\u043d\u0434\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 IOC, \u0432\u043a\u043b\u044e\u0447\u0430\u044f IP-\u0430\u0434\u0440\u0435\u0441\u0430, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0435 \u0434\u043b\u044f \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u0430\u0442\u0430\u043a, \u043e\u0431\u0440\u0430\u0437\u0446\u044b \u0445\u044d\u0448\u0435\u0439 \u0438 \u0441\u0432\u0435\u0440\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u0434\u0435\u0432\u0430\u0439\u0441\u044b \u0441\u043e \u0441\u043f\u0438\u0441\u043a\u043e\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445.", "creation_timestamp": "2021-08-09T18:59:25.000000Z"}, {"uuid": "4f5a78fd-17f2-4f0c-a89d-4462d27ef77c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-2009", "type": "seen", "source": "https://t.me/cibsecurity/22422", "content": "\u203c CVE-2021-2009 \u203c\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-20T18:43:41.000000Z"}, {"uuid": "dd6aff92-081f-4620-837d-a92645a6f942", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20099", "type": "seen", "source": "https://t.me/cibsecurity/25732", "content": "\u203c CVE-2021-20099 \u203c\n\nNessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. This is different than CVE-2021-20100.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-06-28T14:22:32.000000Z"}, {"uuid": "73c86674-54e6-41f5-8020-4262735338cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20090", "type": "exploited", "source": "https://t.me/CyberSecurityTechnologies/4021", "content": "#Threat_Research\n1. CVE-2021-20090 - Attack Details\nhttps://blogs.juniper.net/en-us/security/freshly-disclosed-vulnerability-cve-2021-20090-exploited-in-the-wild\n2. OTP bypass and Account takeover using response manipulation\nhttps://infosecwriteups.com/otp-bypass-and-account-takeover-using-response-manipulation-685ad4e1ea76", "creation_timestamp": "2021-08-08T14:28:35.000000Z"}, {"uuid": "c2506406-5696-4ac2-83b4-3c11e0f4999a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20090", "type": "exploited", "source": "https://t.me/S_E_Reborn/821", "content": "\u200b\u200b\u041f\u043e\u0441\u043b\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u043e\u0439 Unit 42 \u0432 \u043c\u0430\u0440\u0442\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u0438 \u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 IoT \u0431\u043e\u0442\u043d\u0435\u0442 Mirai \u043d\u0430\u0447\u0430\u043b \u043d\u043e\u0432\u0443\u044e \u044d\u043a\u0441\u043f\u0430\u043d\u0441\u0438\u044e. \n\n\u0421\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b Juniper Threat Labs \u0437\u0430\u0434\u0435\u0442\u0435\u043a\u0442\u0438\u043b\u0438 \u043d\u043e\u0432\u044b\u0435 \u0430\u0442\u0430\u043a\u0438, \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2021-20090, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043e\u0431\u043e\u0439\u0442\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e \u0432 \u0432\u0435\u0431-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430\u0445 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u043e\u0432 \u0441 \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u043e\u0439 Arcadyan.\n\n\u0412\u043f\u0435\u0440\u0432\u044b\u0435 \u0434\u044b\u0440\u0430 \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0435\u0439 Tenable \u0435\u0449\u0451 26 \u0430\u043f\u0440\u0435\u043b\u044f, \u0438, \u043a\u0430\u043a \u0432\u044b\u044f\u0441\u043d\u0438\u043b\u043e\u0441\u044c, \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u043d\u0435 \u043c\u0435\u043d\u0435\u0435 10 \u043b\u0435\u0442, \u043f\u0440\u043e\u043d\u0438\u043a\u043d\u0443\u0432 \u0447\u0435\u0440\u0435\u0437 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a \u043a\u0430\u043a \u043c\u0438\u043d\u0438\u043c\u0443\u043c \u0432 20 \u043c\u043e\u0434\u0435\u043b\u0435\u0439 \u043e\u0442 17 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u043e\u0432, \u0432\u043a\u043b\u044e\u0447\u0430\u044f Asus, British Telecom, Deutsche Telekom, Orange, O2 (Telefonica), Verizon, Vodafone, Telstra \u0438 Telus. \u0422\u0430\u043a\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c \u043f\u043e \u043f\u043e\u0434\u0441\u0447\u0435\u0442\u0430\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0430 \u0442\u0435\u043a\u0443\u0449\u0438\u0439 \u043c\u043e\u043c\u0435\u043d\u0442 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u044b \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432.\n\n\u0421\u043f\u0443\u0441\u0442\u044f 2 \u0434\u043d\u044f \u043f\u043e\u0441\u043b\u0435 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438 \u043e\u0442 3 \u0430\u0432\u0433\u0443\u0441\u0442\u0430 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430 PoC, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0432\u0437\u044f\u043b\u0438\u0441\u044c \u0437\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0431\u0430\u0433\u0443, \u0447\u0442\u043e\u0431\u044b \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u0438 \u0440\u0430\u0437\u0432\u0435\u0440\u043d\u0443\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u043f\u043e\u043b\u0435\u0437\u043d\u044b\u0435 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438 Mirai \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445. \u0410\u0442\u0430\u043a\u0438 \u0438\u0441\u0445\u043e\u0434\u0438\u043b\u0438 \u0441 IP-\u0430\u0434\u0440\u0435\u0441\u0430, \u0440\u0430\u0441\u043f\u043e\u043b\u043e\u0436\u0435\u043d\u043d\u043e\u0433\u043e \u0432 \u0423\u0445\u0430\u043d\u0435, \u043f\u0440\u043e\u0432\u0438\u043d\u0446\u0438\u044f \u0425\u0443\u0431\u044d\u0439, \u041a\u0438\u0442\u0430\u0439.\n\n\u041d\u0430\u043f\u043e\u043c\u043d\u0438\u043c, \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0437\u0430\u043c\u0435\u0442\u0438\u043b\u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c Mirai \u0435\u0449\u0435 18 \u0444\u0435\u0432\u0440\u0430\u043b\u044f, \u0441 \u0442\u0435\u0445 \u043f\u043e\u0440 \u0430\u0434\u043c\u0438\u043d\u044b \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u043e \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u043b\u0438 \u043d\u043e\u0432\u044b\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b \u0432 \u0441\u0432\u043e\u0439 \u0430\u0440\u0441\u0435\u043d\u0430\u043b, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0438\u043b\u0438 \u0438 CVE-2021-20090. \u0410 \u0443\u0447\u0438\u0442\u044b\u0432\u0430\u044f, \u0447\u0442\u043e \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0435\u0432 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u043c\u043e\u0433\u0443\u0442 \u0434\u0430\u0436\u0435 \u043d\u0435 \u0437\u043d\u0430\u0442\u044c \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u0435\u043d\u0438\u0438 \u0431\u043e\u0442\u043d\u0435\u0442 \u0438 \u0442\u0435\u043c \u0431\u043e\u043b\u0435\u0435 \u0434\u044b\u0440\u044b, \u0434\u0430 \u0438 \u0437\u043d\u0430\u044f, \u0447\u0442\u043e \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0430 \u043d\u0430 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u0430 \u043e\u0431\u044b\u0447\u043d\u043e \u043c\u0435\u043d\u044f\u0435\u0442\u0441\u044f \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u043e\u043d \u0443\u043c\u0435\u0440 - \u043d\u043e\u0432\u0430\u044f \u0430\u0442\u0430\u043a\u0430 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u043e\u0447\u0435\u043d\u044c \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439, \u0434\u0435\u0448\u0435\u0432\u043e\u0439 \u0438 \u0432\u0435\u0441\u044c\u043c\u0430 \u043f\u0440\u043e\u0441\u0442\u043e\u0439 \u0432 \u0438\u0441\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0438.\n\n\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u043c \u0432\u043d\u0438\u043c\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u0438\u0437\u0443\u0447\u0438\u0442\u044c \u0438\u043d\u0434\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 IOC, \u0432\u043a\u043b\u044e\u0447\u0430\u044f IP-\u0430\u0434\u0440\u0435\u0441\u0430, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0435 \u0434\u043b\u044f \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u0430\u0442\u0430\u043a, \u043e\u0431\u0440\u0430\u0437\u0446\u044b \u0445\u044d\u0448\u0435\u0439 \u0438 \u0441\u0432\u0435\u0440\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u0434\u0435\u0432\u0430\u0439\u0441\u044b \u0441\u043e \u0441\u043f\u0438\u0441\u043a\u043e\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445.", "creation_timestamp": "2021-08-09T18:59:54.000000Z"}, {"uuid": "1eadc57a-af38-438a-81e1-67b9f33ad9a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20090", "type": "seen", "source": "Telegram/l1-SBAej084DkAil_f6ffgsqHe8WdlZgx3qLo97HstzOK0YX", "content": "", "creation_timestamp": "2021-11-26T17:51:38.000000Z"}, {"uuid": "72740e85-878c-430e-8992-1ab8511cbed1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20090", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/4203", "content": "#Analytics\nTop 10 Most Used Vulns of the Month (Aug 1-31)\nCVE-2021-1675 - Print Spooler EoP\nhttps://t.me/cybersecuritytechnologies/3723\nCVE-2021-31956 - Win NTFS EoP\nhttps://t.me/cybersecuritytechnologies/4110\nCVE-2021-36958 - Print Spooler RCE\nhttps://mobile.twitter.com/gentilkiwi/status/1416429860566847490?s=20\nCVE-2021-39137 - A consensus-vuln in go-eth\nCVE-2021-22937 - Pulse ConnSecure RCE\nhttps://t.me/cybersecuritytechnologies/4044\nCVE-2021-34473 - Pre-auth Path Confusion\nhttps://www.zerodayinitiative.com/blog/2021/8/17/from-pwn2own-2021-a-new-attack-surface-on-microsoft-exchange-proxyshell\nCVE-2021-21225 - Vuln in V8's Array.prototype.concat\nhttps://t.me/cybersecuritytechnologies/4090\nCVE-2021-20090 - Path traversal in Buffalo routers\nhttps://t.me/cybersecuritytechnologies/3986\nCVE-2021-26084 - Confluence Server Webwork OGNL Inj\nhttps://t.me/cybersecuritytechnologies/4202\nCVE-2021-3711 - Vulns in OpenSSL\nhttps://nakedsecurity.sophos.com/2021/08/27/big-bad-decryption-bug-in-openssl-but-no-cause-for-alarm", "creation_timestamp": "2021-09-02T11:05:07.000000Z"}, {"uuid": "e00ee792-a7b4-4be9-a08f-722ee423954d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20090", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/3986", "content": "#Red_Team_Tactics\n1. PostMessage XSS Attack\nhttps://medium.com/@youghourtaghannei/postmessage-xss-vulnerability-on-private-program-18e773e1a1ba\n2. Bypassing Authentication on Arcadyan Routers with CVE-2021-20090 and rooting some Buffalo\nhttps://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2", "creation_timestamp": "2021-08-04T11:27:01.000000Z"}]}