{"vulnerability": "cve-2021-2064", "sightings": [{"uuid": "c54d217f-3c91-42f6-89cc-5d3025a5f22c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20640", "type": "seen", "source": "https://t.me/cibsecurity/23533", "content": "\u203c CVE-2021-20640 \u203c\n\nBuffer overflow vulnerability in LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute an arbitrary OS command via unspecified vectors.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-12T12:43:40.000000Z"}, {"uuid": "b63ea938-b621-439d-93aa-70c54248259d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20642", "type": "seen", "source": "https://t.me/cibsecurity/23519", "content": "\u203c CVE-2021-20642 \u203c\n\nImproper check or handling of exceptional conditions in LOGITEC LAN-W300N/RS allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-12T12:43:24.000000Z"}, {"uuid": "f5250d01-9463-4420-bc0f-2a5b78f3b34b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20644", "type": "seen", "source": "https://t.me/cibsecurity/23518", "content": "\u203c CVE-2021-20644 \u203c\n\nELECOM WRC-1467GHBK-A allows arbitrary scripts to be executed on the user's web browser by displaying a specially crafted SSID on the web setup page.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-12T12:43:23.000000Z"}, {"uuid": "52971f6f-7fef-410e-8786-bb00caf9128e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20646", "type": "seen", "source": "https://t.me/cibsecurity/23515", "content": "\u203c CVE-2021-20646 \u203c\n\nCross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-A allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-12T12:43:19.000000Z"}, {"uuid": "3212526e-55ee-4966-88db-53ec660b48b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20643", "type": "seen", "source": "https://t.me/cibsecurity/23524", "content": "\u203c CVE-2021-20643 \u203c\n\nImproper access control vulnerability in ELECOM LD-PS/U1 allows remote attackers to change the administrative password of the affected device by processing a specially crafted request.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-12T12:43:29.000000Z"}, {"uuid": "6245aeab-5217-4ff2-9b17-c09b67427d5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20645", "type": "seen", "source": "https://t.me/cibsecurity/23528", "content": "\u203c CVE-2021-20645 \u203c\n\nCross-site scripting vulnerability in ELECOM WRC-300FEBK-A allows remote authenticated attackers to inject arbitrary script via unspecified vectors.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-12T12:43:34.000000Z"}, {"uuid": "bb19c70c-7569-4e9f-a09c-ad399b7a4438", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20648", "type": "seen", "source": "https://t.me/cibsecurity/23522", "content": "\u203c CVE-2021-20648 \u203c\n\nELECOM WRC-300FEBK-S allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-12T12:43:27.000000Z"}, {"uuid": "4c678af0-10b9-47ac-88d1-8680b863fc4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-2064", "type": "seen", "source": "https://t.me/cibsecurity/22416", "content": "\u203c CVE-2021-2064 \u203c\n\nVulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components). The supported version that is affected is 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-20T18:43:33.000000Z"}, {"uuid": "7f4a614d-2246-4b58-baed-3976a262219e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20641", "type": "seen", "source": "https://t.me/cibsecurity/23530", "content": "\u203c CVE-2021-20641 \u203c\n\nCross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/RS allows remote attackers to hijack the authentication of administrators via a specially crafted URL. As a result, unintended operations to the device such as changes of the device settings may be conducted.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-12T12:43:37.000000Z"}]}