{"vulnerability": "cve-2023-3348", "sightings": [{"uuid": "7b1247df-030a-4d14-be7f-34f4a3573d78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3348", "type": "seen", "source": "https://t.me/cibsecurity/67696", "content": "\u203c CVE-2023-3348 \u203c\n\nThe Wrangler command line tool (<=wrangler@3.1.0) was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev command). This vulnerability enabled an attacker in the same network as the victim to connect to the local development server and access the victim's files present outside of the directory for the development server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-03T18:40:20.000000Z"}, {"uuid": "b464e64e-f580-4d47-aa45-7aa6477f41bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33486", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1020", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-33486\n\ud83d\udd39 Description: TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setOpModeCfg. This vulnerability allows an attacker to execute arbitrary commands through the \"hostName\" parameter.\n\ud83d\udccf Published: 2023-05-31T00:00:00\n\ud83d\udccf Modified: 2025-01-09T19:09:56.026Z\n\ud83d\udd17 References:\n1. https://github.com/Kazamayc/vuln/tree/main/TOTOLINK/X5000R/3", "creation_timestamp": "2025-01-09T19:15:19.000000Z"}, {"uuid": "8cf3bce2-abe9-4841-a8be-1031dda56804", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33487", "type": "seen", "source": "https://t.me/cibsecurity/64818", "content": "\u203c CVE-2023-33487 \u203c\n\nTOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a command insertion vulnerability in setDiagnosisCfg.This vulnerability allows an attacker to execute arbitrary commands through the \"ip\" parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-31T16:39:47.000000Z"}]}