{"vulnerability": "cve-2023-3886", "sightings": [{"uuid": "58a97eb4-73a9-4134-a6f5-a136d2f70dbb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38865", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/1014", "content": "MultiWavlink WL-WN575A3 , COMFAST CF-XR11 - Command Injection \nPOC : https://github.com/TTY-flag/my_iot_vul/tree/main/COMFAST/CF-XR11\nPOC : https://github.com/TTY-flag/my_iot_vul/tree/main/WAVLINK\nCVE LIST  : CVE-2023-38861 , CVE-2023-38865 . CVE-2023-38863 , CVE-2023-38864 , CVE-2023-38866 , CVE-2023-38862", "creation_timestamp": "2024-02-10T14:19:12.000000Z"}, {"uuid": "c8c03cee-861b-4c75-9415-8ba01a34293a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38866", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/1014", "content": "MultiWavlink WL-WN575A3 , COMFAST CF-XR11 - Command Injection \nPOC : https://github.com/TTY-flag/my_iot_vul/tree/main/COMFAST/CF-XR11\nPOC : https://github.com/TTY-flag/my_iot_vul/tree/main/WAVLINK\nCVE LIST  : CVE-2023-38861 , CVE-2023-38865 . CVE-2023-38863 , CVE-2023-38864 , CVE-2023-38866 , CVE-2023-38862", "creation_timestamp": "2024-02-10T14:19:12.000000Z"}, {"uuid": "321a74d2-cff1-47a7-937a-422149ada779", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38864", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/1014", "content": "MultiWavlink WL-WN575A3 , COMFAST CF-XR11 - Command Injection \nPOC : https://github.com/TTY-flag/my_iot_vul/tree/main/COMFAST/CF-XR11\nPOC : https://github.com/TTY-flag/my_iot_vul/tree/main/WAVLINK\nCVE LIST  : CVE-2023-38861 , CVE-2023-38865 . CVE-2023-38863 , CVE-2023-38864 , CVE-2023-38866 , CVE-2023-38862", "creation_timestamp": "2024-02-10T14:19:12.000000Z"}, {"uuid": "8af60505-7652-4b2d-8ef2-2c83fbea1b02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38863", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/1014", "content": "MultiWavlink WL-WN575A3 , COMFAST CF-XR11 - Command Injection \nPOC : https://github.com/TTY-flag/my_iot_vul/tree/main/COMFAST/CF-XR11\nPOC : https://github.com/TTY-flag/my_iot_vul/tree/main/WAVLINK\nCVE LIST  : CVE-2023-38861 , CVE-2023-38865 . CVE-2023-38863 , CVE-2023-38864 , CVE-2023-38866 , CVE-2023-38862", "creation_timestamp": "2024-02-10T14:19:12.000000Z"}, {"uuid": "2e3a298b-b939-4bdb-815a-6bc924ea0353", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38861", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/1014", "content": "MultiWavlink WL-WN575A3 , COMFAST CF-XR11 - Command Injection \nPOC : https://github.com/TTY-flag/my_iot_vul/tree/main/COMFAST/CF-XR11\nPOC : https://github.com/TTY-flag/my_iot_vul/tree/main/WAVLINK\nCVE LIST  : CVE-2023-38861 , CVE-2023-38865 . CVE-2023-38863 , CVE-2023-38864 , CVE-2023-38866 , CVE-2023-38862", "creation_timestamp": "2024-02-10T14:19:12.000000Z"}, {"uuid": "ec92dc7a-339b-435c-b292-ebddb9aff4dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38862", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/1014", "content": "MultiWavlink WL-WN575A3 , COMFAST CF-XR11 - Command Injection \nPOC : https://github.com/TTY-flag/my_iot_vul/tree/main/COMFAST/CF-XR11\nPOC : https://github.com/TTY-flag/my_iot_vul/tree/main/WAVLINK\nCVE LIST  : CVE-2023-38861 , CVE-2023-38865 . CVE-2023-38863 , CVE-2023-38864 , CVE-2023-38866 , CVE-2023-38862", "creation_timestamp": "2024-02-10T14:19:12.000000Z"}, {"uuid": "c40729c1-2002-4509-a137-2650fe490cac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38865", "type": "seen", "source": "https://t.me/cibsecurity/68567", "content": "\u203c CVE-2023-38865 \u203c\n\nCOMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_4143F0. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter timestr.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-15T22:30:43.000000Z"}, {"uuid": "105c5ca9-bf5a-46ef-a213-54beaaaaa728", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38861", "type": "seen", "source": "https://t.me/cibsecurity/68571", "content": "\u203c CVE-2023-38861 \u203c\n\nAn issue in Wavlink WL_WNJ575A3 v.R75A3_V1410_220513 allows a remote attacker to execute arbitrary code via username parameter of the set_sys_adm function in adm.cgi.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-15T22:30:47.000000Z"}, {"uuid": "11f1fe21-bbe5-499e-b4ca-ae82e81ca4e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38864", "type": "seen", "source": "https://t.me/cibsecurity/68608", "content": "\u203c CVE-2023-38864 \u203c\n\nAn issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the protal_delete_picname parameter in the sub_41171C function at bin/webmgnt.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-16T00:30:51.000000Z"}, {"uuid": "cc2971d8-d773-46a1-9180-f7ce82b31fe9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38866", "type": "seen", "source": "https://t.me/cibsecurity/68605", "content": "\u203c CVE-2023-38866 \u203c\n\nCOMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_415588. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter interface and display_name.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-16T00:30:47.000000Z"}, {"uuid": "2c442480-60d0-470c-add0-92727b1129c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3886", "type": "seen", "source": "https://t.me/cibsecurity/67220", "content": "\u203c CVE-2023-3886 \u203c\n\nA vulnerability was found in Campcodes Beauty Salon Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/invoice.php. The manipulation of the argument inv_id leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235248.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-25T12:28:15.000000Z"}]}