{"vulnerability": "cve-2024-2713", "sightings": [{"uuid": "b1defc57-cd89-45a7-9f28-44092ac38307", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27134", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113543924974120445", "content": "", "creation_timestamp": "2024-11-25T13:53:21.127834Z"}, {"uuid": "bc52bb03-86f9-4554-ad0a-2a2a76ef887d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27137", "type": "seen", "source": "https://bsky.app/profile/buherator.bsky.social/post/3lhdtaj5dbn25", "content": "", "creation_timestamp": "2025-02-04T10:16:22.540124Z"}, {"uuid": "10767446-e446-468e-8424-be18af92d096", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27137", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113945143877511790", "content": "", "creation_timestamp": "2025-02-04T10:28:35.752029Z"}, {"uuid": "1b9a7b92-7a35-4a1e-a399-66d3611feed4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27137", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhdwkid5ny2r", "content": "", "creation_timestamp": "2025-02-04T11:15:38.858346Z"}, {"uuid": "e3c86771-7b6e-4f83-b8b3-4e475167f902", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27137", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lhcq7q3mkr23", "content": "", "creation_timestamp": "2025-02-03T23:49:35.803621Z"}, {"uuid": "54493888-c3ff-4c17-bca2-0a2001636da6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27137", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/113946004774033626", "content": "", "creation_timestamp": "2025-02-04T14:07:31.957025Z"}, {"uuid": "65cbd5a7-143e-440e-98e3-434d9f229871", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27137", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lheaqvui7t2g", "content": "", "creation_timestamp": "2025-02-04T14:18:11.926559Z"}, {"uuid": "19199b71-6f5b-474b-8545-903fa6ea5ee2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27130", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9134", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-27130\u662f\u5f71\u54cdQNAP\u7f51\u7edc\u9644\u52a0\u5b58\u50a8\uff08NAS\uff09\u8bbe\u5907\u7684\u4e00\u4e2a\u4e25\u91cd\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8eQTS\u64cd\u4f5c\u7cfb\u7edf\u4e2dshare.cgi\u811a\u672c\u7684No_Support_ACL\u51fd\u6570\u4e2d\u4e0d\u5b89\u5168\u5730\u4f7f\u7528strcpy\u51fd\u6570\uff0c\u5bfc\u81f4\u5806\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6b64\u6f0f\u6d1e\uff0c\u901a\u8fc7\u7cbe\u5fc3\u6784\u9020\u7684\u8bf7\u6c42\u5728\u76ee\u6807\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u8fdb\u800c\u5b8c\u5168\u63a7\u5236\u53d7\u5f71\u54cd\u7684\u8bbe\u5907\u3002 \nURL\uff1ahttps://github.com/XiaomingX/CVE-2024-36401-poc\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-11-22T14:28:55.000000Z"}, {"uuid": "ec990ea8-7ce1-4a5a-a63e-0803b7f93881", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27130", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7360", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aThis Python script is designed as a proof-of-concept (PoC) for the CVE-2024-27130 vulnerability in QNAP QTS\nURL\uff1ahttps://github.com/d0rb/CVE-2024-27130\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-05-21T11:19:00.000000Z"}, {"uuid": "258b9dc8-0f9d-46eb-a139-680dd03b7234", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27130", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9133", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-27130\u662f\u5f71\u54cdQNAP\u7f51\u7edc\u9644\u52a0\u5b58\u50a8\uff08NAS\uff09\u8bbe\u5907\u7684\u4e00\u4e2a\u4e25\u91cd\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8eQTS\u64cd\u4f5c\u7cfb\u7edf\u4e2dshare.cgi\u811a\u672c\u7684No_Support_ACL\u51fd\u6570\u4e2d\u4e0d\u5b89\u5168\u5730\u4f7f\u7528strcpy\u51fd\u6570\uff0c\u5bfc\u81f4\u5806\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6b64\u6f0f\u6d1e\uff0c\u901a\u8fc7\u7cbe\u5fc3\u6784\u9020\u7684\u8bf7\u6c42\u5728\u76ee\u6807\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u8fdb\u800c\u5b8c\u5168\u63a7\u5236\u53d7\u5f71\u54cd\u7684\u8bbe\u5907\u3002 \nURL\uff1ahttps://github.com/XiaomingX/CVE-2024-27130-poc\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-11-22T14:21:05.000000Z"}, {"uuid": "a7aa7cef-850a-4360-bd77-3bfbe6b82f01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27137", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/3801", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-27137\n\ud83d\udd25 CVSS Score: 5.8 (CVSS_V3)\n\ud83d\udd39 Description: In Apache Cassandra it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorized operations.\n\nThis is same vulnerability that CVE-2020-13946 was issued for, but the Java option was changed in JDK10.\n\nThis issue affects Apache Cassandra from 4.0.2 through 5.0.2 running Java 11.\n\nOperators are recommended to upgrade to a release equal to or later than 4.0.15, 4.1.8, or 5.0.3 which fixes the issue.\n\ud83d\udccf Published: 2025-02-04T12:30:59Z\n\ud83d\udccf Modified: 2025-02-07T17:36:28Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-27137\n2. https://github.com/apache/cassandra\n3. https://lists.apache.org/thread/jsk87d9yv8r204mgqpz1qxtp5wcrpysm", "creation_timestamp": "2025-02-07T18:02:58.000000Z"}, {"uuid": "a7d7cbb2-b87c-4622-b1a4-3f71e44e3288", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27130", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7326", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aPoC for CVE-2024-27130\nURL\uff1ahttps://github.com/watchtowrlabs/CVE-2024-27130\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-05-17T10:46:29.000000Z"}, {"uuid": "b239411a-7c6b-4e48-bed8-759e07820400", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27136", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8246", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-27136\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: XSS in Upload page in Apache JSPWiki 2.12.1 and priors allows the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.  Apache JSPWiki users should upgrade to 2.12.2 or later. \n\ud83d\udccf Published: 2024-06-24T07:44:30.732Z\n\ud83d\udccf Modified: 2025-03-20T18:03:19.410Z\n\ud83d\udd17 References:\n1. https://lists.apache.org/thread/gfms8gbncqqkj52p861b8fnsypwsl1d5\n2. https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2024-27136", "creation_timestamp": "2025-03-20T18:20:42.000000Z"}, {"uuid": "a1a5ee39-ca9f-4699-8d76-1bf6d7678324", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27137", "type": "seen", "source": "https://t.me/cvedetector/17186", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-27137 - Apache Cassandra RMI Registry Man-in-the-Middle Authentication Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-27137 \nPublished : Feb. 4, 2025, 11:15 a.m. | 1\u00a0hour, 48\u00a0minutes ago \nDescription : In Apache Cassandra it is possible for a local attacker without access  \n to the Apache Cassandra process or configuration files to manipulate   \nthe RMI registry to perform a man-in-the-middle attack and capture user   \nnames and passwords used to access the JMX interface. The attacker can   \nthen use these credentials to access the JMX interface and perform   \nunauthorized operations.  \n  \n  \nThis is same vulnerability that CVE-2020-13946 was issued for, but the Java option was changed in JDK10.  \n  \n  \nThis issue affects Apache Cassandra from 4.0.2 through 5.0.2 running Java 11.  \n  \n  \nOperators are recommended to upgrade to a release equal to or later than 4.0.15, 4.1.8, or 5.0.3 which fixes the issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-04T14:43:21.000000Z"}, {"uuid": "8fe9255a-6346-4d8f-9319-3087109065d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27130", "type": "published-proof-of-concept", "source": "https://t.me/DARK_SPOT_TEAM/431", "content": "CVE-2024-27130 QNAP RCE\n\nA Proof of Concept to exploit stack overflow vulnerability to obtain RCE on a vulnerable QNAP device.\n\nBlog: https://labs.watchtowr.com/qnap-qts-qnapping-at-the-wheel-cve-2024-27130-and-friends/", "creation_timestamp": "2024-05-18T01:45:02.000000Z"}, {"uuid": "978b2a0b-3a8a-49e5-b4d6-bf6800e608d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2713", "type": "seen", "source": "Telegram/2VmeVn49VymdkVzFqrohAYwz2ISyxGjVxjZIIAjKLQ3Ia2bG", "content": "", "creation_timestamp": "2025-02-21T22:10:25.000000Z"}, {"uuid": "2e9d5ea8-c7ba-4eff-8f9f-f242a6f27ff9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27130", "type": "published-proof-of-concept", "source": "Telegram/pnQlf75k51XgN0WbBtkjkkNG3n7DQVQ059MsQ0n9Vmk3", "content": "", "creation_timestamp": "2024-05-18T01:45:02.000000Z"}, {"uuid": "d26dd5ee-f29a-45ec-bb26-f12eaaa02e47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27135", "type": "seen", "source": "https://t.me/arpsyndicate/4399", "content": "#ExploitObserverAlert\n\nCVE-2024-27135\n\nDESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to CVE-2024-27135. Improper input validation in the Pulsar Function Worker allows a malicious authenticated user to execute arbitrary Java code on the Pulsar Function worker, outside of the sandboxes designated for running user-provided functions. This vulnerability also applies to the Pulsar Broker when it is configured with \"functionsWorkerEnabled=true\".  This issue affects Apache Pulsar versions from 2.4.0 to 2.10.5, from 2.11.0 to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0.   2.10 Pulsar Function Worker users should upgrade to at least 2.10.6. 2.11 Pulsar Function Worker users should upgrade to at least 2.11.4. 3.0 Pulsar Function Worker users should upgrade to at least 3.0.3. 3.1 Pulsar Function Worker users should upgrade to at least 3.1.3. 3.2 Pulsar Function Worker users should upgrade to at least 3.2.1.  Users operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions.\n\nFIRST-EPSS: 0.000430000", "creation_timestamp": "2024-04-09T19:04:12.000000Z"}, {"uuid": "919d8fc5-9bb3-4b78-9d1e-697945a10cd3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27139", "type": "seen", "source": "https://t.me/arpsyndicate/4397", "content": "#ExploitObserverAlert\n\nCVE-2024-27139\n\nDESCRIPTION: Exploit Observer has 9 entries in 2 file formats related to CVE-2024-27139. ** UNSUPPORTED WHEN ASSIGNED **  Incorrect Authorization vulnerability in Apache Archiva: a vulnerability in Apache Archiva allows an unauthenticated attacker to modify account data, potentially leading to account takeover.  This issue affects Apache Archiva: from 2.0.0.  As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.  NOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\nFIRST-EPSS: 0.000430000", "creation_timestamp": "2024-04-09T18:51:41.000000Z"}, {"uuid": "bf1d2c06-0807-44b8-b114-aa16e27ad158", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27130", "type": "published-proof-of-concept", "source": "https://t.me/lcmysecteamch/4580", "content": "CVE-2024-27130\n*  \nRCE on a vulnerable QNAP device.\n*\nPOC exploit", "creation_timestamp": "2024-06-02T06:55:05.000000Z"}, {"uuid": "3928136e-6b87-4866-8317-32a05df6c22c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27130", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/2084", "content": "CVE-2024-27130\n*  \nRCE on a vulnerable QNAP device.\n*\nPOC exploit", "creation_timestamp": "2024-05-17T13:15:37.000000Z"}, {"uuid": "43b4611e-e6b2-41b6-aa06-13fa12a53fe7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27130", "type": "published-proof-of-concept", "source": "https://t.me/lcmysecteamch/7933", "content": "CVE-2024-27130\n*  \nRCE on a vulnerable QNAP device.\n*\nPOC exploit", "creation_timestamp": "2024-06-02T06:55:05.000000Z"}, {"uuid": "2387008e-1971-4d24-9b14-8dbcd1a066f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27130", "type": "published-proof-of-concept", "source": "Telegram/DlLZj9MSjE6IBwAOSF_tcWDS7dzlP-Co9-Phk0g44QZcRQU", "content": "", "creation_timestamp": "2024-07-08T17:59:13.000000Z"}, {"uuid": "ebaf15ac-3e6b-4045-9183-c908e4f98a8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27132", "type": "seen", "source": "https://t.me/true_secator/6517", "content": "\u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u043c \u0441\u043b\u0435\u0434\u0438\u0442\u044c \u0437\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u043c\u0438 \u043d\u043e\u0432\u043e\u0441\u0442\u044f\u043c\u0438 \u0438\u0437 \u043c\u0438\u0440\u0430 CVE. \u041f\u043e\u0434 \u043a\u043e\u043d\u0435\u0446 \u043d\u0435\u0434\u0435\u043b\u0438 \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u044f \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0430\u044f:\n\n1. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 watchTowr \u0441\u043e\u043e\u0431\u0449\u0430\u044e\u0442\u00a0\u043e\u0431 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0438 0-day, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u043e\u0439 \u0441 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u043c \u0447\u0442\u0435\u043d\u0438\u0435\u043c \u0444\u0430\u0439\u043b\u043e\u0432 \u043d\u0430 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435 VoIP Mitel MiCollab, \u043e \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u0430 \u0443\u0432\u0435\u0434\u043e\u043c\u0438\u043b\u0438 \u0435\u0449\u0435 \u0432 \u0430\u0432\u0433\u0443\u0441\u0442\u0435.\n\n\u041d\u0430 \u0434\u0430\u043d\u043d\u044b\u0439 \u043c\u043e\u043c\u0435\u043d\u0442 CVE \u043d\u0435 \u043f\u0440\u0438\u0441\u0432\u043e\u0435\u043d\u0430 \u0438 \u043d\u0435 \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435.\n\n\u041e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0442\u044c \u043d\u043e\u043b\u044c \u0443\u0434\u0430\u043b\u043e\u0441\u044c, \u044d\u043a\u0441\u043f\u0435\u0440\u0438\u043c\u0435\u043d\u0442\u0438\u0440\u0443\u044f \u0441 \u043c\u0435\u0442\u043e\u0434\u0430\u043c\u0438 \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0443\u0442\u0438 \u0438 \u043c\u0430\u043d\u0438\u043f\u0443\u043b\u044f\u0446\u0438\u0438 \u0432\u0432\u043e\u0434\u043e\u043c.\n\n\u0412 \u0447\u0430\u0441\u0442\u043d\u043e\u0441\u0442\u0438, \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 \u0438\u0437\u0443\u0447\u0435\u043d\u0438\u044f CVE-2024-35286, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u043e\u0439 \u0441 SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0435\u0439 \u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 23 \u043c\u0430\u044f, \u0430 \u0442\u0430\u043a\u0436\u0435 CVE-2024-41713, \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u043e\u0439 \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043d\u043e\u0439 9 \u043e\u043a\u0442\u044f\u0431\u0440\u044f.\n\n\u0412\u044b\u0436\u0434\u0430\u0432 \u0431\u043e\u043b\u0435\u0435 \u0447\u0435\u043c \u0447\u0435\u0440\u0435\u0437 100 \u0434\u043d\u0435\u0439 \u043f\u043e\u0441\u043b\u0435 \u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u044f Mitel, watchTowr \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0438 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u0438 PoC \u0434\u043b\u044f \u043d\u043e\u0432\u043e\u0439 0-day, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0441\u0432\u044f\u0437\u044b\u0432\u0430\u0435\u0442 \u043e\u0448\u0438\u0431\u043a\u0443 \u0441 CVE-2024-41713.\n\n\u0422\u0430\u043a \u0447\u0442\u043e \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0430\u043c \u0431\u043e\u043b\u0435\u0435 16\u00a0000 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 MiCollab, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0432 \u0441\u0435\u0442\u0438, \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 MiCollab 9.8 SP2 (9.8.2.12), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 CVE-2024-41713, \u0441\u043c\u044f\u0433\u0447\u0430\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0435 \u0447\u0442\u0435\u043d\u0438\u0435 \u0444\u0430\u0439\u043b\u043e\u0432.\u00a0\n\n2. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Rapid7 \u0432\u044b\u044f\u0432\u0438\u043b\u0438 \u0438 \u043e\u043a\u0430\u0437\u0430\u043b\u0438 \u043f\u043e\u0441\u0438\u043b\u044c\u043d\u0443\u044e \u043f\u043e\u043c\u043e\u0449\u044c \u0432 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438 \u043f\u044f\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u043a\u0430\u043c\u0435\u0440\u0430\u0445 \u0432\u0438\u0434\u0435\u043e\u043d\u0430\u0431\u043b\u044e\u0434\u0435\u043d\u0438\u044f Lorex\u00a02K Wi-Fi.\n\n\u0423\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e \u0431\u044b\u043b\u043e \u0437\u0430\u044f\u0432\u043b\u0435\u043d\u043e \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043e\u0434\u043d\u043e\u0439 \u0438\u0437 \u0446\u0435\u043b\u0435\u0439 \u043d\u0430 \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u043e\u043c \u043a\u043e\u043d\u043a\u0443\u0440\u0441\u0435 Pwn2Own IoT 2024 \u0433\u043e\u0434\u0430, \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e Rapid7 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043b\u0430 \u0438 \u043f\u0440\u043e\u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u043d\u0430 \u043f\u044f\u0442\u044c \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0442 \u0432 \u0434\u0432\u0430 \u044d\u0442\u0430\u043f\u0430, \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u044f RCE \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n3. Cisco \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f NX-OS, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0449\u0435\u0435 \u043e\u0431\u0445\u043e\u0434 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043e\u0431\u0440\u0430\u0437\u0430 \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0438, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0439 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 Google Cloud.\n\n\u041e\u043f\u0430\u0441\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043e\u0431\u043e\u0437\u043d\u0430\u0447\u0435\u043d\u043d\u0430\u044f \u043a\u0430\u043a CVE-2024-20397, \u043e\u0431\u0443\u0441\u043b\u043e\u0432\u043b\u0435\u043d\u0430 \u043d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u044b\u043c\u0438 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430\u043c\u0438 \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0434\u043b\u044f \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0438 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u043d\u0435\u043f\u0440\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u043e\u0433\u043e \u041f\u041e.\n\n\u0414\u043b\u044f \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f, \u043d\u043e \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c \u0444\u0438\u0437\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0434\u043e\u0441\u0442\u0443\u043f.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0431\u043e\u043b\u0435\u0435 100 \u043c\u043e\u0434\u0435\u043b\u0435\u0439 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043a\u043e\u043c\u043c\u0443\u0442\u0430\u0442\u043e\u0440\u044b \u0441\u0435\u0440\u0438\u0438 MDS 9000, Nexus 3000 \u0438 7000, Nexus 9000 \u0432 \u0440\u0435\u0436\u0438\u043c\u0435 ACI, Nexus 9000 \u0432 \u0430\u0432\u0442\u043e\u043d\u043e\u043c\u043d\u043e\u043c \u0440\u0435\u0436\u0438\u043c\u0435 NX-OS, UCS 6400 \u0438 6500.\n\n4. \u0417\u0430\u0445\u0430\u0440 \u0424\u0435\u0434\u043e\u0442\u043a\u0438\u043d \u0438\u0437 PortSwigger \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0435 \u043e \u0442\u043e\u043c, \u043a\u0430\u043a \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u043e\u0431\u0445\u043e\u0434\u0438\u0442\u044c WAF \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0430\u0442\u0440\u0438\u0431\u0443\u0442\u0430 $Version \u0432 \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043e\u0447\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u0430\u0445 cookie.\n\n5. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 JFrog \u0432\u044b\u044f\u0432\u0438\u043b\u0438 \u043c\u043d\u043e\u0433\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0432\u043b\u0438\u044f\u044e\u0449\u0438\u0435 \u043d\u0430 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b \u0438 \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0438 \u043c\u0430\u0448\u0438\u043d\u043d\u043e\u0433\u043e \u043e\u0431\u0443\u0447\u0435\u043d\u0438\u044f (\u041c\u041e) \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c, \u0442\u0430\u043a\u0438\u0435 \u043a\u0430\u043a MLflow, H2O, PyTorch \u0438 MLeap, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u043e\u0442\u043a\u0440\u044b\u0442\u044c \u043f\u0443\u0442\u044c \u0434\u043b\u044f RCE.\n\n\u0412 \u0434\u043e\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a \u043d\u0430\u0431\u043e\u0440\u0443 \u0440\u0430\u043d\u0435\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c, JFrog \u043f\u0440\u0438\u0441\u043e\u0432\u043e\u043a\u0443\u043f\u0438\u043b\u0430: CVE-2024-27132\u00a0(7,2), CVE-2024-6960\u00a0(7,5), CVE-2023-5245\u00a0(7,5), \u043e\u0434\u043d\u0430 \u0431\u0435\u0437 CVE (\u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0443\u0442\u0438 \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 TorchScript \u0432 PyTorch).", "creation_timestamp": "2024-12-06T18:30:05.000000Z"}, {"uuid": "1239bb8d-04ec-4fd1-bd62-0dc1df636a6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27130", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/5754", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 watchTowr Labs \u0441\u0442\u0430\u043b\u0438 \u043f\u0440\u0435\u0434\u0432\u0435\u0441\u0442\u043d\u0438\u043a\u0430\u043c\u0438 \u043d\u043e\u0432\u044b\u0445 \u043f\u0435\u0447\u0430\u043b\u044c\u043d\u044b\u0445 \u043d\u043e\u0432\u043e\u0441\u0442\u0435\u0439 \u0434\u043b\u044f \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0435\u0432 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 NAS QNAP, \u043a\u043e\u0442\u043e\u0440\u044b\u0435, \u043a\u0430\u043a \u043c\u044b \u0437\u043d\u0430\u0435\u043c, \u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u043e\u0441\u043e\u0431\u044b\u043c \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043e\u043c \u0441\u043e \u0441\u0442\u043e\u0440\u043e\u043d\u044b \u0431\u0430\u043d\u0434 \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0435\u0439 \u0438 APT.\n\n\u041d\u0430 \u044d\u0442\u043e\u0442 \u0440\u0430\u0437 \u0432\u043e \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u043e\u043c \u041f\u041e NAS \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043e 15 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f \u0430\u0442\u0430\u043a \u0441 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u043a\u043e\u0434\u0430, \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u044e\u0449\u0438\u0445 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438. \n\n\u0412 \u0441\u0432\u043e\u0435\u043c \u043e\u0442\u0447\u0435\u0442\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0441\u043e\u0441\u0440\u0435\u0434\u043e\u0442\u043e\u0447\u0438\u043b\u0438\u0441\u044c \u043d\u0430 \u043d\u0430 \u043e\u0434\u043d\u043e\u043c \u0438\u0437 \u043d\u0438\u0445 \u2014\u00a0CVE-2024-27130, \u043e\u0448\u0438\u0431\u043a\u0435 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0441\u0442\u0435\u043a\u0430 \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u0434\u00a0(\u0445\u043e\u0442\u044f \u0438 \u0441 \u043d\u0435\u0431\u043e\u043b\u044c\u0448\u0438\u043c \u043f\u0440\u0435\u0434\u0432\u0430\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u043c \u0443\u0441\u043b\u043e\u0432\u0438\u0435\u043c).\n\n\u0421\u0430\u043c\u043e\u0435 \u043f\u0435\u0447\u0430\u043b\u044c\u043d\u043e\u0435 \u0442\u043e, \u0447\u0442\u043e \u043a \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u043c\u0443 \u0432\u0440\u0435\u043c\u0435\u043d\u0438 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u0435\u0440\u0432\u044b\u0435 \u0447\u0435\u0442\u044b\u0440\u0435\u00a0\u0438\u0437 \u043f\u044f\u0442\u043d\u0430\u0434\u0446\u0430\u0442\u0438, \u043d\u0435 \u0432\u043a\u043b\u044e\u0447\u0430\u044f CVE-2024-27130, \u0434\u043b\u044f \u043d\u0438\u0445 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0435 QTS 5.1.6.2722, \u0441\u0431\u043e\u0440\u043a\u0430 20240402 \u0438 QuTS Hero h5.1.6.2734, \u0441\u0431\u043e\u0440\u043a\u0430 20240414.\n\n\u0422\u0435\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435, \u043f\u043e\u0441\u043b\u0435 \u0432\u044b\u0434\u0430\u0447\u0438 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u0443 \u0440\u044f\u0434 \u043f\u0440\u043e\u0434\u043b\u0435\u043d\u0438\u0439 \u0441\u0440\u043e\u043a\u0430 \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u0441\u043a\u043e\u043e\u0440\u0434\u0438\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f watchTowr Labs \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430 PoC \u0434\u043b\u044f \u043e\u0434\u043d\u043e\u0439 \u0438\u0437 \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u043e\u0448\u0438\u0431\u043e\u043a \u0432 \u043d\u0430\u0431\u043e\u0440\u0435.\n\n\u0412\u0441\u0435\u043c \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043f\u043e\u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u043e\u0432\u0430\u043b\u0438 \u0440\u0430\u0441\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u0442\u0430\u043a\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u0438\u043b\u0438 \u0441\u0442\u0440\u043e\u0433\u043e \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u0434\u043e \u0442\u0435\u0445 \u043f\u043e\u0440, \u043f\u043e\u043a\u0430 \u043d\u0435 \u0431\u0443\u0434\u0443\u0442 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f.\n\n\u0410 \u0431\u0443\u0434\u0443\u0442 \u043e\u043d\u0438 \u043d\u0435 \u0441\u043a\u043e\u0440\u043e, \u0432\u0435\u0434\u044c, \u043a\u0430\u043a \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0438 \u0432 watchTowr, \u0443 QNAP \u043c\u044f\u0433\u043a\u043e \u0441\u043a\u0430\u0437\u0430\u0442\u044c \u0437\u0430\u043c\u0443\u0434\u0440\u0435\u043d\u043d\u0430\u044f \u043a\u043e\u0434\u043e\u0432\u0430\u044f \u0431\u0430\u0437\u0430 \u043d\u0430 \u043b\u044e\u0431\u0438\u043c\u043e\u043c \u044f\u0437\u044b\u043a\u0435 \u0445\u0430\u043a\u0435\u0440\u043e\u0432 C \u0441 \u0442\u044f\u0436\u0435\u043b\u044b\u043c\u0438 \u0443\u0441\u0442\u0430\u0440\u0435\u0432\u0448\u0438\u043c\u0438 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430\u043c\u0438.\n\n\u041d\u043e \u044d\u0442\u043e \u043d\u0435 \u043e\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0435\u0442 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0438 \u0432 \u0431\u043b\u0438\u0436\u0430\u0439\u0448\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u0431\u0443\u0434\u0443\u0442 \u0432\u044b\u0445\u043e\u0434\u0438\u0442\u044c \u043d\u043e\u0432\u044b\u0435 \u043e\u0442\u0447\u0435\u0442\u044b \u043f\u043e \u043e\u0441\u0442\u0430\u0432\u0448\u0438\u043c\u0441\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0441 \u043d\u0435\u0442\u0435\u0440\u043f\u0435\u043d\u0438\u0435\u043c \u0442\u0430\u043a\u0436\u0435 \u0431\u0443\u0434\u0443\u0442 \u0436\u0434\u0430\u0442\u044c \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u044b DeadBolt, Checkmate \u0438 Qlocker.", "creation_timestamp": "2024-05-20T16:40:05.000000Z"}, {"uuid": "1d21690f-781a-4068-ae68-e07e6ecb499d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27135", "type": "seen", "source": "https://t.me/ctinow/206101", "content": "https://ift.tt/XanGBWt\nCVE-2024-27135", "creation_timestamp": "2024-03-12T20:26:30.000000Z"}, {"uuid": "b452e482-f0af-4535-aa00-7f69affe592b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27135", "type": "seen", "source": "https://t.me/ctinow/206107", "content": "https://ift.tt/XanGBWt\nCVE-2024-27135", "creation_timestamp": "2024-03-12T20:26:36.000000Z"}, {"uuid": "15a9e472-fa48-4210-9769-89d24b474c68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27135", "type": "seen", "source": "https://t.me/ctinow/206193", "content": "https://ift.tt/80YZiGN\nCVE-2024-27135", "creation_timestamp": "2024-03-12T21:46:27.000000Z"}, {"uuid": "e4cfb4dd-0227-41ca-8f1a-f6eaa45da2ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27139", "type": "seen", "source": "https://t.me/ctinow/197812", "content": "https://ift.tt/pyI74aU\nCVE-2024-27139", "creation_timestamp": "2024-03-01T17:26:24.000000Z"}, {"uuid": "1f13cfc1-e2be-4148-a618-740a0cb68a1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27139", "type": "seen", "source": "https://t.me/ctinow/197822", "content": "https://ift.tt/pyI74aU\nCVE-2024-27139", "creation_timestamp": "2024-03-01T17:26:34.000000Z"}, {"uuid": "7d0dad50-a5e2-4a69-9554-083f9ab7dd0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27138", "type": "seen", "source": "https://t.me/ctinow/197821", "content": "https://ift.tt/vTReJdb\nCVE-2024-27138", "creation_timestamp": "2024-03-01T17:26:33.000000Z"}, {"uuid": "7c78c747-c73c-497b-a1ee-9381789a9e08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27138", "type": "seen", "source": "https://t.me/ctinow/197811", "content": "https://ift.tt/vTReJdb\nCVE-2024-27138", "creation_timestamp": "2024-03-01T17:26:23.000000Z"}, {"uuid": "a443aaa5-7864-4223-b8ac-0bf4ab9a7100", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27133", "type": "seen", "source": "https://t.me/ctinow/192306", "content": "https://ift.tt/an8vVgO\nCVE-2024-27133", "creation_timestamp": "2024-02-23T23:32:17.000000Z"}, {"uuid": "4338bd07-247b-47ee-837c-747ae998ce64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27133", "type": "seen", "source": "https://t.me/ctinow/192294", "content": "https://ift.tt/an8vVgO\nCVE-2024-27133", "creation_timestamp": "2024-02-23T23:26:28.000000Z"}, {"uuid": "bfb0af71-5279-47b0-a07e-1c0f9c71b1c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27132", "type": "seen", "source": "https://t.me/ctinow/192293", "content": "https://ift.tt/CiWu1gF\nCVE-2024-27132", "creation_timestamp": "2024-02-23T23:26:27.000000Z"}, {"uuid": "0e9641ad-1ec1-4c6f-b5e9-aeb45c4cfdc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27132", "type": "seen", "source": "https://t.me/ctinow/192305", "content": "https://ift.tt/CiWu1gF\nCVE-2024-27132", "creation_timestamp": "2024-02-23T23:32:13.000000Z"}, {"uuid": "5c60b9ab-d8dc-47a3-9772-fc04afa1d60b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27130", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/2501", "content": "https://labs.watchtowr.com/qnap-qts-qnapping-at-the-wheel-cve-2024-27130-and-friends/\n\nCVE-2024-27130\n#\u5206\u6790", "creation_timestamp": "2024-05-20T12:32:27.000000Z"}, {"uuid": "767282bc-1fea-4d31-8a01-313e940b9ac7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27130", "type": "published-proof-of-concept", "source": "https://t.me/club31337/2089", "content": "https://labs.watchtowr.com/qnap-qts-qnapping-at-the-wheel-cve-2024-27130-and-friends/\n\n\u269c\ufe0f @club1337", "creation_timestamp": "2024-11-11T02:18:31.000000Z"}, {"uuid": "d60aad4b-4f58-4a2a-81f3-f42971262262", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27130", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/10529", "content": "#exploit\n1. CVE-2024-25641:\nCacti RCE when importing packages\nhttps://github.com/Cacti/cacti/security/advisories/GHSA-7cmj-g5qc-pj88\n]-&gt; https://karmainsecurity.com/KIS-2024-04\n\n2. CVE-2024-30163:\nInvision Community &lt;=4.7.15 (store .php) SQL Injection\nhttps://karmainsecurity.com/KIS-2024-02\n\n3. CVE-2024-27130:\nQNAP RCE PoC\nhttps://github.com/watchtowrlabs/CVE-2024-27130", "creation_timestamp": "2024-05-19T15:31:55.000000Z"}, {"uuid": "bcb68ac6-0f80-4976-bc9c-5313db08af31", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27130", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/7c8cb8b0-e7da-4def-bef2-e2f6752b7ebd", "content": "", "creation_timestamp": "2026-06-23T14:06:10.154384Z"}]}